sec (16)

12360309462?profile=RESIZE_400xFor over a decade, the Security and Exchange Commission (SEC) has been working with corporations and their many stakeholders to seek ways to appropriately influence corporate governance around cybersecurity. On 26 July 2023, the SEC voted to implement new rules for all publicly traded corporations.[1] [2]  

In 2011, the SEC issued guidance to help companies understand they should take responsibility for reducing cyber risk.  This was guidance vice formal regulation, but it helped raise awareness

12346594062?profile=RESIZE_400xRecently, executives from SentinelOne, Protect AI and IBM Consulting provided lawmakers on the cybersecurity and infrastructure protection subcommittee with a laundry list of recommendations to better combat AI threats.  Attacks by malicious hackers using artificial intelligence could swamp smaller companies that are already overwhelmed by cybercrime, experts warned lawmakers during a congressional hearing on 26 December 2023.[1]

Testifying before the House Homeland Security and Governmental Aff

12331833873?profile=RESIZE_400xIn the face of unrelenting pressure from significant cyber incidents and regulatory action to mitigate them, enterprises are assessing whether they are doing enough to deal with cybersecurity.  Public companies are evaluating responses to new SEC rules calling for disclosures regarding cybersecurity strategy, risk management, and governance practices.  The SEC’s action against Solar Winds is setting off alarm bells throughout the cybersecurity community, causing CISOs to worry about personal lia

12324148088?profile=RESIZE_400xIn the US, the Federal Bureau of Investigation (FBI) has issued guidance regarding the data breach reporting requirements of the US Securities and Exchange Commission (SEC), providing useful information on how disclosures can be delayed.  The SEC announced in late July that it had adopted new cybersecurity incident disclosure rules for public companies, requiring them to disclose, through a Form 8-K filing, any material breach within four business days.  The rules are set to go into effect on 18

12296541079?profile=RESIZE_400xA well-known ransomware group has recently filed a complaint with the US Securities and Exchange Commission (SEC) over the failure of a victim to disclose an alleged data breach resulting from an attack conducted by the cybercrime gang itself. 

The ransomware group known as Alphv and BlackCat claims to have breached the systems of MeridianLink, https://www.meridianlink.com  a California-based company that provides digital lending solutions for financial institutions and consumer data verificatio

12258182092?profile=RESIZE_400xIn a US Securities and Exchange Commission 8-K disclosure filing on 05 October 2023, MGM Resorts reported losing around $100 million after the 11 September 2023 breach incident.

In an open letter published recently, MGM CEO Bill Hornbuckle said that "the vast majority of our systems have been restored," adding, "We also believe that this attack is contained.  As part of our remediation efforts, we have rebuilt, restored, and further strengthened portions of our IT environment.[1]  We will offer

12163861074?profile=RESIZE_400xAccording to IBM’s Cost of a Data Breach Report 2022, the global average total cost of a data breach increased by USD 0.11 million to USD 4.35 million in 2022, the highest it's been in the history of this report.  The increase from USD 4.24 million in the 2021 report to USD 4.35 million in the 2022 report represents a 2.6% increase.

See:  https://www.ibm.com/reports/data-breach

In addition to the financial costs the US Government has additional timed reporting planned for all publicly held compa

12198530279?profile=RESIZE_400xClorox announced a cybersecurity incident this week that forced it to take several systems offline.  The company, which reported more than $7 billion in earnings in 2022 through its namesake cleaning product and several others like Pine Sol, Burt’s Bees and more, reported the incident in regulatory filings with the US Securities and Exchange Commission (SEC) on 14 August.  “The Clorox Company has identified unauthorized activity on some of its Information Technology (IT) systems.  After becoming

12163746689?profile=RESIZE_192XThe US Securities and Exchange Commission (SEC) this past week approved new rules that require publicly traded companies to publicize details of a cyber-attack within four days of identifying that it has a "material" impact on their finances, marking a major shift in how computer breaches are disclosed.  "Whether a company loses a factory in a fire, or millions of files in a cybersecurity incident, it may be material to investors," the SEC chair said.  "Currently, many public companies provide c

12157626870?profile=RESIZE_400xBuying a house these days is almost insurmountable.  Who can afford to pay cash for a decent house, or even the minimum downpayment?  That’s where lenders come in.  Banks and finance companies have been doing this for years.  But now there is an elephant in the room, called AI.  The top US bank regulator is warning that lenders need to ensure that artificial intelligence tools don't perpetuate biases and discrimination in credit decisions.[1]

Federal Reserve Vice Chair for Supervision Michael Ba

12144719480?profile=RESIZE_400xThe co-founder and CEO of Binance, Changpeng Zhao, the world's largest centralized cryptocurrency exchange by trading volume, cleared the FUD (fear, uncertainty, doubt) making rounds online that the crypto empire is dumping Bitcoin to artificially bolster and stabilize the price of its native token Binance Coin (BNB).

Even before the US Securities and Exchange Commission filed 13 charges against Binance.US, Zhao, and other associated businesses, the crypto empire had been the subject of many spe

10952079470?profile=RESIZE_400xThe US Securities and Exchange Commission (SEC) in 2023 requires corporate boards to improve their cybersecurity act and increase transparency by disclosing cybersecurity incidents with full details to the SEC and investors within four (4) business days.

In addition to reporting there was an incident, publicly traded corporations must identify who on their board or which subcommittee is responsible for cybersecurity and their relevant expertise.  Adding to the growing importance of the CISO role

9969017887?profile=RESIZE_400xA US republican senator will soon introduce a bill that, for the first time, attempts to regulate the cryptocurrency space. The bill would reportedly add investor protections, rein in Stablecoins,[1] which are pegged to a stated currency, and create a self-regulatory body under the jurisdiction of the US Securities and Exchange Commission and its sister agency, the Commodity Futures Trading Commission.

The proposal stems from a Wyoming senator who is a longtime crypto-evangelist and one of two U

9597232090?profile=RESIZE_400xThe US Securities and Exchange Commission has issued a new warning that fresh criminal schemes are continuing to target digital assets.  Security experts say with social engineering attempts on the rise, individuals and organizations must remain vigilant against crypto-related scams or other "get rich quick" schemes.

In its recent bulletin, the SEC's Office of Investor Education and Advocacy and Division of Enforcement's Retail Strategy Task Force says, "Fraudsters continue to exploit the rising

9531793500?profile=RESIZE_400xThe US Securities and Exchange Commission (SEC) sanctioned eight financial firms for alleged failures related to cybersecurity policies and procedures, each stemming from email account takeovers and related incident response, the regulator announced on 01 September 2021.[1]

The sanctioned firms did not admit or deny the commission's findings, but "agreed to cease and desist from future violations of the charged provisions, to be censured and to pay a penalty," according to the SEC. Cumulative fi

8586196658?profile=RESIZE_400xWith cyber-attacks ramping up and up since the international pandemic, the need for proper cyber protection and cyber insurance coverage is taking on a new meaning, as well as many other business risk factors.[1]  With all the current business concerns in an ever-changing US administration priorities, the corporate risks and vulnerabilities are closely coupled with cyber security matters.  As an example, fossil fuel-energy companies and drug developers are among the most common issuers updating