The ALS Group
January 4, 2017
We manage more than a quarter billion dollars of premiums for a diverse range of clients around the globe.
The year 2016 is turning out to be a record one for data breaches, and cybercrime won’t be slowing down any time soon. According to global digital security firm Gemalto, nearly five billion private records have been exposed globally since 2013. Data breaches were up 15% in the first half of 2016 compared to the prior six months.
Every organization is faced with risks and needs to practice some form of risk management in order to maintain the health of the entity. Many take a traditional approach, where risk is managed in silos, with each leader of a business unit (sales, operations, finance, HR, etc.) responsible for managing the risks that fall within his or her area of responsibility.
Does the threat of Ransomware crippling your organization’s network and operations keep you up at night? At this point, it kind of should. However, there’s a lot your CISO and IT staff could be doing to mitigate the threat and help you sleep a bit more soundly.
Risks pose threats to a broad range of your organization’s resources, such as assets, company reputation or time. These resources are spread throughout a variety of potential risk owners. In turn, each risk owner may have access to only certain capabilities for addressing risk. For example:
An Enterprise Risk Management (ERM) process can yield a valuable communication for your organization: the Risk Appetite Statement. This statement serves an important assurance role for stakeholders in your company, and is an indicator of critical, board or executive-level oversight of risk management. It serves as a tangible product of an effective effort to assess and control risk across the enterprise. It can be referenced as the basis for any communication or disclosure your company may need to make about its risk management policy and efforts.
Do you save-up your frequent-flier miles in anticipation of your next business trip, family vacation, or points’ spending spree? What if the next time you logged into your account, you found the points balance displaying a big, round zero?
As Cyber Risk continues to evolve, it is becoming very evident that while it is spread over a variety of industries, the types of Cyber Risks are specific to each industry and play a major role in their level of exposure. The healthcare sector in particular, is targeted most heavily by hackers and malicious campaigns due to the private nature and black market value of the data. Personally Identifiable Information (PII) and Personal Health Information (PHI) contain data in which a bad actor can easily steal someone’s identity, open false accounts, perform fraudulent transactions, or hack/gain access to bank and other types of private accounts.
Fake bank accounts, food-borne illnesses, smartphones catching fire, cyber breaches. These are just a handful of recent events that have played out in the news and flooded social media, exponentially effecting conversations, comments and opinions, and most importantly, reputation and revenue. One thing that all of these seemingly different events have in common is that each one can be classified as a crisis, and require a thoughtful and carefully orchestrated response.
