In February 2024, Change Healthcare, one of the biggest IT solution companies in the U.S. healthcare system, suffered from a ransomware attack resulting in a complete shutdown of their IT system. Because of this attack, hospitals and pharmacies experienced interruptions in patient treatments, as well as in payments for several weeks. This is a nightmare for any software developer, security engineer or a company.

As cyber threats escalate in frequency and severity, IT and security teams face increased pressure to maintain transparency. With this in mind, the US Securities and Exchange Commission’s (SEC) Cyber Disclosure Rule, released on 26 July 2023, mandates timely and detailed public disclosures about cyber incidents.

The newly passed Australian Cyber Security Act is part of the reform laid out in the 2023–2030 Australian Cyber Security Strategy. The legislation aims to fill gaps in Australia’s overall cyber resilience and support the government’s ambition to become the most secure country globally.

Software developers push thousands of lines of code every day, helping enterprises shape the tools and applications we all rely on, starting from banking to entertainment. However, we shouldn’t forget that behind every successful deployment lies a hidden challenge – what cyber security measures should be taken to protect the source code, hardware and software products, and critical company and customer data?

The General Data Protection Regulation (GDPR) of the European Union and the California Privacy Rights Act (CPRA) represent landmark regulations designed to protect consumer data privacy. While GDPR became enforceable in May 2018, CPRA came into effect in January 2023, building on its predecessor, the California Consumer Privacy Act (CCPA). Both laws aim to empower individuals with greater control over their personal data while imposing rigorous obligations on businesses.

Based on our reading, the Digital Operational Resilience Act (DORA), is at a fundamental level, a transformative ICT challenge. DORA makes the speed and accuracy of security threat detection and response a board-level concern. Fail to stop, classify and report on cyber incidents accurately and, from 2025 onwards, your organisation could face a fine of 1% of global turnover.

The European Union has taken a significant step by introducing a directive to update the EU’s civil liability law that extends the definition of "defective products" to include software. These pivotal liability rules hold manufacturers accountable for harm caused by software vulnerabilities, urging them to prioritize cybersecurity and compliance. Here’s how manufactures should think about navigating these new compliance challenges.

‍The Australian Prudential Regulation Authority (APRA) has introduced Prudential Standard CPS 230 to enhance the operational resilience of financial institutions and protect the broader financial system from disruptions. APRA CPS 230 details the crucial requirements for managing operational risks, ensuring business continuity, and overseeing third-party service providers.

In today’s rapidly evolving digital landscape, managing cyber risk has become essential for sustaining corporate growth and resilience. Cyber risk management requires balancing corporate growth against the evolving tactics of threat actors and governmental regulations – a daunting task that requires continuous measurement and strategic reflection.

This January, the EU’s Digital Operational Resilience Act (DORA) will come into force, along with a number of other EU crypto regulations, and it is poised to usher in a new era for technology providers – in both the traditional and digital asset markets. Fireblocks is ready for this transition, and we’ve been helping our clients prepare for the new digital asset regulations in recent months as the deadlines approach.

Saudi Arabia’s new Personal Data Protection Law (PDPL), guided by the Saudi Data and Artificial Intelligence Authority (SDAIA), brings strict data protection requirements for organizations across the Kingdom. If your business is still working to put strong data loss prevention (DLP) measures in place, preparing for compliance might feel daunting. That’s where Netskope comes in—our local presence and advanced data protection solutions make PDPL compliance easier and more efficient.

General Data Protection Regulation Compliance, also known as GDPR Compliance, is the European Union’s foundation law on data privacy and security. The objective of GDPR is to provide individual’s control over their personal data from how it’s collected to how it’s use, shared, and storage.

Cybersecurity and operational resilience are paramount for organizations, especially those handling sensitive information. Three prominent compliance standards— the US CMMC 2.0, the Australian CORIE, and the EU’s DORA —address these needs in different sectors and regions. This blog will compare and contrast these standards, highlighting their unique features, similarities, and differences.

As the official implementation date approaches for the Digital Operational Resilience Act (DORA) – financial institutions and their information and communication technology (ICT) service providers, across the European Union are gearing up for a significant shift in their operational landscape.

With cybersecurity threats on the rise, regulatory bodies are taking robust measures to secure essential infrastructure. The European Union’s introduction of the NIS2 Directive marks a significant step in this direction, aiming to fortify the defenses of critical sectors across Europe. Managed Service Providers (MSPs) play a pivotal role in safeguarding networks and information systems, and the new NIS2 requirements underscore the heightened responsibilities they face.