Merck reaches settlement in closely watched NotPetya insurance case

The pharmaceutical giant previously won a New Jersey court decision involving $700 million of a $1.4 billion dispute over war-exclusions language related to the attack.

By David Jones • Jan. 8, 2024

LastPass enforces 12-character master password lengths

The password manager made its years-old guidance on master password complexity a requirement nearly a year and a half after it was hit by a major cyberattack.

By Matt Kapko • Jan. 4, 2024

Explore the Trendline➔

Risk Management

Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

By Cybersecurity Dive staff

Mimecast acquires human risk management specialist Elevate Security

The acquisition is the latest in a series of deals in recent weeks, following a turbulent year of industry layoffs, spending cuts and a weaker investment climate in the sector.

By David Jones • Jan. 4, 2024

SonicWall acquires Banyan Security to boost cloud security portfolio for remote work

The company recently acquired a firm specializing in managed detection and response technology for managed service providers.

By David Jones • Jan. 3, 2024

Cisco to buy open source multicloud security vendor Isovalent

The deal for the company behind eBPF and Cilium follows Cisco’s blockbuster $28 billion agreement to acquire Splunk.

By Matt Kapko • Dec. 21, 2023

Cyber risk strategies in hot seat as SEC rules go live

A new climate of regulatory scrutiny is pushing companies to reassess how they manage cyber governance and mitigation at the highest levels.

By David Jones • Dec. 20, 2023

2 years on, Log4j still haunts the security community

Research from Veracode shows nearly 2 in 5 applications are still running vulnerable versions. 

By David Jones • Dec. 8, 2023

Fidelity National Financial still assessing cyberattack impact, but is insured

The company acknowledged real estate closings were briefly impacted, however committed to protect customer data and prioritize cybersecurity investments.

By David Jones • Dec. 7, 2023

Challenging the ‘good enough’ cybersecurity mindset

While the volume of cyber threats keeps growing, security experts struggle to navigate the perception that existing resources are enough to defend their organization.

By Jen A. Miller • Dec. 6, 2023

Businesses can turn to MSPs to navigate SEC cyber disclosure requirements

With a line of sight on security operations, managed service providers hold keys to materiality determinations and annual 10-K reports.

By Suman Bhattacharyya • Dec. 5, 2023

Authorities raise alarm on threats against water, other critical sectors

An ongoing cyber campaign against Unitronics PLC devices has impacted multiple U.S. water facilities, but authorities are also monitoring energy, healthcare, and food and beverage manufacturing.

By David Jones • Dec. 4, 2023

Staples hit by cyberattack during critical Cyber Week sales push

The office supply retailer expects to fully catch up on back orders after online processing and deliveries were briefly disrupted.

By David Jones • Dec. 1, 2023

Okta again promises it is taking security seriously

CEO Todd McKinnon used the company's earnings call to once again pledge improvements and address a culture of lax security.

By Matt Kapko • Nov. 30, 2023

For financial services firms, a pattern of malicious cyber activity is emerging

The suspected ransomware attack against Fidelity National Financial marks the latest in a series of incidents, leading regulators to take additional enforcement actions.

By David Jones • Nov. 29, 2023

Amazon CSO likens security to psychological chess matches

Security professionals should focus on ambiguous, dynamic problems that can’t be solved by software, Stephen Schmidt says.

By Matt Kapko • Nov. 28, 2023

Cloud security myths can leave SMBs exposed

AWS identified three cyber misconceptions that hinder small- and medium-sized businesses as they migrate workloads.

By Matt Ashare • Nov. 22, 2023

Retailers brace for cyberthreat feast ahead of Thanksgiving shopping weekend

A rise in social engineering and generative AI pose increased risks as phishing attacks and ransomware gain speed and grow more sophisticated.

By David Jones • Nov. 21, 2023

Companies are getting smarter about cyber incidents

Although incidents are up and risks are expanding, businesses are better prepared to send threat actors away empty-handed, a specialist says.

By Robert Freedman • Nov. 21, 2023

Cisco looks to Splunk for security business growth

Security remains a small part of Cisco’s business, but Splunk could bolster the company’s ability to grow and improve other offerings.

By Matt Kapko • Nov. 16, 2023

Palo Alto Networks’ largest customers get no-cost incident response

Available through January, the response program comes at a time of heightened demand for rapid forensic services, particularly in light of the coming SEC incident response enforcement. 

By David Jones • Nov. 15, 2023

Rackspace records $5M in expenses related to 2022 ransomware attack

The cloud services company expects insurance to cover its incident costs, however multiple lawsuits are still pending.

By David Jones • Nov. 14, 2023

MGM Resorts anticipates no further disruptions from September cyberattack

The company expects insurance to cover more than $100 million in losses stemming from lost bookings and disruptions at its Las Vegas properties.

By David Jones • Nov. 9, 2023

Countries pledge to not pay ransoms, but experts question impact

There is no mandate to ban governments or businesses from paying ransom demands, but the pledge could be a step toward that outcome.

By Matt Kapko • Nov. 6, 2023

Top ways businesses can manage the risk implications of the SEC cybersecurity disclosure rule

The SEC final rule requires public companies to disclose any material cybersecurity incidents within four business days of determination.

Nov. 6, 2023

Microsoft overhauls cyber strategy to finally embrace security by default

The plan follows major backlash Microsoft experienced earlier this year for charging customers for additional security features. 

By David Jones • Nov. 3, 2023