Useful summary of the threats that come with digital transformation...: The greatest cyber security challenge is simply keeping up with the rapidly evolving threat, Aon said today. The global professional services firm released its 2019 Cyber Security Risk Report, detailing the most severe cyber security threats and challenges organisations are currently facing. “The rapid enhancements and pace of technological adoption, has meant that the number of touch-points within
Two lessons here: be on alert for fraud and train your staff to be aware; use a specialist broker to get the right insurance cover that will actually pay out...: [...] News stories about cybersecurity incidents involving phishing are routine. However, just because phishing schemes are a well-known attack vector does not lessen the risk that organizations face from these schemes. The town of Farmington, Connecticut learned that lesson when city coffers lost over $2 million to
You need a specialist broker to help you understand what is, and what is not, covered by insurance...: In late January 2019, the French data protection authority, CNIL, imposed a fine of €50 million—or roughly $57 million—on Google for violations of the GDPR. The fine is the largest imposed to date under the GDPR, since it came into effect in May 2018. The Google fine highlights a couple of things: the GDPR has teeth, and regulators in the EU won’t hesitate to enforce the re
We're probably due a market correction soon...: [...] However, one reason cyber is more profitable than other lines of coverage is that the insurance industry has yet to experience a cataclysmic cyber event — one that triggers major claims payouts from a large numbers of customers, a report recently released by Lloyds suggests. “In the period 2013 to 2018, the affirmative cyber insurance direct loss ratio across the industry has averaged around 50% – i.e. half of the prem
The headline figure of "$166Bn" was plastered all over my feeds yesterday. Bleeping computer attempts to take a rational look at the theoretical risks...: According to a speculative cyber risk scenario prepared by Cambridge University for risk management purposes, a ransomware strain that would manage to impact more than 600,000 businesses worldwide within 24 hours would potentially lead to damages of billions not covered by insurers. First of all, it is important to unde
Clarification would be good. In the short term, do Google have cover for their fine from the French?...: [...] GDPR is the EU's main data protection law, which came into force on 25 May 2018. Businesses can be fined up to €20 million or 4% of their global annual turnover, whichever is higher, for the most serious breaches of the new regime – significantly higher than the maximum penalties which were previously applicable, e.g. £500,000 in the UK. Whether or not businesses
My non-scientific poll of people I know failed to identify anyone with personal cover here in the UK. I'm covered as part of my business activities, maybe others assume they are covered in the same way, or maybe they just don't care, or "It won't happen to me". People insure their tech against damage or loss, why not their data?...: [...] The reinsurance company said it expects the market for personal cyber insurance to follow a "similar growth trajectory" to the growth fore
Are you protected by insurance from bad business decisions over cyber risk? ...: [...] But it’s the details of the S.E.C. settlement that most likely proved the most troubling for the insurers. According to the S.E.C., “In late 2014, Yahoo had learned of a massive breach of its user database that resulted in the theft, unauthorized access or acquisition of hundreds of millions of its user’s personal data.” The agency further alleged that “Yahoo senior management and releva...
Most firms have cover in place for General Liability and Directors & Officers (D&O) but that probably isn't enough...: [...] High profile data breaches have spawned multiple lawsuits and have begun to impact boards, panelists said. In January, Yahoo settled a securities lawsuit stemming from two 2016 data breaches for $80 million. “Today, cyber risk is D&O risk,” said Padalino. “It’s not just an issue of…breaches against the organization and the IT department.
If you ever needed a reason to a) never use the same password twice; b) change them regularly; c) register with HaveIBeenPwned; this should be as good as any...: My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. A story in The Guardian breathlessly dubbed it “the lar