We manage more than a quarter billion dollars of premiums for a diverse range of clients around the globe.
This is an actual picture I took in a café of an unattended pile of documents marked “Confidential.” It blew my mind. If only this employee’s C.E.O. or C.O.O. could see this obvious disregard for the material’s confidentiality. Anyone could have grabbed the documents, peaked at the data, or… snapped a photo.
Cyber risk continues to evolve at a breakneck pace. Insurers are working to keep up by customizing policies and endorsements based on the size and business model of the insured. At last week’s third annual International Cyber Risk Management Conference, Matthew Davies, Assistant Vice President of Chubb Insurance Company of Canada, outlined a few key points on what cyber security practices a small organization to already have in place when looking to procure cyber insurance.
Risk Analysis is the second of three phases that make up a Risk Assessment. What are the other two phases?
In 2015 The Internet Crime Complaint Center received 288,012 complaints of cyber attacks totaling more than $1.07 billion in reported losses. Those numbers are based only on incidents that were reported to the FBI. When we talk about cyber risk, data theft, and the threat of Ransomware, we usually focus on prevention strategies. But being prepared to respond quickly and efficiently when an event does occur is just as important to operations recovery, cost reduction, and reputation management.
Risk Identification is the first of three phases that make up a Risk Assessment.
Most companies today opt to distribute their employees’ W-2 tax forms electronically; either through email or some type of download service. Because these forms contain a good deal of Personally Identifiable Information (“PII”), such as name, address, social security number and salary information – cyber thieves are using several simple, yet, tried-and-true methods to fraudulently obtain them.
In our previous posts in this series, we introduced Enterprise Risk Management (ERM) as a “portfolio view” of risk and discussed various aspects of implementing ERM: roles, culture, a framework and preparing your organization. Now, we’ll begin looking at the “big picture” viewpoint of risk, starting with identifying and prioritizing risks. In the ERM process, management (1) determines acceptable levels of risk, (2) identifies and measures risks throughout the entire organization and aggregates the results, and (3) determines if the aggregated results exceed the acceptable levels. Risk Appetite and Risk Tolerance are the expressions of the “acceptable levels” of risk.
Organizations today must regard cyber breaches not as a possibility, but as an inevitable fact of life. In this environment, it’s crucial to have a cyber liability insurance policy that adequately covers the potential loss and offers payment or reimbursement for response costs. Understanding what’s covered by the policy well before a breach occurs and building that knowledge into your company’s incident response plan is critical.
When the front lines of IT security fail and a cyber breach occurs, businesses often rely on insurance to reduce the often extreme financial impact associated with the breach. Policies are usually written to ensure that the insured recovers extra expenses incurred and are covered for fines and penalties placed on the company by regulatory agencies.
