In the high-stakes world of cybersecurity, one of the most daunting challenges faced by CISOs is the task of persuading their organization to invest in security capability. But in an age of worker shortages, cost-cutting measures, and a surge in third-party cyber risk at the enterprise level, CISOs need to get this message across urgently.

SecurityScorecard’s recent report with the Cyentia Institute found that 98% or organizations have a relationship with at least one third party that has experienced a breach within the last two years. This indicates that nearly every organization is at least indirectly exposed to risk through circumstances outside its control. With that in mind, it’s important for organizations to know how breaches can happen, how to detect them, and how they can respond effectively. Let’s explore.

It’s that time of the year again, 2024 planning. Security and third-party risk management leaders are scrambling to prioritize their initiatives for the coming year, advocate for more resources, and report on their progress over the past year. When only 16% of organizations report that they effectively manage third-party risk, the new year provides a blank slate to introduce new efficiencies to existing processes.

Just like other insurance markets, subjectivities have become a staple of cyber insurance. When a cyber insurance underwriter issues a quote to the broker and insured, there may be additional requirements that must be met before the policy and coverage are activated. The management and resolution of these subjectivities creates friction for all stakeholders involved. It takes longer for insureds to obtain coverage, for underwriters to collect premiums, and for brokers to earn their commission.

Since Hamas’s attack on Israel last month, SecurityScorecard’s SecurityScorecard Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team has paid close attention to hacktivist activity provoked by the conflict, with particular focus on the international scope.

When I bring up the topic of security ratings to my CISO colleagues, I typically get one of two reactions. The first half complains about misattribution of issues along with reporting fix times (although accuracy has improved). But the other half understand how to leverage this technology to their benefit to make their jobs easier and their organizations safer. Read below to get under the hood of how to leverage the evolving application of this technology to secure your supply chain.

Business Email Compromise (BEC) is one of the fastest-growing and financially-damaging cybercrimes. It has consistently led the way in cybercrime losses in recent years. According to the 2022 FBI Internet Crime Report, the FBI received 21,832 Business Email Compromise (BEC) complaints, with estimated losses totalling more than $2.7B. Data shows a 38% increase in cybercrime as a service targeting business email between 2019 and 2022.