Tag Archives: PCI

Immediate Vault Immediate Access

P&C Insurers See $1.5 Billion Net Underwriting Loss in 1H

Posted on by

A deteriorated combined ratio seen by insurers along with slow net written premium growth contributed to net underwriting losses of $1.5 billion in the first half of 2016. Insurers’ combined ratio deteriorated to 99.8% from 97.6% in the first-half of 2015, and net written premium growth slowed to 3.0% from 4.1% a year earlier, according to a report from ISO and the Property Casualty Insurers Association of America (PCI).

The Insurance Information Institute’s Steven N. Weisbart explained:

In general, premiums may grow for any or all of several reasons. First, there is growth in the number and/or value of insurable interests (such as property and liability risks). Second, there is an increase in the willingness of buyers who had some or no insurance to purchase or add to their insurance protection, net of those who reduce or drop it. And third, there is an increase in rates (that is, the price per unit of coverage).

buy amoxil online cphia2023.com/wp-content/uploads/2023/08/jpg/amoxil.html no prescription pharmacy

Net investment income dropped to $22.1 billion in the first-half from $23.4 billion a year earlier, and realized capital gains decreased to $4.4 billion from $8.2 billion, resulting in $26.5 billion in net investment gains for the first-half, down $5.1 billion from a year earlier.
pc-results

Direct insured property losses from catastrophes in the United States totaled $13.5 billion in the first-half, up from $10.7 billion a year earlier—above the $11.6 billion average for first-half direct catastrophe losses for the past 10 years, according to the report.

“The industry’s results continued to worsen in the first half of the year, as insurers reported a first-half net underwriting loss for the first time since 2012 and saw their combined ratio exceed 99%,” Beth Fitzgerald, president of ISO Solutions, said in a statement. “Catastrophe losses remained higher than in previous years. Texas was hit by a hailstorm that has been described as the costliest in the state’s history, and several states in the central United States experienced severe thunderstorms. With interest rates and investment yields remaining low, insurers must find ways to improve operational efficiency while still providing valuable coverage for their policyholders.”

In the second quarter of this year, insurers’ net income after taxes fell to $8.3 billion from $12.9 billion in the second-quarter of 2015, and their combined ratio worsened to 102.
buy orlistat online https://royalcitydrugs.com/orlistat.html no prescription

1% in second-quarter 2016 from 99.4% a year earlier.

Their annualized rate of return on average surplus dropped to 4.

buy hydroxychloroquine online cphia2023.com/wp-content/uploads/2023/08/jpg/hydroxychloroquine.html no prescription pharmacy

9% in second-quarter 2016 from 7.7% a year earlier. Net written premiums rose 2.9% in second-quarter 2016 compared with 4.

buy finasteride online cphia2023.com/wp-content/uploads/2023/08/jpg/finasteride.html no prescription pharmacy

5% in second-quarter 2015.

P&C Insurers’ Profitability Up in First Half of 2015

Posted on by

Low catastrophe losses contributed to a rise in net income for property/casualty insurers in the first half of this year, to $31 billion from $26 billion in the first half of 2014, according to ISO, a Verisk Analytics business, and the Property Casualty Insurers Association of America (PCI). Insurers’ overall profitability, measured by their rate of return on average policyholders’ surplus, grew to 9.2% from 7.8%.

“While Old Man Winter did his best to disrupt things in the Northeast during the first half of 2015, insurers overall incurred lower domestic catastrophe losses than they did during the first half of last year due to a relatively quiet tornado season and the slow start to hurricane season,” Robert Gordon, PCI’s senior vice president for policy development and research, said in a statement. “Insurers’ combined ratio and rate of return all improved in the first half of 2015, while premium growth and investment income remained relatively stable.”

Beth Fitzgerald, president of ISO Solutions noted, “Still, it’s important to note than U.S. catastrophe losses during the first half of 2015 were only slightly lower than the 10-year average. As the devastation caused by meteorological conditions associated with Hurricane Joaquin highlights, it’s crucial for insurers to remain disciplined in their underwriting and look at analytics to be ready not only for weather disasters but also for other major challenges the future may hold.”

According to the report, insurers’ combined ratio improved to 97.6% for first-half 2015 from 98.9% for first-half 2014, and net underwriting gains went to $3.39 billion from $237 million. Net written premium growth remained unchanged at 4.1 percent for the first half of 2014 and 2015.

Also in first-half 2015, earned premiums grew 4.0% to $247.5 billion, while losses and loss adjustment expenses (LLAE) rose just 1.8% to $171.3 billion. Other underwriting expenses rose 4.7% to $71.8 billion, and policyholders’ dividends were mostly unchanged at $1.0 billion. Net underwriting gains increased to $3.4 billion from $0.2 billion.

In second quarter, consolidated net income after taxes for the P&C industry rose to $12.8 billion from $12.1 billion in second-quarter 2014.

P-C_1Q results

P&C insurers’ annualized rate of return on average surplus increased to 7.6% in second-quarter 2015 from 7.3% a year earlier.

Net written premiums rose $5.5 billion, or 4.4%, to $130.6 billion in second-quarter 2015 from $125.1 billion in second-quarter 2014.

Staying Ahead of the Financial Industry’s Next Wakeup Call

Posted on by

The financial services sector is no stranger to stringent regulation. At the very least, financial institutions are audited every 18 months. But without a proper security posture, complying with the likes of the Payment Card Industry Data Security Standard (PCI DSS) and others doesn’t always have the dual benefit of protecting against breaches: the PwC 2015 Global State of Information Security report noted a 141% year over year increase in the number of financial services firms reporting losses of $10 million to $19.9 million.

This tells us a few things: first, compliance is all about a company’s interpretation of the rules, which can be bent and glossed over–compliance is, after all, a minimum standard to which firms should adhere. Additionally, regulation needs to have more teeth as security threats become more sophisticated and targeted. Most importantly, with the regulated ecosystem being so complex, institutions should identify the elements prescribed most frequently across compliance mandates and put solutions in place that meet them. While doing so won’t guarantee complete security, it will put firms in the best possible position to protect against attack while simultaneously satisfying auditors.

The Cost of Compliance

The 2014 SANS Financial Services Security Survey, which examines the drivers for security-related spending in the financial services industry, reports that 32% of organizations spend more than one quarter of their IT security budget on compliance mandates. Nearly 16% of respondents say they are spending more than 50% of their security budgets on compliance.

Unfortunately, this investment in compliance doesn’t translate to investment security dollars. In fact, the survey also demonstrates that certain drivers behind firms’ information security programs are competing for resources with compliance mandates; while 69% of respondents say that demonstrating regulatory compliance is a top driver, a majority also cited drivers that tie closely to that, including reducing risk (64%) and protecting brand reputation (51%).

To ensure investment in security and compliance are not mutually exclusive, it takes effort on both sides–firms should put more effective solutions in place, while regulators should have stronger directives to encourage firms to streamline those efforts.

Securing the Endpoint

Specifically, firms should put systems in place that address endpoint vulnerabilities, including insider threat and malware on the devices, rather than on network solutions. The same SANS report elucidates that endpoint vulnerabilities were the biggest causes of security incidents among financial institutions, with abuse or misuse by internal employees or contractors (43%) and spear phishing emails (43%) the most prevalent, followed by malware or botnet infections (42%).

It doesn’t take long to find explicit use cases that corroborate these findings. The JPMorgan Breach, which impacted nearly 76 million households, came down to a hacker that gained high-level administrator privileges. Put simply, the cause for breach wasn’t necessarily the sophisticated malware, but rather, the ritual IT administrator tasks that were compromised. Clearly, while perimeter technologies like firewalls can prevent certain types of external attacks, they cannot block malware that has already found its way onto endpoints within an organization. Layering proactive solutions will be critical to preventing serious threats from occurring.

Least Privilege: The One-Two Punch

Proactive solutions should incorporate layering elements like patching, application whitelisting and privilege management. Taking this defense-in-depth approach will enable financial organizations to more effectively protect against the spread of malware, defending their valuable assets and ultimately their reputation. The dual benefit? They will satisfy auditors.

The least privilege methodology in particular, which limits administrator privileges from individuals and grants them to certain applications instead, is broadly prescribed across multiple financial mandates in the United States–from PCI DSS, to Federation of Defense and Corporate Counsel (FDCC) to the Sarbanes-Oxley Compliance (SOX) mandate. For instance, the PCI DSS has a specific requirement to log activity of privileged users and states that employees with privileged user accounts must be limited to the least set of privileges necessary to perform their job responsibilities.

Internationally, the practice is even more strictly enforced. For instance, the Monetary Authority of Singapore (MAS) has technology risk management guidelines that detail a number of system requirements–such as limiting exposure to cyber and man-in-the-middle attacks – that would be very difficult to achieve without a least privilege environment. In fact, the document presents one section dedicated entirely to least privilege. Here, requirements encourage restricting the number of privileged accounts and only granting them on a ‘need-to-have’ basis. The guidelines also encourage the close monitoring of those who are given elevated rights, with regular assessments to ensure they are always appropriately assigned.

Ultimately, limiting privileged access limits hackers’ attack vector and also prevents staff from implementing sophisticated attacks like logic bombs, knowingly or unwittingly. At the same time, the practice will help achieve compliance, driving down unnecessary spending. While progress is being made collectively between firms and regulators, more can be done; regulators can bring endpoint security top of the priority list and firms can put in practice simpler elements for a strong architecture. A next high-profile security beach shouldn’t be the industry’s wakeup call.

How Retailers Can Better Mitigate Black Friday Risks

Posted on by

Black Friday Shopping Risks

With the biggest shopping events of the season, retailers face tremendous amounts of both risk and reward as sales and door-busters draw in eager consumers all week. In 2013, Thanksgiving deals brought in 92.1 million shoppers to spend over $50 billion in a single weekend, the National Retail Federation reports.

The National Retail Federation issued crowd management guidelines for retailers and mall management officials to use when planning special events, including Black Friday, product launches, celebrity appearances and promotional sales. General considerations to plan for and curtail any crowd control issues include:

  • Remind and retrain all employees about your store’s emergency protocols to address potential risks facing employees and customers.
  • Dedicate knowledgeable employees to communicate and manage crowds, from arrival to departure, and resolve any potential conflicts that may arise.
  • Strategically place sale items throughout the store to help disperse crowds and manage traffic flow.
  • Request the assistance of local law enforcement if large crowds are expected and arrange for additional security services.
  • Educate employees about relevant policies and procedures and advise them who to contact in the event of a situation.

Last week, the U.S. Department of Labor’s Occupational Safety and Health Administration also issued a public letter to retailers urging companies to plan ahead for better in-store safety for both employees and customers. According to OSHA’s “Crowd Management Safety Guidelines for Retailers,” crowd management plans should, at least, include:

  • On-site trained security personnel or police officers
  • Barricades or rope lines for pedestrians that do not start right in front of the store’s entrance
  • The implementation of crowd control measures well in advance of customers arriving at the store
  • Emergency procedures in place to address potential dangers
  • Methods for explaining approach and entrance procedures to the arriving public
  • Not allowing additional customers to enter the store when it reaches its maximum occupancy level
  • Not blocking or locking exit doors

Brick-and-mortar retailers are not the only ones at greater risk. Companies that operate call centers must also be prepared for a drastic increase in customer inquiries and purchases. According to communications intelligence firm Cognia, 69% of U.S. contact centers carry out credit card payments over the phone and 84% record calls, making their archives particularly vulnerable to potential breaches.

“The first thing to highlight with respect to call center compliance at peak times is that this pressure is unlikely to create new issues, but will amplify existing ones. Attackers / threat actors (the bad guys) will also be aware that this is the time at which procedures are most likely to slip, and social engineering vulnerabilities that have previously been identified can be exploited,” said Tom Evans, Cognia’s chief security officer.

“There are challenges but, from a risk perspective, there is also an opportunity to fine-tune the risk management system under pressure. At these peak times, issues will be visible that would go undetected during business as usual operation,” Evans noted. “There is an opportunity to be proactive and to use the pressure around these peak sales times to identify bad practice that, during less pressured periods, is probably limited to one or two individuals or occasional occurrences, and therefore very hard to spot. Even the most dependable employee under the pressure on big queues may resort to a shortcut to get the job done. Identifying these means that controls can be put in place to prevent them being used again, and therefore the overall risk management position improved.”

To improve security and PCI compliance, Evans recommends that companies focus on areas that have lower security controls overall. For example, seasonal employees, over-spill call centers, and work at home agents may all be components of a contingency plan for peak periods that introduce vulnerability that can be mitigated.