As cyber security issues continue to escalate and evolve, compliance officers have more opportunities to better protect and defend their organizations from cyber risk. One of compliance officers’ responsibilities is to stay on top of these emerging cyber risks and make recommendations on how to address them from a compliance perspective.
Several recent reports and headlines highlight emerging trends in cyber security:
- Cyber Security is a Top Concern for 39 Percent of SCCE & HCA Survey Respondents
A recent survey by the Society of Corporate Compliance and Ethics (SCCE) and Health Care Compliance Association (HCCA) identified several ethics and compliance hot topics to consider this year, revealing that cyber security is a top concern. “Cyber security and cyber crime” topped the list of concerns for the 900 ethics and compliance officers surveyed. “Compliance is spanning the spectrum from culture to cybercrime,” said SCCE and HCCA CEO Roy Snell in the press release announcing the report. “That’s an enormous mandate and really talks to how much businesses have come to rely on compliance programs to ensure that their organizations operate properly.”
- Cyber Security Whistleblowing May Begin Accelerating
How often are whistleblowers raising issues about cyber security in your organization? Cases related to cyber security whistleblowing, for example, are about to increase, according to CSO Online. That may necessitate updates to whistleblower policies and processes—as well as new cyber security measures.
- Issues Related to Ransomware are Increasing
While recent attacks against healthcare organizations have been highly publicized, every organization faces the threat of extortion through ransomware attacks, where hackers seize control of computing systems or data and demand payment before they’ll let go. Putting technology and process controls in place are critical, but effective cyber security training is important for ensuring these destructive data intrusions can’t find a way in.
- More SEC Cyber Security Enforcement Actions Are On the Way
Andrew Ceresney, director of the SEC's Enforcement Division, recently warned that the commission plans to pick up the pace on cyber security enforcement actions. Ceresney said his team was using Regulation S-P—which governs the way brokers, dealers and investment advisers treat nonpublic personal information about consumers—to pursue actions against organizations that failed to comply. "There'll be others coming down the pike," Ceresney promised.
As Gov. Tom Ridge, Ridge Global, has indicated, compliance officers have a unique role to play in protecting their organizations from cyber security risk. NAVEX Global’s cyber security courses provide education for managers and frontline employees to help reduce cyber security risk—and increase cyber security resilience.
Preview our training courses in cyber security risk management.