Resource Search

The U.S. Securities and Exchange Commission (SEC) released the Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure Rules in August 2023, requiring registrants to provide and report timely information about their cyber risk so that investors can make informed investment decisions. With the rules in place, the SEC expects that companies will apply materiality considerations for cybersecurity incidents as they would be applied regarding any other risk or event—through the lens of the reasonable investor.

New cybersecurity guidance for artificial intelligence (AI) systems was issued jointly by the U.S. Cybersecurity and Infrastructure Security Agency, the FBI, the National Security Agency’s Artificial Intelligence Security Center, and cybersecurity agencies of Australia, New Zealand, the U.K., and Canada. The Guidelines, Deploying AI Systems Securely: Best Practices for Deploying Secure and Resilient AI Systems, are particularly notable because they focus on best practices for organizations that deploy AI developed by a third party rather than targeting developers of AI systems.

Despite cybersecurity being noted as a top priority according to PwC’s 2024 Global Digital Trust Insights survey of 3,876 business and tech executives at the largest global companies, the actual progress on improving security is sluggish, even stagnant. By making one or two bold moves to put security at the epicenter of innovation, the top companies are positioning themselves for greater productivity and faster growth as they dive into new technologies with confidence that they are well protected.

The evolution of cybersecurity threats is increasing at a rapid pace and becoming more sophisticated as they leverage the same advanced technologies and methodologies as cyber defense tools. No longer are cyberattacks focused primarily on financial incentives, they are also aiming at maximizing operational disruption.

The tech industry has been undergoing a difficult period. Economic instability, high inflation, and rising interest rates have prompted tech companies to reevaluate their business strategies, adjust their growth plans, and revisit their staffing models. At the same time, there have been remarkable advancements with generative artificial intelligence (AI) taking center stage and ushering a new era of technology. This acerating pace of tech innovation continues to introduce new business opportunities across industries.

Cybersecurity is a known and growing risk that all family offices need to address. The potential of a cybersecurity attack is no longer a matter of whether it will happen, it’s now a matter of when it will happen.

The cyber landscape is always evolving and requires proactive diligence, effective controls, and regular education to significantly reduce the risks. While the volume and complexity of threats continue to grow, experts agree that businesses can significantly reduce their exposure—and costs, if a breach occurs—by following some well-vetted best practices. This list of such practices begins with setting a strong governance framework and is underpinned by continual awareness and education.

Driven by events no one could have foreseen, leaders in recent years have pushed their companies and themselves beyond their comfort zone: out of the office to remote workplaces; into the cloud; along chains of supply that are almost completely digital. And with each new venture, there are new cyber risks.

The use of artificial intelligence (AI) continues to spread with a staggering speed as it reshapes industries through improved efficiency, productivity, and decision-making. However, the meteoric rise and adoption of AI technology—including ChatGPT—can overshadow some valid concerns around security and privacy. Addressing those concerns, this report offers insights from industry use cases for AI and delves into the cybersecurity risks, privacy regulations and compliance, mitigation strategies, and immediate actions that security teams can take to mitigate the risk from generative AI.

With the increasingly complex patchwork of state privacy laws and regulatory compliance requirements, businesses operating in regulated industries, particularly in the financial services and healthcare sectors, need to ensure they are paying close attention to the details of the exemptions. Key differences in the exemptions built into these new state laws will result in many regulated businesses having drastically divergent compliance obligations on a state-by-state basis.