We manage more than a quarter billion dollars of premiums for a diverse range of clients around the globe.
When the front lines of IT security fail and a cyber breach occurs, businesses often rely on insurance to reduce the often extreme financial impact associated with the breach. Policies are usually written to ensure that the insured recovers extra expenses incurred and are covered for fines and penalties placed on the company by regulatory agencies.
Traditionally, a cyber breach occurs and otherwise private information is stolen or made public resulting in costs such as notification expenses, IT forensics, data recovery, public relations/crisis management, legal defense, business interruption, brand/reputation damage and regulatory fines and penalties; just to name a few. However, the breadth of cyber-attacks has proven to be ever expanding. Now, breaches resulting in physical property damage are being reported more regularly which leads to the immediate question, “am I covered for such an event?
If you’re anything like me, you will complete most of your holiday shopping from the comfort of your own home, laptop in hand, attempting to avoid the craziness of department stores and mall parking lots. Then, a week or so before the big day, you’ll realize that you neglected to order some key gifts and scramble to pick them up in-store.
The year 2016 is turning out to be a record one for data breaches, and cybercrime won’t be slowing down any time soon. According to global digital security firm Gemalto, nearly five billion private records have been exposed globally since 2013. Data breaches were up 15% in the first half of 2016 compared to the prior six months.
Does the threat of Ransomware crippling your organization’s network and operations keep you up at night? At this point, it kind of should. However, there’s a lot your CISO and IT staff could be doing to mitigate the threat and help you sleep a bit more soundly.
The massive October 21st distributed denial of service (DDoS) attack on Dyn, a prominent Domain Name Server (DNS) provider, resulted in many US websites going offline. The attack was very sophisticated and precisely targeted. While no customer data was breached in this event, it was still extremely impactful on the effected organizations. When the DNS provider went offline, more than 100 popular websites, such as Reddit, Twitter, Box, Spotify, PayPal, Squarespace and Amazon Web Services (AWS) were unavailable. While most of us could survive without Twitter – though barely – the unavailability of web hosting platforms such as AWS, Box and Squarespace most likely caused interruptions in numerous businesses.
Enterprise Risk Management (ERM) concepts can help retailers create a competitive advantage out of the business of managing risk. ERM’s “portfolio view” collects all risk and mitigation activity into a single Risk Register. This enables management to coordinate mitigation efforts across functions, rather than leaving risk to be managed in a patchwork fashion among various pockets in the organization. These are the critical areas for retail organizations where embracing an ERM approach adds value and opportunities that would likely otherwise be “missed:”
It doesn’t take a cyber risk expert to realize that the retail industry is a prime target for hackers, and that some of retail’s most iconic brands have made front-page, breaking news when it comes to millions of lost or stolen data records. Primary Cardholder Information (PCI) is extremely valuable amongst those on the “Darknet,” once described by PC Magazine as “the hidden, anonymous underbelly of the searchable Web.” Since larger retailers handle these records in the hundreds of thousands to millions, hackers are looking for any entry point into their networks to extract credit card and customer account data.
Do you save-up your frequent-flier miles in anticipation of your next business trip, family vacation, or points’ spending spree? What if the next time you logged into your account, you found the points balance displaying a big, round zero?
As Cyber Risk continues to evolve, it is becoming very evident that while it is spread over a variety of industries, the types of Cyber Risks are specific to each industry and play a major role in their level of exposure. The healthcare sector in particular, is targeted most heavily by hackers and malicious campaigns due to the private nature and black market value of the data. Personally Identifiable Information (PII) and Personal Health Information (PHI) contain data in which a bad actor can easily steal someone’s identity, open false accounts, perform fraudulent transactions, or hack/gain access to bank and other types of private accounts.
