Reasonable Security | Reasonable Risk

How Executives Make Informed Cyber Decisions

September 19, 2024, at 1:00 P.M. CST

Non-technical executives can truly own cybersecurity when their companies measure, monitor, and manage cybersecurity risk like other parts of their business.

The SEC is only the latest regulator to expect non-technical executives to take ownership of cybersecurity risk management. Regulators argue that when companies pose risks to others those risks needs to be managed, whether they come from business practices, (more…)

Cyber Firm Reports SEC’s Final Rule Language Causing 10-K Filer Missteps

 

CHICAGO, Sept. 17, 2024 /PRNewswire/ — HALOCK Security Labs and sister company, Reasonable Risk, recently published a survey report revealing that language in the SEC’s new cybersecurity requirements appears to be confusing executives at public companies. As a result, many 10-K filings now make implausible claims that companies do not foresee a risk that cybersecurity incidents may cause material impacts. Early 10-K filers also (more…)

Annual 10-K Survey 2024

 

WHAT IS THE ANNUAL 10-K SURVEY?   

A publication by HALOCK Security Labs and Reasonable Risk that tracks how well public companies describe their cybersecurity programs in Item 1C of their 10-K disclosures.

 

WHAT IS ITEM 1C?

Item 1C is a new requirement (as of December 2023) from The SEC’s Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule for public fil­ers to describe to their investors how (more…)

Navigating Cyber Risk Management Options in the Modern Era


Every business inherently faces some degree of risk. It is, ironically, an essential component of success. Establishing a digital presence offers numerous opportunities but also introduces significant risks. While it would be ideal for best-of-breed cybersecurity tools to halt all cyberattacks, such an expectation is currently unrealistic. The objective then is to implement cyber (more…)

Cyber Forecasting Model Discovered in Verizon’s Incident Data

HALOCK Security Labs was recently recognized for their contribution to the 2024 Verizon Data Breach Investigations Report (DBIR) having found a way to practically apply Verizon’s raw data for risk assessments.

HALOCK’s HIT Index (HALOCK Industry Threat Index) uses Verizon’s crowd-sourced dataset known as the VERIS Community Database (VCDB). It contains over 10,000 breach records with more than 2,500 columns detailing the characteristics of each attack. (more…)

WEBINAR: 2024 DBIR Findings & How the CIS Critical Security Controls Can Help to Mitigate Risk to Your Organization

The Verizon 2024 Data Breach Investigations Report (DBIR) is widely recognized across the cybersecurity industry for its comprehensive analysis of the global threat landscape, based on real-world data from actual security incidents and breaches. It serves as an authoritative source of information for organizations seeking to enhance their cybersecurity defenses and make better informed-informed risk management decisions.

This year’s report takes a deeper look at (more…)

Assessing Cyber Risks Using Verizon’s VCDB

When Verizon Business decided to publish their DBIR they had been amassing cyber incident data for years through their incident response and forensics investigations team. They decided to publish the trends they were seeing in a format that was both informative and engaging so we could learn how to protect ourselves.

Then in 2010, the Verizon DBIR (more…)

Go to Top