In recognizing the growing impact of third-party risks on operational resilience, the Prudential Regulation Authority (PRA) has established new regulatory requirements in the areas of third-party risk management and outsourcing. The details were published in a Supervisory Statement that has been put into effect since March 2022.

Companies around the world and across industries face greater cyber threats than ever before. Cybersecurity incidents are becoming ever more frequent, and the costs associated with those attacks have marched upward too. As the risks grow, companies have strengthened their capabilities, both in prevention and incident response. Still, no company can guarantee that it will never be hacked, so companies must have cyber insurance in place in case the worst happens.

Software supply chain compromises are becoming an increasingly common tactic used by cyber criminals to infiltrate organizations. While the SolarWinds attack 3 years ago was the most infamous, these attacks are increasingly gaining in popularity among cyber attackers. This is because it is often easier to compromise a third-party vendor or supplier than it is to attack the organization directly.

As the frequency and complexity of cybersecurity threats continue to grow, it is becoming increasingly important for organizations to adopt advanced tools and techniques to protect themselves. One way to do this is by utilizing the MITRE attack framework (ATT&CK), a comprehensive taxonomy of common tactics, techniques, and procedures (TTPs) cyber attackers use to compromise information systems and steal data.

Internal controls can serve two purposes: to protect a business from accounting fraud, asset loss, or similar financial reporting failures; and to assure that the business meets its regulatory compliance obligations. An audit evaluates the accuracy of a company’s financial statements and the effectiveness of its internal control system to identify control weaknesses. In addition, audits typically include some form of substantive testing, which tests for risks of material misstatements and errors.

Cybersecurity isn’t easy in any industry, but it is perhaps most challenging for the banking, financial services, and insurance (BFSI) sector. Financial institutions are highly digitized and have large, complex IT infrastructures with many environments and assets to protect. At the same time, these enterprises are highly targeted by threat actors, leading to a constant barrage of attacks to detect and disrupt.

These four words are all too familiar to most CISOs and Risk Managers. In fact, nearly 70% of cybersecurity practitioners and decision-makers feel that their organization doesn’t have enough security staff to be effective, found a recent Cybersecurity Workforce Study.1 Infosec and cyber risk management teams are usually small, stretched thin and overwhelmed with work.

Being part of a governance, risk, and compliance (GRC) team is no easy task, as you have to stay on top of evolving expectations and laws, while connecting different business units together in a way that makes sense to other stakeholders. One area that’s been particularly tough to manage recently has been cybersecurity. From new data security standards to heightened risks around areas like ransomware, GRC teams have their hands full.

The recent collapse of Silicon Valley Bank (SVB) has sent shockwaves through the tech industry, prompting many individuals and companies to move their bank accounts to other financial institutions. However, in the midst of this turmoil, cybercriminals are poised to take advantage of people’s fears and concerns. If you’re planning to move your bank account or have already done so, it’s important to be aware of the security risks associated with this process.

In early March, the SANS Institute, whose mission is to empower cybersecurity professionals with the practical skills and knowledge to make the world a safer place, shared some insightful findings based on their survey on ransomware and malware intrusions in 2022. The survey included participants in various roles and industries from organizations worldwide of all sizes. “In this survey, we wanted to understand what the past year looked like for our respondents.