Posts

Showing posts with the label cyber-incidents

New Federal Cybersecurity Reporting Rules are on Their Way: FAQs for Businesses About CIRCIA Regulations

A sweeping new federal cybersecurity mandate is on its way, and now is the time for businesses to build the infrastructure you’ll need to comply. The Cybersecurity and Infrastructure Security Agency (CISA) is finalizing draft rules that will require a massive swath of American businesses to report certain cyber incidents, putting more structure and teeth behind the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). While the agency has been targeting May 2026 for the release of the final rule, recent federal appropriations disruptions could alter that timeline. But the core obligations are not expected to change from the draft rule, and businesses that wait for the ink to dry before preparing will be starting from behind. Here’s a set of FAQs to help you understand what’s about to happen and what you should do. What is CIRCIA, and why should my business care? CIRCIA was passed in 2022 as the federal government’s first comprehensive, cross-sector approach to mandatory cy...

Delaware Supreme Court Expands Cyber Liability Exposure for SaaS & Managed Service Providers

What the Blackbaud decision means for managed service providers (MSPs) and the clients who rely on them A recent decision by the Delaware Supreme Court in  Travelers Casualty and Surety Company of America v. Blackbaud, Inc.   materially shifts the litigation landscape for cybersecurity incidents involving Software as a Service (SaaS) providers and MSPs. Key takeaways: Lower pleading burden for plaintiffs (including insurers) Less emphasis on proximate cause at early stages Aggregated claims allowed across multiple customers Higher litigation costs and increased settlement pressure Expanded expectations around what constitutes "commercially reasonable" cybersecurity Bottom line: Cyber incidents are now significantly more likely to survive early dismissal and proceed into expensive discovery. What Happened Blackbaud, a SaaS provider hosting sensitive donor data, experienced a ransomware attack exposing highly sensitive personal and financial information. Its customers (nonprof...