The newly published 2024 Cyber Risk Program Annual Report highlights the initiatives, people, services and tools that manage and reduce cyber risk at every UC campus, health center, and lab.
Highlighting UC stories and successes
The UC Cyber Risk Program Annual Report showcases the achievements and stories from the past year, illustrating how various initiatives across the UC system have strengthened cybersecurity measures and enhanced overall safety.
With robust executive-level support, the approach has progressed beyond merely creating and executing cybersecurity awareness programs. These efforts have been optimized by streamlining operations, maximizing cybersecurity investments, and implementing other strategic measures.
Multi-pronged approach to security (and the report)
This report features stories that highlight the innovative approaches and improvements achieved this year. These stories demonstrate the evolving cybersecurity landscape and affirm UC’s unwavering commitment to excellence in the field. The report delivers a thorough overview, organized into sections that outline the robust strategies and actions employed to ensure a safer UC.
Tools and services
As you will learn in the report, the Cyber-risk Coordination Center (C3), now UC Digital Risk and Security, provides comprehensive services and tools to enhance cybersecurity across the UC system. UC Digital Risk and Security manages a portfolio of best-practice tools, products, and services designed to help campuses, health centers, and labs effectively manage cybersecurity, reduce risks, and respond to threats. Also featured is this section is a story about UC San Diego’s Threat Detection Response (TDR) team, which is piloting a hands-on educational program, simulating real-world cyberattack scenarios to practice incident response procedures.
Sharing best practices
Conferences and other gatherings play a critical role in strengthening UC’s cybersecurity defenses. This section of the report focuses on the insightful dialogues sparked by the 2024 UC Academic Congress on AI, the 15th Cyber Security Summit, Cybersecurity Awareness Month events, and a unique story of a semi-truck helping equip UC Irvine students for success in Cybersecurity.
Protection across the system
This section in the report features cybersecurity stories from across UC, such as: the UC San Diego Health Protected Health information (PHI) cleanup; how UCLA Health reduced attack surfaces; UC San Francisco’s new Standard Operating Procedure (SOP) around reviewing cybersecurity clauses in sponsored research proposals and contracts; and UC Irvine’s standardized IT asset management system to track IT assets.
Also included, a shoutout to two UC security leaders named finalists for the BayAreaCISO ORBIES awards, and a story around how UC is maximizing resources to enhance efficiencies and impact across the institution, driving innovation and growth.
Guidelines and strategies
The Policy Corner provides an update around UC’s standards, requirements, and policies. This year, there is an update on the Graham-Leach-Billet Act (GLBA), GLBA survey and report, GLBA compliance, and revised guidance documentation (Systemwide Cyber Incident Response Process and Cyber Incident Escalation Protocol and Guidance).
Also covered – how the Information Security Office (ISO) at UC Berkeley completed a 4.5-year initiative to integrate all central IT, academic, and administrative units into the campus IS-3 cyber risk management program and how the 2023 Data Disposal Day at UC Irvine resulted in the careful management of the destruction of over 1,700 hard drives.
The evolving threat landscape
What did 2024 look like in terms of cybersecurity risks, benefits, changes, and predictions outside of UC? The Landscape section shares information that will enlighten and educate you on the overall state of cybersecurity and how it is evolving.
Looking ahead
The 2024 UC Cyber Risk Program Annual Report provides a comprehensive overview of the tools, methods, and collaborative efforts being utilized at UC to foster a cohesive and secure cyber environment. As cyber risks continuously evolve, so do our practices, processes, and solutions.
Creating an informed, adaptable, and resilient cybersecurity community across UC hinges on sharing knowledge, collaborating, and communicating. By connecting through gatherings and conferences, learning through various trainings and exercises, and sharing these stories through this annual report, we keep our systems robust and our workforce engaged in continuous collaboration and learning from one another.
Interested in learning more about our cybersecurity initiatives, programs, results, and metrics? Check out the 2024 Cyber Risk Program Annual Report here.
Learn more about UC cybersecurity
- Please note: The Cyber-risk Coordination Center (C3) is now UC Digital Risk and Security. This change reflects our focus on providing valued digital risk services and expertise to UC Locations and managing risk across the UC system.
- Upcoming Summit – August 20, 2025: Mark your calendars! The 16th UC Cyber Security Summit will take place on August 20, 2025, at UCLA. Keep an eye on the Cyber Security Summit website for more information, coming soon.
Contact
Director, Cyber Risk Program
Interim Systemwide Chief Information Security Officer
UC Office of the President
Author
Communications and Events Manager
Digital Experience & Engagement Team
Information Technology Services
UC Office of the President