Tariffs and Trade Series: What Senior Management Teams Need to Know
No Password Required: CEO of HACKERverse.ai, Disruptor of Cybersecurity Sales and Most Other Things
Compliance Tip of the Day: Multiplying the Influence of Compliance
Daily Compliance News: May 13, 2025, The Leaving on a Jet Plane Edition
Compliance tip of the Day: Communication Through Persuasion
FCPA Compliance Report: Upping Your Game in Compliance
Episode 368 — LRN Issues New Report Highlighting Growing Gap in Compliance Program Performance
Compliance Tip of the Day: Empowering Middle Managers to Drive Compliance Transformation
Creativity and Compliance: From Compliance Enforcers to Trusted Advisors: The Path Forward
Top Healthcare Compliance Priorities for 2025
Compliance Tip of the Day: Middle Managers as the Eyes and Ears of Compliance
ADA Compliance for Medical and Dental Practices: Responding to Inquiries and Investigations
Innovation in Compliance: Exploring the Intersection of Compliance, Technology, and AI with Ben Sperry
What Every Law Firm Leader Can Learn from Law Day and the Perkins Coie Ruling: On Record PR
Compliance Tip of the Day: Elevating Compliance Through Connected Middle Managers
Compliance into the Weeds: USRA Declination Case Study - Self-Disclosure Best Practices
Compliance Tip of the Day: Middle Managers as Ethical Cornerstones
Understanding Human Trafficking and Modern Slavery: A Business Imperative with Clint Palermo
SBR Author’s Podcast: Understanding Complexity with Dr. Jean Boulton, Part 2: The Power of Simple Principles in Ethics and Compliance
Daily Compliance News: May 6, 2025 the Made in China Edition
The maritime industry has become a prime target for hackers. In the last few years, it has seen a steep increase in the number of shipping-related cyberattacks. The recent surge marks a new and pressing challenge for ports...more
Feel confident tackling any threat with a unified incident management approach that integrates roles, communication, and recovery tasks. Small and medium-sized organizations without a disaster recovery plan are 40% more...more
The U.S. Coast Guard (“USCG”) published a final rule on January 17, 2025, addressing Cybersecurity in the Marine Transportation System (the “Final Rule”), which seeks to minimize cybersecurity related transportation security...more
On November 7, 2024, the Transportation Security Administration (the “TSA”) published a Notice of Proposed Rulemaking (the “Proposed Rule”) that would mandate cyber risk management (“CRM”) and reporting requirements for...more
On January 15, 2025, the Federal Acquisition Regulatory Council published a proposed rule (the FAR CUI Rule) that would amend the Federal Acquisition Regulation (FAR) to impose government-wide cybersecurity, training, and...more
NIS2 (Network and Information Systems Directive 2) is the updated version of the NIS Directive, which the EU first introduced in 2016. The original NIS Directive aimed to enhance cybersecurity across member states by...more
After years of anticipation, the Federal Acquisition Regulation (FAR) Council has announced the arrival of its proposed rule to enhance the safeguarding of Controlled Unclassified Information (CUI) in federal contracts (the...more
The Financial Conduct Authority (FCA), Prudential Regulation Authority (PRA) and Bank of England are consulting on proposals to require firms to report operational incidents and material third party arrangements. In the face...more
Cyberattacks are affecting every company and sector. Meanwhile, the regulatory landscape is intensifying as the SEC continues to enforce the cyber-risk management disclosure rules. Every day presents a new compliance and...more
The first year of a new significant regulatory obligation is often more notable for the absence of regulatory enforcement actions as regulators often observe compliance efforts and challenges, offer guidance, and look for...more
The Digital Operational Resilience Act (DORA) establishes a harmonised and comprehensive framework for information and communication technology (ICT) risk management in the financial sector. It is a directly applicable EU...more
Paul Hastings released its SEC Cyber Incident Disclosure Report today, providing a unique look at how public companies have responded to new incident disclosure requirements. The Securities Exchange Commission (SEC) approved...more
Forming part of the EU’s broader digital and cyber security strategy, the new Network and Information Systems Directive 2022/2555 (NIS2) came into effect on 18 October 2024 (this being the deadline by which the directive is...more
Numbers never lie. The second most targeted industry in terms of hacking and breaches is Finance, which was the victim somewhere in the realm of 2,306 to 2,792 cyberattacks in 2023 (depending on the source). With each data...more
The U.S. Securities and Exchange Commission (SEC) Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules officially went into effect in December 2023. Aimed at improving cybersecurity risk...more
The Digital Operational Resilience Act (DORA) is an EU regulatory framework, aimed at enhancing the financial sector’s ability to withstand and recover from ICT (information and communication technology) disruptions....more
The publication by the Joint Committee of the European Supervisory Authorities (ESAs) on (a) 17 July 2024 of the second batch of implementing materials and (b) 26 July 2024 of the sub-contracting of information and...more
On June 24, 2024, the SEC issued five new Compliance & Disclosure Interpretations (C&DIs) relating to the materiality assessment and disclosure requirements of material cybersecurity incidents under Item 1.05 of Form 8-K....more
In response to the increasing number of cyberattacks and the acceleration of digital transformation across sectors, the European Union has revised and improved its Network and Information Security (NIS) Directive. The...more
The U.S. Securities and Exchange Commission's (SEC) Division of Corporation Finance Director Erik Gerding released a statement on May 21, 2024, addressing Disclosure of Cybersecurity Incidents Determined to be Material and...more
New regulations continue to push boards in the direction of active engagement in their cyber oversight role, including breach response. But, how can boards strike the right balance in their oversight role during a significant...more
The Australian Prudential Regulation Authority (APRA) released Prudential Standard CPS 230 in March 2017. At a glance, the regulation aims to strengthen the cybersecurity resilience and operational risk management of the...more
With the onslaught of new privacy legislation and cyber threats coupled with upticks in enforcement, running a well-functioning and flexible privacy program is now, more than ever, a critical component of an organization’s...more
Data security is a top concern for organizations in today’s digital landscape. It protects data from unauthorized access, use, modification, or disclosure, and requires implementing technical, administrative, and physical...more
Report on Patient Privacy 23, no. 11 (November, 2023) Tim DiBona clearly remembers Christmas Eve 2018 when the staff of his small firm—Doctors’ Management Service (DMS)—arrived at their West Bridgewater, Mass., office to...more