Policy & Regulation


  • Customers stand in line at an airport.
    Image attribution tooltip
    Joe Raedle via Getty Images
    Image attribution tooltip

    CrowdStrike disruption direct losses to reach $5.4B for Fortune 500, study finds

    A report from Parametrix estimates cyber insurance will cover only about 10% to 20% of losses.

    By July 25, 2024
  • A massive IT outage stranded Delta Air Lines passengers at the Detroit Metropolitan Wayne County Airport on July 20.
    Image attribution tooltip
    Joe Raedle via Getty Images
    Image attribution tooltip

    CrowdStrike, Microsoft scramble to contain fallout from global IT outage

    Cybersecurity and IT experts said users are having major difficulties in recovery efforts, despite workarounds and guidance the vendors released.

    By July 22, 2024
  • SolarWinds
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by ismagilov via Getty Images
    Image attribution tooltip

    Majority of SEC civil fraud case against SolarWinds dismissed, but core remains

    The court ruling related to claims leading up to and immediately following the 2020 Sunburst supply chain hack.

    By Updated July 18, 2024
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA calls for elimination of OS command injection vulnerabilities

    Threat groups target vulnerabilities in widely used network devices. CISA’s latest advisory urges software makers to eliminate them at the source.

    By July 11, 2024
  • SEC logo is on display outside its building in Washington, D.C.
    Image attribution tooltip
    Chip Somodevilla via Getty Images
    Image attribution tooltip

    MOVEit legal liabilities, expenses pile up for Progress Software

    The prospective financial hit from a widely exploited vulnerability in the file-transfer service is growing. Progress confronts lawsuits, regulator scrutiny and government investigations.

    By July 10, 2024
  • Image attribution tooltip
    Drew Angerer via Getty Images
    Image attribution tooltip

    Critical infrastructure providers seek guardrails on scope, timeline for CIRCIA rules

    In a last-minute push, critical infrastructure stakeholders urged federal officials to give more flexibility on the detail required during the first 72 hours of covered cyber incidents.

    By July 8, 2024
  • Macquarie v Moab
    Image attribution tooltip
    Kevin Dietsch / Staff via Getty Images
    Image attribution tooltip

    Supreme Court ruling on Chevron doctrine may upend future cybersecurity regulation

    Experts expect new legal challenges against numerous agency cybersecurity requirements, including incident reporting mandates and rules governing critical infrastructure sectors.

    By Updated July 8, 2024
  • Two technicians work on a solar panel as a drone flies overhead.
    Image attribution tooltip
    whyframestudio via Getty Images
    Image attribution tooltip

    Manufacturing cybersecurity at heart of new White House guidance

    The increased priority on security comes as more clean energy supply chains face the threat of a cyberattack.

    By Kate Magill • June 24, 2024
  • A close up of a man in a blue suit with a multicolored tie gesturing while seated at a desk.
    Image attribution tooltip
    Drew Angerer via Getty Images
    Image attribution tooltip

    Microsoft president promises significant culture changes geared towards security

    Brad Smith detailed plans to tie compensation to security, as lawmakers raised new questions about the company’s commitment to transparency.

    By June 14, 2024
  • Microsoft President and Vice Chair Brad Smith speaks April 12, 2023, at the Semafor World Economy Summit in Washington D.C.
    Image attribution tooltip
    Drew Angerer via Getty Images
    Image attribution tooltip

    Microsoft will take full ownership for security failures in House testimony

    Brad Smith, the company’s vice chair and president, will acknowledge extensive security lapses while outlining steps the company, industry and nation need to move forward.

    By June 13, 2024
  • The seal of the Federal Communications Commission.
    Image attribution tooltip
    Mark Wilson / Getty Images via Getty Images
    Image attribution tooltip

    FCC approves $200M K-12 cybersecurity pilot

    The three-year program will help schools begin to cover the costs of securing their networks from cyberattacks.

    By Anna Merod • Updated June 7, 2024
  • National Cyber Director Harry Coker speaks in Washington.
    Image attribution tooltip
    Permission granted by Information Technology Industry Council
    Image attribution tooltip

    White House wants to harmonize the breadth of cybersecurity regulations

    National Cyber Director Harry Coker Jr. detailed White House strategy to streamline the administrative burden and cost of cyber compliance.

    By June 5, 2024
  • A closeup shot of long colorful lines of code on a computer screen.
    Image attribution tooltip
    Wirestock via Getty Images
    Image attribution tooltip

    NIST has a plan to clear the vulnerability analysis backlog

    The Cybersecurity and Infrastructure Security Agency and government contractor Analygence will help clear the National Vulnerability Database backlog.

    By May 31, 2024
  • SEC clarifies intent of cybersecurity breach disclosure rules after initial filings

    The rules require notification of “material” breaches, but some early filers have reported incidents that appear to fall short of the regulatory threshold.

    By Alexei Alexis • May 29, 2024
  • NIST administration building in Gaithersburg, Maryland.
    Image attribution tooltip
    Courtesy of NIST
    Image attribution tooltip

    Critical CVEs are going under-analyzed as NIST falls behind

    NIST has analyzed less than 1 in 10 vulnerabilities added to the National Vulnerability Database since mid-February, according to VulnCheck research.

    By May 28, 2024
  • A surgeon stands in a hospital room bending over a small table of medical instruments
    Image attribution tooltip
    Mario Tama via Getty Images
    Image attribution tooltip

    HHS agency launches program to automate cybersecurity at hospitals

    The program will invest more than $50 million to create a software suite that can automatically find potential vulnerabilities that hackers could exploit and deploy fixes.

    By Emily Olsen • May 24, 2024
  • A sunlit New York Stock Exchanges is seen with 6 columns and 3 American flags with people walking by in shadow.
    Image attribution tooltip
    Drew Angerer via Getty Images
    Image attribution tooltip

    SEC fines NYSE’s parent $10M for failing to report cyberattack

    The settlement sheds light on the costs of cyberattacks that can include penalties for non-compliance with timely disclosure requirements after the events occur.

    By Maura Webber Sadovi • May 24, 2024
  • National Cyber Director Harry Coker Jr. delivers keynote on the national cybersecurity strategy implementation plan on May 22, 2024 at the McCrary Institute at Auburn University in Washington D.C.
    Image attribution tooltip
    Permission granted by McCrary Institute
    Image attribution tooltip

    White House seeks critical cyber assistance for water utilities, healthcare

    The DOJ will also work to deter teens from joining criminal hackers like Lapsus$.

    By May 23, 2024
  • Abstract black and white monochrome art with surreal funnel.
    Image attribution tooltip
    Philipp Tur/Getty Images Plus via Getty Images
    Image attribution tooltip

    Cyberattacks are good for security vendors, and business is booming

    More secure technology could stem the tide of cyberattacks, but digital threats are ever present.

    By May 23, 2024
  • Microsoft logo is seen in the background.
    Image attribution tooltip
    Jeenah Moon via Getty Images
    Image attribution tooltip

    Microsoft president set to testify before Congress on ‘security shortcomings’

    After the tech giant asked for more time, Brad Smith will now testify before the House Committee on Homeland Security on June 13.

    By May 22, 2024
  • The HHS in DC
    Image attribution tooltip
    Alex Wong / Staff via Getty Images
    Image attribution tooltip

    Providers urge HHS to clarify Change data breach reporting requirements

    More than 50 provider groups are asking the federal government to publicly state that UnitedHealth should handle data breach reporting stemming from the cyberattack on its subsidiary.

    By Emily Olsen • May 22, 2024
  • Water rushing out of a pipeline and onto a wheat field.
    Image attribution tooltip
    lnzyx for iStock via Getty Images
    Image attribution tooltip

    EPA to ramp up enforcement as most water utilities lack cyber safeguards

    The agency may consider taking civil and criminal penalties against utilities following months of attacks against drinking and wastewater treatment facilities.

    By May 21, 2024
  • The U.S. Securities and Exchange Commission seal hangs on the facade of its building.
    Image attribution tooltip
    Chip Somodevilla via Getty Images
    Image attribution tooltip

    SEC requires financial firms to disclose data breaches within 30 days

    The regulatory agency’s rule change comes less than a year after it required publicly traded companies to disclose material security incidents within four business days.

    By May 20, 2024
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA senior official Goldstein to leave agency in June

    The executive assistant director for cybersecurity at CISA often served as the voice of the agency and helped steer its secure-by-design efforts.

    By May 16, 2024
  • A closeup shot of long colorful lines of code on a computer screen.
    Image attribution tooltip
    Wirestock via Getty Images
    Image attribution tooltip

    Unsafe software development practices persist, despite CISA’s push

    The industry isn’t making sufficient progress in cleaning up code despite recurring efforts from the agency to eliminate entire classes of vulnerabilities.

    By May 15, 2024