- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Ruth Prickett2024-01-30T15:54:00
Cybercrime is regularly cited as a leading concern for executives, yet board oversight of cyber risks is often inadequate and governance poorly understood, according to the authors of a proposed U.K. code of practice on cybersecurity governance.
On Jan. 23, the U.K.’s Department for Science, Innovation, and Technology opened a consultation to gather views on the code, which is intended to make cyber governance accessible for senior management and elevate cyber risk to the status of other core business risks, such as finance.
The code emphasizes the importance of embedding cyber resilience in organizational strategy and integrating it across all business processes. This should include an effective cyberattack response and recovery plan. Responsibilities for cybersecurity should be allocated to named individuals, and plans should be tested regularly. There should be a formal system for reporting cyber incidents, plus cyber training for all employees.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Register for free
Access one free, non-premium article each month.
Complimentary CPE webcasts, resources, and e-Books.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
Cooperation between businesses and the new cybersecurity section at the Department of Justice has led to the successful defanging of numerous, major ransomware operations worldwide in just the few months since its creation, according to its chief.
The Financial Reporting Council held back on the latest round of updates to the U.K.’s corporate governance code, as the country remains wary of pushing away businesses and investors.
Apparel company VF Corp., the owner of brands including The North Face, Vans, and Timberland, disclosed its estimation approximately 35.5 million customers had their personal data stolen as part of a cybersecurity incident it uncovered in December.
Mobile health applications and similar technology must notify customers following a data breach or risk violating the Federal Trade Commission’s Health Breach Notification Rule, under a broad update approved by the agency.
A commissioner at the Commodity Futures Trading Commission is calling for the agency to launch initiatives addressing the use—and misuse—of artificial intelligence tools in commodities markets.
Tens of millions of noncompete clauses included in employee contracts nationwide will be null and void by about Labor Day under a final rule issued by the Federal Trade Commission.
