Cybersecurity leaders expect their SOC budgets to grow, KPMG finds

Average annual SOC budgets stand at $14.6 million, but most security leaders expect their budgets and headcount to grow by up to 20% over the next two years, the survey found.

By Maura Webber Sadovi • May 15, 2024

Unsafe software development practices persist, despite CISA’s push

The industry isn’t making sufficient progress in cleaning up code despite recurring efforts from the agency to eliminate entire classes of vulnerabilities.

By Matt Kapko • May 15, 2024

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

Cyber insurance costs are stabilizing as global market grows

Increased capacity is helping to meet rising demand for cyber coverage and more insurers are using tools to assess potential risk, a report from S&P Global Ratings shows.

By David Jones • May 14, 2024

Cyber pros weigh an intel-sharing quandary: What to share when attacks hit close to home

The detail and speed with which companies share information after an attack can prevent future pain. But businesses aren’t always keen on transparency.

By Matt Kapko • May 14, 2024

Only one-third of firms deploy safeguards against generative AI threats, report finds

Generative AI gives attackers an edge over cyber defenders, according to a Splunk survey of security experts.

By Jim Tyson • May 13, 2024

Don’t be afraid of GenAI code, but do be wary

Don’t fall for scare headlines about GenAI code—it offers multiple benefits—but also be aware of its limits and risks.

May 13, 2024

White House wants to hold the software sector accountable for security

Federal officials are taking steps toward a long-stated goal of shifting the security burden from technology users to the companies that build it.

By David Jones • May 10, 2024

Officials see a real change in Microsoft’s security plans: financial accountability

CISA Director Jen Easterly pointed to Microsoft’s decision to link security to executive compensation as a meaningful signal of its priorities.

By Matt Kapko • May 10, 2024

68 tech, security vendors commit to secure-by-design practices

CISA said companies ranging from Microsoft to Palo Alto Networks signed the voluntary pledge in an effort to boost resiliency and increase transparency around CVEs and cyberattacks.

By David Jones • May 9, 2024

CISA explains why it doesn’t call out tech vendors by name

Federal officials rarely criticize tech companies when their mistakes result in attacks. The stinging conclusions CSRB levied at Microsoft are an exception, not the norm.

By Matt Kapko • May 9, 2024

The US really wants to improve critical infrastructure cyber resilience

A report from the Office of the National Cyber Director highlights persistent threats targeting healthcare and water, echoing warnings from cyber officials earlier this year. 

By David Jones • May 8, 2024

How can AI companies navigate a complex regulatory framework? — Compliance Labels

The rapid unregulated growth in the field of artificial Intelligence has given rise to Large Language Models (LLM’s) such as GPT-4 and Gemini which has contributed to major technical advancements but has also been coupled with legal and ethical issues.

By Sai Prasad, Security Analyst, CyberProof, MS Cybersecurity Risk Management '22 • May 6, 2024

5 considerations for securing your software supply chain

Do you know what’s in your code? These five considerations should help you drive your security activities and identify weak points in your software supply chain.

By Mike McGuire, Sr. Software Solution Manager, Synopsys • May 6, 2024

Microsoft restructures security governance, aligning deputy CISOs and engineering teams

The company will enhance management roles under the CISO and partially tie compensation to security performance.

By David Jones • May 3, 2024

Clorox lowers sales outlook as recovery from 2023 cyberattack continues

The cleaning products maker is still working to fully restore distribution capabilities after the attack.

By David Jones • May 3, 2024

Amazon CEO touts AWS cloud security as AI risk concerns mount

Andy Jassy urged enterprises “not to overlook the security and operational performance” of cloud-based generative AI services. “It’s less sexy, but critically important.”

By Matt Ashare • May 3, 2024

At Microsoft, years of security debt come crashing down

Critics say negligence, misguided investments and hubris have left the enterprise giant on its back foot.

By David Jones • April 30, 2024

What to do when your team is struggling to manage too many application security vendors

A good ASPM solution will correlate and analyze data from a variety of sources, allow you to administer and orchestrate security tools, and automate your security policies.

April 29, 2024

Microsoft CEO says security is its No. 1 priority

The comments from Satya Nadella come weeks after a withering report from the federal Cyber Safety Review Board scrutinized how the company prioritized speed to market over security.

By David Jones • April 26, 2024

What is success in cybersecurity? Failing less.

Defenders aren’t measured by pure wins or losses. Intrusions will happen, and their job is to keep a bad situation from getting worse.

By Matt Kapko • April 26, 2024

CISA director pushes for vendor accountability and less emphasis on victims’ errors

Stakeholders need to address why vendors are delivering products with common vulnerabilities, which account for the majority of attacks, Jen Easterly said.

By Matt Kapko • April 25, 2024

Enterprises are getting better at detecting security incidents

Google Cloud’s Mandiant saw significant improvements in how organizations track down threats, yet hackers are still abusing common threat vectors.

By David Jones • April 23, 2024

Cyber insurance gaps stick firms with millions in uncovered losses

A CYE analysis of 101 breaches across various sectors revealed insurance gaps resulting in an average of $27.3 million in uncovered losses per incident.

By Alexei Alexis • April 22, 2024

Majority of businesses worldwide are implementing zero trust, Gartner finds

Programs are typically sponsored by C-suite executives, while the CISO is often tasked with execution, according to Gartner.

By David Jones • April 22, 2024

The art of threat modeling: 3 frameworks to know

Organizations should use the frameworks in a manual or automated way to better understand the security threats they’re up against, Gartner’s William Dupre writes. 

By William Dupre • Updated April 24, 2024