In September 2019, California signed Senate Bill 327, also known as the California Internet of Things (IoT) Security Law. While not an extensively written piece of legislation like the California Consumer Privacy Act (CCPA), SB-327 took effect on January 1, 2020, and focuses on manufacturers of connected devices—requiring updated security standards that protect both devices and end-users. Learn how UpGuard can help your organization update security standards and monitor risk >

As the digital landscape evolves, so too does the regulatory environment. One of the latest pieces of legislation to impact organizations across the EU is the Network and Information Security 2 (NIS 2) Directive. This directive, aimed at enhancing cybersecurity across the Union, has far-reaching implications for a wide range of organizations, both within and outside the EU.

The General Data Protection Regulation (GDPR) is a set of privacy and security standards put into effect by the European Union (EU). Widely accepted as the world's strictest security and privacy law, GDPR imposes regulations on organizations that target or collect data relating to people in the EU. European Parliament signed GDPR into law in 2016, requiring all organizations to comply by May 2018.

The U.S. Securities and Exchange Commission (SEC) this week voted to adopt new rules for how companies inform investors about cybersecurity concerns. The vote comes after years of gradually increasing guidance and scrutiny over companies’ handling of cybersecurity events and follows a lengthy comment period where companies, including CrowdStrike, provided input.

What happened? The SEC (Securities and Exchange Commission) has introduced new rules that require public companies to be more transparent about their cybersecurity risks and any breaches they experience. This means companies will need to regularly share information about how they're managing cybersecurity risks and any significant cybersecurity incidents they've had. If a company experiences a significant cybersecurity incident, they'll need to report it within four business days.

The Virginia Consumer Data Protection Act (VCDPA) was the second comprehensive consumer privacy law passed in the United States. The act followed the California Consumer Privacy Act (CCPA) and took effect on January 1, 2023. Commercial organizations that conduct business in Virginia and process consumer data will be the most affected by the VCDPA. Learn how UpGuard’s comprehensive cybersecurity solution can help your business remain compliant>

The US Securities and Exchange Commission (SEC) adopted new rules for cybersecurity risk management, strategy, governance, and incident disclosure by public companies on July 26, requiring public companies to disclose material cybersecurity incidents within four days of an attack. Additionally, registrants must annually report their process, if any, for assessing, identifying, and managing material risks from cybersecurity threats.

No matter your organization’s maturity, industry, or business goals, cybersecurity should always be top of mind. Considering the Australian Cyber Security Centre (ACSC) recorded a staggering 76,000 cybercrime reports in the 2022 financial year, it’s safe to say that all organizations are at risk for an incident or breach.

On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) voted to adopt new cybersecurity requirements for publicly traded companies, creating new obligations for reporting “material” cybersecurity incidents and requiring more detailed disclosure of cybersecurity risk management, expertise, and governance. Companies will be required to disclose risks in their annual reports beginning on December 15, 2023.

The Texas Data Privacy and Security Act (TDPSA) was enacted on June 18, 2023, making Texas the tenth U.S. state to authorize a comprehensive privacy law that protects resident consumers. The TDPSA borrows many statutes from other state privacy laws, mainly the Virginia Consumer Data Protection Act (VCDPA) and the California Consumer Privacy Act (CCPA).