Get Ready for the New 36-Hour Cybersecurity Incident Notification Requirement for Banks

Big changes are afoot for the financial sector! The new cybersecurity incident reporting regulation goes into effect April 1, requiring banks to report certain incidents within 36 hours. We’ll breakdown the new requirements and provide a checklist for updating your incident response plans, tabletop exercises, vendor communications, and more. Tune in so you can get ready!


Sherri Davidoff
Chief Executive Officer
LMG Security

Sherri Davidoff is the CEO of LMG Security and the author of three books, including “Ransomware and Cyber Extortion” and “Data Breaches: Crisis and Opportunity. As a recognized expert in cybersecurity, she has been called a “security badass” by the New York Times. Sherri is a regular instructor at the renowned Black Hat trainings and a faculty member at the Pacific Coast Banking School. She is also the co-author of Network Forensics: Tracking Hackers Through Cyberspace (Prentice Hall, 2012), and has been featured as the protagonist in the book, Breaking and Entering: The Extraordinary Story of a Hacker Called “Alien.” Sherri is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN) and received her degree in Computer Science and Electrical Engineering from MIT.

Michael Kleinman
Special Counsel
Fried Frank

Michael A. Kleinman is a corporate special counsel in the Data Strategy, Security & Privacy and Technology Transactions practices, resident in Fried Frank’s New York office.

Mr. Kleinman advises companies, boards, and investors in a wide array of industries and sectors on compliance with global cybersecurity and privacy regulations, including Section 5 of the FTC Act, GDPR, CCPA, NY DFS Cybersecurity Regulation, GLBA, and CAN-SPAM), cybersecurity and privacy-related corporate governance, artificial intelligence and data minimization, breach preparedness and response, training, and cybersecurity risk assessments and disclosures. He also advises clients in M&A, financings, and other complex corporate transactions on various issues related to cybersecurity and data privacy, including risk analysis and mitigation and potential liability associated with such transactions, and negotiates and drafts cybersecurity and privacy terms in all manner of related commercial contracts and agreements.

Mr. Kleinman has represented clients in numerous cases arising out of the Computer Fraud and Abuse Act (CFAA) and other alleged unauthorized uses of licensed data and technology, as well as consumer privacy laws, including the Telephone Consumer Protection Act (TCPA). Mr. Kleinman also has extensive experience representing corporations, boards of directors, financial advisors, investment banks, and private equity firms in connection with complex commercial, securities and derivative, and intellectual property litigation.

In addition to his private practice, Mr. Kleinman devotes himself to an active pro bono practice representing clients in a range of matters, including indigent criminal defendants in federal criminal prosecutions through the Criminal Justice Act for the Southern District of New York. Prior to joining Fried Frank, Mr. Kleinman served as a law clerk to the Honorable Gabriel W. Gorenstein in the United States District Court for the Southern District of New York from 2009 to 2010.

Mr. Kleinman received his JD, magna cum laude, from Benjamin N. Cardozo School of Law in 2009, where he made Cardozo Law Review and was awarded the Order of the Coif. He received his BA from Tufts University in 2004. He is admitted to practice in New York, the United States Court of Appeals for the Second Circuit and the US District Courts for the Southern and Eastern Districts of New York and the Eastern District of Wisconsin.