Navigating Intersecting Interests and Collaborative Strategies for Cybersecurity in the Financial Sector

Cybersecurity is a significant risk factor for most industries today, but it plays a particularly critical role in the financial sector. The nature of financial institutions and banks inherently makes them targets for criminal cyber activity, as these organizations not only conduct large transactions but also store the financial and personally identifiable information (PII) of customers. Additionally, with the increasing normalization of online and mobile banking, security practices often lag behind, providing threat actors with numerous opportunities to exploit vulnerabilities. Similarly, the rise of cryptocurrencies and digital assets poses yet another risk. In response to these growing threats and incidents, regulatory bodies have been introducing guidance and regulations for the financial sector to best mitigate and prepare against cybersecurity risk. Attorneys advising businesses today will find this review of the financial sector’s cybersecurity regulatory status helpful in guiding their practice.
In this online webinar, our expert panelists begin by introducing cybersecurity and highlighting the key industries facing the highest risk. Next, our speakers break down the Gramm-Leach-Bliley Act (GLBA), discussing the regulated parties, detailing the contents of its three sections, and reviewing the consequences for non-compliance. Our experts then review the role of the SEC, its cybersecurity guidelines, and recently published proposed rules. Finally, our speakers conclude with a discussion of the existing and potential effects of federal cybersecurity regulations on businesses and their counsel.
Â

Our Mission is to bridge the knowledge gap between law and technology professionals by educating attorneys on technology to attorneys and technology executives on its laws and regulations. Legal Cyber Academy provides a comprehensive tool and evolving knowledge base through exclusive insights from world class cybersecurity, privacy, web 3.0, forensic, and e-discovery legal and technical practitioners. Earn CLE, CPE, and CE credits. (Refunds are available if you do not receive credit) At Legal Cyber Academy We recognize that technology, the cybersecurity threats it faces, and relevant laws and regulation are rapidly evolving, presenting unique challenges and opportunities. Our platform is dedicated to empowering legal professionals with the skills and understanding necessary to navigate the complex landscape of technology in their field, enabling them to effectively advise clients, draft contracts, and navigate legal implications in a technology-driven world. Simultaneously, we strive to equip technology professionals with the legal knowledge they need to make informed decisions, ensure compliance with regulations, and limit liability. By fostering a deep understanding of legal frameworks, we hope to support technology professionals in creating innovative, compliant, and socially conscious technological advancements. Join us in our mission to reshape the way legal professionals and technology experts understand and interact with each other in a rapidly changing technical and legal landscape. Together, they will mitigate risk better, ensure compliance, and actively shape the future of technology and its accompanying laws.

LAW & FORENSICS LLC – FOUNDER; JAMS – NEUTRAL; HARVARD – ADJUNCT;
Danie Garrie, Esq., is the Co-Founder of Law & Forensics LLC, where he heads the Computer Forensics and digital discovery Cybersecurity teams. Daniel has been a dominant voice in the computer forensics and cybersecurity space for the past 20 years, as an attorney and technologist. He is an adjunct professor at Harvard for Computer Forensics, and prior to Law & Forensics, he successfully built and sold several technology start-up companies. Since co-founding Law & Forensics LLC in 2008, Daniel has built it into one of the leading boutique firms specializing in cybersecurity and forensic engineering. He is a mediator, arbitrator, and e-discovery special master for JAMS and is a partner and head of Cybersecurity practice at Zeichner, Ellman & Krause LLP. Daniel earned both a Bachelor’s and a Master’s degree in computer science from Brandeis University, as well as a J.D. from Rutgers Law School. Daniel has led cyber and forensic teams in some of the most visible and sensitive incidents in the United States. He and his team have worked globally for two of the top five banks and dozens of the largest private and public companies in the world. In addition, Daniel has been awarded several patents for advanced cybersecurity and forensic platforms he built with his team, including TableTop.AI, CustodyTrack.IO, and Forensic Scan. Daniel is also well-published in the cybersecurity space and has authored more than 200 articles and books. His work is cited by Black’s Law Dictionary 10th Ed. defining the terms 'software', 'internet', and 'algorithm'. Lastly, he has been recognized by several United States Supreme Court Justices for his legal scholarship and is a trusted source and thought leader for cybersecurity articles and opinions, cited over 500 times to date.

Managing Director, Cybersecurity and Data Privacy, Strategy and Transactions | Ernst & Young
Brian leads a team of 30 cybersecurity and data privacy professionals, focused on the strategic application of security in the context of capital transactions, including mergers, acquisitions, divestitures, real estate transactions and restructurings. He joined EY from the US Department of Justice (DOJ), where he served as the National Coordinator for more than 300 federal prosecutors focused on investigating and prosecuting computer crime and intellectual property crime. He also served as a federal prosecutor and senior counsel with the DOJ’s Computer Crime and Intellectual Property Section. Prior to joining the DOJ, Brian served as an Assistant Attorney General for the Internet & Technology Bureau of the New York Attorney General’s Office, a civil litigator for international law firms, and a law clerk to federal district and appellate judges. He earned his BA, summa cum laude, from the University of Pennsylvania and his JD, magna cum laude, from New York University School of Law.

Miller Thomson LLP – Partner
David Krebs is a partner at Miller Thomson LLP. He has a business law practice with particular focus on privacy, cybersecurity, and technology law. David is the National Co-Leader of the firm’s Privacy & Cybersecurity practice and serves as breach coach and counsel in cyber incident response for clients across Canada. David regularly advises clients on responding to data breaches, cybersecurity matters, data governance, and data protection/privacy risks in M&A and other commercial transactions. He has a strong background in the Life Sciences/Biotech and Technology sectors and has hands-on experience in the US, Europe, and other cross-border settings. Prior to joining Miller Thomson, David spent seven years as Senior Compliance Counsel at a large multinational medical device and life sciences business. David is also the editor of the firm’s Cybersecurity Blog. David has helped Canadian and foreign-based clients in the private and non-profits sectors respond to a full range of cybersecurity and data breach incidents, including managing cross-border privacy and notification aspects of complex breaches. David has also assisted clients in responding to complaints made to Privacy Commissioners and with freedom of information requests. In his work as privacy counsel, David provides strategic advice in M&A and other commercial transactions, promotional activities and compliant design of systems. As breach coach, he also advises on the privacy aspects of data breaches and cyber incidents. He was involved in compliance projects to prepare for the European General Data Protection Regulation (GDPR) and has years of experience in cross-border matters and in privacy/data protection law from a European Union and Nordic perspective. David has worked on comprehensive audits, policies & procedures, strategic training programs as well as transactional documentation, advising clients on Canadian federal and provincial legislation. As a commercial lawyer, David assists clients in negotiating a variety of technology and related agreements, including SaaS,NDAs, service provider arrangements, data sharing, and research collaboration agreements. David also acts as de facto General Counsel for a number of technology-focused businesses and organizations, including those in the medical device sector. David helps clients navigate, manage and mitigate risk related to complex regulatory requirements including anti-bribery, healthcare laws/industry standards, anti-trust, and trade controls but also risks posed by enforcement, cyber security threats, litigation, new business models and M&A activity

Cyber Readiness Institute – Managing Director
Karen Evans is Managing Director of the Cyber Readiness Institute. For over 20 years, Karen has been at the forefront of cybersecurity policy with Congressional- and Presidential-appointed positions at the U.S. Department of Energy (DOE), U.S. Department of Homeland Security (DHS), and the Office of Management and Budget (OMB). Karen possesses 30 years of executive-level management experience focused on cybersecurity, national security, technology innovation, service delivery and supply chain risk management. She has served and is serving as a independent director, Board member, and strategic advisor. Her specialties include executive management, project management, management of technology investments including capital planning and investment control, information security, supply chain risk management, privacy, accessibility for those with disabilities, and access to, dissemination of and preservation of government information.

Hogan Lovells – Counsel
Nathan Salminen helps clients evaluate and manage cybersecurity risks in the contexts of security incidents, security program development, commercial agreements and mergers. Nathan's combination of technical, legal, and business experience enables him to understand, explain, assess, and mitigate data security risks that span those areas. Nathan helps clients navigate the chaotic stream of legal, reputational and technical issues that arise following the discovery of a potential security incident. He also advises clients on mitigating the risks that such an incident will occur by working with companies to assess the compliance of their security program with legal obligations and industry standards, and by helping clients assess the privacy and data security risks associated with commercial relationships by developing robust contractual terms and assessing cybersecurity risks associated with mergers. Nathan has helped guide many prominent companies through some of the largest security incidents, and some of the commercial matters with the most complex security aspects, that have arisen in recent years. Before becoming a lawyer, Nathan worked as a software engineer and manager of technical teams for 13 years, and he recently updated and focused his technical knowledge by completing one of the most technically demanding penetration testing and ethical hacking certifications: the Offensive Security Certified Professional (OSCP). Nathan's technical background allows him to assess the technical implications of legal issues and the legal implications of technical issues. Nathan also helps clients meet their privacy, data protection, and data security obligations under the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Payment Card Industry Data Security Standard (PCI DSS).