Gaining Cyber Confidence With a CISO

Businesses aren’t the only ones struggling to ramp up budget allocations to fortify against cyberrisk. In his new $4.1 trillion budget proposal, President Obama has asked for $19 billion for cybersecurity efforts, a 35% increase from last year.

The president directed his administration to “implement a Cybersecurity National Action Plan (CNAP) that takes near-term actions and puts in place a long-term strategy to enhance cybersecurity awareness and protections, protect privacy, maintain public safety as well as economic and national security, and empower Americans to take better control of their digital security.” In addition to a cybersecurity awareness campaign targeting both consumers and businesses, the plan calls for government-wide risk assessments, a nation-wide push for a range of better consumer data security measures, and a range of initiatives to attract more and better cybersecurity personnel. Some of these new employees will offer cybersecurity training to more than 1.4 million small businesses, and the Department of Homeland Security is expected to double the number of cybersecurity advisors available to assist private sector organizations with risk assessments and the implementation of best practices.

Obama’s plan also takes a page from the private sector, creating the position of Federal Chief Information Security Officer to drive cybersecurity policy, planning and implementation across the federal government.

Many organizations have begun to see concrete value from adding CISOs to the C-suite. According to a recent study from ThreatTrack Security, companies with a CISO are more confident about the technology they use to combat malware (83% versus 63% at organizations without one). This is particularly notable as only 20% of those surveyed said their defenses against hackers have improved in the past year—about half of those who said the same in 2013.

“Perhaps CISOs have a better handle on what solutions to implement or are better equipped and positioned in the organization to ensure their team has the solutions they need to defend the organization,” the report said.

Organizations with a CISO also feel more confident about their ability to address cyberrisk. When asked if they felt able to personally guarantee the security of customers’ data, 71% of respondents from companies with a CISO said yes, while only 29% could say the same without someone in this role. CISOs are also making a huge impact on breach preparation and incident response. When it comes to having an incident response team or security operations center to identify and respond to cyberattacks, 94% of respondents at organizations with a CISO had these resources in place, compared to just 49% without one. Concerningly, however, the overall number was 80%, 6% lower than in 2013.

When asked how defending their organization against cyberthreats had changed over the last year, 45% of respondents said nothing had changed, while 35% recognized that it has gotten harder to fight cyberrisks.

ThreatTrack Security found CISOs have also boosted corporate compliance with regard to cybercrime, with only 11% of companies failing to report breaches to customers, partners or other stakeholders, compared to 57% in 2013.

NYC Crane Collapse Part of a Troubling Trend

NYC Crane Collapse

Last week’s crane collapse in Lower Manhattan, which killed one person and injured three others, has heightened focus on crane safety, resulting in stricter rules for operators. The 565-foot crane toppled as it was being secured against high winds as a safety precaution.

More than 140 firefighters responded to the disaster in addition to police officers and utility workers who were there in case of gas leaks or other damage caused by the impact.

Mayor Bill de Blasio called for an investigation and instituted new safety policies effective immediately, while ordering that 376 other crawler cranes and 53 larger tower cranes currently operating in the city also be secured. The new rules require crawler cranes to cease operations and go into safety mode when there is a forecast for steady wind speeds of at least 20 miles per hour, or gusts of at least 30 m.p.h. Previously, cranes were allowed to operate until measured wind speeds reached 30 m.p.h. or gusts increased to 40 m.p.h.

“I want people to hear me loud and clear: We’ve had some construction site incidents that are very troubling,” de Blasio said at a news conference. “We have more and more inspectors who are going to get on top of that. We’re going to be very tough on those companies.”

He added, “We’ll send advisories to crane engineers when wind conditions warrant it, and engineers will be required to certify that they will indeed cease operations. If we don’t receive this certification, we will be issuing violations and we will raise the base penalty for failure to safeguard a site from the current $4,800 to $10,000.”

While construction in the city has increased over the past two years, the New York Times reported that the rise in deaths and injuries has exceeded the rate of new construction, that supervision at building sites was often lacking, and that preventative safety steps were not being taken.

Indeed, the list of incidents involving cranes has grown to eight since 2008, according to ABC News and the Associated Press.

— March 2008: A nearly 200-foot-tall crane fell as it was being lengthened in a neighborhood near the U.N. headquarters, demolishing a townhouse and killing six construction workers and a tourist. The crane rigger was tried and acquitted of manslaughter. An inspector accused of falsely saying he had checked the crane days before it toppled was acquitted of charges related to the collapse but convicted of falsifying inspection records related to other cranes.

— May 2008: A tower crane snapped, fell apart and crashed into a Manhattan apartment building, killing the crane operator and a construction worker on the ground. The crane owner was acquitted of manslaughter. A mechanic pleaded guilty to criminally negligent homicide. Together, the 2008 collapses prompted the resignation of the city buildings commissioner and a bribery case in which the city’s chief crane inspector pleaded guilty to taking payoffs to fake inspection and licensing exam results. The collapses also led to new safety measures, including hiring more inspectors and expanding training requirements and inspection checklists.

However, Comptroller Scott Stringer said in a 2014 audit that the city Department of Buildings hadn’t fully implemented safety recommendations on cranes and other issues, and Stringer reiterated his concerns Friday. The Department of Buildings disputed some of the audit’s conclusions, but spokesman Joe Soldevere said the agency had implemented many of the comptroller’s recommendations and “there is more oversight of cranes in place than ever before.”

— October 2012: A crane’s boom nearly snapped off and dangled precariously over a block near Carnegie Hall during Superstorm Sandy, as winds gusted to an estimated 80 to 100 mph. No one was injured, but people in a nearby hotel and other neighboring buildings had to flee in the midst of the storm as engineers scaled 74 stories to make sure the crane wasn’t in danger of falling.

— April 2012: A mobile crane’s boom fell and broke apart while hauling rebar at a subway station construction site, killing a worker. The site was exempt from most city construction safety rules because it belonged to a state transit authority.

— January 2013: A crane’s 170-foot-long boom fell and pulled down part of the wooden framework of an apartment tower under construction in Queens, injuring seven workers. Three workers had to be extricated from beneath fallen machinery.

— April 2015: Hydraulics malfunctioned on a small crane mounted on a truck while a worker was inspecting it in Manhattan, causing the boom to collapse and fall on him, killing him. The device wasn’t subject to the same regulations and inspections as larger cranes.

— May 2015: A mobile crane dropped a 13-ton air conditioning unit being placed atop a Manhattan office building. The air conditioning equipment fell 28 stories into the middle of an avenue. Ten people were injured by debris, and part of the building facade was shattered.

Competition Drives Commercial Rates Down 4% in January

The composite rate for property and casualty business placed in the United States measured minus 4% in January. Rates dropped from minus 2% in December 2015 to minus 5% in January 2016, MarketScout reported.

“Commercial property insurers are getting ready to scratch each other’s eyes out as they fight for market share,” said Richard Kerr, CEO of MarketScout. “We see nothing to PC Trendsprevent commercial property rates from dropping further.”

In addition to commercial property, business interruption, BOPs, professional liability, and D&O coverages were all more competitively priced in January compared to December 2015. Umbrella/Excess liability and workers compensation rates actually increased slightly over the same period, he said.

Transportation companies were assessed rate decreases of 4% in January 2016 versus 2% in December 2015. Rates for manufacturing and energy accounts were slightly higher in January 2016 than in December 2015. All other industries remained unchanged.

By accounts size, rates for small and medium sized accounts (all under $250,000) were more competitive in January 2016 than in the prior month. Large and jumbo accounts (over 250,001) were assessed rates slightly higher in January versus December.

Summary of the January 2016 rates by coverage, industry class and account size:
Coverage2 Industry3 Account

Tackling Event Risk, Scoring High in Safety

Super Bowl

Photo: Vincenzo Mancuso /

Major events like Sunday’s championship Super Bowl game and business functions go hand-in-hand. With the Big Game just around the corner, the San Francisco Bay Area has seen an uptick in events throughout the week, often consisting of lavish private parties and public gatherings. Companies in the area, as well as those from out of town, are taking this opportunity to conduct business and send their employees and clients to experience all the Golden Gate City has to offer.

Attending the Big Game, or any major event, cannot be all play and no work, especially for those – such as risk professional and business leaders – concerned about the legal, reputational, financial, and people-related risks surrounding such a high-profile and highly-populated event. Any company with employees or clients planning to attend the game and/or related festivities should keep a few things in mind to best protect them and their business in the event of a crisis. Before kickoff, here are a few tips to guide risk managers and business leaders when considering the potential risks surrounding major events like this Sunday’s game.

Mother Nature Poses Risks

Despite being known for its warm, dry summers and mild, wet winters, San Francisco is also known for being highly vulnerable to natural disasters such as earthquakes, tsunamis and wildfires. Organizations should expect the unexpected and create a crisis response plan for travelers prior to game day and most importantly, communicate these plans to their travelers and internal crisis teams. A clearly communicated plan can drastically reduce the potential for delays and confusion should a disaster strike.

Familiarize the Unfamiliar

Travelers heading to any major event need to become familiar with travel distances and transit options, since getting from point A to Point B will inevitably take longer than usual during a crisis. Knowing which roads and highways are open and which are closed and having several “out routes” from hotel and venue locations is one proactive way to prepare for an emergency.

Establish a Medical Strategy

With companies and attendees paying as much as thousands of dollars per ticket, it’s safe to say the last place anybody wants to be is in the emergency room. In the event something does happen, however, it’s important for travelers to understand the healthcare landscape in the Bay Area so they know where to go for medical care. Providing your employees with a thorough list of nearby hospitals, urgent care clinics and even a map of where the first aid locations are within the stadium ensures they have the tools to seek the care and assistance they need in the event of an emergency.

After Hours Preparation

Remember that disaster typically strikes when it’s least expected. As such, a sound crisis management strategy should include an element of what to do in the event of an after-hours emergency. It’s also imperative to perform a crisis management exercise before any emergencies surface, ensuring that all parties involved know their roles and responsibilities. Executives should keep a clear flow of communication to and from employees and those attending an event. During an emergency, details change by the minute and old facts are of no use. One way to keep attendees informed is arming them with a wide variety of tools, apps and websites (such as the event’s main website) to keep themselves updated on many of the variables described above.

These tips are just a few ways companies can fulfill their Duty of Care responsibilities while employees and clients enjoy the sights and sounds of any major event’s host-city. Providing employees, clients and other constituencies with a comprehensive list of information and emergency plans will allow your proactive measures to fall into place seamlessly should an emergency situation occur at a major event.