In our previous posts in this series, we introduced Enterprise Risk Management (ERM) as a “portfolio view” of risk and discussed various aspects of implementing ERM: roles, culture, a framework and preparing your organization. Now, we’ll begin looking at the “big picture” viewpoint of risk, starting with identifying and prioritizing risks. In the ERM process, management (1) determines acceptable levels of risk, (2) identifies and measures risks throughout the entire organization and aggregates the results, and (3) determines if the aggregated results exceed the acceptable levels. Risk Appetite and Risk Tolerance are the expressions of the “acceptable levels” of risk.
Organizations today must regard cyber breaches not as a possibility, but as an inevitable fact of life. In this environment, it’s crucial to have a cyber liability insurance policy that adequately covers the potential loss and offers payment or reimbursement for response costs. Understanding what’s covered by the policy well before a breach occurs and building that knowledge into your company’s incident response plan is critical.
2016 was a big year for ransomware. It saw a massive increase in ransomware events and payouts to criminals, which, most experts say, only exacerbates the issue.
A 2015 report by the Herjavec Group (an Information Security company) noted that the total cost of ransomware reached $1 billion in 2016. With new “strains” of ransomware spreading worldwide (such as the Russian “spora”), we should all be on high alert for this business-impacting cyber threat.
In our previous blog posts, we introduced Enterprise Risk Management (ERM) as a strategic discipline that affords a “portfolio view” of risk; outlined how to establish roles and context for ERM implementation; and how to establish a risk-aware culture and develop an ERM framework
Traditionally, a cyber breach occurs and otherwise private information is stolen or made public resulting in costs such as notification expenses, IT forensics, data recovery, public relations/crisis management, legal defense, business interruption, brand/reputation damage and regulatory fines and penalties; just to name a few. However, the breadth of cyber-attacks has proven to be ever expanding. Now, breaches resulting in physical property damage are being reported more regularly which leads to the immediate question, “am I covered for such an event?”
In our previous blog posts, we introduced Enterprise Risk Management (ERM) as a strategic discipline that affords a "portfolio" view of risk and we outlined how to establish roles and a context for ERM implementation.
The holiday season usually means new tech gadgets for everyone to tap, swipe, click, and download. Most people who unwrap a new iPhone, MacBook, Smartwatch, Fitbit, or game console probably aren’t considering the ramifications of connecting those devices to the Internet and setting up new user accounts filled with their personal information. Unfortunately, we live in a time where have to, or at the very least, should.
Topics: Risk Management Blog
In our previous post, Taking a Closer Look at Enterprise Risk Management, we introduced Enterprise Risk Management (ERM) as a strategic discipline that affords a “portfolio” view of all threats and opportunities throughout an organization. We contrasted ERM with the traditional “silo” approach to risk management, where various parts of an entity manage their risks with no overarching risk management strategy.
Back in May 2016 I posted a blog (Be Prepared – Data Breach Notification Laws are Changing), which covered how data breach notification laws were evolving. At that time the state of Tennessee amended its law, becoming the first state in the nation to require notification of any data breach, whether the information is encrypted or not. I also predicted that state laws would most likely become stricter in the not too distant future…
Topics: Breach of Security, California Data Breach Notification Law; Data Brea, Cyber Breach, Cyber Liability, Cyber Risk, Cyber Security, Data Breach, Personally Identifiable Information, PII, Protection Bill AB2828, Risk management, Risk Management Blog
Every organization is faced with risks and needs to practice some form of risk management in order to maintain the health of the entity. Many take a traditional approach, where risk is managed in silos, with each leader of a business unit (sales, operations, finance, HR, etc.) responsible for managing the risks that fall within his or her area of responsibility.