All Cybersecurity articles – Page 4
-
News BriefSEC orders Intercontinental Exchange to pay $10M over Reg SCI violations
Intercontinental Exchange and nine affiliates agreed to pay $10 million for allegedly failing to inform the Securities and Exchange Commission of a cyber intrusion as required by Regulation Systems Compliance and Integrity.
-
News BriefSEC official clarifies material incident reporting under new cyber rule
Erik Gerding, director of the Securities and Exchange Commission’s Division of Corporation Finance, issued a statement addressing early inconsistencies observed under the agency’s new cybersecurity incident disclosure rule.
-
News BriefEPA warns of increased cybersecurity scrutiny toward water systems
The Environmental Protection Agency is increasing its inspections of public drinking water systems after finding a majority of those reviewed were vulnerable to cyberattacks and related threats.
-
PremiumCalifornia privacy reg seeking more input on new rules
Businesses will receive additional time to weigh in on proposed regulations by the California Privacy Protection Agency regarding risk assessments, cybersecurity audits, automated decision-making, and data broker registration before they’re potentially finalized later this year.
-
News BriefSEC amends Reg S-P to require data breach notification within 30 days
The Securities and Exchange Commission will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers within 30 days.
-
News BriefNYDFS offers cyber rule compliance template for small businesses
The New York State Department of Financial Services issued guidance for small businesses attempting to comply with its cybersecurity regulations.
-
PremiumSurvey: Public companies fear added cyber risks from SEC disclosures
Large public companies say they are prepared to comply with the disclosure requirements of the SEC’s new cybersecurity incident rule, according to a survey conducted by Compliance Week and DLA Piper, but concerns exist that those reports could enhance the threat of future cyberattacks.
-
PremiumReport: Human error driving growing number of data breaches
Verizon’s annual data breach report shows trends in cybersecurity incidents, including more ransomware and extortion attacks last year.
-
News BriefFederal banking regulators issue TPRM guidance for community banks
The Federal Deposit Insurance Corporation, Federal Reserve Board, and Office of the Comptroller of the Currency combined to provide guidance on third-party risk management focused on the unique risks faced by community banks in their third-party relationships.
-
ResourceWhite paper: SEC doubles down on cyber risk management accountability
To help investors gain a better understanding of cyber risk, the US Securities and Exchange Commission (SEC) has created sweeping new rules—forcing companies to take a more proactive approach to cybersecurity.
-
News BriefInsight Global to pay $2.7M over lax security on contact tracing data
Atlanta-based staffing agency Insight Global agreed to pay $2.7 million to settle alleged False Claims Act violations for failing to provide adequate cybersecurity on Covid-19 contract tracing data.
-
News BriefState AGs tell UnitedHealth to do more in cyberattack aftermath
UnitedHealth Group’s response to a major cyberattack in February that wreaked havoc with medical payments nationwide has been “inadequate” and must be improved immediately, a group of 22 state attorneys general told the company.
-
News BriefMobile health apps must follow FTC breach notice rule after update
Mobile health applications and similar technologies must notify customers following a data breach or risk violating the Federal Trade Commission’s health breach notification rule.
-
News BriefCzech DPA fines Avast $15M over GDPR violations
The Czech Republic’s data protection authority issued a fine of 351 million Czech koruna (U.S. $15 million) against antivirus software vendor Avast for alleged violations of the General Data Protection Regulation.
-
News BriefChange Healthcare cyberattack updates detail massive impact, costs
The massive cyberattack on Change Healthcare has potentially compromised the personal and protected health information of an untold number of Americans, according to parent company UnitedHealth Group.
-
ResourceWhite paper: Automate to Accelerate: Overcoming Staffing and Compliance Challenges in Cyber Risk Management
Spending countless hours tracking down controls evidence for your audit and compliance activities is an annoyance at best and a major drag on productivity and effectiveness at worst.
-
WebcastCPE Webcast: Doubling down on compliance: Deep dive into SEC cybersecurity regulations
KPMG and ServiceNow experts will delve into best practices to help you not only understand the new regulations but also navigate critical regulatory challenges by highlighting how a platform like ServiceNow can help with compliance.
-
News BriefAT&T: Data leak exposed info of 73M customers onto dark web
AT&T said personal account data on approximately 73 million current and former customers was released on the dark web two weeks ago but has not yet identified when and where the breach occurred.
-
News BriefCISA teases cyber incident reporting rule for critical infrastructure
Financial businesses and other critical infrastructure entities would have to report significant cybersecurity and ransomware incidents to the federal government under a new rule that will be proposed by the Cybersecurity and Infrastructure Security Agency.
-
News BriefDeutsche Bank dinged $54K over IT incident reporting
Deutsche Bank was assessed a penalty of €50,000 (U.S. $54,000) by Germany’s financial supervisory authority for its alleged miscommunication of a 2023 information technology security incident.