Insights

On September 3, 2019, HITRUST released three CSF Assurance Bulletin.

Taking a proactive approach to cybersecurity is far less costly than dealing with the aftermath of a cybersecurity breach. In addition to the reputational harm that could result from a breach, cybercrime is expected to cost a total of $6 trillion globally by 2021, according to Cybersecurity Ventures.

These are just a few statistics to provide some perspective on the risk many small businesses and family offices may face. Cybersecurity risks do not just affect corporations and government entities but can be a common and very present danger to family offices and small businesses alike.

With many recent changes to the System and Organization Controls (SOC) reports guidelines, SIFMA AMG and BDO have prepared this guide for asset managers to understand the function of the SOC 2 report, and its role in asset managers’ third party risk programs.

When a plan sponsor hires a service provider, that organization and its professionals become part of the team operating the client’s retirement plan. Each member of the team is expected to perform a specific task according to what is prescribed in the plan document. But how do you know whether each service provider has effective systems and controls in place to ensure that they are executing their roles correctly?

Protecting sensitive information and mitigating cyber risk is an enormous and persistent challenge for businesses, in part because every communications tool used to conduct normal business presents a clear risk.

Special focus: The cyber threats to public sector

Insights from public company directors regarding their thoughts on how boards are investing in digital capabilities, prioritizing cybersecurity threats and assessing digital privacy risks. The survey results indicate that new regulations and emerging risks are driving boards to reevaluate corporate strategy and investments.

The AICPA continues to adjust and refine the SOC 2 reporting requirements. The most recent release includes significant changes to the Trust Services Criteria and also addresses cybersecurity risks while offering increased flexibility. The AICPA also issued a Description Criteria.