View as Webpage

Volume 6, Issue 1

Welcome


Welcome to our sixth volume and first issue of 2025 of Decoded - our technology law insights e-newsletter. We have been publishing for six years and could not continue without our committed readers and your insights. If you have any suggestions for 2025 and Decoded, please let us know. Your input is invaluable for this publication.

 

Before we dive into this issue, we encourage you to check out the National Labor and Employment Law Symposium being held January 26-29 in Steamboat Springs, Colorado. This is an exclusive gathering of top national and international labor and employment lawyers to discuss the latest legal updates in a close-knit, collegial atmosphere. More than a dozen sessions, in a roundtable format, will cover cutting-edge labor and employment topics including leave and accommodation concerns, AI, litigation tactics, and much more! In between sessions, participants will have plenty of time to enjoy skiing in Steamboat Springs or networking over drinks or dinner. You can learn more about the event and register here.

 

We hope you enjoy this issue and thank you for reading.


Nicholas P. Mooney II, Co-Editor of Decoded; Chair of Spilman's Technology Practice Group; Co-Chair of the Cybersecurity & Data Protection Practice Group; and Co-Chair of the Artificial Intelligence Law Practice Group


and


Alexander L. Turner, Co-Editor of Decoded and Co-Chair of the Cybersecurity & Data Protection Practice Group

4 Cybersecurity Trends to Watch in 2025

“Critical industries are up against never before seen challenges to remain secure and operational, while regulatory pressures have completely upended the role of the CISO in corporate America.”

 

Why this is important: (1) Single points of failure continue to proliferate critical IT systems - While 2024 had its fair share of high-profile IT systems failures, such as Change Healthcare’s ransomware attack and CrowdStrike’s faulty software update, cybersecurity experts forecast single points of failure will continue to be a problem in 2025. Many businesses fail to recognize single points of failure vulnerabilities or do not accurately gauge their potential impact, and are no match to these sophisticated and efficient systems-wide cyberattacks occurring regularly resulting in diminished customer confidence. Analysts urge businesses to stop singularly focusing on preventing cyberattacks, and realize that they need to accept and prepare for the inevitable – catastrophic failures can and will occur. That is why resilience-based thinking is recommended. Businesses will have the best chance to bounce back by anticipating and preparing for these intrusions in lieu of prevention considerations only.  

 

(2) Regulatory environment, tense threat landscape create new landscape for CISOs - With malicious cyber activity on the rise, federal and state regulatory obligations and compliance have increased exponentially placing a heightened burden on Chief Information Security Officers (CISOs) and other top security executives. Regulatory officials seek to gain real-time intelligence and insight into cyber threats and to ensure prompt disclosure of risks and cyberattacks to key stakeholders. One cybersecurity company, Trellix, is considering splitting the role of the CISO to include a business CISO role in order to deal with the dramatic increase in state and federal regulations. According to National Cyber Director Harry Coker, Jr., efforts to streamline the regulatory burden on companies are underway so as to lessen the amount of time a CISO must spend in compliance versus the time being spent in defending against inevitable cyberattacks. In late 2023, the Securities and Exchange Commission (SEC) began enforcing rules requiring publicly traded companies to report material cyberattacks and breaches to the agency. It is reported that this resulted in a 60 percent increase in cyber disclosures to the SEC, though less than 10 percent of these disclosures were of a material nature. More than 75 percent of incident disclosures filed with the SEC were made within eight days of the actual incident, with 40 percent of companies making additional disclosures with Form 8-K.

 

(3) Telecom attacks will fester into 2025 - Federal cyber authorities were overwhelmed in 2024 with containing and determining the scope of a sweeping series of attacks on telecom networks in the United States, and this problem will persist in the new year. Salt Typhoon, a threat group sponsored by China’s government, is believed to have ongoing access to at least nine telecom companies in the United States after infiltrating these networks in 2024. These attacks on critical infrastructure in the United States are an attack on its citizens' cyber-interconnectivity, and the public remains vulnerable as this infiltration remains ongoing without an understanding as to the extent of what Salt Typhoon has done. Defenders have not been able to boot the attackers embedded in telecom networks. Federal authorities suspect espionage, while other possible motives include evolving communication disruption capabilities in times of crisis or conflict. Incredibly, there appears to be no end in sight as telecom networks remain vulnerable. 

 

(4) Evolution of the CISO - In December 2023, the SEC rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure went into effect which places increased responsibilities on CISOs, particularly at publicly traded companies. The SEC ruling finds CISOs being held to a much higher standard in terms of reporting cybersecurity incidents and risks to stakeholders and to the SEC. With this increase in regulatory responsibilities, CISOs are also experiencing more prominent roles within the governance structure of modern companies and increased influence in the boardroom and C-suite, particularly with technology strategy. --- Jennifer A. Baker

5 Predictions for Emerging ’25 Technology Trends

“Allow me, then, to make five predictions on how emerging technology, including AI, and data and analytics advancements will help businesses meet their top challenges in 2025 – particularly how their technology investments will drive future growth.”

 

Why this is important: AI and data innovations are set to redefine business success in 2025. Make no mistake, AI is here to stay and its impact on the future of global technology cannot be understated. Its impact will be felt from consumer interaction to business operations. Recognizing the powerful role of emerging technology, including AI and sophisticated data analytics, it is clear that in order to meet their top challenges in 2025, businesses need to prioritize technology investments as they will drive future growth. The author makes five predictions in support of this assertion.

 

Prediction 1: Bringing interaction and communication among every device and platform that a customer has will lead to specialized recommendations for that consumer and create a more satisfying, friction-free buying experience. 

 

Prediction 2: AI and new levels of predictive analytics will prevail in retail. Predictive analytics will permit a consumer’s virtual storefront to be tailored to their likes and preferences allowing for “concierge level” experiences without needing a thousand-person operation or astronomical data analytics budget. 

 

Prediction 3: Real innovation is on the horizon with advances in AI and ML bringing much needed automation to compliance, testing, documentation, and other tasks that consume a developer’s time. In addition, multi-party collaboration will expand lending confidence to provision, within one platform, multiple data sets, controls and protection mechanisms. 

 

Prediction 4: As more RAG-based approaches [Retrieval Augmented Generation] are employed, greater reliability and accuracy are expected with AI outputs. 

 

Prediction 5: The demand for self-service capabilities will continue, but gone are the days that DIY operation implies point-and-click user interfaces. Instead, a great user experience will incorporate the simplicity of talking and prompting which AI agents will deliver in 2025.

 

When executed correctly, AI technology will undoubtedly impact business success by improving their bottom lines. --- Jennifer A. Baker

These Bills would Regulate High-Risk Artificial Intelligence Use in Virginia

“Virginia lawmakers will weigh legislation to shape policy on AI authentication, developer responsibilities.”

 

Why this is important: The use of AI is exploding throughout the economy. With this exponential expansion of the use of AI has come increased public safety and privacy concerns. In response to these increased risks, legislation has been proposed in the Virginia Legislature to regulate high-risk AI systems used in healthcare, law enforcement, and education. With all the good AI tools can provide, there are fears about the improper use of AI tools. There are concerns about the use of AI deepfakes that are used to influence elections or to embarrass individuals. In regards to law enforcement, some agencies have become too reliant on AI face recognition, and have been foregoing traditional police work. This has resulted in many false arrests and charges that would have been avoided if law enforcement had simply checked easily verifiable alibis. It is these types of uses of AI that legislators want to avoid.

 

AI is created is by scraping data off the Internet in order to learn. To address this issue, the proposed HB 2121 would require AI developers to provide information regarding their AI’s origin and history of development. Legislators also want transparency when it comes to AI, and for this information to be accessible to the public. This bill also includes additional responsibilities for distributors and integrators of AI systems, and not just for developers and deployers. Another bill, HB 2250 would allow consumers to opt out of the use of their personal information for the creation of an AI system. Additional legislation is being proposed that would create requirements for the creation and use of AI by state and local government entities. Virginia wants to be responsible in the use of AI technologies without stifling innovation and economic advancement. Spilman’s Technology Practice Group will continue to monitor the advancement of this legislation and provide updates if these bills pass. --- Alexander L. Turner

Could a Trump Bitcoin Reserve Spark an Unprecedented Cryptocurrency Market Rally?

“The world’s oldest and most famous cryptocurrency had already climbed above $100,000 for the first time in the wake of Trump’s November 5 election win, but sights have been set far higher for the months that will follow the President-elect’s January 20 inauguration.”

 

Why this is important: In December, I wrote and discussed a few major considerations that would impact the price and treatment of Bitcoin in the next four years of a Trump presidency: deregulation, global adoption, and the Bitcoin Act of 2024, to name a few. If passed, the Bitcoin Act will require the United States to accumulate one million bitcoins, nearly 5 percent of the total supply, within 20 years. Aggressive action from the federal government has supported optimistic trading. On January 20, 2024, Bitcoin hit a record high of $109,000. Will the good times continue to roll? While it is likely that the price will continue to rise, possibly reaching an estimated high of $150,000 by the end of 2025, there is still much doubt surrounding the cryptocurrency industry as a whole. Deregulation from the strict compliance standards of the SEC, speculative pricing, sophisticated domestic and international hackers, and standard insider trading pump-and-dump schemes loom ever more. One thing is for certain, the crypto market will reach new heights under a Trump presidency; whether the changes will be good -- and safe -- for Americans is yet to be determined. --- Sophia L. Hines

Rising Cybersecurity Threats Target U.S. Higher Education Institutions

“By understanding who, where and how attackers are targeting universities and colleges, and taking a human-centric approach, officials can better safeguard their sensitive data.”



Why this is important: Institutions of higher education house vast amounts of sensitive data ranging from financial information to government-funded research. The extensiveness of these networks and open information-sharing environment that universities foster inherently poses a security risk. As this article highlights, a layered and targeted defense system can help to mitigate these vulnerabilities and protect against cyber threats. A human-centric approach that prioritizes user education, particularly increasing awareness of cybercriminal tactics, can reinforce institutional cyber security and significantly reduce the risk of data breach through phishing schemes. In addition, email security systems that allow for real-time threat intelligence, insider threat management detection tools, and a comprehensive data loss prevention solution can aid in preventing the unauthorized transfer of data, identifying unusual user behavior, and protecting against impersonation attacks.

 

With increasing legal and operational risks from cyber threats, a complex body of regulations with which to comply, time-intensive response procedures, and the threat of lawsuits and regulatory penalties, institutions of higher education face no shortage of challenges when it comes to data security. If your institution would benefit from a legal review of its cybersecurity policies, response plans, breach notification procedures, and cyber insurance coverage, please contact your Spilman counsel or any member of the Education or Technology Practice Groups for further assistance. A proactive approach can reduce the potential for significant monetary and reputational harm. --- Nicholas A. Muto

Space Factories Closer to Reality as New 3D Printing Tech Shows Promise 

“With this new 3D printer system, anything needed in orbit could be 3D printed on the spot.”


Why this is important: 3D printing has come a long way, a very long way. The ability to print almost anything (except many metals) is here. Plastics and other malleable materials can be molded into surprising shapes. CAD technology allows technicians to cut complicated parts out of any material, including metal and wood. Many universities now are expanding this ability, with the hope that long-term stations and factories will be able to produce highly technical parts in space, possibly solving many problems, including replacement parts for space applications. --- Hugh B. Wellons 

North Korea Stole Over $659M in Crypto Heists During 2024, Deploys Fake Job Seekers

“The announcement provided the first official confirmation that North Korea was behind July’s $235 million hack of WazirX, India’s largest cryptocurrency exchange.”

 

Why this is important: North Korea is currently responsible for the theft of at least four billion dollars ($4,000,000,000) worth of cryptocurrency. In a multi-pronged attack, North Korean hackers infiltrated trading platforms and firms in India, Japan, and the United States. In addition, hacker teams successfully deployed workers who infiltrated IT departments at several blockchain companies and supported the attack from the inside. One group of hackers, the Lazarus Group, is cited for using cryptocurrency-stealing malware and inside personnel to carry out the cyber thefts. It is estimated that the funds are being funneled into the sanctioned North Korean nuclear weapons program. As the interest in and use of cryptocurrencies are expanding globally, the guardrails may not be properly in place to protect “investors”. Tried and true investing habits should still be practiced. Never invest more than you can lose; be vigilant and cautious about accessing crypto-wallets and carrying out transactions on various devices and networks. --- Sophia L. Hines

Proposed HIPAA Amendments Will Close Healthcare Security Gaps

"Changes to the healthcare privacy regulation, including technical controls for network segmentation, multifactor authentication, and encryption, would strengthen cybersecurity protections for electronic health information and address evolving threats against healthcare entities."

 

Why this is important: The increased use of technology in healthcare has created new and increased vulnerabilities for patients' protected health information (PHI). Even though the use of technology in the healthcare industry has grown exponentially, the HIPAA Security Rule was last revised in 2013. To try and close these gaps in data privacy, the U.S. Department of Health and Human Services is now planning an overhaul of the HIPAA Security Rule. The proposed new rules include:

 

  • All policies, procedures, plans, and analyses must be in writing;
  • Facilities must create and maintain up-to-date technology asset inventory along with a network map to track the movement of PHI through the network;
  • More specifics regarding how to conduct a security risk analysis; and
  • The implementation of the multi-factor authentication.

 

The proposed rules will be published in early March 2025. Industry stakeholders will have 60 days after the publication of the proposed rules to submit comments. Thereafter, the HHS will issue the final version of the rules, but the exact date is currently unknown. Spilman’s Technology Practice Group will monitor the publication of the proposed rules and provide an update when they are published. --- Alexander L. Turner

Artificial Intelligence Energy Demand is Driving Climate Tech Investing

“They’ve done so as the growing demand for artificial intelligence has driven interest in technologies that can power data centers with less emissions.”

 

Why this is important: The surge in AI development is reshaping climate technology investment patterns, with energy infrastructure becoming critical to support AI's growing power needs while meeting environmental goals.

 

Energy startups have emerged as the leading destination for climate tech investment in 2024, surpassing electric vehicle and battery companies for the first time since 2020. Venture funding for energy companies reached $9.4 billion last year, marking a 12 percent increase from 2023, with nuclear investment nearly doubling to $1.9 billion.

 

The shift comes amid an overall decline in climate tech funding, as venture capitalists maintain caution due to political uncertainty and challenging business conditions. While total climate tech investment fell 14 percent below 2023 levels, following a 24 percent drop the previous year, energy investments bucked this downward trend.

 

This realignment of investment priorities reflects the growing recognition of AI's massive energy requirements. Tech companies are increasingly committing to purchasing clean power and exploring emerging technologies like nuclear fusion to meet their expanding needs. Industry analysts expect this trend to continue through 2025 as AI development accelerates.

 

Market researchers at Sightline suggest that while overall venture funding may remain at lower levels compared to recent years, the dramatic funding decreases seen in 2023 are unlikely to repeat as the industry stabilizes into what they term "a new normal." --- Hikmat N. Al-Chami

DNA Nanorobots that can Alter Artificial Cells Offer a New Tool for Synthetic Biology

“They allow the creation of novel transport channels that are large enough to facilitate the passage of therapeutic proteins across cell membranes.”

 

Why this is important: Advances in biology and robotics have harmonized and pushed therapeutic intervention forward. Researchers at the University of Stuttgart have developed a tool for controlling the shape and permeability of lipid membranes in synthetic cells. In addition, DNA nanorobots have been employed to further influence the shape and structure of certain synthetic cells. What this means is that researchers are on the verge of creating viable synthetic channels ultimately within the membranes of living cells, which will significantly increase the capacity of therapies to improve the health of patients. The cell membrane is delicate and some current therapies cannot enter the cell without causing destruction, resulting in low absorption, or fatal toxicity to the surrounding tissue. Once this technology is perfected, the possibilities will be infinite. --- Sophia L. Hines

Artificial Intelligence and the New Human Experience and Generative AI is Great for Legal Work — but Make Sure It’s Monitored, Judges Say  

“Labor, identity, and the future of work are at stake.”


“Lawyers must understand how their AI tools work, supervise their teams, check results carefully and experiment, according to former magistrates.”


Why this is important: AI seems to be everywhere. It will take over complicated labor tasks, making skilled workers obsolete. It will replace the accounting and legal professions. “Terminator” is here! The reality is much more nuanced. The first article explains where AI is and what it can do in broad terms. It is good at repetitive behavior and brute research, among other things. Creativity and subtlety are not its strengths. 


The second article recounts the infamous Mata case where an attorney used AI in a lawsuit filing without checking the legal sites or, apparently, anything. The AI program he used just made up things (called in AI, “hallucination”), and the lawyer was sanctioned, fined, etc. That was three years ago, and now, with the assistance of a human, an AI program has passed multiple state bar exams. It’s come a long way! Still, for many good reasons, judges caution that AI can be used only with careful oversight. Think of it as a brilliant first year associate with no moral code, or a playful 6-month Cane Corso, who only wants to have fun and please you, and doesn’t care what gets ruined in the process. That’s about where we are. 



The most important lesson from these articles is that AI is improving itself, as it is designed to do. It has many applications and is a useful tool. It will revolutionize robotics applications and reduce many repetitive factory jobs. It will make accounting programs more powerful and may replace many simple accounting functions. It is great in law at first drafts of form-documents and legal research, among other tasks, but you must recheck every case, proof every line. Will it replace some lawyers, especially first and second year associates? Maybe, but then where will senior associates and new partners come from? Use it, but remember the “Hill Street Blues” admonition: “Let’s be careful out there!” --- Hugh B. Wellons

 

X Share This Email
LinkedIn Share This Email

This is an attorney advertisement. Your receipt and/or use of this material does not constitute or create an attorney-client relationship between you and Spilman Thomas & Battle, PLLC or any attorney associated with the firm. This e-mail publication is distributed with the understanding that the author, publisher and distributor are not rendering legal or other professional advice on specific facts or matters and, accordingly, assume no liability whatsoever in connection with its use.



Responsible Attorney: Michael J. Basile, 800-967-8251