Decrypted: The First 72 Hours of a Ransomware Attack

Mythos, Glasswing and the View From the UK GCHQ

Hosts David Simon [https://www.skadden.com/professionals/s/simon-david-a] and William Ridgway [https://www.skadden.com/professionals/r/ridgway-william] welcome Skadden [https://www.skadden.com/] colleague Nicola Kerr-Shaw [https://www.skadden.com/professionals/k/kerrshaw-nicola] to discuss how AI vulnerability discovery tools such as Anthropic's Mythos are compressing the timelines around vulnerability discovery, exploitation and remediation, and what that means for board oversight, disclosure obligations and incident response planning. In the second half of the episode, Shehzad Charania [https://www.gov.uk/government/people/shehzad-charania], director of legal affairs and policy at GCHQ [https://www.gchq.gov.uk/], shares the U.K. government's assessment that frontier AI is materially changing the cyber threat landscape by increasing the speed and scale at which vulnerabilities can be found. He explains that organizations that have not addressed their cybersecurity fundamentals and technical debt will be increasingly exposed and warns of a coming wave of forced corrections across the technology ecosystem as AI accelerates the discovery of flaws that must be remediated. His message to boards: make cyber a board-level responsibility, prioritize resilience and plan now to deploy updates quickly and at scale. CONNECT AND LEARN MORE ☑️ Shehzad Charania [https://www.gov.uk/government/people/shehzad-charania] | LinkedIn [https://www.linkedin.com/in/shehzadcharania/] ☑️ GCHQ [https://www.gchq.gov.uk/] on LinkedIn [https://www.linkedin.com/company/gchq] ☑️ Nicola Kerr-Shaw [https://www.skadden.com/professionals/k/kerrshaw-nicola] | LinkedIn [https://www.linkedin.com/in/nicola-kerr-shaw-247a0531/] ☑️ Skadden [https://www.skadden.com/] ☑️ David Simon [https://www.skadden.com/professionals/s/simon-david-a] | LinkedIn [https://www.linkedin.com/in/david-simon-4122171/] ☑️ William Ridgway [https://www.skadden.com/professionals/r/ridgway-william] | LinkedIn [https://www.linkedin.com/in/williamridgway/] ☑️ Skadden [https://www.skadden.com/] | LinkedIn [https://www.linkedin.com/company/skadden-arps-slate-meagher-flom-llp-affiliates/?s=footer] | X [https://x.com/skaddenarps?s=footer] | Facebook [https://www.facebook.com/skadden/?s=footer] ☑️ Subscribe Apple Podcasts [https://podcasts.apple.com/us/podcast/decrypted/id1870585886] | Spotify [https://open.spotify.com/show/1tYHAP7mdGFl3nj2fYN8TU?si=c30eea5c12aa4ebc] “Decrypted” is a podcast by Skadden, Arps, Slate, Meagher & Flom LLP, and Affiliates [https://www.skadden.com/]. This podcast is provided for educational and informational purposes only and is not intended and should not be construed as legal advice. This podcast is considered advertising under applicable state laws.

Decoding NIS2: Europe's New Cybersecurity Playbook

In this episode of "Decrypted," Skadden's cybersecurity and data privacy co-leads David Simon [https://www.skadden.com/professionals/s/simon-david-a] and William Ridgway [https://www.skadden.com/professionals/r/ridgway-william] sit down with Nicola Kerr-Shaw [https://www.skadden.com/professionals/k/kerrshaw-nicola] in London and Susanne Werry [https://www.skadden.com/professionals/w/werry-susanne] in Frankfurt for a frontline look at NIS2 — the EU directive redefining how organizations must prepare for and report cyber incidents across Europe and beyond. After a quick survey of recent U.S. cyber and AI policy developments, the team dives into what happens when an incident strikes under NIS2 — from the directive's dramatically expanded scope and strict notification deadlines to registration pitfalls, board-level personal liability and the challenge of preserving legal privilege under pressure.The episode wraps with practical takeaways on tabletop exercises, incident response planning and key U.K. developments, including the proposed Cybersecurity and Resilience Bill. CONNECT AND LEARN MORE ☑️ Nicola Kerr-Shaw [https://www.skadden.com/professionals/k/kerrshaw-nicola] | LinkedIn [https://uk.linkedin.com/in/nicola-kerr-shaw-247a0531] ☑️ Susanne Werry [https://www.skadden.com/professionals/w/werry-susanne] | LinkedIn [https://de.linkedin.com/in/susannewerry] ☑️ David Simon [https://www.skadden.com/professionals/s/simon-david-a] | LinkedIn [https://www.linkedin.com/in/david-simon-4122171/] ☑️ William Ridgway [https://www.skadden.com/professionals/r/ridgway-william] | LinkedIn [https://www.linkedin.com/in/williamridgway/] ☑️ Skadden [https://www.skadden.com/] | LinkedIn [https://www.linkedin.com/company/skadden-arps-slate-meagher-flom-llp-affiliates/?s=footer] | X [https://x.com/skaddenarps?s=footer] | Facebook [https://www.facebook.com/skadden/?s=footer] ☑️ Subscribe Apple Podcasts [https://podcasts.apple.com/us/podcast/decrypted/id1870585886] | Spotify [https://open.spotify.com/show/1tYHAP7mdGFl3nj2fYN8TU?si=c30eea5c12aa4ebc] “Decrypted” is a podcast by Skadden, Arps, Slate, Meagher & Flom LLP, and Affiliates [https://www.skadden.com/]. This podcast is provided for educational and informational purposes only and is not intended and should not be construed as legal advice. This podcast is considered advertising under applicable state laws.

Decrypted: The First 72 Hours of a Ransomware Attack

Cybersecurity is a team sport — and in the first 72 hours of a ransomware attack, every decision counts. In this inaugural episode of “Decrypted,” David Simon [https://www.skadden.com/professionals/s/simon-david-a] and William Ridgway [https://www.skadden.com/professionals/r/ridgway-william], co-heads of Skadden's [https://www.skadden.com] Cybersecurity and Data Privacy Practice, walk listeners through a realistic triple-extortion ransomware incident scenario — from the moment a security operations center flags unusual outbound traffic and ransom notes start appearing to the legal, regulatory and communications decisions that follow. Tune in for their insights about what separates companies that weather these crises from those that don't. "Decrypted" is your go-to resource for scenario-based discussions, regulatory and enforcement deep dives, and interviews with experienced practitioners and thought leaders in the cybersecurity and data privacy space. Each episode will track how cyber, privacy and AI risks show up in real life — inside incident response calls, board discussions, regulator interactions and litigation strategies. CONNECT AND LEARN MORE ☑️ David Simon [https://www.skadden.com/professionals/s/simon-david-a] | LinkedIn [https://www.linkedin.com/in/david-simon-4122171/] ☑️ William Ridgway [https://www.skadden.com/professionals/r/ridgway-william] | LinkedIn [https://www.linkedin.com/in/williamridgway/] ☑️ Skadden [https://www.skadden.com/] | LinkedIn [https://www.linkedin.com/company/skadden-arps-slate-meagher-flom-llp-affiliates/?s=footer] | X [https://x.com/skaddenarps?s=footer] | Facebook [https://www.facebook.com/skadden/?s=footer] ☑️ Subscribe Apple Podcasts [https://podcasts.apple.com/us/podcast/decrypted/id1870585886] | Spotify [https://open.spotify.com/show/1tYHAP7mdGFl3nj2fYN8TU?si=c30eea5c12aa4ebc] “Decrypted” is a podcast by Skadden, Arps, Slate, Meagher & Flom LLP, and Affiliates [https://www.skadden.com/]. This podcast is provided for educational and informational purposes only and is not intended and should not be construed as legal advice. This podcast is considered advertising under applicable state laws.

Welcome to Decrypted

Welcome to Decrypted! A podcast exploring the latest events in cybersecurity, data privacy, technology, and government. It features a roundup of the latest events in cybersecurity, data privacy, technology, and government, as well as interviews with key opinion leaders and other experts. Hosted by members of Skadden’s Cybersecurity & Data Privacy Practice. The views expressed are their own and do not reflect the views of Skadden or its clients. Disclaimer: Decrypted is a podcast by Skadden, Arps, Slate, Meagher & Flom LLP, and Affiliates. This podcast is provided for educational and informational purposes only and is not intended and should not be construed as legal advice. This podcast is considered advertising under applicable state laws.