March 2022

findings tech, iso, iso27001, iso27017, iso27018, Trade Compliance

Russian sanctions made trade Compliance a Burning Issue – Here’s Everything You MUST Know

Posted on March 28, 2022August 31, 2022 by Yogev Kimor

28
Mar

You may have heard about trade compliance before, but do you know its meaning? It’s an essential part of international trade, and it’s amongst the few things that will put your company at risk if you don’t abide by it.

Here is everything you must know about trade compliance and why it matters so much these days with everything going on with Russia.

What Does Trade Compliance Cover?

In short, trade compliance requirements can impact your ability to import or export into foreign markets and effectively operate within your territory. Trade compliance applies to any company operating across borders; even if you plan on staying stateside and selling in only one jurisdiction, there is still a good chance that a local regulator will make contact at some point in your company’s life cycle. It isn’t always apparent whether a law requires you to comply with its provisions.

Trade compliance is defined as “an aspect of corporate compliance which ensures that all import and export transactions are in conformance with the laws and regulations of the countries involved,” according to Daw Jones Risk and Compliancy glossary.

What is the U.S. Department of Commerce Rules Regarding Export Control?

The U.S. Department of Commerce maintains a set of rules regarding export control that every business should know about—even if you don’t think your company is doing any business abroad. These rules include what products can be shipped outside of our borders and how they can be traded (and sometimes not traded).

These guidelines ensure we’re not selling or sending anything to countries we have sanctions against—like Iran or North Korea—or the newly star Russia.

What might surprise you is that there are particular nuances to how trade compliance works.

Russia made trade compliance a priority.

As part of Russia’s aggression and invading Ukraine, The U.S. has issued sanctions against Russia’s banks, business people, and other financial services to disrupt these funding sources.

U.S. sanctions don’t apply to U.S. companies or people, but they impose restrictions on non-US persons’ dealings. The broad range of U.S. sanctions programs and rules means that almost any non-US citizen or entity doing business with a person on a sanctioned list violates U.S. law. This includes foreign subsidiaries of U.S. companies.

U.S. trade sanctions can have serious consequences, including fines and imprisonment. For that reason, it’s essential for firms operating internationally to make sure they have systems in place to comply with trade compliance laws. It’s also important to understand that these penalties are not just reserved for trade sanctions; sentences can be imposed against those who fail to take reasonable steps to ensure their trade partners are not violating trade compliance laws.

Businesses must understand trade compliance regulations so that they don’t run afoul of them or understand their risks to manage them appropriately.

There are four ways that trade compliance applies to you:

1) You might import goods into or export goods out of a sanctioned country

2) You might do business with someone who does

3) Your customer may purchase goods from someone who does

4) Your customer may sell goods to someone who does

Suppose you import goods into or export goods out of a sanctioned country. In that case, The Office of Foreign Assets Control (OFAC), which falls under the Treasury Department, administers and enforces trade sanctions against targeted countries.

OFAC tracks all U.S.-based financial transactions and shipments leaving and entering U.S. ports via air freight or sea freight transport services. If you import goods into or export goods out of a sanctioned country, those goods will fall under trade compliance rules administered by OFAC.

You must file a report with OFAC before importing or exporting those goods to ensure that neither you nor your customers violate trade sanctions.

For example, suppose one of your supplier’s purchases steel from Russia and ships it to China, where it is assembled into final products. In that case, Chinese importers have to comply with trade sanctions if they want to re-export those products back into the United States. This could also apply if you have manufacturing facilities in China since any imported raw materials would still fall under trade compliance rules administered by OFAC.

Risk Management – Effective Trade Compliance And Supply Chain Management

CAATSA, or The Countering America’s Adversaries Through Sanctions Act, will profoundly impact global trade compliance. CAATSA was signed into law by President Trump in August 2017 and mandates sanctions against Iran, North Korea, Russia, and Venezuela. It also prohibits foreign entities from doing business with U.S. companies unless they are compliant with CAATSA.

Many organizations also want to do business with sanctioned countries like Russia, Iran, and North Korea because they offer lower prices than other suppliers. However, before engaging in any trade activity involving these countries or individuals under U.S. sanctions laws, you must ensure that your organization has effective trade compliance programs. Otherwise, you risk facing severe penalties under CAATSA if you engage in transactions involving blocked persons without first obtaining authorization from OFAC (Office of Foreign Assets Control).

Effortless Trade Compliance

Cut the processing time in half and ignore “experts advisors” – When you use the findings’ platform, you can automate your entire trade compliance process.

Automate your assessments, enable best practices, and give your supply chain the advantage.

What to learn more about what findings can help you with? Start your free trial today.

aicpa soc 2, ESG, findings tech, iso, iso27001, iso27017, iso27018, soc 1

A retired asset owner reveals – These 3 things will attract investors like flies

Posted on March 23, 2022September 20, 2022 by Ilan Lavan

23
Mar

3 things you should be doing to attract ESG investors

ESG (environmental, social, and governance) investors are becoming more popular as millennials enter the workforce. Around 60% of ESG-focused funds show growth in assets under management over the past year. But what can companies do to attract more ESG money? This article will look at three things to consider when working with ESG investors to attract sustainable investment dollars.

1) Allocation matters

An ESG-friendly portfolio is an integral part of a sustainable investment strategy, but it’s just as crucial for investors that manage other people’s money (OPM). These days, many clients expect their financial advisors to invest sustainably and request environmental, social, and governance (ESG) information when reviewing or choosing an advisor. Advisers need to demonstrate how they manage sustainability in their portfolios to earn new business from clients seeking out these investments. And for those who don’t offer such solutions today, it will likely become increasingly necessary to compete and keep up with shifting investor preferences over time. In either case, OPM advisers need to do two things: identify relevant ESG factors within their client’s portfolios and then make informed investment decisions in line with client expectations.

2) Education is important

When searching for potential investments, Environmental, Social, and Governance (ESG) investors perform a thorough due diligence process. While your business might not be eligible for an asset from a fund, these types of investors can still help by providing feedback and advice. Remember, there is no shame in being honest about how much work your business needs. The more willing you are to self-critique, the easier it will be for others to trust that you’re working towards those changes. It’s important to remain honest about yourself and realistic about your goals. Remember that potential investors want to see transparency and honesty.

3) Be transparent

A growing number of institutional investors are pressuring organizations they invest in to disclose more about their environmental, social, and governance (ESG) performance. They’re asking companies many questions – some that might even seem uncomfortable at first. The purpose of these questions is transparency and improving performance, though it can feel like an interrogation at times. Transparency doesn’t come easily, but there are three things organizations can do to make sure they’re ready for such conversations with ESG-minded investors. First, have all your numbers together. This means having clear information on everything from greenhouse gas emissions levels to community involvement efforts available when you sit down with ESG investors. It takes work to get those numbers put together, but it’s worth it. Second, build relationships. One of the most important parts of successfully navigating any conversation is knowing your partners inside and out. Take time to research each ESG investor beforehand to know what kinds of topics they want to be addressed and how they usually approach them. Also, take care not to assume things based on past experiences with other investors or one-off interactions. Every organization and every investor will be different. Third, keep records of your progress. Keeping track of your progress sends a clear message to ESG investors that you’re committed to being transparent in both action and communication with them going forward. Although it may sound tedious, documented progress shows that you’re serious about maintaining transparency in your ESG practices and giving your investors peace of mind.

Did you know Findings ESG offers the first-ever comprehensive supply-chain platform for all of your ESG reporting / best practices needs?

Don’t settle for less – Try it now.

findings tech, security compliance, Vendor Risk Management

Why Cyber Insurance Won’t Save You When You’re In Need

Posted on March 21, 2022November 7, 2022 by Yogev Kimor

21
Mar

Cyber Insurance Is Great – Except When It’s Not

It would be great if cybersecurity insurance provided an affordable, reliable means of protecting your business from the innumerable cyber threats it faces today.

Unfortunately, it doesn’t. While cyber insurance has its purposes and can be a good investment, it’s hardly a panacea when defending against cybersecurity risks. It’s a type of product that has hit a “plateau,” as Harvard Business Review puts it because cyber insurance has not evolved quickly enough to meet modern security threats.

That’s why, for example, cyber insurance won’t reliably protect you against supply chain security attacks. Even if you find a policy that does address supply chain threats, actually claiming your insurance benefit may take so long that the insurance doesn’t end up doing your business much good following a significant breach.

Please keep reading for an overview of the advantages and drawbacks of cyber insurance and tips on when it does and doesn’t make sense to rely on cyber insurance alone.

Here’s the top reasons why CMMC will be good for your business

What Does Cyber Insurance Cover?

Cyber insurance was introduced in the 1990s and was hailed to protect against IT-related risks that are typically not covered by other types of business insurance. The original intent was to give companies a means of protecting against the financial fallout resulting from data breaches and disruptions to critical IT systems.

Several insurance companies offer cyber insurance today, including Hiscox, The Hartford, CNA, and Nationwide.

5 Potential Disadvantages of Cyber Insurance

On the surface, cyber insurance probably sounds like a simple way to make sure a cyber attack doesn’t render your business bankrupt. In reality, though, cyber insurance isn’t necessarily so rosy. There are a number of potential pitfalls or drawbacks to purchasing cyber insurance.

1. High Costs

The first is the simple cost of cyber insurance. Although cyber insurance premiums were relatively affordable in the past, they have surged in cost in recent years, as this graph of policy costs shows:

Source: https://blog.alta.org/2021/09/cyber-coverage-premiums-increase-25-survey-shows.html

Thus, the cost of cyber insurance may be too high for many businesses today.

2. Management Challenges

Cyber insurance is not a set-it-and-forget-it affair. You have to manage your coverage actively by ensuring that your policy is kept up-to-date as your risks change – which they typically will, because you’ll roll out new systems or collect new types of data, for example, your original policy may not have covered that.

Most cyber insurance policies also place strict requirements on the insured to keep detailed records, secure their systems, and manage risks. If you fail to demonstrate that you took the steps required to protect your business against a breach, an insurer may deny your claim.

This isn’t to say that managing cyber insurance is infeasible. But it is to say that businesses shouldn’t underestimate how much effort goes into it.

3. Coverage Limitations

It’s easy to fall into the trap of assuming that as long as you’ve purchased cyber insurance, you’re covered against any and all cyber-related risks.

The truth, unfortunately, is that cyber insurance policies will always have exclusions or limitations regarding what they cover. “Insurers are demanding great security and are cutting back the amounts of cover they are willing to offer,” ZDNet reports. If you don’t read your policy disclosures very carefully, you may find that a breach you thought was covered is not.

Also, remember that merely interpreting coverage rules can be complicated – so complex that you may need to go to court to prove you are entitled to coverage. That’s what Merck had to do in a recent claim involving $1.4 billion in losses following a cyberattack. Merck, whose insurer said the claim was excluded from its cyber insurance policy because it was an act of war instead of a standard cyberattack, prevailed in that case.

But for smaller companies, in particular, this should be a warning: Going to court to defend your cyber insurance entitlements can be costly and time-consuming. Even if you have a legitimate claim, you may never get a payout if your insurer contests it and you lack the resources to defend it.

4. Claiming Insurance Takes Time

Even if you don’t have to go to court to get your insurer to payout, there’s no guarantee that cyber insurance will result in immediate financial assistance following a breach. The claims process could take months or even years, especially if it requires collecting detailed information about the source of a breach to determine whether the breach is covered.

If a cyber event causes significant financial disruption, then your business may not be able to survive it if the insurance claim process takes too long.

5. The Supply Chain is Not Insured.

In general, cyber insurance covers risks that affect your IT resources directly. Software supply chain threats originate in third-party systems and are not usually covered.

This is especially bad news given that advanced supply chain attacks are projected to increase by about 650 percent in the coming years. It means that investing in cyber insurance is not reliable for protecting against supply chain risks. For that, you need different tools – like a software supply chain risk assessment and disclosure platform.

Here is your supply chain security crisis management plan

The Future of Cyber Insurance

Cyber insurance may well evolve to close the gaps described above in the future. We may see a reduction in costs, for example, or the creation of new policies that specifically address supply chain risks. Indeed, the U.S. Government Accountability Office has found that more insurers are creating dedicated cyber insurance policies, which could lead to more comprehensive coverage down the line.

Even if that happens, though, it’s impossible to guarantee that any cyber insurance product will fully protect your business against all threats. That’s why it’s critical to invest in other tools that help you detect and respond to risks. The security blanket of a cyber insurance policy doesn’t suffice to keep your business safe.

We agree, by all means, to invest in cyber insurance if it makes sense for your business. But don’t blindly entrust your company’s financial health to insurance alone.

Instead, invest as well in solutions like Findings, which automates cyber risk assessment and management – including not just within your business’s environment but across your supply chain.

findings tech, security compliance, Vendor Risk Management

3 Predictions about CMMC 2.0’s Impact on Compliance Operations in 2022

Posted on March 14, 2022October 6, 2022 by Yogev Kimor

14
Mar

Most compliance frameworks change from time to time. But it’s sporadic to see the exceptional level of change that the Cybersecurity Model Maturity Certification, or CMMC, is currently undergoing. In a bid to make CMMC compliance more straightforward and affordable – and, by extension, help smaller businesses sign contracts with the U.S. Department of Defense, which requires CMMC compliance from its vendors – the U.S. federal government has revamped or rewritten critical components of the CMMC. The updated version is known as CMMC 2.0.

But, if you follow compliance news, you probably already know that the CMMC is evolving. You may not yet know what the CMMC changes mean for the typical business.

To provide some insight into that topic, here’s a look at the top three changes likely to result from the CMMC overhaul. Changes have already started to take effect over 2021 and will continue throughout 2022 for many businesses as they adapt to the brave new world of CMMC 2.0.

Here are the CMMC Compliance Requirements: Everything You Need To Know

Prediction 1: Increased CMMC compliance self-assessments

One of the most meaningful updates the government has made to CMMC is allowing self-attestation of compliance. Previously, businesses hired outside auditors to attest to their CMMC compliance.

Couple that change with the fact that the CMMC 2.0 has only three compliance steps instead of five, and it would seem very likely that we’ll see more and more businesses performing CMMC self-assessments in 2022 and beyond. Instead of hiring outside auditors and consultants, companies will take the more cost-effective self-assessment approach.

This change will also likely translate into a more significant number of SMBs becoming CMMC-compliant. In the days of CMMC 1.0, when compliance assessments cost a lot more, it was harder for smaller businesses to gain compliance attestation.

It’s essential to keep in mind that not every business can self-attest, of course. According to the DoD, only about 140,000 of the 220,000 total companies in the defense industrial base hold “federal contract-related data,” which entitles them to self-assessments. The rest will have to use the traditional, more costly assessment approach to get a higher level of assessment.

There are specific procedures to follow, including having a senior company official attest to your compliance and submitting the attestation to the Supplier Performance Risk System (SPRS). Keep in mind, too, that even if you self-assess, you can’t simply file a report and call your business CMMC-compliant. Still, the process is cheaper and easier than relying on outside consultants.

Prediction 2: More CMMC compliance transparency

More self-assessments will likely also contribute to a tendency among companies to embrace the principle of transparency when it comes to CMMC compliance. That’s because disclosing security vulnerabilities is an essential step toward making self-attestations credible.

As a result, expect transparency to become the rule, not the exception, for companies pursuing CMMC compliance. In particular, more businesses are likely to establish vulnerability disclosure programs to communicate clearly about security issues.

This will mark a significant shift from the present. Traditionally, companies have tended to be tight-lipped about vulnerabilities. They had only disclosed them when they were legally required to do so. But in the future, adopting a transparency approach to security and openness will help businesses establish their credibility and good-faith commitment to the CMMC – and, by extension, it will help position them to win government contracts.

Prediction 3: CMMC compliance will demand-supply chain security automation

While VDPs are one step toward transparency and self-assessing your CMMC compliance, another critical practice is automating software supply chain security. Given the sharp uptick in software supply chain security risks, that’s especially true.

Supply chain security automation tools make it fast and accessible to identify security risks within the supply chain and document and disclose them based on compliance requirements. Instead of manually tracking and disclosing risks, as they do today, businesses seeking CMMC compliance are likely to embrace supply chain security automation.

SMBs, in particular, are poised to take more significant advantage of supply chain security automation tooling, which will help them decrease compliance costs and complexity. (This is another reason, by the way, why the updated CMMC framework is likely to result in more involvement by SMBs in the CMMC space.)

Crystal balls

These are our predictions about how CMMC 2.0 will change the way businesses approach CMMC compliance. But since we here at Findings have built a world-class supply chain security and compliance automation platform, we’d like to think we have a pretty well-informed perspective on this topic.

We’d also like to think that, as more and more businesses seek solutions for automating CMMC compliance, they’ll turn to Findings. Findings offer the automated assessments, best practice recommendations, and reporting features businesses to need to self-assess and simplify compliance operations. In turn, it reduces the number of questions you need to answer during compliance processes from hundreds to just a few.

Ultimately, Findings places compliance with frameworks like CMMC within reach of every business, not just those with teams of compliance experts and expensive compliance consultants.

Learn more by signing up for a free trial

aicpa soc 2, ESG, findings tech, soc 1

Social and ESG: What’s the deal?

Posted on March 9, 2022October 6, 2022 by Ilan Lavan

09
Mar

Social and ESG: What’s the deal?

Social and ESG are two acronyms often used in the investing world, especially when looking at impact investing (sometimes called Socially Responsible Investing). There’s no denying that both have made an enormous difference in the world we live in, but there’s also debate over what they mean to the average investor—or if they even matter at all. To help cut through some of the confusion, here’s a breakdown of what Social and ESG mean in this context and how they can make all the difference to your portfolio.

The United Nations have adopted social and environmental goals to achieve globally by 2030.

Part of their sustainable development goals (SDGs) is 17 goals adopted by 189 countries to achieve globally by 2030. They include ensuring quality education, affordable healthcare, economic growth, gender equality, and climate action. And each one is linked to one or more of what is called sustainable development pillars – like climate action or health – that together make up a foundation for sustainable development.

How will it affect you as an investor?

As investors, we are primarily concerned with two fundamental things regarding our portfolios— whether or not we make money (i.e., portfolio return) and whether or not we incur a loss (i.e., portfolio risk). The problem with relying on portfolio risk as your primary performance indicator is that it only tells you how much you will gain or lose on your investment. It says nothing about your actual returns. However, by also including social considerations in your investment research process, you can improve both of these numbers (portfolio return and portfolio risk) at once. This gives you a more complete picture of potential investments than relying solely on traditional metrics such as total return, alpha, beta, and Sharpe ratio. So what do we mean by social considerations?

Do you support the SDGs?

UN member states adopted the SDGs in 2015, which was quite a feat as they are an ambitious set of goals with targets spanning 2030. Goal 16 is dedicated to promoting peaceful and inclusive societies for sustainable development while also calling on national governments to promote social justice and reduce inequality within their borders.

How does it help with your portfolio management/target audience?

Investors have noted recent research on sustainability—also known as social and environmental governance, or ESG, issues—and found it helpful. It can help investors in a few different ways.

First, incorporating ESGs into investment analysis allows asset owners to align their investments with their values better.

Second, socially responsible investors can use investments with a positive social impact to raise capital for social ventures. In fact, according to some experts, social entrepreneurship could be one of the most effective ways to reduce inequality and increase prosperity around the world.

Third, investing in sustainability-focused companies is often associated with superior performance for both companies and shareholders. For example, since its inception 21 years ago, Calvert Impact Investing Index Fund has outperformed S&P 500 by nearly 2% per year.

This represents just one approach; other sustainable investing strategies also exist. The key, though, is to find something you’re comfortable with (that fits your time horizon, risk tolerance, and financial goals) and then stay focused on it.

Social ESG made easy.

At Findings, we urge our clients to track and report their ESG performance via our Findings ESG solution; Reporting your social efforts shouldn’t be different.

Remember that integrating an easy-to-use, cost-efficient solution can ease your way into ESG compliance while using industry best practices to elevate your current efforts.

[Discover how you can use Findings ESG for your needs]

aicpa soc 2, findings tech, iso, iso27001, iso27017, iso27018, security compliance, soc 1, Vendor Risk Management

The Top 20 Cybersecurity and Supply Chain Conferences of 2022

Posted on March 1, 2022October 6, 2022 by Yogev Kimor

01
Mar

As the supply chain security and cybersecurity landscape evolve, the industry becomes increasingly savvy about protecting digital assets. This year brings a slew of events dedicated to managing and enhancing cybersecurity knowledge and awareness. Some events will take place in person, while others will be virtual, making it possible for anyone to participate. We love this new reality!

These conferences will not be missed, so open your calendar app and plan accordingly!

Cybertech Global TLV

March 1 – 3, 2022

Tel Aviv, Israel

Cybertech features a diverse array of speakers from dozens of countries worldwide who are leaders in the cyber industry. Top executives, government officials, and leading decision-makers in the field will give the talks and lectures at the event. Cybertech includes conference sessions, special events by invitation, and a grand exhibition allowing attendees to meet and mingle with one another.

Speakers include known industry personalities from Israel, the US, and Europe, including Amir Sage, Cyber Coordinator of the Cyber Security Department in Israel’s Ministry of Foreign Affairs; Merav Kenan, CEO of the Israeli High-Tech Association; Umino Atsushi, Director of the Office of the Director-General for Cybersecurity, MIC, Japan; and Janne Kankanen, CEO of the National Emergency Supply Agency of Finland.

Pharma Supply Chain & Security World 2022

Corvus Global Events

March 15 – 16, 2022

Online

Counterfeit drugs are an ongoing problem for pharmaceutical companies that enter the supply chain at several points. This virtual event focuses on optimizing supply chain challenges in the pharmaceutical supply industry. In this online conference, participants will learn to create value across the supply chain by streamlining and designing an optimal supply chain network.

Innovations like IoT, AI, ML, and blockchain will be explored for their applications in transforming the pharmaceutical supply chain.

Among the speakers at the Pharma conference is Emre Gollu, Supply Chain Associate Director at UCB, and Himanshu Agrawal, Director – Global Process Owner & Innovation Lead, Supply Chain Logistics at GSK.

Women in Cybersecurity

March 17 – 19

Cleveland, Ohio

The three-day WiCyS conference is the flagship event of Women in Cybersecurity. This organization has been around for a decade and is dedicated to advancing the role of women in the field of cybersecurity. The conference brings together veterans and newcomers to the industry from all walks of life and offers resume review and career mentoring opportunities.

This event is focused on opportunities for women but is open to all genders.

A slew of workshops, presentations, panel discussions, and more will feature speakers such as Sarba Roy, Product Security Engineer at Intel, and Natalie Pittore, Chief of Enduring Security Frameworks at the NSA.

CISO Sydney

March 22 – 23, 2022

Sydney, Australia

Managing digital assets and services risks for supply chain security will major this year’s CISO Sydney event. At this event, Australia’s leading experts in information security will share their insights into improving cybersecurity culture and awareness. CISO Sydney encourages participants to “Be inspired, collaborate, disrupt.”

The featured keynote speaker is the Honorable Karen Andrews, MP Minister for Home Affairs of the Australian government.

She will discuss the government’s plans to protect the country, communities, and industries against cyberattacks. CISO Sydney promises to be a lively, social gathering exploring how Australian organizations approach cybersecurity from a holistic perspective.

Cybertech Miami

(This conference was postponed)

Miami, Florida

This year’s Cybertech family of conferences will include an inaugural event in Miami. The summit will gather cyber leaders from the United States and Latin America to discuss challenges and solutions in cybersecurity today.

Some of the themes will include the role of media organizations in cybersecurity, cyber influence on intelligence-gathering, and the impact of 5G technology on cybersecurity. The full lineup of speakers at Cybertech Miami is yet to be announced, but seeing as this event is part of the Cybertech Global family, it promises to be an exciting, dynamic conference.

The Official Cyber Security Summit

March 25, 2022

Atlanta, GA and online

This 7th annual daylong conference is jam-packed and focuses on educating attendees about protecting vulnerable business applications and critical infrastructure. It offers attendees the opportunity to meet some of the leading solution providers in the United States and discover products and services bringing innovation to enterprise cyber security.

The sessions, presentations, and panel discussions feature some top cybersecurity experts today. Admission includes meals and networking opportunities, and a virtual live-stream option is available.

Chad Hunt, Supervisor of the FBI’s Computer Intrusion Squad, will be a keynote speaker at the summit. Those looking to get a head start can already access the summit’s online Security Content Sharing portal to learn about protecting businesses from cyber attacks.

GFMI’s 14th Edition Third-Party Vendor Risk Management for Financial Institutions

April 11 – 13, 2022

New York, NY

The Global Financial Markets Institute’s 14th edition event will offer third-party risk professionals innovative perspectives on supply chain resilience and provide new insights into managing third-party risk.

Taking place in the heart of the world’s financial center, speakers at this event include some of the foremost experts in cybersecurity and risk management from the big banks.

Key sessions include Scotiabank’s talk on boosting supply chain resilience and MUFG Union Bank’s session on identifying concentration risk. Among the notable speakers are Donald Saxinger, Chief of IT Supervision at FDIC, and Dolly Singh, Managing Director, Global Head of Corporate Third Party Oversight at JP Morgan.

Supply Chain Meetup

April 26 – 28, 2022

Online

Focused on the retail supply chain’s current state and evolution, Supply Chain Meetup is a virtual gathering that provides collaboration, networking, learning, and career development opportunities. The online event will bring together hundreds of experts from across the retail supply chain. The full lineup will be announced in the coming weeks.

Cybersecurity and Privacy Professionals Conference

May 3 – 5, 2022

Baltimore, MD

This event allows attendees to discuss trends and issues in information security and privacy with their peers and hear from some of the leading solution providers in the field.

The theme of this year’s conference is The Future is Ours to Shape: Developing Staff and Operations for Tomorrow’s Cybersecurity and Privacy. Cybersecurity and privacy professionals were invited to submit their proposals for this grassroots educational event, including information-sharing, networking, and collaboration.

Cybertech Asia

(Postponed: Cybertech Asia has been postponed till May 2023 )

Sands Expo, Singapore

Cybertech Asia will take place in Singapore next summer. The event will be being held in partnership with Milipol, Asia-Pacific’s leading international homeland security international event. The conference will feature a range of sessions and special events on cybersecurity. The entire speaker schedule is yet to be announced, but interested parties can already get involved through an online portal that can be used for networking with other conference-goers.

Cybertech Asia serves as a dialogue on threats and solutions that impact the global community. Topics covered at the conference include finance, mobile, health, mobility, insurance, and more.

RSA San Francisco

June 6 – 9, 2022

San Francisco

At the four-day RSA Conference, cybersecurity professionals come together to discuss perspectives and challenges and network with one another. The event features an Expo in which attendees will find products and solutions and a digital-only option for those unable to attend the conference in person.

Some of the notable speakers include Dr. Christopher Pierson, Founder and CEO of BlackCloak. Tim Weston, Cybersecurity Coordinator at the DHS/TSA, and Alyssa Miller, Business Information Security Officer at S&P Global Ratings.

Gartner Security and Risk Management Summit

June 7 – 10, 2022

National Harbor, MD

The Gartner Management Summit is aimed at chief information security officers and leaders in cybersecurity and risk management. It will feature keynote speakers from leading IT security personalities alongside experts from Gartner’s team of unbiased analysts. The conference will focus on establishing an agile security program, fostering a human-centric security culture, and devolving risk ownership.

Participants will choose to attend sessions from among eleven unique tracks, such as Cyberthreat: Mitigation, Preparedness, Exposure Management; Infrastructure Security; Midsize Enterprise; Identity and Access Management, and several others.

Cybertech Global UAE – Dubai

June 13 – 14, 2022

Dubai, United Arab Emirates

Cybertech Dubai will focus on timely topics in cybersecurity with industry experts and government officials worldwide. Cybertech Dubai features a diverse range of speakers in the global hub that connects Europe, Africa, and the Far East.

The sessions and special events will focus on AI, Advanced IoT, big data, cloud, blockchain, and more. Leaders will deliver talks in government and enterprise from throughout the US, Europe, the Middle East, and Asia.

Total Security Conference Hong Kong

July 7, 2022

Hong Kong

CISOs, heads of IT, heads of security, and regulators face a rapidly-changing climate filled with new vulnerabilities. As cyberattacks become more sophisticated and remote work becomes the norm, security and risk mitigation priorities evolve. The 8th annual Total Security Conference focuses on ensuring a seamless transition to virtualization through efficiently securing data, endpoints, and operational touchpoints. This conference features information sessions, meetings, and networking to allow corporate, public, and government agencies to enhance their approach to cybersecurity.

The lineup of speakers is not yet finalized; stay tuned…

CSO50 Conference and Awards

September 2022

Location to be announced

The CSO50 Conference and Awards feature risk strategies for rising threats. It will showcase innovation to protect and defend risk leadership and innovation to preserve and defend risk leadership and innovation.

Top leaders in risk management and cybersecurity will be awarded at the conference and present talks on recent developments in the industry.

Some of the speakers slated to present at this conference include Keith Slotter, VP Corporate Security at JetBlue Airways; Nicole Ford, VP & CISO at Carrier; and Jessica Bair, Director of the Cisco Secure Technical Alliance at Cisco.

National Cyber Summit

September 21 – 22

Huntsville, Alabama

NCS2022 is billed as the nation’s most innovative cybersecurity-technology event. It offers educational, collaborative, and workforce development opportunities for industry visionaries and rising leaders in the field.

The summit will bring together leaders of both enterprise and government organizations to discuss digital forensics, supply chain cybersecurity research, data mining, and the societal impacts and ethics of cybersecurity. Several tracks of the conference will run concurrently, and the list of speakers includes Chris Cleary, Principal Cyber Advisor of the US Navy; Brian Turner, Executive Assistant Director of the Criminal, Cyber, Response, and Services Branch of the FBI; and Merritt Baer, Principal Security Architect at Amazon Web Services.

InfoSec World

September 26 – 29, 2022

Coronado Springs, Lake Buena Vista, Florida

One of the longest-running events of its kind, InfoSec World is in its 28th year and offers some of the industry’s premier education and networking opportunities. This year’s conference includes summits and workshops on supply chain security, ransomware, threat testing, cryptocurrency, cloud security, and more. Each of these topics will be expanded upon at the conference, such as the cloud security summit and supply chain workshop, taking place on the event’s final day.

Speakers are yet to be finalized, and the world’s leading companies have been presenters at previous InfoSec conferences. InfoSec World provides attendees with the tools and information they need to stay at the forefront of today’s cybersecurity challenges.

International Cyber Expo

September 27 – 28, 2022

London, England

The International Cyber Expo unites government, industry, and academia at a series of roundtable discussions, pavilions, exhibitions, demonstrations, and a summit. All focused on the primary issues facing cybersecurity professionals today. The expo will also showcase the latest products, technologies, and services from over 350 leading industry suppliers. Attendees will include leaders in cyber policy, government, CISOs, export leaders, and other C-suite professionals coming together to discuss protecting and securing high-level networks.

Cyber Security World Asia

October 12 – 13, 2022

Marina Bay Sands, Singapore

This event brings together industry leaders from some of the top cybersecurity companies throughout Asia and the world. Cyber Security World is suitable for security professionals in dozens of roles who share a common desire to invest in cybersecurity and defend their businesses from cyber threats.

This year’s lineup is still being finalized, but past exhibitors include the world’s leading cyber security suppliers and the latest technologies and solutions. An exciting rapid-fire pitch showcase will feature at the conference, allowing companies to pitch their products and solutions to potential investors, partners, and customers.

Insider Threat Summit

3 November 2022

Monterey, California

The Insider Threat Summit unites government agencies with private enterprises to discuss the problem of insider threats. This year’s conference will focus on vulnerabilities about cybersecurity challenges. Topics will include risk analysis and continuous evaluation or monitoring, AI and machine learning, economic espionage, counterintelligence, threat monitoring, and more.

There you have it – our picks for the top 20 cybersecurity and supply chain security events of 2022. Whether you plan to attend in person or join some of these events virtually from the comfort of your own home, you’re sure to gain valuable insights into the latest cybersecurity developments.

Waiting for that next conference and eager to learn more about automating your supply chain security? Request a demo