ERM | Risk Assessment Phase One: Risk Identification
Risk Identification is the first of three phases that make up a Risk Assessment.
The ALS Group
February 10, 2017
We manage more than a quarter billion dollars of premiums for a diverse range of clients around the globe.
Risk Identification is the first of three phases that make up a Risk Assessment.
Most companies today opt to distribute their employees’ W-2 tax forms electronically; either through email or some type of download service. Because these forms contain a good deal of Personally Identifiable Information (“PII”), such as name, address, social security number and salary information – cyber thieves are using several simple, yet, tried-and-true methods to fraudulently obtain them.
In our previous posts in this series, we introduced Enterprise Risk Management (ERM) as a “portfolio view” of risk and discussed various aspects of implementing ERM: roles, culture, a framework and preparing your organization. Now, we’ll begin looking at the “big picture” viewpoint of risk, starting with identifying and prioritizing risks. In the ERM process, management (1) determines acceptable levels of risk, (2) identifies and measures risks throughout the entire organization and aggregates the results, and (3) determines if the aggregated results exceed the acceptable levels. Risk Appetite and Risk Tolerance are the expressions of the “acceptable levels” of risk.
Organizations today must regard cyber breaches not as a possibility, but as an inevitable fact of life. In this environment, it’s crucial to have a cyber liability insurance policy that adequately covers the potential loss and offers payment or reimbursement for response costs. Understanding what’s covered by the policy well before a breach occurs and building that knowledge into your company’s incident response plan is critical.
2016 was a big year for ransomware. It saw a massive increase in ransomware events and payouts to criminals, which, most experts say, only exacerbates the issue. A 2015 report by the Herjavec Group (an Information Security company) noted that the total cost of ransomware reached $1 billion in 2016. With new “strains” of ransomware spreading worldwide (such as the Russian “spora”), we should all be on high alert for this business-impacting cyber threat.
When the front lines of IT security fail and a cyber breach occurs, businesses often rely on insurance to reduce the often extreme financial impact associated with the breach. Policies are usually written to ensure that the insured recovers extra expenses incurred and are covered for fines and penalties placed on the company by regulatory agencies.
Traditionally, a cyber breach occurs and otherwise private information is stolen or made public resulting in costs such as notification expenses, IT forensics, data recovery, public relations/crisis management, legal defense, business interruption, brand/reputation damage and regulatory fines and penalties; just to name a few. However, the breadth of cyber-attacks has proven to be ever expanding. Now, breaches resulting in physical property damage are being reported more regularly which leads to the immediate question, “am I covered for such an event?
The holiday season usually means new tech gadgets for everyone to tap, swipe, click, and download. Most people who unwrap a new iPhone, MacBook, Smartwatch, Fitbit, or game console probably aren’t considering the ramifications of connecting those devices to the Internet and setting up new user accounts filled with their personal information. Unfortunately, we live in a time where have to, or at the very least, should.
Our areas of expertise include:
At The ALS Group, we help clients achieve their strategic goals via expert and insightful identification, quantification, and mitigation of the risks that could impact their business, or present opportunities for it.
More Information: [email protected]
Florida
1800 NW Corporate Blvd Ste 202
Boca Raton, FL 33431
Tel: +1-561-437-0024
At The ALS Group, we help clients achieve their strategic goals via expert and insightful identification, quantification, and mitigation of the risks that could impact their business, or present opportunities for it.
More Information : [email protected]
New Jersey
175 Main St
Woodbridge, NJ 07095
Tel: +1-732-395-4250
Florida
1800 NW Corporate Blvd Ste 202
Boca Raton, FL 33431
Tel: +1-561-437-0024