Governance, Risk and Compliance

Related events

Related Videos

Investment round secures $50M for Laika

SC StaffNovember 11, 2022

Automated security compliance provider Laika has landed $50 million in Series C funding, which will be allocated toward bolstering its platform's functionality, according to TechCrunch.

A general view of a gala benefit for Ann & Robert H. Lurie Children’s Hospital of Chicago on April 20, 2012. (Photo by Jeff Schear/Getty Images for Ann and Robert H. Lurie Hospital of Chicago)

Threat Management

Children’s hospital required to improve security in breach settlement

Jessica DavisNovember 10, 2022

The healthcare breach settlement between Lurie Children’s Hospital of Chicago and patients affected by an insider wrongdoing incident requires the hospital to make security program improvements.

A coalition of 40 U.S. state attorneys general has reached separate settlements with Experian and T-Mobile totaling over $16 million following data breaches in 2012 and 2015 that compromised the personal information of millions of consumers nationwide. (Image credit: Martine Hamilton Knight via Creative Commons Zero and Wikimedia)

Breach

Experian, T-Mobile reach settlements with 40 states over past data breaches

Menghan XiaoNovember 8, 2022

According to the terms of the settlements, Experian, one of the big-three credit reporting agencies, will bear a $13.67 million fine for security incidents in 2012 and 2015 while T-Mobile will pay $2.43 million for its part in the 2015 Experian breach. Both companies have agreed to take steps to improve their security measures.

The United States Treasury Department building in Washington, D.C. US financial institutions processed roughly $1.2 billion in ransomware-related payments last year, a nearly 200 percent increase compared to 2020, according to an analysis by the Treasury Department’s financial crimes watchdog. (Image Credit: roderickbeller via Getty)

Governance, Risk and Compliance

US Treasury says financial ransomware losses topped $1.2 billion last year

Menghan XiaoNovember 4, 2022

The sharp increase in cost underscores the damage of ransomware on the private sector. The Financial Crimes Enforcement Network (FinCEN) noted that its analysis indicates that “ransomware continues to pose a significant threat to US critical infrastructure sectors, businesses, and the public.”

Mondelez International and Zurich American Insurance settled a multi-year legal battle over the snack giant’s $100 million claim regarding losses from the NotPetya cyberattack in 2017. (Image credit: LauriPatterson via Getty)

Governance, Risk and Compliance

Snack giant settles with insurer over $100 million claim tied to 2017 NotPetya attacks

Menghan XiaoNovember 2, 2022

The closely watched lawsuit has fueled an ongoing discussion over who should pay when businesses are hit by state-sponsored cyberattacks, and could have broader implications for policymakers, highlighting the urgent need for them to devise practical, long-term solutions to address increasing cyber threats blamed on nation-state actors.

The headquarters of the U.S. Department of Health and Human Services

Compliance Management

This is how health entities should document security practices under the HITECH Act

Jessica DavisNovember 2, 2022

The ‘safe harbor’ provision of the HITECH Act mandates the HHS OCR to consider recognized best practices after a healthcare data breach. Its new video outlines the required evidence.

Supply chain

Data, People & Methodology: 3 Pillars of a Cyber Risk Quantification Program – James Turgal – BSW #283

October 31, 2022

Cyber risk quantification should be at the center of an enterprise's actions to understand and measure risk posed in the event of a cyberattack. That data should then be used to estimate - financially - cyber risk exposure. To start this process, enterprises need 3 pillars to build a good cyber risk quantification program: the right data, appropria...

Today’s columnist, Darren Wray of Donnelley Financial Solutions, points out that the data protection officer differs from the CISO in that they are charged under regulations such as European Union’s GDPR to make sure data doesn’t get used for marketing purposes. (Photo by Carl Court/Getty Images)

Compliance Management

Why it’s a bad idea to combine the CISO and DPO roles

Darren WrayOctober 28, 2022

Inflation and recession loom large, but despite all the economic and budgetary pressures, companies need to think twice before combining the CISO and DPO roles.

Governance, Risk and Compliance

Related events

Key GRC priorities for the second half of 2024

Governance, Risk, and Compliance: The CISO perspective

CISO Insights: Navigating the GRC Landscape

Related Videos

Transform cybersecurity with process mining

Watch: Moving beyond IDs and passwords to authenticate identity

Watch: FBI encourages reporting of cyber incidents, backs legislation

Investment round secures $50M for Laika

Children’s hospital required to improve security in breach settlement

Experian, T-Mobile reach settlements with 40 states over past data breaches

US Treasury says financial ransomware losses topped $1.2 billion last year

Snack giant settles with insurer over $100 million claim tied to 2017 NotPetya attacks

This is how health entities should document security practices under the HITECH Act

Data, People & Methodology: 3 Pillars of a Cyber Risk Quantification Program – James Turgal – BSW #283

Why it’s a bad idea to combine the CISO and DPO roles