Cybergovernance Journal Update – 11/20/2015
The visibility of cybersecurity breaches as a source of corporate risk continues to grow. Recent articles discussed adding cybergovernance experts to boards, regulation in the financial services and healthcare industries, and worldwide concern for better security and governance.
Cybergovernance: Are More Experts the Answer?
Cybergovernance Journal, Nov. 16
Cyber attacks are increasingly being treated as a business problem in a class of their own, since they represent such a large business risk. Technology is important, but a complete solution requires changes in company culture and awareness plus more vetting of the security posture of vendors. Addressing cyber risk is a business problem.
Likely New Cybersecurity Regulations for Financial Institutions
National Law Review, Nov. 17
Even before the New York State Department of Financial Services adopts any measures, expectations of regulators of registrants in both the securities and futures industry has been increasing during the past year regarding what cybersecurity protections should be in place to protect customer records and information.
Cybersecurity Governance is Not Just a U.S. Problem
Lexology, Nov. 9
Many governments are assisting their national industries to protect themselves with clear statements of what steps companies need to implement to mitigate the risks from common internet based threats. The UK government has created the voluntary Cyber Essentials Scheme that includes an Assurance Framework through which companies can receive certification that they have taken basic precautions.
Cybersecurity efforts still falling short at financial services firms
InvestmentNews, Nov. 3
The report also found that financial firms don’t properly vet third-party vendors before taking them on or use ones with inadequate technology. It recommends that firms record the software and data that vendors can access, even vendors hired to mitigate cybersecurity risks.
The Changing Roles of Healthcare Cybersecurity Leadership
HealthITSecurity, Nov. 9
The whole issue of healthcare cybersecurity is one of the hottest topics in the industry right now… The majority of healthcare organizations have already experienced some type of significant data security breach… Moreover, it is also a highly concerning issue that medical devices could now potentially be targets, which could potentially put patients’ safety at risk.
Cybersecurity 2.0: what’s expected of federally regulated financial institutions
Lexology, Oct. 29
To safeguard against the potentially far-reaching damage a breach of cybersecurity could inflict upon Canada’s financial sector, the Office of the Superintendent of Financial Institutions (OSR) has gradually incorporated cybersecurity into its ongoing supervision of risk, often by relying on FRAs to take the initiative with limited regulator guidance.