Tech & Sourcing @ Morgan Lewis

As discussed in a post from earlier this week, President Joseph Biden issued an executive order on May 12, 2021 to improve the nation’s cybersecurity. The White House has put its proverbial money where its mouth is by proposing a $58.4 billion information technology spending plan that includes $9.8 billion specifically earmarked for civilian government cybersecurity measures as well as an expedited push towards SaaS and cloud services solutions.

As many of our readers are aware, President Joseph Biden issued an executive order on May 12 to improve the nation’s cybersecurity. While much of the executive order focuses on strengthening the federal government’s networks from cybersecurity threats, “[t]he private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace.”

Last week, we posted on the guidance issued by the US Department of Labor (DOL) for plan sponsors, plan fiduciaries, recordkeepers, and plan participants on cybersecurity best practices. Last week’s post focused on the guidance provided for hiring a service provider. In this week’s post, we will highlight some the DOL’s cybersecurity program best practices for use by recordkeepers and other service providers responsible for plan-related IT systems and data.

The US Department of Labor (DOL) recently announced guidance for plan sponsors, plan fiduciaries, recordkeepers and plan participants on cybersecurity best practices. The guidance focuses on three areas: (1) tips for hiring a service provider; (2) cybersecurity program best practices; and (3) online security tips. In this post, we will focus on the DOL’s tips for plan sponsors and plan fiduciaries in selecting a service provider.

As part of its five-year, £1.9 billion ($2.65 million) national cybersecurity strategy, the UK government on February 9 announced the launch of the UK Cyber Security Council (Council), a new independent body to support career opportunities and set professional standards for the UK’s cybersecurity sector. The Council will be formally launched on March 31, 2021.

Welcome to the second post in our Spotlight series, where we talk with a leader in a particular field or emerging area of interest to technology and sourcing lawyers and professionals.

Cybersecurity has earned its place at the top of organizations’ risk concerns during the COVID-19 pandemic. Remote working, an array of communication solutions and hardware being used by organizations, and the accelerated leveraging of cloud-based outsourcing solutions have increased the chain of potential vulnerabilities to cyberattacks.

As we noted in our Outsourcing 2021 webinar last week, a lot has happened and changed in the last 12 months since January 2020. There have been significant and unprecedented changes in the way our companies do business, the way we engage and interact with colleagues, and the way we interact with external parties, including how our companies and each of us leverage technology to market, process transactions, and otherwise communicate.

The Internet of Things Cybersecurity Improvement Act of 2020 was signed into law on December 4, resulting in the first federal regulation of the Internet of Things (IoT).

The UK Information Commissioner’s Office (ICO) has recently handed down two of the largest fines relating to a data breach in UK history.