Blog

Understanding Materiality in Cybersecurity and Compliance

How does your organization assess the material impact of cyber incidents with the SEC’s new disclosure requirements?

Third-Party Risk Management for the EU AI Act

The EU AI Act is a landmark piece of legislation poised to reshape how organizations develop, deploy, and use AI systems worldwide. During the phased implementation stage, organizations must take action to meet compliance requirements.

Navigating NIS2: A Comprehensive Guide to Incident Reporting Obligations

The NIS2 Directive introduces new requirements for organizations to bolster Europe’s resilience against cyber threats. Prepare your reporting policies before disaster strikes with our comprehensive guide to NIS2 reporting obligations.

DORA Compliance and Third-Party Risk Assessment

As the digital threat landscape evolves, no risk exists in a vacuum. With the increased reliance on third-party vendors, the risks organizations face from cyber threats can have impacts extending beyond the company, posing potential harm to consumers and even entire economies. To mitigate the fallout of cyber threats that arise through third-party vendors, the Digital Operational Resilience Act (DORA) is a pivotal regulation that aims to enhance information and communication technology (ICT) risk management and cybersecurity reporting through stringent oversight of third-party vendors.

CSIN Incident Response Planning

As new regulations aim at consumer and investor protections, the increased scrutiny of risk management, incident response, and business continuity planning is now a Board-level issue, and cyber event reporting and risk mitigation are crucial concerns for boards of directors across industries. How you plan to communicate risks during incident response is integral to compliant decision-making and escalation processes for CSIN reporting.

After the Incident: Navigating Notification Obligations

Imagine this: Your financial services organization handles sensitive customer information and falls victim to a ransomware attack. An employee clicks on a phishing email, triggering a series of events that compromise your systems. You make a ransom payment to regain access, only to discover that personal customer data was stolen. Now, you face a maze of notification requirements.