It all started with a statement from the US Securities and Exchange Commission’s (SEC) Jaime Lizárraga. The commissioner revealed that a staggering 83% of companies suffered from multiple data breaches last year, with an average expense of $9.44 million in the United States— a dramatic increase of 600% over the past ten years.

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) voted to adopt new cybersecurity requirements for publicly traded companies. These regulations create new obligations for reporting material cybersecurity incidents and disclosing critical information related to cybersecurity risk management, expertise, and governance. Companies will be required to disclose risks in their annual reports beginning on December 15, 2023.

In 2022, the finance industry suffered the second-highest number of data breaches. Besides implementing an attack surface management solution, the finance sector must also ensure its remediation product can quickly and efficiently address cybersecurity risks. If you’re in the market for a cyber risk remediation product, this post outlines the key features to look for to maximize the ROI of your new IT security tool. Learn how UpGuard protects financial services from data breaches >

Cyber risk remediation, the process of actively identifying, remediating, and mitigating cybersecurity risks, is particularly critical for the technology industry. With its characteristic enthusiasm towards adopting the latest trends in innovation, without a cyber threat remediation product, tech companies are unknowingly increasing their risk to a swatch of data breach risks.

Cybersecurity intelligence is a powerful weapon against risk. It enables you to discover, proactively respond, and mitigate emerging threats—internally and across your supply chain. But how can you improve your cybersecurity intelligence without overburdening busy teams? Here are three ways you can combine technology, processes, and people to effectively acquire, analyze, and disseminate intelligence to improve your organization’s security posture.

The recent rise of ransomware, attacks on supply chains and increasing costliness of privacy regulations has made cyber insurance an important topic of discussion. But it can be tricky to keep up with cyber insurance requirements. One of the most robust ways to meet those requirements is with multi-factor authentication (MFA).

So you've received a critical risk finding for SSL not available, which means your domain does not have an SSL certificate installed on the server. To resolve this finding, you can generate and supply an up-to-date SSL/TLS certificate on your site. SSL, which stands for secure sockets layer, and its successor TLS, or transport layer security, are internet protocols for securing traffic between systems with an encryption algorithm.

Investments in effective risk management, and especially in IT systems to manage risk, have historically paid huge dividends. In a 2023 PwC US Risk Perspectives Survey, 57 percent of C-suite respondents reported seeing better decision-making capabilities thanks to investments in such applications. But there is still significant room for improvement in enterprise risk management, starting with better risk modeling and forecasting.

In a world where software risk is business risk, you need a robust ASPM solution that simplifies testing, triage and risk management. Now more than ever, organizations are realizing that software risk is business risk, and making application security programs scalable and efficient is paramount to successfully managing that risk.

A cybersecurity risk assessment is an examination of an organization or potential vendor’s current technology, security controls, policies, and procedures and which potential threats or attacks could affect the company’s most critical assets and data. Organizations can use cybersecurity risk assessments to understand their ability to protect sensitive data, information, and critical assets from cyber attacks.