Third-Party Risk Management & Compliance News
Jan 14th, 2025 - Ask any business leader what their top-level concerns are, and cybersecurity will almost certainly be at or near the top. The average cost of a data breach now sits at $5 million, and that number continues to tick upward with each passing year. Adding to the severity of security, the frequency of attacks is also rising. Ransomware attacks alone have risen more than 80% in the past year, highlighting that adversaries are still finding success with tried-and-true tactics. Phishing and other ... [Read More]
Source: securityboulevard.com
Jan 14th, 2025 - The growing sophistication of cyberattacks, stringent regulation and shifting operational models have organizations bracing themselves against new levels of cyber-risk. The latest Global Disputes Forecast report from Baker McKenzie identifies cybersecurity and data privacy as top dispute concerns for global businesses in 2025. At the heart of any successful cyber-resilience strategy is the chief information security officer (CISO), who balances technology, business needs and legal compliance. ... [Read More]
Source: weforum.org
Jan 13th, 2025 - The National Institute of Science and Technology's (NIST) National Cybersecurity Center of Excellence (NCCoE) is asking for feedback on an updated risk management framework draft that will steer the future of the agency's ransomware prevention guidance. put out today by NCCoE includes changes made to NIST's Cybersecurity Framework (CSF) 1.1 to CSF 2.0 – which identifies security objectives that cover managing, detecting, responding to, and recovering from ransomware events. ... [Read More]
Source: meritalk.com
Jan 13th, 2025 - Governance, Risk and Compliance Breaking the Cycle of Isolated Risk Management COMMENTARY: In today's rapidly evolving cybersecurity landscape, many organizations continue to rely on external consultancy firms or manually updated risk registers for conducting risk assessments. Although these approaches can bring a level of expertise or structure, they often prove to be expensive, slow to update, and vulnerable to human error. Moreover, they typically lack the ability to reflect real-time threat ... [Read More]
Source: msspalert.com
Jan 13th, 2025 - The global economy is operating in an increasingly complex cyberspace, according to the World Economic Forum's Global Cybersecurity Outlook 2025 , with rapidly advancing technologies and evolving regulations creating new challenges and opportunities. "Cybersecurity is entering an era of unprecedented complexity," the report states, adding that the "stakes have never been higher." The report—released ahead of the Forum's Annual Meeting in Davos, Switzerland—draws on a survey of ... [Read More]
Source: weforum.org
Jan 13th, 2025 - Light Dark By Josh Nadeau Organizations today continuously face a number of fast-moving cyber threats that regularly challenge the effectiveness of their cybersecurity defenses. However, to keep pace, businesses need a proactive and adaptive approach to their security planning and execution. Cyber threat exposure management (CTEM) is an effective way to achieve this goal. It provides organizations with a reliable framework for identifying, assessing and mitigating new cyber risks as they ... [Read More]
Source: securityintelligence.com
Jan 12th, 2025 - In a time when cyber threats continuously evolve, a security standard or framework is essential for protecting digital assets. The Payment Card Industry Data Security Standard (PCI DSS), developed by the PCI Security Standards Council, empowers organisations to safeguard cardholder data globally. PCI DSS offers technical guidance and practical steps to effectively protect cardholder data and overall payment infrastructure. PCI DSS v4.0 has been a significant update to the compliance framework ... [Read More]
Source: securityboulevard.com
Jan 10th, 2025 - Cybersecurity vulnerabilities pose significant risks to organizations in today's digital landscape. Left unaddressed, these vulnerabilities can lead to data breaches, financial losses, and reputational damage. Organizations must decide how to tackle vulnerabilities—through remediation, mitigation, or a combination of both. But which strategy is more effective? This blog explores the nuances of vulnerability remediation vs mitigation, their respective benefits, and how to choose the right ... [Read More]
Source: securityboulevard.com
Jan 9th, 2025 - On January 29, NAVEX is hosting the Top 10 Trends in Risk and Compliance webinar. This post is a preview of two of the topics covered in the eBook and webinar: the rise of AI and the continued focus on cybersecurity and business resiliency. Artificial Intelligence (AI), cybersecurity and risk assessments are critical components of effective governance, risk management and compliance (GRC) strategies. But despite the strategic importance of managing these areas of risk, many organizations are ... [Read More]
Source: jdsupra.com
Jan 8th, 2025 - Securing a cybersecurity investment isn't just about crunching numbers — it's about fostering cross-functional relationships. For CISOs, engaging key stakeholders will help build support to secure critical funding. When it comes to securing cybersecurity investments there are many things at play. The key often lies in the CISO's ability to build relationships with key stakeholders across the organization. However, CISOs are being tasked with protecting their organizations while navigating ... [Read More]
Source: csoonline.com
Jan 14th, 2025 - Ask any business leader what their top-level concerns are, and cybersecurity will almost certainly be at or near the top. The average cost of a data breach now sits at $5 million, and that number continues to tick upward with each passing year. Adding to the severity of security, the frequency of attacks is also rising. Ransomware attacks alone have risen more than 80% in the past year, highlighting that adversaries are still finding success with tried-and-true tactics. Phishing and other ... [Read More]
Source: securityboulevard.com
Jan 14th, 2025 - The growing sophistication of cyberattacks, stringent regulation and shifting operational models have organizations bracing themselves against new levels of cyber-risk. The latest Global Disputes Forecast report from Baker McKenzie identifies cybersecurity and data privacy as top dispute concerns for global businesses in 2025. At the heart of any successful cyber-resilience strategy is the chief information security officer (CISO), who balances technology, business needs and legal compliance. ... [Read More]
Source: weforum.org
Jan 13th, 2025 - The National Institute of Science and Technology's (NIST) National Cybersecurity Center of Excellence (NCCoE) is asking for feedback on an updated risk management framework draft that will steer the future of the agency's ransomware prevention guidance. put out today by NCCoE includes changes made to NIST's Cybersecurity Framework (CSF) 1.1 to CSF 2.0 – which identifies security objectives that cover managing, detecting, responding to, and recovering from ransomware events. ... [Read More]
Source: meritalk.com
Jan 13th, 2025 - Governance, Risk and Compliance Breaking the Cycle of Isolated Risk Management COMMENTARY: In today's rapidly evolving cybersecurity landscape, many organizations continue to rely on external consultancy firms or manually updated risk registers for conducting risk assessments. Although these approaches can bring a level of expertise or structure, they often prove to be expensive, slow to update, and vulnerable to human error. Moreover, they typically lack the ability to reflect real-time threat ... [Read More]
Source: msspalert.com
Jan 13th, 2025 - The global economy is operating in an increasingly complex cyberspace, according to the World Economic Forum's Global Cybersecurity Outlook 2025 , with rapidly advancing technologies and evolving regulations creating new challenges and opportunities. "Cybersecurity is entering an era of unprecedented complexity," the report states, adding that the "stakes have never been higher." The report—released ahead of the Forum's Annual Meeting in Davos, Switzerland—draws on a survey of ... [Read More]
Source: weforum.org
Jan 13th, 2025 - Light Dark By Josh Nadeau Organizations today continuously face a number of fast-moving cyber threats that regularly challenge the effectiveness of their cybersecurity defenses. However, to keep pace, businesses need a proactive and adaptive approach to their security planning and execution. Cyber threat exposure management (CTEM) is an effective way to achieve this goal. It provides organizations with a reliable framework for identifying, assessing and mitigating new cyber risks as they ... [Read More]
Source: securityintelligence.com
Jan 12th, 2025 - In a time when cyber threats continuously evolve, a security standard or framework is essential for protecting digital assets. The Payment Card Industry Data Security Standard (PCI DSS), developed by the PCI Security Standards Council, empowers organisations to safeguard cardholder data globally. PCI DSS offers technical guidance and practical steps to effectively protect cardholder data and overall payment infrastructure. PCI DSS v4.0 has been a significant update to the compliance framework ... [Read More]
Source: securityboulevard.com
Jan 10th, 2025 - Cybersecurity vulnerabilities pose significant risks to organizations in today's digital landscape. Left unaddressed, these vulnerabilities can lead to data breaches, financial losses, and reputational damage. Organizations must decide how to tackle vulnerabilities—through remediation, mitigation, or a combination of both. But which strategy is more effective? This blog explores the nuances of vulnerability remediation vs mitigation, their respective benefits, and how to choose the right ... [Read More]
Source: securityboulevard.com
Jan 9th, 2025 - On January 29, NAVEX is hosting the Top 10 Trends in Risk and Compliance webinar. This post is a preview of two of the topics covered in the eBook and webinar: the rise of AI and the continued focus on cybersecurity and business resiliency. Artificial Intelligence (AI), cybersecurity and risk assessments are critical components of effective governance, risk management and compliance (GRC) strategies. But despite the strategic importance of managing these areas of risk, many organizations are ... [Read More]
Source: jdsupra.com
Jan 8th, 2025 - Securing a cybersecurity investment isn't just about crunching numbers — it's about fostering cross-functional relationships. For CISOs, engaging key stakeholders will help build support to secure critical funding. When it comes to securing cybersecurity investments there are many things at play. The key often lies in the CISO's ability to build relationships with key stakeholders across the organization. However, CISOs are being tasked with protecting their organizations while navigating ... [Read More]
Source: csoonline.com
You May Also Like…
The Rise in Class Action Lawsuits and 4th Party Risk
The Rise in Class Action Lawsuits and 4th Party Risk: The Alexion Pharmaceuticals Breach What is 4th-Party Risk and Why is it Becoming an Issue? Organizations rely on a complex network of third...
The Black Basta Ransomware Variant and the Ascension Data Breach
In early May 2024, the Cybersecurity and Infrastructure Security Agency (CISA), along with the Health and Human Services (HHS) and the Federal Bureau of Investigation (FBI), issued a joint advisory...
BofA and AMEX Breaches Reinforce the Importance of Attack Surface Monitoring in Vendor Risk Management
The recent third-party breaches involving Bank of America and American Express highlight a disturbing trend: even the most sophisticated and regulated companies in the financial services sector are...