Pursuing a cybersecurity initiative takes more than a simple decision made by an organization’s chief information security officer (CISO). It requires resources, time, and, most crucially, buy-in from an organization’s key stakeholders, such as C-suite executives and board members. But trying to persuade the budget approvers while speaking in the technical language of cybersecurity can be off-putting. ‍

In the ever-evolving landscape of data security and compliance, businesses must always stay current with the latest industry standards. As 2024 arrives, one such standard that demands your attention is the Payment Card Industry Data Security Standard (PCI DSS) version 4.0. PCI DSS v4.0 is a significant shift in how organizations must approach credit card and payment processing security and compliance.

While security ratings are a great way to demonstrate that you’re paying attention to the standard cyber health of the organization, you also need to show that you’re adhering to industry and regulatory best practices for IT security and making informed decisions for the long-term. A cybersecurity framework can help.

The recent SEC breach disclosure rules place enormous pressure on CISOs. The new SEC disclosure requirements for public companies require companies to report annually on their cybersecurity risk management and governance efforts and publicly announce cybersecurity incidents that prove "material." Determining materiality may be one of organizations' most prominent challenges with the new rules. What exactly is a material cybersecurity incident?

Organizational leaders have generally viewed cybersecurity as a costly yet essential business function and recognize that Chief Information Security Officers (CISOs) and other cyber leaders make strategic decisions to safeguard the company's digital assets. Still, until recently, these higher-level executives have never sought to make sense of the technical cyber activities in a broader business context, believing their value to be too complex to discern. ‍

This week at the World Economic Forum Annual Meeting, SecurityScorecard published the first Cyber Resilience Scorecard, offering leaders and decision-makers a comprehensive and global view of global cyber risk. SecurityScorecard identified a strong correlation between a country’s cyber risk exposure and GDP, which underscores that a nation’s economic prosperity is deeply intertwined with its ability to navigate the complex landscape of cyber threats.

What are some of the worries that keep compliance professionals up at night? For one, stressful stakeholder meetings and keeping abreast of the latest regulatory requirements. So is reporting bad news to the board or senior management, certainly. Another nagging worry for many: Despite your best efforts, you may “misreport” an issue – not report it completely or accurately.

The Payment Card Industry Data Security Standard (PCI DSS) sets standards to keep the global payment card ecosystem trustworthy. Developed and maintained by the PCI Security Standards Council (PCI SSC), PCI DSS is meant to secure debit and credit card transactions to prevent cybersecurity issues like data theft or fraud. Any merchant or business that accepts customer payment cards and processes this data must comply with PCI DSS requirements.

My journey to finding Kovrr had been packed with headaches and puzzles that many CISOs still face today. Within a few short years of being the CISO at Avid, a content-creation software provider, I managed to implement tighter security controls and develop a framework that enabled objective progress measurement. ‍ However, I constantly faced an impasse when attempting to communicate these achievements with the board.

One study found that 65% of SaaS applications in use are unsanctioned. And 59% of IT professionals find SaaS sprawl challenging to manage. In other words, shadow IT risks are growing—but that’s just the tip of the iceberg when it comes to hidden risks across today’s expanding attack surface. Missed software patches, outdated certificates, and stealth malware are some examples. Many security teams still struggle to keep their networks safe from ever-growing digital supply chains.