Companies Must Evolve to Keep Up With Hackers

If you ask a CFO if their company’s current cybersecurity strategy is working, it’s very likely that they do not know. While at first they may think it is, because the company’s bank accounts are untouched, an adversary could be lurking in their network and collecting critical data to later hold for ransom—threatening to destroy it if the money isn’t paid. The truth is that many organizations are lacking effective risk management that ensures the integrity and availability of their most essential data.

Corporate America needs to take the power back and stop hackers before they compromise networks and exfiltrate data for criminal uses, or simply threaten to destroy it for financial gain. To shift the power back in their favor, they must safeguard data, implement an effective risk management program, and invest in risk reduction activities. Organizations need to assess the maturity of their cybersecurity efforts, determine if they have any pre-existing conditions, and focus on risk reduction efforts that truly protect their data, while ensuring the ability to deliver products and services.

The fastest way to check for pre-existing conditions is by doing a compromise assessment to identify any current suspicious activity within their network. From there, they can determine what exactly needs to be done to reduce their organization’s cyber risk and develop a risk management plan that outlines clear steps for protecting their most critical assets.

To develop a cybersecurity risk management plan, executives need to first define the company’s “crown jewels”—the things that if compromised, would cause the most damage or inhibit the ability to deliver products or services that generate revenue. For instance, for a bank, this could be access to funds by their individual or business customers, or banking information that could be used for fraudulent purposes. Once an organization knows what it’s protecting, the executives can then create a security roadmap that ensures the secure delivery of products or services.

The security roadmap should start with a business impact assessment that identifies those crown jewels that are needed for delivery of essential services or producing products. These can include the data itself, technical architecture or systems used by their customers to transact business. Once these have been identified a prioritized risk reduction plan needs to be developed and tracked by the company’s leadership. Every facet of risk should be considered, from legal risk, to the consequences of a data breach, or inability to deliver services resulting from an intrusion or denial-of-service attack.

While security assessments and roadmaps are essential for defining an organization’s adequate cyber defenses, one of the biggest mistakes we see businesses make is being reactive when it comes to their defenses—relying on traditional technologies that only identify known threats and leverage Indicators of Compromise (IoCs). This method does not capture new exploits fast enough, nor versions of malware or other obfuscation techniques that are introduced by sophisticated adversaries. A great example is the sheer speed at which WannaCry ransomware spread to organizations of all sizes across the globe. Adversaries are capitalizing on this reactive security shortcoming by taking advantage of this window of opportunity to comprise data or networks.

Instead, organizations must take a proactive approach that focuses on indicators of attack (IoAs) that identify adversary behavior indicating malicious activity, such as code execution or lateral movement. IoAs can alert businesses to adversary activity before any damage is done. To effectively make use of this data, businesses also need to leverage threat intelligence for deeper insights into these IoAs.

Threat intelligence provides a crucial layer of information on adversary motives, tactics, techniques and procedures. For instance, a bank could look at a threat and see if this particular adversary typically targets the financial services industry, which regions they operate in and the motive behind their attacks.

Going one step further, organizations should leverage technology that enables threat intelligence to be shared rapidly and can protect numerous customers at once. At the end of the day, effective security requires a community effort. Corporate America needs to come together and truly leverage the power of crowdsourced intelligence—to keep from becoming victims of the next big attack.

From a lack of risk management plans, to reliance on reactive security measures, there are a number of areas where companies are falling short of having an adequate cyber defense. By putting the necessary plans in place to secure the integrity of their critical data, taking a proactive approach to cyber threats and working together across industries and businesses, corporate America can collectively build a stronger cyber defense.

Second Quarter Sees 1% rise in Commercial Lines Rates

Closer attention to underwriting and losses has led to premium increases averaging 1% in the second quarter of 2017, continuing an upward trend this year. The transportation sector, most notably auto-related exposures, is seeing the highest increases, up to 4%, according to a report released today by MarketScout.

“We now have two consecutive quarters of composite rate premium increases. Insurers are adjusting pricing as they should, based upon losses incurred, expense loads and targeted returns on equity,” Richard Kerr, CEO and Founder of MarketScout said in a statement.

By account size, organizations smaller to medium-size saw the highest premium increases. Small accounts (under $25,000 premium) increased from up 1% to up 2%, medium accounts ($25,001 – $250,000) went from flat to plus 1%, large accounts ($250,001 – $1 million) were unchanged and jumbo accounts (more than $1 million) were down 1% compared to a drop of 2% the prior quarter.
By coverage class, commercial property and inland marine adjusted from down 1% in the first quarter, to up 1% in the second quarter. Commercial auto rates rose from up 3% to up 4%. EPLI also went from up 1% to up 2%. Fiduciary adjusted downward to flat or no increase compared to up 1% in the prior quarter. All other coverage classifications were unchanged from the previous quarter, according to the report.
By industry class, public entity rates moderated from up 1% to flat. Transportation risks experienced slightly lower rate increases with second quarter rates up 4% compared to 5% first quarter.

Accounts Receivables Coverage Helps Fill Supply Chain Gaps

It is standard for companies to insure and protect cash, inventory, property, plants and equipment, and more recently, data. Companies are insuring every step in the supply chain and sales process from concept to delivery. What is often not insured, however, is the last but most important part of a sales transaction—getting paid. You can safely bring your product to market, but if a partner or customer defaults on payment and you have no recourse, you’ve lost your total investment. Your balance sheet takes the hit.

As with most risks, there is insurance for that, too. Accounts receivable insurance protects what is often a company’s most critical asset on the balance sheet. More than just protection from non-payment, accounts receivable insurance puts companies in a stronger position to secure loans with improved credit quality. With accounts receivable Insurance acting as a second source of repayment, a company can assure a lender it will not have covenant issues if there is default by a customer.

Consider these hypothetical scenarios: Bob’s company is based in Canada and he sells components to computer chip manufacturers throughout North America. He buys parts from foreign markets to make his product. The company that supplies Bob with parts has been working with Bob for 30 years. Bob has always paid them for their deliveries. Recently, Bob has struggled to receive payment from his customers in North America due to their decline in computer chip sales.

As a result, Bob is now finding it difficult to pay his supplier on time. The supplier believed Bob had risk management protections in place and would always pay them for their delivery. They never thought Bob would go bankrupt. Fortunately for both Bob and his supplier, he has accounts receivable Insurance. Even though he was exposed to the risk of his customers not paying, his accounts receivable Insurance kicked in as a second source of repayment.

Here is another example regarding the uncertainty of political events in a global economy and how they can impact a company’s balance sheet. A U.S. exporter is selling to Latin America and there are a few countries within the region that are approaching elections. A regime change could mean changes in policies, resulting in the possible cancellation of an import or export license, a moratorium on the payment of any external debts outside the country, or the inability to convert local currency to hard exchangeable currency to make payment. With an accounts receivable program protecting assets, the exporter is able to securely transact with their customers in a foreign market, knowing they’ve mitigated the risk of non-payment due to any potential policy changes or actions.

These examples are not hard to imagine. What is startling to see are estimates that only 8% of U.S. companies have accounts receivable insurance compared with 70% of European companies. In Europe, boards mandate this coverage. This underscores the differences between regional risk perceptions. Perhaps there is a greater recognition of the account receivable risks for companies operating in multiple countries, including developing nations with a high degree of political instability.

With the new U.S. administration, Brexit and other unpredictable market forces in play, it is certain that we will be seeing shifts in the global economy. Undoubtedly, there will be bumps along the supply chain as well, and companies will face challenges, including non-payment.

These bumps are not only for the largest global organizations, however. Middle-market companies will face a new competitive landscape, with a push to focus manufacturing in the U.S., and changes to the flow of their supply chain. This will impact costs and the need for extra working capital. Accounts receivable insurance should be viewed as a tool to bolster the balance sheet to provide the liquidity needed to advance business goals.

Accounts receivable coverage provides a competitive edge by giving suppliers the ability to extend credit to their customers as opposed to requiring payment in advance or on delivery. It can be helpful in lengthening payment terms with customers to match or exceed the competition and allows for these aggressive growth strategies without taking additional balance sheet risk. Accounts receivable insurance also can help a company obtain a higher advance rate with lenders that use accounts receivables as collateral. This will provide increased liquidity without having to increase the asset base and can help in negotiating lower borrowing rates.

Supply chain risks are currently taking center stage as one of our greatest concerns. Don’t forget to protect the ultimate objective in the sales process—collecting payment.

Sears Suppliers Wary as Shares Plummet

Sears Holding Corps’ “going concern” filing has vendors and their insurers running for cover as the venerable American department store appears heading for bankruptcy or some other final disposition.

In a filing this week with the U.S. Securities and Exchange Commission, Sears Holding Corp. told investors and observers that, “substantial doubt exists related to the company’s ability to continue as a going concern.” The company is parent to Sears stores and sister retailer Kmart.

The filing sent Sears shares down as much as 16% to $7.60 in New York trading, the company’s biggest intraday drop since October 2014. Prior to the drop, shares had gained some 60% since Feb. 9, according to Bloomberg.

As a result, Sears’ suppliers are changing business terms with the troubled retailer, in some cases cutting back inventory or insisting on faster payment terms, in order to mitigate the downside associated with doing business with Sears.

One such supplier, a textile maker in Bangladesh, has sharply cut back on the amount of goods it manufactures for Sears. “We have to protect ourselves from the risk of nonpayment,” the textile maker’s managing director told Reuters. “So far there was only speculation that they would declare bankruptcy in 2017. But now they are acknowledging it, which definitely complicates our relationship with them and our decision to accept future orders from Sears.”

Bloomberg Intelligence analyst Noel Hebert noted, “They’ve got all kinds of issues.” Sears has enough cash to get through 2017, he said, but its declining payables-to-inventory ratio shows that vendors have been increasingly reluctant to keep the retailer stocked.

Although Sears posted a smaller loss than expected in the fourth quarter, the company has lost some $10 billion over the past few years, according to Bloomberg.

“Whatever vendors continue to support them are now going to put them on even more of a short string. That means they’ll ship them smaller quantities and demand payment either in advance or immediately upon delivery,” Mark Cohen, the former chief executive of Sears Canada and director of retail studies at Columbia Business School in New York City, said in the Reuters piece. “Sears stores are pathetically badly inventoried today and they will become worse.”

Insurers that supply coverage against the nonpayment of goods are also looking to limit their exposure to what appears to be a worsening situation by backing away from business with Sears as it sinks.

“We tried to hang in as long as we could,” said Doug Collins, regional director for risk services at Atradius Trade Credit Insurance, who added that his firm has stopped providing insurance to Sears’ vendors. “Vendors may try to get a few more cycles in before the worst happens, and then it just depends if they’re lucky or not,” he said.

The situation is complicated by the personal involvement of billionaire owner Edward Lampert, who has poured hundreds of millions into Sears from his other business interests, using some of Sears’ assets as guarantees against the loans. This has resulted in a complex, even byzantine ownership structure which may complicate or preclude assets sales which could generate cash, according to some observers.

Sears’ cash position has crashed to just $286 million at the end of 2016 from a high of $1.7 billion in 2009, according to the Street.com, which added that the company hasn’t generated cash flow from its operations since 2006. “With negative news like this, it’s never good for confidence on the company,” Moody’s vice president, Christina Boni said. Earlier this year, Moody’s downgraded Sears’ credit rating to Caa2 from Caa1 to reflect the accelerating negative sales performance of its business and risk of possible default.