On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) voted to adopt new cybersecurity requirements for publicly traded companies, creating new obligations for reporting “material” cybersecurity incidents and requiring more detailed disclosure of cybersecurity risk management, expertise, and governance. Companies will be required to disclose risks in their annual reports beginning on December 15, 2023.

Network vulnerabilities can leave an organization’s entire IT environment compromised. Sensitive data can be lost or (even worse) stolen by cybercriminals. A data breach can severely harm your company’s reputation and bring substantial financial losses. Worse, these vulnerabilities are constantly evolving. Hackers have proven methods to infiltrate a seemingly secure network, and they employ various tricks, devices, and information to get the job done.

Data privacy has become a paramount concern in the digital age, as organizations collect and process vast amounts of personal information. As a result, governments are increasingly enacting data privacy laws. While the European Union’s General Data Protection Regulation (GDPR) sets a global benchmark for data protection, the United States lacks a comprehensive federal data privacy law. Instead, businesses operating in the U.S.

SecurityScorecard recently joined the World Economic Forum’s Centre for Cybersecurity and UC Berkeley’s Center for Long-Term Cybersecurity (CLTC) for a private, invite-only workshop in Washington, DC alongside global leaders, CEOs, and CISOs to identify trends and insights that will most likely impact cybersecurity in the next decade of 2030 via future-focused scenarios with emerging cybersecurity challenges.

Awareness of potential threats is merely the first step; true change is brought about when secure practices become habitual through consistent reinforcement. The focus on cyber security behaviours is pivotal, as it converts theoretical knowledge into routine action. This ensures that employees not only understand the nuances of the threat landscape but also possess the capability to respond effectively during a genuine cyber attack.

The collection and evaluation of audit evidence plays an important role in assessing an organization’s compliance with established standards. The American Institute of Certified Public Accountants (AICPA) serves as a guiding force, establishing methods that auditors should use to carry out their duties effectively. As auditors start their examination, they first collect and analyze various types of audit evidence, each serving as a piece of the puzzle that forms the auditor’s report.

Welcome to CultureAI! We're here to help you upgrade to a data-driven, human risk management approach. This is not just about understanding security but creating an environment where employees actively prevent security incidents. Our cyber security awareness platform is trusted by organisations of all sizes. It brings to light employee security behaviour data, driving personalised security coaching, technical interventions, and security nudges.

The recent discovery of a critical vulnerability in the MOVEit file transfer software is the latest driver in a series of high-profile software supply chain incidents. On May 31st 2023, Progress – the developer of MOVEit – published an advisory alerting the community to a critical vulnerability in its MOVEit Transfer product. The vulnerability, now tracked as CVE-2023-34362, allows an attacker to gain access to MOVEit’s database to steal and/or alter the contents.

Cybersecurity leaders are always working to make smarter investments to improve their programs. Not only do they look to reduce risk from the expanding attack surface and manage supply chain risk, they’re also juggling external pressures from regulators, insurers, and shareholders. As leaders look to technology solutions to help, many look at data analytics to reduce their organization’s risk, manage exposure, and improve overall program performance.