Globalization and dependence on the internet for data storage over the past decade has exposed companies to a whole new set of risks. As this trend continues, so too does the risk associated with breaches of domestic or international servers. Massive data breaches happen with alarming frequency. In the past few years, there have been several high profile attacks
This is an actual picture I took in a café of an unattended pile of documents marked “Confidential.” It blew my mind. If only this employee’s C.E.O. or C.O.O. could see this obvious disregard for the material’s confidentiality. Anyone could have grabbed the documents, peaked at the data, or… snapped a photo.
You’ve heard of cyber attacks causing customer data breaches, business interruptions, reputation management issues, and public relations nightmares – but what about physical damage?
Cyber risk continues to evolve at a breakneck pace.
Insurers are working to keep up by customizing policies and endorsements based on the size and business model of the insured. At last week’s third annual International Cyber Risk Management Conference, Matthew Davies, Assistant Vice President of Chubb Insurance Company of Canada, outlined a few key points on what cyber security practices a small organization to already have in place when looking to procure cyber insurance.
In 2015 The Internet Crime Complaint Center received 288,012 complaints of cyber attacks totaling more than $1.07 billion in reported losses. Those numbers are based only on incidents that were reported to the FBI. When we talk about cyber risk, data theft, and the threat of Ransomware, we usually focus on prevention strategies. But being prepared to respond quickly and efficiently when an event does occur is just as important to operations recovery, cost reduction, and reputation management.
Most companies today opt to distribute their employees’ W-2 tax forms electronically; either through email or some type of download service. Because these forms contain a good deal of Personally Identifiable Information (“PII”), such as name, address, social security number and salary information – cyber thieves are using several simple, yet, tried-and-true methods to fraudulently obtain them.
Organizations today must regard cyber breaches not as a possibility, but as an inevitable fact of life. In this environment, it’s crucial to have a cyber liability insurance policy that adequately covers the potential loss and offers payment or reimbursement for response costs. Understanding what’s covered by the policy well before a breach occurs and building that knowledge into your company’s incident response plan is critical.
2016 was a big year for ransomware. It saw a massive increase in ransomware events and payouts to criminals, which, most experts say, only exacerbates the issue.
A 2015 report by the Herjavec Group (an Information Security company) noted that the total cost of ransomware reached $1 billion in 2016. With new “strains” of ransomware spreading worldwide (such as the Russian “spora”), we should all be on high alert for this business-impacting cyber threat.
Traditionally, a cyber breach occurs and otherwise private information is stolen or made public resulting in costs such as notification expenses, IT forensics, data recovery, public relations/crisis management, legal defense, business interruption, brand/reputation damage and regulatory fines and penalties; just to name a few. However, the breadth of cyber-attacks has proven to be ever expanding. Now, breaches resulting in physical property damage are being reported more regularly which leads to the immediate question, “am I covered for such an event?”
Back in May 2016 I posted a blog (Be Prepared – Data Breach Notification Laws are Changing), which covered how data breach notification laws were evolving. At that time the state of Tennessee amended its law, becoming the first state in the nation to require notification of any data breach, whether the information is encrypted or not. I also predicted that state laws would most likely become stricter in the not too distant future…
Topics: Breach of Security, California Data Breach Notification Law; Data Brea, Cyber Breach, Cyber Liability, Cyber Risk, Cyber Security, Data Breach, Personally Identifiable Information, PII, Protection Bill AB2828, Risk management, Risk Management Blog