In the face of rapid technology changes, the Department of Justice usually has to play catch up. When cryptocurrency and blockchain entered the United States economy, the Justice Department played catch up. Fraudsters and other criminals innovate and embrace new technologies to prey on victims. The Justice Department usually catches up but there is often a lag as “innovative” criminals gain certain market advantages. DOJ...
A Top 5 list should be viewed with suspicion — it is often just a headline grabbing posting with the clear purpose to gain readers’ attention. In defense, however, it is interesting to compare articles on risk rankings. To start with the obvious, corporate boards face growing risks — the economy, the regulatory environment, cybersecurity threats, technology developments and stakeholder interests are all colliding and...
The U.S. Securities and Exchange Commission has a message for publicly-traded companies that suffer a data breach: own up. On Monday, the SEC sued Texas-based SolarWinds––and its Chief Information Security Officer (“CISO”)––for defrauding investors by allegedly failing to disclose known security risks in public filings. This marks the SEC’s first ever enforcement action against an individual corporate officer over their mishandling of a data breach––but...
If you ask corporate board members and senior executives to list their number one risk (other than financial operations), the answer in today’s risk environment is clear – cybersecurity and data privacy. The rapid elevation of this risk is reflected in weekly headlines announcing ransomware, cyber-attacks and data breaches. Companies that have experienced a cyber-attack are forever changed. The board and senior executive team quickly...
Webinar: Cybersecurity and Compliance — A New Path Forward July 25, 2023, 12 Noon EST Sign-Up Here Companies face a broad array of cybersecurity risks — from internal actor mistakes to sophisticated ransomware attacks. Chief Information Security Officers (“CISOs”) are being asked to mitigate these risks. Luckily, Chief Compliance Officers (“CCOs”) have become natural partners for CISOs, and are collaborating to design and implement effective governance...
The New York Department of Financial Services (“DFS”) has proposed rule changes to increase cyber compliance requirements. DFS has been the leading regulatory force in the cybersecurity industry. DFS first issued comprehensive cybersecurity rules in March 2017. Many other regulators and international organizations have adopted many of these regulations as best practices for cybersecurity requirements. The proposed rules would impose some significant requirements, including: Expansion...
Sometimes it takes a public event to remind corporate risk managers about the importance of effective risk management. While corporate risk management functions have become yet another “hot” topic or new-fangled response to corporate failures to prevent obvious risk, most organizations continue to wander in the world of reactive business planning rather than proactive prevention. It has been fairly obvious for years that most corporate...
Corporate boards face exponentially escalating risks – at the heart of this development is the rapid escalation of board member accountability. Board members are no longer operating in a sinecure, free from legal risks. The walls are changing. A perfect example of the changing landscape of risk is the importance of cybersecurity oversight and protections. The criminal cyberattack against the Colonial pipeline and the acknowledge...
The SolarWinds cyber-attack was devastating in scope and impact. If any lesson can be learned from this event, the SolarWinds case presents all the pitfalls, enforcement and reputational damage, rolled into one tragic series of events. In a recent 10-K disclosure, SolarWinds announced that it is the subject of ongoing investigations conducted by the Department of Justice, the Securities and Exchange Commission, and various state...
Most compliance officers will admit that they have more than enough responsibilities in their purview. They are usually not looking for more. I have some bad or good news on this front depending on your perspective. As companies struggle with cybersecurity and data privacy issues, companies should naturally turn to compliance to play a larger role in overall risk mitigation strategies. Up to now, it...
