Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In late February of this year, Change Healthcare experienced a massive ransomware attack. The company, a subsidiary of United Healthcare, is the largest clearinghouse for insurance billing and payments in the U.S, processing 15 billion medical claims each year.

The growing sophistication of threat actors, supply chain disruptions, and the potential for systemic and catastrophic losses make for a precarious landscape for insurers and those seeking insurance. To help customers reduce risk at scale, insurers and brokers must adopt technology in order to visualize vulnerabilities while also forecasting, quantifying, and monitoring risks.

The interconnected nature of our digital economy requires a shift in how companies think about their cyber risk. Companies need to consider the broader system and how to build mutual support with their entire cyber ecosystem– customers, partners, and vendors. Yet, today, most companies still rely on manual vendor onboarding, monitoring, and point-in-time external security reports to manage supply chain cyber risk – even top Fortune 500 companies.

This week, the SEC issued a statement addressing some of the rampant confusion and inconsistencies observed under the agency’s new cyber breach disclosure rule. The statement itself addresses a technical securities law requirement, that public companies should only use Item 1.05 of Form 8-K to disclose “material” cyber breach information (instead of making voluntary or immaterial disclosures).

This week, the U.S. Environmental Protection Agency (EPA) warned that cyberattacks against water utilities across the country are becoming more frequent and more severe. The agency urged water systems to take immediate actions to protect the nation’s drinking water. According to the EPA, there are more than 150,000 public water systems across the U.S. serving over 300 million people—virtually all of which are administered and secured at local levels of government.

Today, we’re proud to announce that Forrester has named SecurityScorecard a Leader in The Forrester Wave: Cybersecurity Risk Ratings Platforms, Q2 2024. Forrester identified the 10 most significant vendors in cybersecurity risk ratings and scored them based on the strengths of their current offering, strategy, and market presence.

The cybersecurity world is no doubt aware that the National Vulnerability Database (NVD) has been experiencing issues over the last three months.

As regulatory mandates and frameworks continue to emerge, cybersecurity leaders must continue to adapt to more than just the latest threat actor tactics, techniques, and procedures. As part of our ongoing webinar series centered on compliance, SecurityScorecard’s Senior Product Marketing Manager, Devaney Devoe, moderated a discussion with Adam Bixler (Principal, Squadra Ventures), Christopher Strand (SecurityScorecard’s Global Risk Officer), and Steve Cobb (CISO, SecurityScorecard).

SecurityScorecard recently hosted a webinar with our Co-founder and CEO, Dr. Aleksandr Yampolskiy, and Sue Gordon, the former Deputy Director of National Intelligence and SecurityScorecard board member. Gordon drew on her experience as a key advisor to the President and National Security Council to discuss the shared responsibility between public and private organizations in combating cyber threats, the concentration of cyber risk, and the value of easy-to-understand cybersecurity metrics.