GDPR regulators are sinking their teeth into violators. 2020's fines are proof.

The European regulation took about a year before major fines were introduced. Watchdogs are in a grey area of harnessing better privacy standards and having zero tolerance for negligent or intentional violations.

By Samantha Schwartz • Jan. 28, 2021

Privacy investments mitigate security losses, report finds

Spending on data privacy has become a priority amid new concerns about COVID-19 data and remote work environments, a study from Cisco shows.

By David Jones • Jan. 26, 2021

Cyber defense panel sees more private sector coordination following SolarWinds

Defense and intelligence experts say federal agencies need to strengthen private sector support, intelligence sharing to prevent the next big nation-state attack. 

By David Jones • Jan. 20, 2021

With cyber bureau, State Department brings diplomacy to threat landscape

CISOs and security experts see the federal bureau as a potential bridge to help align the government and private sector as nation-states pose increased threats. 

By David Jones • Updated Jan. 11, 2021

Democrats control Congress. Will 2021 be the year for federal privacy laws?

Don't hold your breath.

By Samantha Schwartz • Jan. 8, 2021

Federal task force says Russia likely actor behind SolarWinds attack

As investigations continue, agencies are working to preserve private-sector trust.

By David Jones , Samantha Schwartz • Jan. 5, 2021

Feds require banks to report cyberattacks within 36 hours

The rule, taking effect May 1, requires bank technology vendors to immediately notify customers if an incident disrupted services four hours or more.

By Dan Ennis • Updated Nov. 19, 2021

Federal agencies warn of heightened cyberthreats against K-12 schools

Cyberattackers are trying to steal data and disrupt remote learning as COVID-19 continues to impact schools, the FBI, CISA and MS-ISAC said. 

By David Jones • Dec. 11, 2020

Weighing the risks of disclosing a cyber incident

Not telling law enforcement or a regulator is an admission by an organization: We do not consider this cyber incident reportable.

By Samantha Schwartz • Dec. 10, 2020

National defense bill is heavy on cyber. What it means for the private sector.

The recommendations are intended to remedy areas of distrust and construct a more resilient cyber infrastructure, regardless of sector.

By Samantha Schwartz • Dec. 7, 2020

IoT cyber bill clears Congress — what's next for industry players?

Long-awaited legislation is seen as a springboard to widespread adoption of standards across the booming connected-devices industry.

By David Jones • Dec. 3, 2020

Supreme Court decision on computer fraud law hinges on one word — 'so'

The U.S. Supreme Court held the Computer Fraud and Abuse Act does not cover incidents which individuals with authorized access to a computer system abuse access privileges.

By Samantha Schwartz • Updated June 3, 2021

A cyber stakeholder's guide to Van Buren vs. US

The Supreme Court could determine what constitutes the limits of authorized computer access under the Computer Fraud and Abuse Act. Should this issue be left for Congress?

By Samantha Schwartz • Nov. 30, 2020

Technologists grapple with privacy, bias as AI inches closer to customers

Industry must contend with the ethical challenges of building AI as the technology expands in physical and digital customer touchpoints.

By Roberto Torres • Nov. 30, 2020

Home Depot codifies data reforms in $17.5M breach settlement with states

The home improvement retailer reached a $17.5 million settlement following a multistate investigation into its 2014 hacking.

By David Jones • Nov. 25, 2020

Defense industry CISOs prepare for cybersecurity compliance audits

As the deadline looms for long-awaited supply chain security requirements, experts are helping contractors prepare for third-party assessments.

By David Jones • Nov. 23, 2020

Carnegie researchers seek urgent action to combat financial cyberthreats

Fintech business development and digital transformation in banking is creating opportunities for malicious actors to attack vulnerable systems.

By David Jones • Nov. 20, 2020

Ransom sanctions leave little room for companies desperate to resolve an attack

Victimized organizations are balancing the risk and cost of stalled operations and encrypted data, with federal watchdogs ready to act. Response and recovery is never going to be an easy process.

By Samantha Schwartz • Nov. 20, 2020

Trump fires CISA's Krebs in slew of top cyber departures

President Donald Trump fired Christopher Krebs on Tuesday night, a week after top cyber official Bryan Ware left his post, leaving high-level national cybersecurity positions vacant.

By Katie Malone • Nov. 17, 2020

Biden faces scrutiny on key appointments and policy priorities on privacy, cybersecurity

Experts say the incoming administration has an array of former Obama administration staff and will face pressure to reform a number of fronts. 

By David Jones • Nov. 13, 2020

Zoom settles with FTC, promises to build robust security program

With Zoom's rapid user growth between December and April, the company allegedly "misled users by touting" end-to-end, 256-bit encryption, when it actually offered "lower level of security," said the FTC. 

By Samantha Schwartz • Nov. 10, 2020

What will a Biden presidency mean for business tech and cyber?

As the White House leadership changes, tech and cyber policies taking root are likely to focus on more R&D and federal oversight. 

By Katie Malone • Nov. 6, 2020

No major cyber incidents reported on Election Day — but the security challenge is just beginning

Senior CISA officials confirmed throughout the day that the U.S. did not face any major cyber activity yesterday but cautioned post-Election Day is when the action really begins.

By Katie Malone • Nov. 4, 2020

California voters approve 'CCPA 2.0' ballot proposition

Proposition 24 says that if companies don't need certain details about consumers to run their business or provide services then they don't need to collect the information at all.

By Samantha Schwartz • Updated Nov. 4, 2020

Marriott finds financial reprieve in reduced GDPR penalty

The U.K.'s Information Commissioner's Office also reduced British Airways' fine, citing economic impact of COVID-19 as a factor.

By Samantha Schwartz • Nov. 2, 2020