Tag Archives: cyberrisk

Immediate Vault Immediate Access

Q&A With New National Cyber Security Alliance Executive Director Kelvin Coleman

Posted on by

The National Cyber Security Alliance (NCSA) announced that its new executive director is Kelvin Coleman, who has held high-level positions in the United States Department of Homeland Security, and the National Security Council.

Coleman’s appointment puts him in charge of the country’s leading cybersecurity and privacy protection education and awareness organization, responsible for leading organizational growth; facilitating strategic partnerships and alliances with government, industry and non-profits; and acting as NCSA’s primary spokesperson.

He discussed with Risk Management Monitor the types of cyberrisks he follows, preventative measures and upcoming NCSA events and services.

What are the biggest cyberrisks facing businesses today? How do you plan to advise or collaborate with business leaders to combat them?

buy azithromycin online metabolicleader.com/p7pmm/img/jpg/azithromycin.html no prescription pharmacy

Some of the biggest cyberrisks facing businesses today include email threats, employee activity and vendor security. When it comes down to addressing cyberrisks targeting businesses of varying sizes, everyone needs to start with the basics. It is imperative to get leadership on board with recognizing that cyber resilience is more than just taking technology-focused measures, but also modifying processes and behaviors at all levels in the organization.

What are the attacks that are easiest or most difficult to prevent?

The answer to both is phishing. Attacks come in through three different ways – people, products, and processes. A great product can hold attackers at bay. Similarly, great processes can mitigate a threat. Human beings are the wild cards. People are both the easiest to control and the most difficult, especially when it comes to phishing attacks. One of the NCSA’s tips is “when in doubt, throw it out.” We try to make sure folks understand that if they are not familiar with a link or a website, they need to delete it or ignore it.

At NCSA, our focus is on the human side of cyberattacks, and we work to get people to change their behaviors as well as understand the processes for keeping their devices and online accounts safe, particularly as phishing attacks become more sophisticated.

Speaking of the human side, which professionals are most exposed to cyberrisk?

All of them. Cybersecurity needs to be embedded into the company culture from the most entry-level positions to the most senior, because hackers can access information at any level. We’re all vulnerable, from the break room to the boardroom. We often tell small business owners that they must also train their employees to recognize malicious links and emails, as employees can often be the weakest link when it comes to cybersecurity at the office.

What is your reaction when you learn that the information of 500 million Marriott guests may have been exposed?

Marriott is a great example of a company doing as much as it can to prevent an attack but still being targeted. They were not laissez-faire about their security. So, I see it as a warning for everyone to remain extremely vigilant in the face of increasing numbers of cyber attacks. If it happens to Marriott, we’re all vulnerable to an attack of this nature.

Small businesses seem just as susceptible to cyberrisk as large ones. How would you advise small businesses to protect themselves?

buy diflucan online metabolicleader.com/p7pmm/img/jpg/diflucan.html no prescription pharmacy

Small businesses are more at risk and they often have information, such as customer data, that’s just as valuable to hackers as that of the customer data from large corporations. Small businesses often don’t have the resources to invest in a prevention plan, nor do they have the capital or leadership or knowledge about cybersecurity. This is why they’re often targets for hackers.

Our advice for small businesses doesn’t vary much from what we advise to all people: Keep a clean machine by keeping software updated, use stronger authentication and passwords, recognize and avoid phishing links, etc. If [a small business] decides to hire a third-party vendor for cybersecurity, we advise them to do their research and hire a reputable vendor. We also encourage them to attend our regional CyberSecure My Business events in their local community, or take part in a CyberSecure My Business webinar.

What new initiatives or campaigns will you be overseeing for in 2019?

In 2019, our overarching goal is to empower individuals and – at the same time– focus on educating businesses to respect privacy, safeguard data and enable trust. This means that consumers need to know how organizations collect and use personal information and companies of all sizes need to be transparent and communicate in an accurate and consumer-friendly language to their customer base.

buy keflex online metabolicleader.com/p7pmm/img/jpg/keflex.html no prescription pharmacy

We will share key messaging and provide actionable tips to help protect privacy. NCSA and our highly engaged partners will host numerous events that will shine a spotlight on the rapidly changing technology landscape and forging ahead toward the future of privacy. We plan to engage industry leaders with diverse perspectives to address opportunities and challenges. In addition, we will soon be launching our Champions program which is a way for both individuals and businesses to officially show support. We expect to launch the Champions portal – along with additional Data Privacy Day information – in mid-December 2018.

What changes or improvements are in store for National Cyber Security Awareness Month (NCSAM)?

I don’t believe NCSAM needs a shiny new toy each year. Our plan is to engage a much larger audience. NCSAM continues to reach more and more people every year, but there are still significant numbers of Americans who need to hear our message – not just during October but throughout the year. We want to connect these folks more with our proven tips for staying safe and secure online. Our goal at NCSA is reinforcing our cybersecurity best practices among a broader audience to better impact online behavior.

Cyber Insurance Strategies Explored: RIMS Report

Posted on by

High-profile data breaches have been making headlines recently, and their damage can transcend industries, which is why cybersecurity is often a top priority for risk managers. With many traditional insurance policies no longer responding to or outright excluding cyber events, risk professionals must understand their options to ensure the organization is protected in the event of a data breach.

online pharmacy phenergan with best prices today in the USA

A new report by RIMS, A Guide to Cyber Insurance, provides a roadmap for determining the type of coverage risk managers need in the fast-changing world of privacy, data protection, and cyber risk management. The study serves as a reference for risk professionals who are exploring options to effectively manage cyberrisks that are uncovered or not addressed by the organization’s existing risk management program.

Topics include:

  • The cyber insurance application process
  • Procurement of insurance
  • Management of cyber claims
  • Third-party coverage
  • Litigation strategies, and other pertinent details

“While cyber risk management policies are necessary for every organization, reducing a category of risk to zero is impossible,” the report notes. “Cyber insurance can help cover the gaps between a robust risk management program and any remaining risks.”

The report also features case reviews in the areas of cyber policy coverage litigation, negligence, computer fraud, technology errors and advertising and personal injury coverage. “While the overall decision-making process is much the same as with other litigation decisions, certain factors are more complex in the cyber insurance context compared to other insurance disputes,” the authors note.

The Guide doesn’t only focus on insurance. It also features helpful tips when implementing a strategic risk management program characterized by a cybersecurity framework. Pre-event planning and preparation, penetration testing and response ideas are offered as well.

“Following the purchase of some form of cyber coverage, risk professionals need to be prepared for the worst: a cyber event and any resulting claims,” the report states.

online pharmacy xtandi with best prices today in the USA

“An organization needs to understand both the risk it faces and the coverage options available to ensure that the cyber policies it purchases provide the necessary coverage when it experiences the inevitable data breach or other cyber events.”

A Guide to Cyber Insurance is authored by Bradley Arant Boult Cummings law firm members: Dylan C. Black, A. Kate Margolis, G. Benjamin Milam and Emily M. Ruzic.

The report is currently available to RIMS members.

online pharmacy ventolin with best prices today in the USA

To download the report, visit the RIMS Risk Knowledge library at www.RIMS.org/RiskKnowledge. To learn about other RIMS publications, educational opportunities, conferences and resources, visit www.RIMS.org.

Risk Management of Technology Risks Lagging, Survey Finds

Posted on by

SAN ANTONIO—Technology is becoming more and more necessary for the growth of companies, enhancing their abilities to get products to their destination faster and automate core processes. In fact, it’s predicted that revenues from AI-related technologies will reach $127 billion by 2025.Technology has also led to safer work conditions for employees with the use of wearable technology and drones.

According to the 15th Annual Excellence in Risk Management report by Marsh and RIMS, which examines risk professionals’ knowledge of and role in managing technology innovation such as artificial intelligence (AI), blockchain, and the Internet of Things (IoT), 59% of respondents said their organizations are currently using or exploring the use of IoT systems; 47% are using or exploring the use of AI; and 24% are using or exploring the use of blockchain.

Despite this growth, however, only 14% said they strongly believe they have a clear process in place for addressing disruptive technology risks. Almost half could not say if there was a clear process.

The report found that most risk professionals would benefit from balancing their view of digital technology. When asked what it means for their organization to be “digital,” a majority cited operational improvements, such as automating core processes, over growth initiatives such as new ways of doing business and interacting with customers.

By ignoring how digitization is changing the way companies interact with their customers, risk professionals cannot fully understand the changing risk profiles of their organizations, the report notes.

“Emerging technologies like artificial intelligence and blockchain are fast becoming the new normal, yet risk management is not keeping up,” observed Brian Elowe, U.S. client executive leader at Marsh. “Only by asking questions and understanding the underlying technologies and their uses throughout the organization can risk professionals truly appreciate their organizations’ risks and respond accordingly.”

Fear and lack of understanding about these new technologies could be the basis of this lag. As the report indicates, however, it is not necessary for risk professionals to understand the detailed intricacies of every new technology. Instead, they should be able to discuss them with technologists.

“Risk management professionals can add tremendous value and insight, supporting organizations’ ability to make strategic decisions regarding disruptive technology,” said Carol Fox, RIMS vice president of strategic initiatives. “Engaging in innovation that impacts our companies, customers, industries, and even the practice of risk management itself is a giant first step. While risk professionals do not need to be ‘experts’ in the intricacies of these technologies, they can certainly advance the performance benefits that each new technology brings.”

The good news for many risk professionals – and their organizations – is that managing emerging risks and working across the organization are not new challenges. In recent years, risk professionals have had a number of risks to contend with, including terrorism, climate change and cyberattacks. “Risk management executives are well placed to be part of the leadership team around technology adoption; their position naturally connects them to others across their organizations,” according to the report.

Highlights from the report:

  • The majority of respondents said they are most interested in technology that enables them to identify emerging risks (57%) and enhance data security (57%).
  • Of the respondents whose organizations have cross-functional risk committees, 31% said disruptive technologies are discussed at every meeting.
  • 40% of respondents said they would consider switching insurers and other advisors based on their ability to provide innovations in the claims area.

Companies Continue to Grapple with Cyberrisk, Study Finds

Posted on by

As technology becomes more critical to company success, the number of cyberattacks has climbed.

As a result, cyberrisk has become one of the top risks for companies around the world, according to the Marsh-Microsoft Global Cyber Risk Perception Survey. Almost two-thirds of survey respondents identified cyberrisk as one of their organization’s top-five risk management priorities—almost double the percentage who rated cyber as a top risk in a 2016 study, Marsh said, adding that respondents whose organizations had been successfully attacked were slightly more likely to prioritize cyberrisk than those who had not.

Despite these concerns, however, the study notes that just one in five respondents said they are “highly confident in their organization’s ability to manage and mitigate cyberrisk or respond and recover from an attack.” This was especially the case among corporate directors, who play an important role in protecting their organization from cyber threats. While about 70% of respondents who identified as board members said they ranked cyberrisk as a top-five concern, only 14% said they were “highly confident” in their organization’s ability to respond to an attack.

Board Disconnect
While organizations have traditionally relied on IT staff to manage cyberrisks, the structure of oversight is evolving in many companies as risks accelerate. Stakeholders from across the enterprise are looking beyond prevention to include risk assessment, mitigation and cyber resilience.

Asked about cybersecurity structure, however, 70% of respondents named their IT department as a primary owner and decision-maker of the risk.

This was more often true for smaller companies, as larger organizations tended to spread the responsibility for cyberrisk—from a low of 13% in the smallest organizations (many of which may not have a separate risk management function) to 58% in the largest organizations with more than $5 billion in revenue, the study found.

Ideally, boards should view cyberrisk management as part of their overall perspective on enterprise risk management. In organizations where the board is involved, however, the study found a disconnect:

Corporate directors often appear to either not understand the information on cyberrisk they receive, or to not be receiving it all. For example, 53% of chief information security officers, 47% of chief risk officers, and 38% of chief technology/information officers said they provide reports to board members on cyber investment initiatives. Yet only 18% of board members said they receive such information.

This information gap illustrates a need to develop cyberrisk economic/business models that facilitate shared dialogue including common language among IT, the board, and other corporate departments.

This disconnect also reinforces the need for a cross-functional approach to cyber risk governance, according to the study.