Cybersecurity

Proposed rules relating to incident reporting aim to improve cybersecurity in public companies, but FTI Consulting’s Jordan Rae Kelly suggests the SEC's well-intentioned requirements could have unintended consequences. The SEC recently voted in favor of a proposal that would require...

Unauthorized use of unsecured business applications presents growing danger. So-called shadow IT presents GRC teams with the need to prevent end users from taking actions that while seemingly expedient, completely undermine otherwise robust cybersecurity and data protection measures.  Let’s say...

As part of its ongoing commitment to cyber threat research, Kroll’s threat intelligence team looked at hundreds of real-life cyber incidents to determine how intrusions occur. Alan Brill, senior managing director of cyber risk at Kroll, explains what they’re seeing...

With increased scrutiny from a litany of regulators, cryptocurrency exchanges and financial institutions are now required to monitor, flag and report suspected ransomware payments. Doing so calls for a range of technological capabilities and a sophisticated approach to identifying suspicious...

Compliance teams could see an uptick in cybersecurity whistleblower complaints as regulators expand protections and incentives for those reporting data breaches, vulnerabilities or other cyber-related misconduct. But cybersecurity incident reports require special handling. Here’s how to prepare for the unique...

In 2016, hackers associated with the North Korean government almost made off with $1 billion from the Bank of Bangladesh. Cyber criminals were paying attention. In this excerpt from cybersecurity expert Jon DiMaggio’s upcoming book, the author runs down how...

Data anonymization techniques that maintain a 1:1 relationship between personal info and the people to whom they relate are appropriate in certain use cases. But depending on these techniques in live production environments leaves companies—along with their users and/or employees—vulnerable...

The Biden Administration and DOJ intend to pursue cyber fraud through the False Claims Act (FCA), with an emphasis on whistleblower reporting. The implications could devastating for unsuspecting health care compliance teams and lead to multiple exposures to enforcement. 

New rules proposed by the Securities Exchange Commission could change the way the advisors and funds communicate cyber risk to investors. If adopted, funds would be required to maintain records of cybersecurity polices and procedures, and report incidents within a...

You know the resources and commitment required for a successful cybersecurity program. But your company's leaders might not. Communicating what they need to know calls for both art and science. Arm yourself with data, common language and a pitch that...

Since last year's Data Privacy Day, system down times have continued to lengthen. Cyber insurance has continued to grow more expensive. AI remains a double-edged sword. As always, awareness training and security protocols serve the best shields in the ongoing...

In 2022, nations and organizations around the world will continue working to protect customer data against hackers and accidental breaches. From new international regulations to artificial intelligence, here is a look at how cyber compliance is shifting priorities. We often...