Cyber insurance is the fastest-growing sector of the world’s insurance markets. But, a recent increase in ransomware attacks and business email compromises has led to a sharp uptick in claims, resulting in significant losses for cyber insurers and increased premiums. Cyber insurance customers need a way to increase their cyber resilience, reduce premiums, and improve their cyber postures.

Organizations rely on dozens or hundreds of third-party vendors every day to provide strategic services. Due to the increased reliance on outsourcing, the need to automatically and continuously monitor and manage vendors is not an option—it’s a business imperative. As the frequency and severity of third-party data breaches continue to escalate, your organization must remain vigilant so it can effectively protect its network and data from cyberattacks.

Cybersecurity is a top risk for corporate directors to understand and navigate. The implications of cyber events for a company are many and growing: instantly damaged reputations that erode years of credibility and trust with customers and investors, impaired profitability from customer attrition and increased operating costs, lost intellectual property, fines and litigation, and harm to a company’s people and culture.

The following list offers three effective strategies for keeping your board informed of the business’s third-party risk exposure and the efficacy of its Third-Party Risk Management program.

ISO 9000 and ISO 9001 are terms that are often used interchangeably when discussing quality management at an organization, but they actually refer to separate things. While both are related to quality assurance and ISO certification, they have distinct differences in their fundamentals and approach.

Last week, SecurityScorecard was invited to participate in a fireside chat with Michael Daniel, President & CEO of the Cyber Threat Alliance (CTA). SecurityScorecard’s Chief Business Officer, Sachin Bansal, joined Daniel for a lively discussion regarding how to measure cyber health and clearly communicate progress against those metrics.

Cybersecurity is one of the top concerns for organizations. In recent years, and that’s not going to change any time soon – unless, if anything, cybersecurity becomes the top concern. So what can an organization do about the rise in cybersecurity incidents? In this article we’ll take a closer look at security incidents: what they are, the most common types, and how to prevent and mitigate them.

As cloud adoption continues to grow, periodic cloud security risk assessments should be high on your organization’s priority list.

Supply chain security has been a top concern for risk management leaders ever since the high-profile attacks to SolarWinds and Log4j took place. While there's no one-size-fits-all way to identify, assess, and manage cyber risks in the supply chain, MITRE's System of Trust Framework offers a comprehensive, consistent, and repeatable methodology for evaluating suppliers, supplies, and service providers alike.

Most malware security researchers encounter in the wild is written in C or C++. These languages provide low-level system access and control, plus performance, allowing threat actors to create highly efficient and stealthy code. But that doesn’t mean cybercriminals are limited to those two languages. SecurityScorecard recently reverse-engineered the Vjw0rm worm written in JavaScript and the Java-based STRRAT remote access trojan (RAT).