We manage more than a quarter billion dollars of premiums for a diverse range of clients around the globe.
It’s everyone’s favorite time of year again. The department stores and commercials have already begun to advertise Christmas gifts, and it is not even Thanksgiving. As exciting as the holidays can be, we sometimes forget to think about the risks that go hand in hand with the holiday season, including credit card hacking and fires starting from decorations or cooking.
This past Tuesday, The Home Depot announced its 3rd Quarter earnings for 2014, but also warned shareholders that there will be more costs associated with the data breach that was originally announced in September 2014. According to a recent Wall Street Journal article, “the company said the data breach resulted in $28MM of pretax expenses in the most recent period, adding that it estimates the net cost for the year to be $34MM.” Based on various articles that I have reviewed, the retailer carries a $100MM insurance policy for expenses related to the breach. Having read about many other security breaches over the past year and the significant costs associated
Home Depot’s data breach is the largest retail breach we’ve seen yet. Last week, Home Depot publicly stated that in addition to the 56 million credit card accounts compromised, approximately 53 million e-mail addresses were stolen as well. The issue here isn’t the addresses themselves, but the malicious use the addresses will be put to.
Data breaches are a very serious threat to companies and individuals; their occurrence and impact is increasing drastically year over year. Hackers are looking to steal your financial data, personal information, and intellectual property. Often, the financial and reputational impact of a breach can be disastrous for an organization.
A constant struggle for the risk manager of an organization is balancing the profitability expectations of its shareholders and maximizing operational efficiency of the risk management team in order to reduce the organization’s Total Cost of Risk (TCoR). Having a clear perspective of the organization’s appetite for risk and risk tolerance is a fundamental element needed in order to achieve this balance.
So you are traveling for business or you have finally scheduled a few days away from the office. You pack your bags and are sure to not forget your mobile phone, tablet, and laptop. Now stop for a second and consider the consequences if one of those devices goes missing, is lost, stolen, or even hacked. How much personal or company data would be at risk? Bank account information, e-mails, contact information, confidential business documents. It’s all there for the taking.
The recent Enterprise Risk Management (ERM) Workshop held by North Carolina State University was chock full of valuable information. It was attended by seasoned risk and audit professionals all looking for ways to improve the effectiveness of their own ERM programs.
While it was never the intent of Winston Churchill that his famous description of Russia’s intentions in 1939 would apply to Enterprise Risk Management (ERM), the analogy applies pretty well. “It is a riddle, wrapped in a mystery, inside an enigma, but perhaps there is a key.” I firmly believe there is a key to a proper, productive and easily understood ERM program.
IT-related threats originate from multiple angles, all of which require proper attention and application of mitigation techniques. Perhaps the biggest threat to a company’s IT security is their internal contacts (staff, vendors, contractors, etc.). Many companies are utilizing heightened IT security measures, but fail to account for the negligible or malicious actions from these internal contacts who often have high-level access to company systems. Inside access often isn’t monitored and can easily lead to stolen data or corrupted systems.
The globalization of business operations and our dependence on the internet for data storage over the past decade has exposed companies to a new set of risks. As this trend continues to grow, so does the risk associated with data breaches of a company’s domestic or international servers.
