Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Insights blog.
Read about the latest cybersecurity news and get advice on third-party vendor risk management, reporting cybersecurity to the Board, managing cyber risks, benchmarking security performance, and more.
Slicing through CISA’s KEV Catalog
Slicing through CISA’s KEV Catalog
Dive into the critical insights of CISA's Known Exploited Vulnerabilities (KEV) Catalog with Bitsight’s latest blog! Discover how KEVs, which signal urgent cybersecurity risks, are being tracked and mitigated across industries. Learn why addressing these vulnerabilities quickly is vital and how it impacts organizational security.
Over the last 5-10 years, we’ve seen a major uptick in the number of regulations across all sectors regarding cybersecurity. The following is a brief look at how cybersecurity regulations have been implemented across seven sectors and divisions.
In 2023, the SEC adopted new cybersecurity disclosure requirements. Learn how shareholders can leverage cybersecurity information for investment decisions and more.
Government agencies in the United States are yet again suffering from a widespread data hack, this time originating from Microsoft Exchange servers. This breach comes less than five months after the SolarWinds breach exposed vulnerabilities across dozens of industries, including government agencies. How is the government pivoting to protect their network from these increasingly widespread attacks?
The Australian Prudential Regulation Authority (APRA) has introduced CPS 234. Learn about the regulation and how cybersecurity is now at the forefront.
We delve into the purpose of these EU regulations, the challenges they present, the timeframe for adoption, and the keys to comply.
The SEC’s New Cybersecurity Regulations: Understanding the Impact for Companies & Their Shareholders
In Part 1 of this multi-part series, we describe the new SEC cybersecurity regulations and assess potential impact on both shareholders and companies.
Companies will be required to disclose risks in their annual reports beginning on 12/15/2023. For many CISOs, they may have some real questions. Here's where to start.
New SEC regulations mean that cybersecurity leaders are looking for ways to tell their company's story and looking for the right data to include. Independent cybersecurity benchmarking results are quickly becoming one of the primary data points included in any investor disclosure.
METI recommends ASM as a means to discover, manage internet assets, and continuously monitor for associated exposures and vulnerabilities allowing for remediations.
On July 26, 2023, the SEC voted to adopt new cybersecurity requirements for publicly traded companies, creating new obligations for reporting “material” cybersecurity incidents and requiring more detailed disclosure of cybersecurity risk management, expertise, and governance.
If you operate in specific sectors, cybersecurity maturity is more than a best practice, it’s a regulatory requirement. These regulations are complex and constantly changing. To help you better understand your organization's regulatory environment and the standards and controls they stipulate, let's break down key cyber compliance regulations by industry.
Discover the performance areas policymakers should begin measuring, why these are important and how they should collect the data.
What is a SOC 2 report and why is it essential in due diligence and vendor risk management programs? Here's what you need to know.
At the upcoming RSA Conference, Bitsight’s Derek Vadala will moderate a panel to explain new cybersecurity disclosure requirements and how timely, consistent, and informative disclosure can benefit companies in the marketplace.
The U.S. government recently released a new National Cybersecurity Strategy, detailing recommendations and changes to ensure a safe and secure digital ecosystem. Here's our takeaways.