Justice Dept. Talks AI Concerns

AI

The Justice Department wants companies tinkering with artificial intelligence to be more open-minded about testing their AI systems and products for vulnerabilities, and specifically wants them to adopt a “vulnerability disclosure program” much the same way tech companies already disclose software bugs. So says Nicole Argentieri, head of the Criminal Division, who delivered a speech…

Read More

More Lessons on Cyber Control Failures

cybersecurity

We have another glimpse into modern cybersecurity threats and the control weaknesses that allow those threats to happen, courtesy of an enforcement action against a financial services firm that twice was duped by hackers into selling their customers’ assets.  The financial services firm is Equiniti Trust Co., a registered transfer agent — that is, a…

Read More

Last Week’s Cybersecurity Disasters

cybersecurity

There are decades when nothing happens, and weeks when decades happen. Last week was definitely one of those latter periods for CISOs, internal auditors, compliance officers, and anyone else charged with worrying about cybersecurity. Just consider what happened last week: On Tuesday, UnitedHealth reported spending nearly $1 billion on recovery costs from a ransomware attack…

Read More

UnitedHealth’s Big Cyber Compliance Mess

unitedhealth

UnitedHealth filed its latest quarterly earnings report today, complete with an update on the staggering costs of a ransomware attack the healthcare giant suffered earlier this year — and if anyone needs a fresh example of how cyber attacks can tie your company into compliance knots, pull up a chair. The attack itself happened in…

Read More

Internal Accounting Controls and Cyber Risk

control environment

Today I want to return to that recent enforcement action against RR Donnelley, where the Securities and Exchange Commission cited faulty internal accounting controls at Donnelley as grounds to impose a $2.1 million sanction over the company’s poor handling of a cybersecurity incident. What are internal control professionals supposed to make of an enforcement action…

Read More

SEC Advice on Ransomware Disclosure 

ransomware

The Securities and Exchange Commission has published fresh advice about when companies need to disclose a ransomware incident to investors, warning that companies will need to perform materiality assessments and be prepared to disclose the attack even if the attack is small and the company returns to normal operations quickly. The agency released five compliance…

Read More

Example of Cyber Disclosure Challenges

disclosure

Radical Compliance is back from vacation, and what better way to catch up on current compliance issues than an enforcement action over poor cybersecurity? Lucky for us, the Securities and Exchange Commission served up a fresh case just last week on exactly that headache. The case involves R.R. Donnelley, provider of business marketing services to…

Read More

NYSE Parent Fined $10M Over Breach Failure

breach

The parent company of the New York Stock Exchange has agreed to pay $10 million for failing to promptly alert the Securities and Exchange Commission about a cybersecurity breach the company suffered in 2021. Take note, all you public companies still uncertain about how and when to disclose breaches of your own. The SEC announced…

Read More

More Tips on Good Data Protection

data protection

Another week, another enforcement action from the Federal Trade Commission giving us a glimpse into what modern data protection programs should look like. This time the company in question is a telecommunications company that flubbed basic data protection protocols and then suffered a breach; and as usual, the FTC gives compliance, privacy, and IT security…

Read More

Cyber, AML Lessons From a Crypto Flop

New York financial regulators have served up another case study in poor cybersecurity, transaction monitoring, and anti-money laundering compliance, courtesy of an enforcement action against a bankrupt cryptocurrency platform found to be deficient in all three. The state’s Department of Financial Services announced the sanction against Genesis Global Trading last Friday, fining the company $8…

Read More