Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.

Critical Vulnerabilities Discovered in Automated Tank Gauge Systems
Bitsight TRACE explores several critical vulnerabilities discovered in ATG systems and their inherent risk when exposed to the Internet.

We delve into the purpose of these EU regulations, the challenges they present, the timeframe for adoption, and the keys to comply.

The SEC’s New Cybersecurity Regulations: Understanding the Impact for Companies & Their Shareholders
In Part 1 of this multi-part series, we describe the new SEC cybersecurity regulations and assess potential impact on both shareholders and companies.

Companies will be required to disclose risks in their annual reports beginning on 12/15/2023. For many CISOs, they may have some real questions. Here's where to start.

New SEC regulations mean that cybersecurity leaders are looking for ways to tell their company's story and looking for the right data to include. Independent cybersecurity benchmarking results are quickly becoming one of the primary data points included in any investor disclosure.

METI recommends ASM as a means to discover, manage internet assets, and continuously monitor for associated exposures and vulnerabilities allowing for remediations.

On July 26, 2023, the SEC voted to adopt new cybersecurity requirements for publicly traded companies, creating new obligations for reporting “material” cybersecurity incidents and requiring more detailed disclosure of cybersecurity risk management, expertise, and governance.

Discover the performance areas policymakers should begin measuring, why these are important and how they should collect the data.

What is a SOC 2 report and why is it essential in due diligence and vendor risk management programs? Here's what you need to know.

At the upcoming RSA Conference, Bitsight’s Derek Vadala will moderate a panel to explain new cybersecurity disclosure requirements and how timely, consistent, and informative disclosure can benefit companies in the marketplace.

The U.S. government recently released a new National Cybersecurity Strategy, detailing recommendations and changes to ensure a safe and secure digital ecosystem. Here's our takeaways.

Bitsight teamed with Moody’s Investors Service to discuss the cybersecurity trends to watch in 2023 and how security leaders can adapt their programs to increase preparedness.

Cyber risk quantification methods can help you talk about risk in terms of business and financial impacts. Here’s how to find the right method for your organization.

Launching in 2023, representatives from the public and private sectors intend to form a labeling system where products are rated based on their cybersecurity.

The NCUA Board approved a proposed rule that would require a federally insured credit union (FICU) to notify the NCUA as soon as possible but no later than 72 hours after they reasonably believe that a reportable cyber incident has occurred.

New guidance from the U.S. National Institute of Standards and Technology (NIST) provides important information for organizations seeking to improve their software supply chain security. NIST recommends a variety of best practices.