All Cybersecurity articles – Page 4
-
News BriefSEC amends Reg S-P to require data breach notification within 30 days
The Securities and Exchange Commission will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers within 30 days.
-
News BriefNYDFS offers cyber rule compliance template for small businesses
The New York State Department of Financial Services issued guidance for small businesses attempting to comply with its cybersecurity regulations.
-
PremiumSurvey: Public companies fear added cyber risks from SEC disclosures
Large public companies say they are prepared to comply with the disclosure requirements of the SEC’s new cybersecurity incident rule, according to a survey conducted by Compliance Week and DLA Piper, but concerns exist that those reports could enhance the threat of future cyberattacks.
-
PremiumReport: Human error driving growing number of data breaches
Verizon’s annual data breach report shows trends in cybersecurity incidents, including more ransomware and extortion attacks last year.
-
News BriefFederal banking regulators issue TPRM guidance for community banks
The Federal Deposit Insurance Corporation, Federal Reserve Board, and Office of the Comptroller of the Currency combined to provide guidance on third-party risk management focused on the unique risks faced by community banks in their third-party relationships.
-
ResourceWhite paper: SEC doubles down on cyber risk management accountability
To help investors gain a better understanding of cyber risk, the US Securities and Exchange Commission (SEC) has created sweeping new rules—forcing companies to take a more proactive approach to cybersecurity.
-
News BriefInsight Global to pay $2.7M over lax security on contact tracing data
Atlanta-based staffing agency Insight Global agreed to pay $2.7 million to settle alleged False Claims Act violations for failing to provide adequate cybersecurity on Covid-19 contract tracing data.
-
News BriefState AGs tell UnitedHealth to do more in cyberattack aftermath
UnitedHealth Group’s response to a major cyberattack in February that wreaked havoc with medical payments nationwide has been “inadequate” and must be improved immediately, a group of 22 state attorneys general told the company.
-
News BriefMobile health apps must follow FTC breach notice rule after update
Mobile health applications and similar technologies must notify customers following a data breach or risk violating the Federal Trade Commission’s health breach notification rule.
-
News BriefCzech DPA fines Avast $15M over GDPR violations
The Czech Republic’s data protection authority issued a fine of 351 million Czech koruna (U.S. $15 million) against antivirus software vendor Avast for alleged violations of the General Data Protection Regulation.
-
News BriefChange Healthcare cyberattack updates detail massive impact, costs
The massive cyberattack on Change Healthcare has potentially compromised the personal and protected health information of an untold number of Americans, according to parent company UnitedHealth Group.
-
ResourceWhite paper: Automate to Accelerate: Overcoming Staffing and Compliance Challenges in Cyber Risk Management
Spending countless hours tracking down controls evidence for your audit and compliance activities is an annoyance at best and a major drag on productivity and effectiveness at worst.
-
WebcastCPE Webcast: Doubling down on compliance: Deep dive into SEC cybersecurity regulations
KPMG and ServiceNow experts will delve into best practices to help you not only understand the new regulations but also navigate critical regulatory challenges by highlighting how a platform like ServiceNow can help with compliance.
-
News BriefAT&T: Data leak exposed info of 73M customers onto dark web
AT&T said personal account data on approximately 73 million current and former customers was released on the dark web two weeks ago but has not yet identified when and where the breach occurred.
-
News BriefCISA teases cyber incident reporting rule for critical infrastructure
Financial businesses and other critical infrastructure entities would have to report significant cybersecurity and ransomware incidents to the federal government under a new rule that will be proposed by the Cybersecurity and Infrastructure Security Agency.
-
News BriefDeutsche Bank dinged $54K over IT incident reporting
Deutsche Bank was assessed a penalty of €50,000 (U.S. $54,000) by Germany’s financial supervisory authority for its alleged miscommunication of a 2023 information technology security incident.
-
News BriefDeparting ABN AMRO risk chief says climate, cyber among priorities
Tanja Cuppen, chief risk officer of ABN AMRO, shared her view on the Dutch bank’s biggest risk focus areas and the accomplishments of her tenure a month ahead of her planned departure.
-
PremiumPrivacy by design a silver bullet for stemming AI risks?
The proliferation of artificial intelligence technologies—and their reliance on publicly available data—has reinforced the need for tech developers and the companies using their solutions to ensure privacy by design and by default is at the crux of any offering.
-
News BriefChange Healthcare facing HHS probe following crippling cyberattack
Change Healthcare, a health payment processor hit by a crippling cyberattack in February, is under investigation by the Department of Health and Human Services’ Office for Civil Rights.
-
PremiumU.S. banking regs mulling enhanced operational resiliency frameworks
Acting Comptroller of the Currency Michael Hsu said federal banking agencies are considering enhancements to their operational resiliency requirements for member banks.