‍Since the SEC's latest cybersecurity regulations went into effect, thousands of companies have already been compelled to submit their annual Form 10-K with the novel Item 1C. Similarly, dozens of organizations have filed updated Form 8-Ks to disclose cybersecurity incidents. Slowly but surely, these public reports are helping investors become more aware of the intrinsic relationship between cyber risk and market value.

Third-party risk assessments identify, evaluate, and mitigate potential risks that third-party vendors might introduce into business operations. These processes form the foundation for a proactive risk management program, meeting regulatory requirements while safeguarding organizational assets and preventing reputational damage. Cyber risk assessments help identify any security hazards that could potentially disrupt operations and the supply chain.

A Third-Party risk assessment is a critical component of a Third-Party Risk Management program. Without understanding how to properly execute these assessments, the efficiency of your TPRM program will remain limited. This post provides a detailed six-step guide for performing third-party risk assessments in cybersecurity.

The right choice of Third-party risk assessment software will automate risk assessment workflows and boost the efficiency of your Third-Party Risk Management program. This post reviews the top eight contenders in the TPRM and supply chain risk management market to help you make the right choice for your third-party cybersecurity objectives.

As a cybersecurity company, Obrela is vigilant in monitoring the evolving regulations and how these impact our clients, especially those in the financial sector. With the introduction of the Digital Operational Resilience Act (DORA), we see a transformative step forward in the European Union’s approach to financial cyber resilience. Here’s an overview of what DORA entails and what it means for financial entities.

At RiskOptics, our mission is to make GRC simple, and it’s been that way since the inception of ZenGRC in 2009. With an in-house team of GRC experts and a development model focused on customer and industry challenges, we pride ourselves on being collaborative, innovative, and transparent.

Universities are increasing their reliance on third-party providers for various services, such as electronic health records, telehealth platforms, insurance billing, and mental health support. While these partnerships enhance business operations and save valuable time, they also introduce significant cybersecurity risks.

This week, the SEC issued a statement addressing some of the rampant confusion and inconsistencies observed under the agency’s new cyber breach disclosure rule. The statement itself addresses a technical securities law requirement, that public companies should only use Item 1.05 of Form 8-K to disclose “material” cyber breach information (instead of making voluntary or immaterial disclosures).

Whether it's because industrial control systems remain quite vulnerable to attacks, or because these systems manage valuable physical resources and uptime is essential—or a bit of both—attackers are increasingly targeting operational technology (OT) and industrial control systems (ICS).