CISA issues notice for long-awaited critical infrastructure reporting requirements

CIRCIA will require covered entities to promptly disclose major cyber incidents and ransomware payments.

By David Jones • March 27, 2024

Marsh launches group captive insurance firm for cyber

The company wants to provide larger, financially stable companies with alternatives for managing risk, after years of volatility in pricing and coverage.

By David Jones • March 25, 2024

Explore the Trendline➔

Risk Management

Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

By Cybersecurity Dive staff

How companies describe cyber incidents in SEC filings

The words businesses use in cybersecurity disclosures matter. They can channel confidence in the recovery process, potential impacts and legal liabilities.

By Matt Kapko • March 19, 2024

Security consultation is a non-negotiable for M&A activity

Over 20% of external cloud services change monthly. Without visibility, it is easy to lose track of changes and prevent risks. Get the report to learn more.

By Matt Kraning, CTO, Cortex, Palo Alto Networks • March 18, 2024

Audit committees rank cybersecurity as top priority amid SEC crackdown

Cyberattacks are just one of several rapidly changing threats confronting audit committees, according to the Center for Audit Quality and Deloitte.

By Jim Tyson • March 14, 2024

Google Cloud CISO spots asymmetric advantage for AI in defense

Organizations have the upper hand in using generative AI for security because it’s trained on data they own and context they tune against it, Phil Venables says.

By Matt Kapko • March 13, 2024

Ransomware festers as a top security challenge, US intel leaders say

U.S. intelligence leaders warn ransomware activity is growing, despite high profile efforts to seize threat actors’ infrastructure.

By Matt Kapko • March 12, 2024

What’s behind the demand for MDR and IAM systems

It's not just the front door businesses need to protect. Organizations also have to recognize the damage threat actors can do once they’re inside.

By Sue Poremba • March 7, 2024

CrowdStrike dodges pricing war with Palo Alto Networks

CEO George Kurtz called out CrowdStrike's largest competitor, dismissing Palo Alto Network's strategy of free incentives. "Free is never free," he said.

By Matt Kapko • March 6, 2024

AWS CISO: Generative AI is just a tool, ‘not a magic wand’

Attackers and defenders have access to the same capabilities in generative AI. Clear advantages for either side have yet to materialize.

By Matt Kapko • March 5, 2024

Why Okta is overhauling its priorities, culture around security

CSO David Bradbury acknowledges the company’s brand is tarnished. “We need a track record of zero breaches. That’s what builds trust.”

By Matt Kapko • March 1, 2024

NIST makes it official: governance is a critical part of cybersecurity

A collection of resources accompany CSF 2.0 to make the guidance easier for businesses to use and put into practice across their operations.

By Matt Kapko • Feb. 29, 2024

Okta reports ‘minimal’ financial impact following support portal attack

The identity and access management firm is promising to make security a top priority, even though Okta’s CFO said the attack fallout is “not quantifiable.”

By Matt Kapko • Feb. 29, 2024

Okta, with a bruised reputation, rethinks security from the top down

CSO David Bradbury detailed to Cybersecurity Dive what the identity and access management company got wrong and the security pledges it's making to customers.

By Matt Kapko • Feb. 27, 2024

CFOs take backseat to CISOs on SEC cyber rules

Less than half of finance chiefs are involved in the SEC's cybersecurity breach disclosure process, AuditBoard found.

By Alexei Alexis • Feb. 27, 2024

LockBit group revives operations after takedown

The comeback is no surprise to experts — and some think LockBit as a brand is dead — but the reemergence underscores persistent challenges for authorities.

By Matt Kapko • Feb. 26, 2024

Palo Alto Networks’ free incentives offer sparks investor anxiety

The firm is giving away services and offering deferred billing to corral new customers into its consolidated cybersecurity platforms.

By David Jones • Feb. 21, 2024

State Department puts $10M bounty on AlphV ransomware group

The prolific ransomware group and its affiliates are behind some of the most high-profile attacks in the last year.

By Matt Kapko • Feb. 15, 2024

Contractual obligations driving data privacy, cybersecurity upgrades

To secure work from business partners, more companies are getting serious about having the right technical and legal safeguards, a specialist says.

By Robert Freedman • Feb. 13, 2024

CISA blitzes Super Bowl with cyber campaign as businesses fumble security

CISA brought its Secure Our World initiative to Las Vegas, for the biggest annual event in sports. Will anyone heed the advice?

By Matt Kapko • Feb. 9, 2024

National cyber director urges private sector collaboration to counter nation-state cyber threat

Harry Coker said the Biden administration is exploring plans to hold manufacturers accountable for poor security, while also working to harmonize regulations.

By David Jones • Feb. 9, 2024

Mortgage industry attack spree punctuates common errors

Attacks against Mr. Cooper Group, Fidelity National Financial, First American Financial and loanDepot impacted operations and put customers in a bind.

By Matt Kapko • Feb. 6, 2024

Business, technology groups back SolarWinds motion to dismiss SEC charges

Former U.S. cybersecurity officials and a group of current and former CISOs warned the fraud suit against SolarWinds could chill intel sharing from the private sector.

By David Jones • Feb. 5, 2024

4 ways the role of the CISO will change in 2024

2024 marks a new era for CISOs. Faced with increasing responsibility in the wake of SolarWinds, they’ll demand better budgets, head counts, and tooling - or go elsewhere.

By Thomas Kinsella, CCO and co-founder, Tines • Feb. 5, 2024

Okta to cut 7% of workforce as push to revamp security is underway

The layoffs come during the company's 90-day overhaul to address lax security following a string of cyberattacks targeting Okta and its customers.

By Matt Kapko • Feb. 1, 2024