In February 2021, UpGuard researchers discovered that 51% of analyzed Fortune 500 companies were leaking information in the metadata of public documents hosted on their websites. This discovery is a window into a broader overlooked cyber threat category, increasing the risk of data breaches in the tech industry - data leaks. Data leaks (often confused with data breaches) help hackers compress the data breach attack pathway, increasing the speed, severity, and frequency of these events.

The upcoming Digital India Act (or Digital India Bill) is expected to be India’s newest legislation and legal framework for regulating the country’s online environment and digital data protection policies. The Digital India Act will fully replace the current Information Technology Act (IT Act) of 2000 by early 2023, which has faced criticisms for its outdated policies and inadequacies in dealing with modern-day technological issues.

The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) of 2022 is a US federal law that requires all critical infrastructure entities to report any cybersecurity incidents or ransomware attacks to the Cybersecurity and Infrastructure Security Agency (CISA) within a specified timeframe.

FERPA (the Family Educational Rights and Privacy Act) is a United States federal law protecting the privacy of student education records, more specifically governing access from public entities, such as employers, public schools, and foreign governments.

The HECVAT (Higher Education Community Vendor Assessment Toolkit) was developed by the Higher Education Information Security Council (HEISC) as an initiative to help higher education institutions better protect their data, prevent the risk of data breaches, and measure the cyber risk of third-party solution providers.

‍Cyber risks are prevalent in all healthcare institutions, and understanding how to mitigate those risks is especially important in today’s cyber landscape. Cyber risk is the sum of all IT risks that can potentially lead to the loss or exposure of critical data, financial damages, reputational damages, and operational stoppages due to a data breach or data leak. Measuring cyber risks involves determining the likelihood and impact of each cyber threat.

Because cyber threats continue to grow in sophistication and effectiveness, cyber incident reporting is not only important but also necessary for other organizations to learn from and prevent making the same mistakes. Many governing bodies and federal governments around the world have begun to require cyber incident reporting to document the type of attacks used, the source of the attacks, and how the attacks occurred to better understand the threat landscape.

A regulation is a government-enforced set of security guidelines an organization must follow to increase its cybersecurity standards. A cybersecurity framework, on the other hand, is a set of guides helping organizations improve their security posture.

The digital threat landscape in the United Kingdom (UK) continues to evolve as businesses that undergo a massive transition towards increased digitalization and cloud-based migrations are forced to change their IT system operations. More importantly, UK laws and regulations must also adapt to ensure that UK businesses and organizations are working to improve their cybersecurity posture and IT infrastructure to protect data security and privacy.

‍COBIT, or the Control Objectives for Information and Related Technologies, describes itself as “the globally accepted framework for optimizing enterprise IT governance.” The COBIT framework was designed to help organizations develop, implement, monitor, and improve their IT enterprise governance and information security processes.