Today, electricity is so ubiquitous that it’s difficult to perform even basic tasks without it. But when electricity was first introduced, it took decades for broad acceptance and adoption because it was misunderstood and misused. Slowly, the benefits began to outweigh the cons. As with any innovation, there are setbacks, but electricity has overwhelmingly been a force for good. The same can be said about cybersecurity risk ratings. Are they perfect? No.

By now you’ve heard about the new cybersecurity rules from the U.S. Securities and Exchange Commission (SEC) requiring public companies to report material cybersecurity incidents and disclose critical information related to cybersecurity risk management, expertise, and governance. Companies will be required to disclose risks in their annual reports beginning on December 15, 2023.

Businesses face risk all the time – and that’s OK. Even though the word “risk” typically has negative connotations, the term can actually represent many situations, not all of them unfavorable. ISO 31000 states that risk is the “effect of uncertainty on objectives.” That actually means risk can come in two types: positive and negative.

Most companies will quickly accept the insurance provider's first offer when negotiating cybersecurity insurance policies. Although a relatively new component of the insurance sector, providers have still been conducting cyber assessments and offers for years and are the so-called expert. ‍ However, this way of thinking costs enterprises thousands, if not millions, of dollars a year in deductibles.

Book publishers, movie distributors, TV producers, game developers, and newspaper publishers are just a few of the many businesses in the media and entertainment industry increasing their use of online services. Streaming services and the production of digital assets are the norm for media companies around the globe.

A whaling attack is a type of phishing attack that targets senior executives. The act of whaling is usually perpetrated via email and involves deceiving victims into initiating actions that put the organization and its assets at risk. In this blog, we explore how a whaling attack works, why executives are targeted, examples of successful whaling attacks, and steps you can take to prevent them.

Whether your organization is prepared or not, the risks associated with third-party partnerships will continue to increase. In 2022, approximately 1,802 data breaches exposed the information of more than 422 million individuals in the United States alone. While those numbers are enough to frighten any organization, many reports expect them to continue to rise throughout 2024.

Vendor Risk Management is critical for reducing the impact of security risks associated with third-party vendors. But often included with this cybersecurity practice is a bloat of administrative processes that disrupt workflows and impact VRM efficacy, defeating the purpose of even having a VRM program. To establish a scalable Vendor Risk Management program, cybersecurity teams should take advantage of every opportunity to replace manual processes with automation technology.

Cyber attacks have grown significantly over the last few years, and their cost to victim organizations marches ceaselessly upward as well. Now many of those victim organizations are learning the hard way that business insurance policies often won’t cover the regulatory fines from security incidents that are considered “preventable.” Hence the need for extra protections from “cyber insurance” to fill any coverage gaps you might have.

Customers often tell us of instances where someone in their team spins up a new machine that isn’t using an approved geolocation, or that they see an unexpected spike in hosting from a particular country. These anomalies can put an organization at risk, especially since they are difficult to spot in an automated way.