From increasing personal liability in the CISO role and NIST’s plan to take on AI security, to Federal CISO Mike Duffy’s encouragement of community dialogue at Black Hat USA, and an electronics manufacturer's recent ransomware report to the SEC, August was a month full of impactful and industry-changing cybersecurity news stories.

Personal Liability, Security Becomes Bigger Issues for CISOs

Source: Dark Reading

As the responsibilities of a CISO increase, so does their personal liability. CISOs are now accountable for more than just cybersecurity and incident response; their duties often include compliance, cyber resilience, and the use of artificial intelligence. In this article, CISOs share how they’ve handled this shift in risk — from policy changes to address liability concerns, to clearly presenting the organization’s risk profile to the board.

NIST seeks Input on Control Overlays for Securing AI Systems

Source: Cybersecurity Dive

NIST is taking on AI security with a bold new plan to adapt its SP 800-53 framework into specialized control overlays for artificial intelligence. The guidance will cover generative AI, predictive models, single agent systems, multi agent systems, and even developer practices. Researchers have already shown how hackers can hijack AI agents or use large language models to launch autonomous cyberattacks, making this work urgent. To shape the future of secure AI, NIST is inviting the public to share feedback through a new Slack channel.

Federal CISO urges cyber community to start sharing and scaling their solutions

Source: NextGov

At Black Hat 2025, Acting Federal CISO Mike Duffy urged the cybersecurity community to share and scale their solutions, reminding practitioners that everyone holds a piece of the puzzle. He stressed that zero trust cannot just be a checklist and that organizations must demonstrate real operational outcomes. Speaking alongside CISA’s CIO Robert Costello and former cyber director Rob Knake, Duffy highlighted the importance of dialogue and collaboration in shaping effective policy. While the Trump administration works to reduce regulatory burdens and streamline reporting rules, officials agreed that policy remains essential to strengthening the nation’s cyber defenses.

6 Things Keeping CISOs Up at Night

Source: CSO

CISOs are under pressure to enable innovation while ensuring strong foundational security practices. Security leaders face significant challenges including widespread stress and burnout within the security profession, the complexity of managing disparate security tools, and the difficulty of demonstrating business value. The rise of AI introduces new concerns like a potential "competency crisis" in hiring, the increased sophistication of phishing and deepfake attacks, and the risk of masking fundamental security weaknesses. While AI offers some relief for manual tasks, leaders emphasize the need to address underlying security fundamentals, speak the language of business, and foster a culture where seeking help for stress is normalized.

Electronics manufacturer Data I/O reports ransomware attack to SEC

Source: The Record Media

Electronics manufacturer Data I/O has disclosed a ransomware attack that began on August 16, disrupting its shipping, manufacturing, and production systems. The Redmond, WA–based company, which supplies automotive and consumer electronics to firms like Tesla, Amazon, Google, and Microsoft, reported the incident to the SEC and has taken systems offline for containment. A third-party investigation is underway, and the company has not yet determined whether customer or personal data was compromised. With Q2 sales at $5.9M and heavy reliance on the automotive sector, Data I/O warned that recovery costs are likely to have a material financial impact. The attack highlights the manufacturing sector’s growing exposure, which accounted for 65% of global ransomware incidents last quarter.