Cybersecurity


AI governance web

Premium

Survey: Organizations broadly adopting AI, with varied governance

2024-12-16T19:23:00+00:00By

The majority of businesses are using AI and doing so without governance–a compliance gap that poses extreme risks, a new survey by Compliance Week and GAN Integrity found. A webinar will discuss why it is crucial to have AI governance, how to implement it, and what strategies to strengthen programs.

Yasmine Abdillahi Headshot web

Premium

How compliance monitoring can create a stronger foundation for AI, emerging technologies

2024-11-15T13:00:00+00:00By Yasmine Abdillahi, CW guest columnist

The era of artificial intelligence adoption is testing the old ways of doing compliance, underscoring the need for continuous monitoring. Compliance isn’t a one-and-done activity, but sometimes organizational incentives and goals fail to prioritize the importance of this.

Screenshot 2024-11-07 120855

Resource

White paper: Constructing a Cohesive Cybersecurity Foundation

2024-11-06T17:05:00+00:00Provided by

The individual requirements for your security and risk operations are increasingly complex—and interconnected. Yet despite this increased interconnectivity, many organizations still manage their security operations (SecOps) and integrated risk management (IRM) functions in silos.

California

News Brief

FCC teams up with CPPA to enforce privacy rules

2024-10-30T13:55:00+00:00By

In an effort to streamline the enforcement of California’s stringent privacy rules, the Federal Communications Commission has signed a memorandum of understanding (MOU) with the California Privacy Protection Agency.

SolarWinds

News Brief

Unisys, three other firms fined a combined $7M for underplaying damage from SolarWinds hack

2024-10-23T15:51:00+01:00By

Four current or former public companies will pay a total of nearly $7 million in fines to settle charges by the Securities and Exchange Commission that they underplayed or failed to disclose material information about how the SolarWinds Orion hack affected them.

AI_Compliance_11

Premium

Keys to a successful GenAI use policy: Clear roles, training, vendor management

2024-10-18T12:00:00+01:00By

For all the hype surrounding generative artificial intelligence, the technology has been met with a healthy skepticism in the compliance community. Compliance practitioners want to know: Is it safe? Can it be deployed ethically? Are the risks greater than the rewards? And what should an AI acceptable use policy contain?

NYC skyline

News Brief

NYDFS expects banks, firms to cut risks posed by AI, according to new guidance

2024-10-17T17:42:00+01:00By

New York financial institutions are expected to address cybersecurity risks posed by artificial intelligence, and new guidance from the New York Department of Financial Services is aimed at helping firms do just that.

AI Act

Premium

Pace of innovation will make EU AI Act hard to enforce, experts say

2024-10-17T16:22:00+01:00By

Concerns about how robustly European member states may enforce the EU AI Act, which took effect on Aug. 1, are divided between if regulators will take a “light touch” approach or a sledgehammer for noncompliance. One thing’s for sure, the pace of AI innovation will make enforcement very difficult.

Data breach

News Brief

Government contractor fined $307K after third-party hack compromised personal data

2024-10-16T15:34:00+01:00By

It was a double whammy of cybersecurity no-nos for a federal contractor hit with a data breach: The personal data of Medicare beneficiaries contained in unencrypted screenshots were allegedly compromised when their third-party vendor’s server was hacked.

smarsh300x200

Webcast

CPE Webcast: Trust and Technology: Cyber compliance in finance

2024-10-10T14:00:00+01:00Provided by

In today’s rapidly evolving digital landscape, the stakes are high–protecting customer data, ensuring operational resilience, and maintaining trust are critical considerations for regulated industries.

american_water_web

News Brief

American Water Works discloses probe into cybersecurity breach

2024-10-08T14:13:00+01:00By

American Water Works Company, which supplies drinking water and wastewater to 14 million customers, disclosed a breach of its computer networks and system due to a cybersecurity incident.

Apple_Intelligence

Premium

Companies are slowing AI launches in Europe, some say European Union regulations are why

2024-10-08T13:03:00+01:00By

The European Union’s Digital Markets Act is forcing many Big Tech companies to postpone the launch of artificial intelligence-powered features, like Apple Intelligence, over user privacy and data security concerns.

T-Mobile

News Brief

T-Mobile reaches $31.5M settlement with FCC over multiple data breaches

2024-10-03T12:00:00+01:00By

T-Mobile, which experienced three huge data breaches in the past three years, agreed to pay $31.5 million in penalties and remediation for failing to protect millions of its customers’ personal information as part of a settlement with the Federal Communications Commission.

Deloitte

Premium

Deloitte survey: AI adoption raising concerns about trust, reputational damage, ethics

2024-09-24T13:10:00+01:00By

As the artificial intelligence boom sweeps into the business world, employees are increasingly concerned about ethics questions and data privacy, a new Deloitte survey found, leading them to increasingly lose trust in their organizations.

onetrust 2022 300x200

Webcast

Webcast: Five automation trends to modernize InfoSec compliance

2024-09-10T14:00:00+01:00Provided by

In this session, we’ll introduce a new approach to enterprise-wide program development and automation that can meet the modern complexity of businesses today.

cisa_web

News Brief

CISA creates new portal for businesses to file cyber incident reports

2024-09-05T19:08:00+01:00By

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has created a new online portal for organizations to voluntarily report cybersecurity incidents, including ransomware attacks.

DOJ wall

News Brief

DOJ joins compliance officers in lawsuit over Georgia Tech cyber lapses

2024-08-26T14:37:00+01:00By

The Department of Justice joined a whistleblower lawsuit filed by two former Georgia Tech compliance officers who alleged that the institute violated the False Claims Act by knowingly failing to meet cybersecurity requirements in a Department of Defense contract.

GenAI_Web

Premium

How are you keeping up? The adoption of AI in compliance

2024-08-22T15:15:00+01:00By

Artificial intelligence is rapidly transforming the business landscape, and this is especially true for anyone working in compliance. But while AI offers immense potential to streamline processes, enhance decision-making, and mitigate risks, it also introduces a new set of challenges that compliance professionals must navigate.

SEC office

News Brief

SEC orders Equiniti to pay $850K over alleged lax cybersecurity

2024-08-21T21:03:00+01:00By

Equiniti Trust Company has agreed to pay $850,000 to the Securities and Exchange Commission to settle allegations that its failed security measures allowed millions in client funds to be stolen in two cyber incidents.

SolarWinds building

Premium

SolarWinds partial dismissal casts doubt on SEC Cybersecurity Rule

2024-08-07T14:33:00+01:00By

A partial dismissal of charges levied by the Securities and Exchange Commission against Solarwinds has cast doubt about the breadth of the SEC's Cybersecurity Rule.

DORA_Web

Premium

DORA set to enhance cyber resilience requirements for EU financial firms

2024-08-05T13:01:00+01:00By

The European Union’s Digital Operational Resilience Act, which is set to take effect next year, will require financial services firms to implement stronger measures to protect not only themselves from disruption caused by cyberattacks but also the sector as a whole.

AI_Cybersecurity

Premium

AI can help reel in ‘unsustainable’ breach costs, IBM report finds

2024-08-01T21:51:00+01:00By

The global average cost of a data breach jumped to an all-time high for the second year in a row, but companies can reel in the ballooning drag on profits by adopting artificial intelligence, according to an IBM report.

FCC

News Brief

FCC fines Charter Communications $15M over failing to report 911 outages

2024-07-30T20:32:00+01:00By

Charter Communications agreed to pay $15 million and put in place a “robust” compliance plan, including cybersecurity upgrades, to settle allegations it didn’t comply with emergency 911 and network outage notification rules, the Federal Communications Commission announced.

LogicGate 300x200

Webcast

CPE Webcast: Proactive AI compliance: 4 essential steps to minimize exposure

2024-07-25T14:00:00+01:00Provided by

As artificial intelligence (AI) continues to advance rapidly and organizations expand their usage to optimize efficiency and productivity, implementing internal AI policies to ensure regulatory compliance and minimize exposure remains a hot topic.

Blog

Tufin names general counsel

2024-07-18T16:41:00+01:00By

Network and cloud security policy automation provider Tufin has named Christian Na as general counsel.

Blog

Allegion announces general counsel

2024-07-10T17:06:00+01:00By

Global security products and solutions provider Allegion appointed Stacy Cozad as senior vice president, general counsel, and corporate secretary, effective Aug. 5.

Tibbets_web1

Premium

How fintechs can overcome major compliance hurdles in embedded finance

2024-07-01T15:45:00+01:00By Margaret Holmes Tibbets, CW guest columnist

Margaret Holmes Tibbets, chief compliance officer at financial technology company Pipe, explains how firms are facing an existential compliance crisis, and to survive they’ll need to overcome not one but two hurdles.

cyber_utilities_web

News Brief

DOE offers supply chain cybersecurity guidance for energy, oil, gas industries

2024-06-27T16:37:00+01:00By

The U.S. Department of Energy released supply chain cybersecurity principles meant to help strengthen key technologies used to manage and operate electricity, oil, and natural gas systems.

OCC

News Brief

OCC emphasizes compliance’s role in FI’s operational resiliency

2024-06-20T15:40:00+01:00By

Compliance departments at financial institutions must become more involved in ensuring their firm’s operational resiliency to address emerging risks, the Treasury Department’s Office of the Comptroller of the Currency said in its semi-annual risk perspective.

SEC office

News Brief

SEC orders R.R. Donnelley to pay $2.1M over cyber-related control violations

2024-06-20T14:45:00+01:00By

A business communications and marketing services company agreed to pay more than $2 million to settle charges levied by the Securities and Exchange Commission over cybersecurity-related control violations.

DOJ

News Brief

DOJ orders consultants to pay $11.3M total for cyber rule violations

2024-06-18T19:49:00+01:00By

Guidehouse and Nan McKay and Associates will pay a total of $11.3 million to the Department of Justice (DOJ) to settle allegations that cybersecurity failures led to the theft of client personal information during the height of the COVID-19 pandemic.

columnist dale

Opinion

Top-of-mind takeaways from TPRM Summit

2024-06-17T21:11:00+01:00By

Top-of-mind issues addressed at Compliance Week’s Third-Party Risk Management & Oversight Summit, held June 3-4 in Atlanta, included safe deployment of artificial intelligence, assessing vendor viability and sustainability, understanding the role of procurement in risk ranking, the intersection (or lack thereof) between data privacy and cybersecurity, and many others.

Intercontinental Exchange

News Brief

SEC orders Intercontinental Exchange to pay $10M over Reg SCI violations

2024-05-22T19:30:00+01:00By

Intercontinental Exchange and nine affiliates agreed to pay $10 million for allegedly failing to inform the Securities and Exchange Commission of a cyber intrusion as required by Regulation Systems Compliance and Integrity.

Cybersecurity

News Brief

​SEC official clarifies material incident reporting under new cyber rule

2024-05-22T16:35:00+01:00By

Erik Gerding, director of the Securities and Exchange Commission’s Division of Corporation Finance, issued a statement addressing early inconsistencies observed under the agency’s new cybersecurity incident disclosure rule.

Water system

News Brief

EPA warns of increased cybersecurity scrutiny toward water systems

2024-05-21T19:27:00+01:00By

The Environmental Protection Agency is increasing its inspections of public drinking water systems after finding a majority of those reviewed were vulnerable to cyberattacks and related threats.

CCPAUpdate

Premium

California privacy reg seeking more input on new rules

2024-05-20T15:11:00+01:00By

Businesses will receive additional time to weigh in on proposed regulations by the California Privacy Protection Agency regarding risk assessments, cybersecurity audits, automated decision-making, and data broker registration before they’re potentially finalized later this year.

SEC

News Brief

SEC amends Reg S-P to require data breach notification within 30 days

2024-05-16T19:10:00+01:00By

The Securities and Exchange Commission will require broker-dealers and registered investment advisers to adopt written policies and procedures for handling data breaches of customer data and notify affected customers within 30 days.

New York cyber-security

News Brief

NYDFS offers cyber rule compliance template for small businesses

2024-05-14T16:59:00+01:00By

The New York State Department of Financial Services issued guidance for small businesses attempting to comply with its cybersecurity regulations.

Cybersecurity icons

Premium

Survey: Public companies fear added cyber risks from SEC disclosures

2024-05-14T12:00:00+01:00By

Large public companies say they are prepared to comply with the disclosure requirements of the SEC’s new cybersecurity incident rule, according to a survey conducted by Compliance Week and DLA Piper, but concerns exist that those reports could enhance the threat of future cyberattacks.

Cyber-security

Premium

Report: Human error driving growing number of data breaches

2024-05-07T21:21:00+01:00By

Verizon’s annual data breach report shows trends in cybersecurity incidents, including more ransomware and extortion attacks last year.

FDIC

News Brief

Federal banking regulators issue TPRM guidance for community banks

2024-05-06T15:29:00+01:00By

The Federal Deposit Insurance Corporation, Federal Reserve Board, and Office of the Comptroller of the Currency combined to provide guidance on third-party risk management focused on the unique risks faced by community banks in their third-party relationships.

Screenshot 2024-05-06 132406

Resource

White paper: SEC doubles down on cyber risk management accountability

2024-05-05T17:30:00+01:00Provided by and

To help investors gain a better understanding of cyber risk, the US Securities and Exchange Commission (SEC) has created sweeping new rules—forcing companies to take a more proactive approach to cybersecurity.

AdobeStock_316782149

News Brief

Insight Global to pay $2.7M over lax security on contact tracing data

2024-05-02T19:03:00+01:00By

Atlanta-based staffing agency In­­­­­­sight Global agreed to pay $2.7 million to settle alleged False Claims Act violations for failing to provide adequate cybersecurity on Covid-19 contract tracing data.

Health data

News Brief

State AGs tell UnitedHealth to do more in cyberattack aftermath

2024-04-30T20:18:00+01:00By

UnitedHealth Group’s response to a major cyberattack in February that wreaked havoc with medical payments nationwide has been “inadequate” and must be improved immediately, a group of 22 state attorneys general told the company.

FTC seal

News Brief

Mobile health apps must follow FTC breach notice rule after update

2024-04-26T18:49:00+01:00By

Mobile health applications and similar technologies must notify customers following a data breach or risk violating the Federal Trade Commission’s health breach notification rule.

Avast

News Brief

Czech DPA fines Avast $15M over GDPR violations

2024-04-25T16:33:00+01:00By

The Czech Republic’s data protection authority issued a fine of 351 million Czech koruna (U.S. $15 million) against antivirus software vendor Avast for alleged violations of the General Data Protection Regulation.

UnitedHealth

News Brief

Change Healthcare cyberattack updates detail massive impact, costs

2024-04-23T21:03:00+01:00By

The massive cyberattack on Change Healthcare has potentially compromised the personal and protected health information of an untold number of Americans, according to parent company UnitedHealth Group.

Screenshot 2024-04-23 122022

Resource

White paper: Automate to Accelerate: Overcoming Staffing and Compliance Challenges in Cyber Risk Management

2024-04-22T19:00:00+01:00Provided by

Spending countless hours tracking down controls evidence for your audit and compliance activities is an annoyance at best and a major drag on productivity and effectiveness at worst.

servicenow300x200

Webcast

CPE Webcast: Doubling down on compliance: Deep dive into SEC cybersecurity regulations

2024-04-09T14:00:00+01:00Provided by

KPMG and ServiceNow experts will delve into best practices to help you not only understand the new regulations but also navigate critical regulatory challenges by highlighting how a platform like ServiceNow can help with compliance.

AT&T

News Brief

AT&T: Data leak exposed info of 73M customers onto dark web

2024-04-01T14:00:00+01:00By

AT&T said personal account data on approximately 73 million current and former customers was released on the dark web two weeks ago but has not yet identified when and where the breach occurred.