In today’s digital landscape, businesses face increasing pressure to protect personal data and ensure compliance with security and privacy mandates.

DORA’s public consultation period is over. If your organisation deals with the finances of people or other entities based in the EU or provides services to a firm that does, you will want to know how its rule set has changed. We’ve read through the Digital Operational Resilience Act (DORA) documentation and kept up to speed with the latest EU FSI regulation memos. The bottom line is that DORA remains a very demanding regulation with a huge scope.

The Data Security and Protection Toolkit (DSPT), an online tool, is undergoing significant changes. From September 2024, the DSPT will now align with the National Cyber Security Centre’s Cyber Assessment Framework (CAF) to enhance cybersecurity measures across the NHS. This shift will impact many NHS organisations and require adjustments to their data security and protection toolkit strategies.

These days, the bar for proving trust keeps getting higher. A SOC 2 report used to signal the end of security reviews—now, it marks the beginning. Security and GRC teams are tasked with monitoring and remediating a growing web of controls, vendors, questionnaires, and risks, which is made even more complex by discerning buyers.

Are you a service organization seeking an audit to gain customers’ trust? Or maybe you are looking to attract prospective clients by proving how serious you are with customers’ data. If that is the case, you have come to the right place.

‍The Australian Prudential Regulation Authority (APRA) has introduced Prudential Standard CPS 230 to enhance the operational resilience of financial institutions and protect the broader financial system from disruptions. APRA CPS 230 details the crucial requirements for managing operational risks, ensuring business continuity, and overseeing third-party service providers.

Threat intelligence is the process of gathering, analysing, and applying information about current and potential cyber threats to help organisations protect themselves proactively. It involves monitoring threat actors, attack patterns, vulnerabilities, and global cyber activity to provide actionable insights. Unlike traditional reactive approaches to cyber security, threat intelligence enables businesses to anticipate threats and tailor their defences accordingly.

The European Union has taken a significant step by introducing a directive to update the EU’s civil liability law that extends the definition of "defective products" to include software. These pivotal liability rules hold manufacturers accountable for harm caused by software vulnerabilities, urging them to prioritize cybersecurity and compliance. Here’s how manufactures should think about navigating these new compliance challenges.

As businesses increasingly turn to artificial intelligence (AI) to enhance innovation and operational efficiency, the need for ethical and safe implementation becomes more crucial than ever. While AI offers immense potential, it also introduces risks related to privacy, bias, and security, prompting organizations to seek robust frameworks to manage these concerns.