We’ve talked a lot on this blog about protecting controlled unclassified information, and we’ve mentioned in places some other kinds of information, like classified and secret information, covered defense information, and other protected information. There’s one thing all of this information has in common: it’s generated by the United States government.

This month, the Vanta team launched new features to help you: ‍

‍The Australian Prudential Regulation Authority (APRA) has introduced Prudential Standard CPS 230 to enhance the operational resilience of financial institutions and protect the broader financial system from disruptions. APRA CPS 230 details the crucial requirements for managing operational risks, ensuring business continuity, and overseeing third-party service providers.

Incident reporting is a crucial component of maintaining cybersecurity and operational resilience across the European Union. As outlined in Article 23 of the NIS2 Directive entities falling under its scope are required to report “significant incidents” to the CSIRT (Computer Security Incident Response Team or the relevant competent authority without undue delay.

The risk of cyber attacks for companies is increasing and can significantly disrupt their operations, have negative financial consequences and damage their reputation. Small and medium enterprises (SMEs) are especially vulnerable to these attacks due to limited resources and a lack of cyber security expertise. Understanding the significance of cyber security is crucial for protecting sensitive data and ensuring business continuity.

Security is a top buying requirement for businesses today. In fact, two-thirds of respondents to our State of Trust survey say that customers, investors, and suppliers are increasingly looking for proof of security and compliance. As concerns around in-house security practices, third-party tools, and access to customer data grow, customer expectations for trust continue to rise. ‍