Managing Legal Risks to U.S. Companies From Foreign Cyberattacks

Protecting online systems against individual hackers has been a top priority for companies for several years, but as we begin a new decade, a new threat has risen to the forefront: well-funded and sophisticated foreign governments seeking to wage a new kind of warfare on the United States.

In response to increasing tensions with Iran, the Department of Homeland Security warned at the beginning of the year that government-sponsored cyberattacks originating from the Middle East may be imminent. Days later, members of Congress urged the financial services industry to "be proactive" in preparing for "potential cyber attacks" from another country. On January 16, 2020, the FDIC and OCC issued a joint statement warning financial institutions about heightened cybersecurity risk and advising institutions to "review, update, and test incident response and business continuity plans," among other things. And state regulatory bodies, such as the New York Department of Financial Services, advised financial institutions to be wary of foreign cyberattacks in light of recent events. Separately, because this is an election year, cybersecurity is particularly critical for firms that offer electronic voting technology and support key public services.