Three recent notable regulatory and legislative developments are significantly heightening expectations on cybersecurity disclosures and attestations.

• CISA Cyber Critical Infrastructure Incident Reporting.
  
  
• SEC Cyber Incident and Risk Disclosures by Public Companies.
  
  
• Secure Software Development Practice Attestation by Federal Vendors.

Over the last month, notable threat activity and U.S. Government regulatory pronouncements have highlighted the evolving technology supply chain security risk surface and the need for focused mitigation measures.

Companies that were forced to adapt to the reality of COVID are now grappling with operating in and evacuating from war zones (e.g., Ukraine), in contested or hostile environments (e.g., Russia), or on the edges of a conflict zone which could spread regionally, without warning. In addition to being one of the worst humanitarian crises Europe has faced in decades, the war in Ukraine—including its second and third order effects—highlights how quickly the operational landscape can shift.