Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Bitsight and Google collaborate to reveal global cybersecurity performance
Bitsight and Google collaborate to reveal global cybersecurity performance
This joint study between Bitsight and Google arms organizations with actionable insights, providing the current status of global cybersecurity performance by analyzing nearly 100,000 global organizations across 16 cybersecurity controls and nine industries amid heightened stakeholder demands on cybersecurity strategy.
Schools and colleges are facing an alarming increase in cybersecurity incidents. Some hackers seek ransoms while others see value in scooping up personally identifiable information to sell to identity thieves.
In 2018, the European Union (EU) General Data Protection Regulation (GDPR) heralded in the most important change in data privacy regulation in 20 years.
The North American Electric Reliability Corporation (NERC) has developed a new set of cybersecurity standards designed to help power and utility (P&U) companies limit their exposure to third-party cyber risks and preserve the reliability of bulk electric systems (BES).
In June 2018, the European Banking Authority (EBA) put forth guidelines on outsourcing arrangements that highlighted the importance of risk management within financial organizations. The notice of these guidelines was announced in June 2018 and will be enforced later in 2019.
As regulations shift and providers enter new markets, the telecom industry is changing rapidly. In preparation for these changes, telecom risk management professionals must become aware of new risks on the horizon. Privacy and net neutrality laws, new kinds of cyber threats, reputational dangers, and other factors are all poised to affect telecom companies deeply in 2019.
In March 2017, the New York Department of Financial Services (NYDFS) cybersecurity regulations — known as 23 NYCRR Part 500 — went into effect. According to the regulation, “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law” is considered a covered entity and must comply.
After years of debate over whether to impose new cybersecurity regulations on companies, General Data Protection Regulation (GDPR) laws went into effect in Europe in May 2018. Already we’ve seen several data breach victims ordered to pay fines under the new rules and cookie disclosure notices are popping up on more websites than ever.
Last month, the EU NIS Directive (Directive on Security of Network and Information Systems) went into effect. This directive is the first EU-wide piece of legislation specifically focused on cybersecurity. Its goal is to “achieve a high common level of security of network and information systems within EU.” Network and information systems, and the essential services they support, play a vital role in society; their reliability and security are essential to everyday activities.
The implementation of many strict cybersecurity regulations and requirements (including GDPR, NYDFS, and more) continues to increase on a global scale. 2018 has also brought about the continuation of strict cybersecurity regulations in the Asia Pacific region: most notably in Singapore, Australia, and Hong Kong. This year, one new requirement from 2017, the Securities & Futures Commission’s Guidelines, go into effect.
In February of 2017, Australia’s Federal Parliament passed the Privacy Amendment (Notifiable Data Breaches) Act 2017, amending the Privacy Act of 1988. These new mandatory breach notification requirements officially went into effect last month, February 22, 2018. The Notifiable Data Breaches (NDB) scheme establishes new requirements for organizations around the notification of data breaches that are “likely to result in serious harm.” Following suit with the GDPR, this new law aims to provide greater protection of personal information for individuals and transparency into data privacy practices of organizations. The amendment pertains to all organizations that are already expected to comply with the Privacy Act, also referred to as APP Entities, including both federal agencies and organizations (for profit and not-for-profit) with $3 million or more in annual turnover.
Last year, there were several new cybersecurity developments introduced around the globe to reduce the risk of catastrophic cyber events at national critical infrastructure. These include regulations from the New York Department of Financial Services (NY DFS), the White House’s Executive Order on Cybersecurity, the EU’s General Data Protection Regulation (GDPR), China’s new Cybersecurity Law, and Hong Kong’s Cybersecurity Fortification Initiative.
If your company processes the data of individuals who reside in the European Union, the General Data Protection Regulation (GDPR) is likely a hot topic around the office right now. Once the regulation goes into effect in May 2018, companies in violation of the GDPR could face massive penalties. But creating a compliance plan for your company can be quite difficult if you’re unfamiliar with the language used in the regulation.
In March 2017, the New York Department of Financial Services (NYDFS) cybersecurity regulations—known as 23 NYCRR Part 500—went into effect. According to the regulation, “any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law” is considered a covered entity and must comply.
The May 2018 deadline for General Data Protection Regulation (GDPR) compliance is drawing closer — which means your organisation’s compliance activities should be well underway. But if you’re still looking for a place to start, here’s a GDPR checklist template to get you going:
As a U.S.-based company, you may be asking yourself, “Does my company need to prepare for the EU’s General Data Protection Regulation (GDPR)?” Simply put, if you process personal data for anyone in the European Union, the answer is very likely yes.