Home | Print Page | Contact Us | Sign In | Join the PIA
Weekly Industry News
Blog Home All Blogs
PIA Western Alliance knows you want to be the best in the field, and the best way to stay on top is to stay informed. PIA Weekly Industry News Brief is an informative e-news brief that delivers the most relevant industry content.

 

Search all posts for:   

 

Top tags: Insurance Content  Weekly Industry News  Insurance Industry  Insurance News  Around the PIA Western Alliance States  ObamaCare  The Affordable Care Act  Healthcare  HealthCare.gov  Cyber Security  PIA Western Alliance  Cyber Breach  Cyber Insurance  Employment  jobs  wildfires  flood insurance  AIG  work  Flood  Millennials  Employees  PIA  business  Millennials & Insurance  Pia National  Taxes  E&O  Insurance  MetLife 

A Frightening Cyber Security Statistic — Under-Staffed Staffs

Posted By Staff reporter, Tuesday, April 2, 2019

ISACA is a global group that helps individuals and businesses with technology issues like cyber security. It just did some research on the problem of finding cyber security professionals to assist with the defense of a company’s data bases and other information.

 

The results are frightening.

 

A whopping 69% of the security people quizzed said the lure of more pay other places makes it very, very difficult to keep personnel. That same issue also makes it difficult to find people to work in the cyber security endeavors of the company.

 

As a result:

 

  69% say they are understaffed

  57% say they offer increased training as an incentive to stay

  But 82% say most leave for other companies offering higher salaries, bonuses and promotions

  58% say — as a result — they have unfilled positions

 

ISACA’s board chairman Rob Clyde said, “We’re in a highly fluid environment where organizations are increasingly challenged by competitive forces. Creative and competitive retention efforts are more important than ever in the current environment, and organizations should make it a priority to identify ways to boost their cyber security teams.”

 

By the way:

 

  Just 45% of the females responding think men and women have an equal shot at advancement

  That’s down from 51% a year ago

  Less than half of the cyber security organizations polled have a gender diversity program

 

Source link: Digital Insurance

 

 

Tags:  Cyber insurance  Cyber Security  insurance content 2019 

Share |
PermalinkComments (0)
 

Special Report: The Cyber Security Challenge

Posted By Staff reporter, Tuesday, February 5, 2019

A new report from Accenture is frightening. Another one from the Defense Department and the Pentagon is even more frightening than Accenture’s.

The Accenture report is titled Securing the Digital Economy: Reinventing the Internet for Trust. It found 75% of the CEOs think the only solution to the cyber challenges faced by all of us is cross-industry coordination.

Worse, Accenture believes in the next five-years companies worldwide will lose $5.2 trillion from cyber attacks.

  The highest risk is the high-tech industry with $753 billion at stake

  Life sciences has $642 billion at risk

  The automotive industry has $505 billion

“Internet security is lagging behind the sophistication of cybercriminals and is leading to an erosion of trust in the digital economy,” company spokesman Omar Abbosh said. “Strengthening internet security requires decisive — and, at times, unconventional — leadership by CEOs, not just CISOs.

To become a cyber-resilient enterprise, companies need to start by bringing CISOs’ expertise to the board, ensuring security is built-in from the initial design stage and that all business managers are held responsible for security and data privacy.”

 

Here’s more from the report:

 •  79% say the advancement of the digital economy will be stall or slow down if dramatic improvement in internet security is not made

  59% say the internet is growing increasingly unstable

  That same 59% say they are not sure how to respond to that instability

  56% say they would welcome stricter business regulations to fix the problem

 

 PIA Members can take Cyber 101 Webinars no charge

PIA Western Alliance Members can take our Cyber 101 Webinar Classes at no charge!

Click the banner to sign up, today!

In the U.S. the Defense Department — via spokesman Robert Behler — said it cannot adequately defend itself against cyber attacks. The Government Accountability Office (GAO) agrees. Spokeswoman Cristina Chaplain said the military has not been able to secure weapons systems that cost billions to build.

“DOD testers routinely found mission-critical vulnerabilities in systems under development, and in some cases, repeatedly over the years,” she said.

One of the problems with cyber security is the lack of cyber experts to do battle with the bad guys. In the U.S. between September of 2017 and August of 2018, there were 314,000 job postings. Even though most earn something like $95,000 a year on average, job openings stay open.

The National Initiative for Cyber Security Education says if all were filled that would pump up the number of pros battling cyber criminals by 40%. That’s a workforce of 714,000.

Worldwide, (ISC)2 says there are close to three million cyber security jobs open.

In addition to not being able to find experts, current polling says that 43% of organizations around the world fail to adequately do security training.

Worse, universities — 85% of them — have cyber security graduate or undergraduate degrees. However, their more diversified and attractive computer science programs do not offer even one cybersecurity course.

Business and government are continuing to explore options. One idea is a Cybersecurity Peace Corps. The proposal is the same idea as the original Peace Corps and will develop and train people to do cybersecurity jobs. It will require an act of Congress to establish.

Meanwhile, community colleges are now offering boot camps — of sorts — to train people in key skills. 

Whether all this training comes fast enough to avoid the trillions that will be lost in the future to cyber criminals is anybody’s guess. What we all can — however — agree upon is that there is a definite need for action.

 

Source link: Insurance Business America, PropertyCasualty360.com, Tech Crunch

Tags:  cyber breach  Cyber Insurance  Cyber security 

Share |
PermalinkComments (0)
 

You have access to PIA's Cyber 101 online courses and education!

Posted By Staff Reporter, Monday, November 19, 2018

Are you ready to educate yourself?

PIA Members and non-members alike have access to our Cyber 101, online courses and education.

ACCESS CYBER 101

Know the Need

Did you know that annual cyber losses in the US exceed earthquake and flood losses by almost 800%? The average data breach claim payout is $495,000. Because the majority of business owners policies either exclude or provide a small amount of cyber liability coverage, American businesses are faced with a large uninsured exposure. One loss could bankrupt a business.

The average data breach claim payout is $495,000. One loss could bankrupt a business.

 

Have the Knowledge

There are many moving parts to a cyber insurance policy, so it is important that you take the time to learn the policy. The PIA Partnership has developed a number of products and webinars to help you learn the ins and outs of the cyber insurance policy. PIA Member Agents can access these at www.pianet.com/ThePartnership.

Offer the Coverage

Fortunately, there are products available to protect businesses against this threat. Cyber liability insurance provides both First and Third Party coverage for numerous classes of business. Coverage is available nationwide on either an admitted or non-admitted basis. For information on product availability, visit www.pianet.com/ ThePartnership.

Give Examples

Cyber attacks are a growing threat which means there is tremendous opportunity for agents. 

When meeting with clients

  • Always talk cyber.
  • Explain the notification requirements, income loss, data restoration, risk of stolen funds and more.
  • Understand your client. In order to provide them the best coverage options available, ask about their data, security measures, PCI requirements and third party vendors. Identify specific exposures and provide solutions.
  • Provide real-world examples. Presenting actual loss scenarios can help illustrate the real need for proper coverage. Examples of small business cyber losses include:

A popular skate park was hit with a cyber attack that brought down its website and resulted in a decrease in sales. Without a website, customers thought the park had closed. The data files of a consulting firm were rendered unusable by a ransomware virus.

The criminals demanded money in exchange for removing the virus and releasing the files. The accounting manager at a small manufacturing company received an email from someone pretending to be the business owner.

The email demanded funds be transferred to a bank account in the Cayman Islands in order to close a critical business deal. The manager transferred the money as requested. The amount of the funds lost totaled $45,000.

 

Are you ready to educate yourself?

PIA Members and non-members alike have access to our Cyber 101, online courses and education.

ACCESS CYBER 101

  • PIA Members: Login here to access Cyber 101
  • Non-PIA members appointed by Partnership companies: Click here to access Cyber 101.
  • Other agents: To access Cyber 101, you will need to become a PIA member. Learn more about PIA membership and join today!

 

Tags:  Cyber 101  cyber insurance 

Share |
PermalinkComments (0)
 

News on the Cyber Front — Still Not Pretty

Posted By Joey Leffel, Tuesday, August 28, 2018

 

In a new report, A.M. Best and Guidewire’s Cyence Risk Analytics is worried about cyber insurance and cyber insurers. In a new report, the two companies said three of the top-20 cyber insurance providers could face “meaningful to significant gross losses” from a single-event cyber catastrophe.

In the special report Cyber Insurance Market: Stress Testing the Future, Fred Eslami said when looking at the estimated policyholder surplus in 2022, those losses could hit 15% to 119%.

“For the majority of these companies, even the gross losses do not come close to the natural catastrophe probable maximum loss estimates used for stressing the balance sheet strength of the companies,” he said. “However, under these circumstances, a handful of companies could lose a significant amount of surplus, which potentially could create ratings pressure or even trigger a downgrade.”

The report looks at two scenarios:

  Several cloud-based servers fail and widespread service and business interruptions follow

  A common software application gets compromised leading to a global attack

In another report, Gallagher said healthcare providers are the most vulnerable to hacking attacks. They happen regularly and leave the data of hundreds of thousands of people at the mercy of the cyber hackers.

Bloomberg said the average breach of a healthcare system costs more than $400 per patient. The news organization also found that just 33% of healthcare departments have defenses set up for a breach.

Gallagher’s white paper on the subject said there are six things these organizations can do to improve their security:

  Anti-virus and malware prevention

  Firewalls

  Patching

  Encryption

  PCI DDS compliance

  Employee awareness and training

Gallagher’s Adam Cottini said the first and most important thing these organizations need to do is comply with HIPPA regulations and standards that say individual medical data must be protected.

“The HIPPA regulation has been around for a long while and the healthcare industry is tuned into the privacy requirements. Where the challenge comes is with the advancement of technology and how new technology exacerbates the vulnerabilities in the healthcare space relative to protecting and securing information,” Cottini said.

Once the privacy requirements are in place then cyber security priorities must be addressed. “Cyber security doesn’t seem to rise to the same level of priority as other areas of security, but the statistics clearly show that phishing and social engineering is a major driver of a lot of the cyber events that are happening these days, which is why we believe organizations have to continuously drive down on employee training and awareness,” Cottini noted.

The point of Gallagher’s white paper is to raise awareness.

NAS Insurance agrees with some of Gallagher’s conclusions. In its 2018 Cyber Claims Digest, NAS suggests negligent employees and third-party service providers are a common thread when it comes to cyber attacks upon healthcare providers.

Jeremy Barnett of NAS said the most common form of attack to these organizations from this carelessness is ransomeware. “The methods used for ransomware attacks are becoming more sophisticated. Spam email remains a tried and true method: one in six spam email messages comes bundled with ransomware. However, in 2017, criminals also tended to target specific companies,” he said.

From there things get worse.

“Between 2016 and 2017, there was a 152% increase in ransomware as a cause of loss for healthcare cyber claims,” Barnett noted. “The threat is typically to divulge or destroy information, to insert malicious code into a computer system or to damage, destroy or prevent access to a computer system. The monetary demand varies in both amount and the currency: the demand might seek payment in American dollars, a foreign currency or a cryptocurrency.”

While healthcare providers are lagging behind, data analyst FICO said other industries are catching up and those with cyber insurance rose between 2016 and 2017. From 2017 to 2018 those with no cyber security insurance at all fell from 50% to 24%. However, 32% of the nation’s larger companies have adequate cyber insurance.

Many of those are in healthcare.

FICO VP for cyber security solutions Doug Clare said, “Given the number of large-scale and very public breaches in recent years, it’s not surprising that we’ve seen a big increase in US organizations investing in it over the past 12 months, but there’s still some way to go. As the insurance market matures and the litigation and fines increase we expect more firms will also go beyond basic coverage to seek insurance that is more comprehensive.”

And back to healthcare companies. The FICO survey found 70% of them do not have cybersecurity insurance. Just 10% of financial service firms do not have cyber insurance.

Source links: Insurance Business America — link 1, link 2, link 3, Carrier Management

Tags:  cyber breach  cyber insurance  Cyber Security  PIA Cyber Insurance 

Share |
PermalinkComments (0)
 

Who has Cyber Insurance? Not that Many

Posted By Administration, Tuesday, June 6, 2017

 

A new survey by the research firm Ovum says 50% of U.S. businesses don’t have cyber risk insurance. Just 16% of the 100% have full coverage. The survey was done for the analytics company FICO and it also found 27% of that 50% say their companies have no plans to purchase said insurance.

Ironically — and dangerously — 61% say they expect cyber attacks increase in the next year.

The survey found U.S. companies lag in cyber coverage when compared to Canada and the United Kingdom. The report says 40% of firms report no cyber coverage in those countries.

And why? Mistrust of insurance pricing is what most say.

The survey is wide-ranging. It connected with 350 c-suite executives and senior security officers. They come from sectors like:

  Financial services

  Telecommunications

  Healthcare

  Retail

  E-commerce

  Media service providers

Company sizes:

  30% have 500 to 1,000 employees

  28% have 1,001 to 4,999 employees

  17% have 5,000 to 9,999

  25% have more than 10,000

Bob Shiflet of FICO said the Ovum survey finds U.S. healthcare to be father behind than most when it comes to cyber insuring. None of those surveyed in healthcare have insurance that covers all risks and 74% had no insurance at all. Shiflet said this is troubling but some of that must be laid at the feet of the insurance industry.

“There are steps the insurance industry can take to make guidelines clearer and explain premium adjustments, but companies need to be willing to dedicate the resources required to protect themselves from the breaches they themselves see as likely, if not inevitable,” Shiflet said.

Cost and lack of clarity from the industry is problematic:

  Just 25% of those responding think premiums reflect their risk profile

  Only 23% think the insurance industry is clear and transparent in its approach to pricing

  29% of the executives think insurers need clear guidelines about how premiums are chosen

  28% want clearer communications on why premiums are adjusted when that happens

  23% want insurers to introduce a standard for benchmarking cyber risk

Hiscox did a similar survey that said 55% of U.S. firms have taken out cyber insurance but these businesses are — as with the Ovum survey — confused about what cyber coverage actually entails and what is protected.

For those who don’t have cyber insurance:

  26% do not plan to purchase

  41% said cyber insurance policies are not relevant to their business

  17% say they have no plans to take out insurance — ever — and agreed with this statement: Cyber insurance policies are so complicated — I don’t understand what cyber insurance would cover me for.

Deloitte also did a survey that found buyers just don’t understand cyber risks or options for insurance. And all — the report found — want standardized policies. “Similar cyber insurance products offered by different providers often include alternative features, which makes it difficult for buyers to compare policies by value and price,” the report said.

Deloitte also outlined steps similar to those of Ovum for insurers to take:

  Standardize policy language

  Develop a risk-informed model rather than a definitive predictive model for cyber risks

  employ more targeted underwriting by industry or exposure

  Offer more holistic cyber risk management programs

RAND Corporation did a different report and hit the real nail on the head. Companies — it found — just don’t see cyber insurance as a good investment. The typical cost of a breach according to RAND is $200,000 which means an event will cost a company about 0.4% of annual revenues.

Sasha Romanosky of RAND put it in perspective. “Relative to all the other risks companies face, the cyber risks often aren’t as big a deal as we think. It may be bad for you if you are the victim, but it doesn’t change the behavior or strategy of a company. Like you and me, companies are self-interested and operate in ways that minimize their costs. You can’t begrudge them for working that way,” Romanosky said.

Ponemon seriously disagrees with RAND’s conclusions. It’s report from May of 2014 found the average data breach costs something like $3.5 million for super-sized companies.

 

Source link: Insurance Journal

Tags:  Cyber Breach  Cyber Insurance  Cyber Security  Insurance Content  Insurance Industry  Insurance News  Weekly Industry News  Who has Cyber Insurance? Not that Many 

Share |
PermalinkComments (0)
 

Update: WannaCry — Most Would Pay

Posted By Administration, Tuesday, June 6, 2017

Carbon Black surveyed 5,000 U.S. consumers about their trust in corporations for keeping their data safe. Part of the questioning involved the WannaCry ransomware virus. The crisis a few weeks ago in 150 countries is the first most had heard of ransomeware. That’s odd because ransomeware has been a problem for a decade or more.

What is most surprising is the number of people who’d pay the ransom if it happened to them:

  52% said they’d pay the ransom if their computer or data is taken hostage

  Only 12% said they’d pay $500 or more

Experts are advising people to be prepared. Verizon did a report in 2014. Then ransomeware was the 22nd most common form of malware. Today it is number-five. The quick-buck approach to profits means it could even rise above that point in the future.

As for the rest of the world. Financial institutions and healthcare providers are trusted by about 70% of us. But only 52% trust retailers.

Consumers — overall — think the responsibility of keeping their data safe lands at the feet of the individual business. They do not believe it is the responsibility of cybersecurity vendors, software vendors and providers like Microsoft, Apple and Google and government agencies like the FBI, NSA and CIA to keep their data safe.

 

Source link: BizReport

Tags:  Cyber Breach  Cyber Insurance  Cyber Security  Insurance Content  Insurance Industry  Insurance news  Special Report: The WannaCry Virus Aftermath  Update: WannaCry — Most Would Pay  virus  Weekly Industry News 

Share |
PermalinkComments (0)
 

Update: WannaCry Virus and More

Posted By Administration, Tuesday, May 30, 2017

Experts are still trying to find out who launched the WannaCry ransomware attack a couple of weeks ago. Researchers at cyber security firms Symantec and FireEye say evidence they’ve uncovered says the attack came from North Korea’s hacking group Lazarus.

Ben Read of FireEye said, “The shared code likely means that, at a minimum, WannaCry operators share software development resources with North Korean espionage operators.”

North Korea denies involvement.

The WannaCry virus and other recent ransomware attacks has impacted insurance. And that impact is both negative and positive.

Aon Benfield and Beazley did a study of ransomware attacks. It is titled Aon Benfield’s Cyber Update: 2016 Cyber Insurance Profits and Performance and the study found the number of ransomware attacks quadrupled from 2015 to 2016. In their report, Aon researchers Jon Laux and Craig Kerman said this has led cyber insurers to see a jump in the loss ratio to 57.7. That’s a 16% rise from 2015.

On the other side of the coin, the study found cyber insurance premiums grew roughly 30% to $1.34 billion between 2015 and 2016

“For insurers providing cyber insurance, these results illustrate the potential for both extremely good and extremely bad underwriting outcomes, and underscore the importance of managing limits,” they wrote.

Aon Risk Solutions Senior Vice President Jim Trainor also commented on the study. He said it includes data from 138 insurers in the U.S. “One of the challenges of cyber is that it is a very complex environment. Bad actors use and exploit infrastructure both in and out of the United States. A lot of groups who conduct such criminal activity don’t reside in the U.S. This makes it increasingly challenging for both government and companies to protect themselves because those attacking them don’t actually reside in the locations in which they operate,” he said.

Ken Crerar of the Council of Insurance Agents and Brokers said the CIAB has released its current cyber study. The Council of Insurance Agents & Brokers’ Cyber Insurance Market Watch Survey said clients are now more up to speed on the type — and how much — insurance they need. The conclusion is insurers selling cyber insurance can, and should, anticipate growth in policy purchases.

Other survey conclusions:

  32% have purchased at least some form of cyber coverage

  In the last six-months 27% purchased that insurance for the first time

  44% increased coverage in the last six-months

  76% with cyber insurance have stand alone policies

“As brokers become more experienced with cyber exposures, they are growing their knowledge of this new breed of risk. This is a good sign, as brokers play an increasingly crucial role in both cyber risk mitigation and post-event response. The globally-launched WannaCry/WannaCrypt ransomware file encryption exploit is a prime example. Brokers are actively advising clients on the preventative steps to take now to increase the chance of escaping the virus, which has infected hundreds of thousands of systems,” Crerar said.

And on those preventative steps, James Gow — the senior vice president of the Property & Casualty Practice at Corporate Synergies — said a big part of the problem business has with ransomware attacks is uneducated employees and suggests employers set up an education program. It should contain:

  Instructions for employees to regularly change their passwords for software, email and other programs.

  A standard framework on how information is shared within the company.

  A policy for how sensitive information is asked for and given. Not everyone in the company needs to have sensitive information.

  An employee identification policy.

  A safe document management system and disposal services.

  Regular employee testing on security policies to make sure they understand social engineering and hacking scams so confidential and sensitive information is not handed out.

Two last items. The electronic signature service DocuSign has admitted that hackers gained temporary access to its database. It contained the email addresses of customers which is why there was a surge in phishing emails sent to DocuSign users. Those emails encouraged recipients to open a Microsoft Word doc that contained malicious software.

If you are a user, updates on the hack are available by clicking here.

And last. Target has settled its multistate hack from Christmas of 2013 for $18.5 million. In December of that year and January of 2014, over 40 million credit and debit card users had their information stolen. 

 

Source links: PropertyCasualty360.com — link 1, link 2, Insurance Business America — link 1, link 2, Insurance Journal

Tags:  Cyber Breach  Cyber Insurance  Insurance Content  Insurance Industry  Insurance News  Special Report: The WannaCry Virus Aftermath  Update: WannaCry Virus and More  virusCyber Security  Weekly Industry News 

Share |
PermalinkComments (0)
 

Scammers Scamming Insurance Call Centers

Posted By Administration, Tuesday, May 30, 2017

Cyber attacks are problem enough but insurers are also now targets for call center fraud. Pindrop is a telephone security firm and it finds, believe it or not, these people are successful.

The process — by the way — now has a name. It’s “social engineering” says Pindrop’s David Dewey as he commented to Insurance Business America about his company’s report called the 2017 Call Center Fraud Report.

It found insurers are taking huge hits from phone fraud. Life insurance policies and policies for mobile phones are the most targeted. Dewey said:

  One in every 12,000 calls to life insurers is fraudulent and of those 20% are successful

  One in every 200 calls for mobile devices is fraudulent and 20% of those are successful

The problem is centered in the sheer volume of calls. Determining who is the real deal among often disgruntled callers is a monumental task.

Dewey said one of the most devious and costly life insurance scams is when a caller tricks the call center employee into giving a loan on a policy or claim some cash from the policy. “And a lot of times these things can go unnoticed for years, because how often do you really look at your life insurance policy? It happens a lot more frequently than we would think,” he said.

How is it possible to scam trained call center employees? Easy, Dewey said. They will target a customer and then do background research on where they live, where they went to school, family connections, what things look like where they live and so on. These are things that might be asked in security questions.

A bunch of correct answers and the call center operator may end up thinking they’re talking to the real person.

“The major failing is in the knowledge-based authentication questions. The problem is they just don’t work. It’s very often that the legitimate customer doesn’t know the correct answers to the questions. And those call centre operators are used to dealing with legitimate customers who don’t know the answers. They’ll oftentimes help them [the customers] work through it,” Dewey said.

The Pindrop report also points out that scammers know all about how automatic phone systems work. They can call again and again and again until they have the answers they need and then can ask for a live phone operator.

“By far, the highest fraud rate of any single industry is seen in the device insurance sector. For companies that provide payments to consumers whose mobile phones are lost or stolen, one in every 194 calls is fraudulent. That rate increased 55% over 2015, when device insurance already had the highest phone fraud rate of any vertical,” the report said.

Dewey said the solution to phone fraudsters is employing phone security technology. That technology often features voice recognition or what Pindrop calls “phone printing” in which the system identifies the phone’s signature.

If that signature doesn’t match what’s on file, then it will let call center employees know that a fraudulent call is in progress. 

 

Source link: Insurance Business America

Tags:  Cyber Breach  Cyber Insurance  Cyber Security  Insurance Content  Insurance Industry  Insurance News  Scammers Scamming Insurance Call Centers  Weekly Industry News 

Share |
PermalinkComments (0)
 

Special Report: The WannaCry Virus Aftermath

Posted By Administration, Wednesday, May 24, 2017

In what seems now to be a prophetic move, on May 11th Kansas Insurance Commissioner Ken Selzer put out a list of tips to help businesses and individuals protect themselves from a cyber attack. The next day the WannaCry virus hit the world and demands of $300 or more per user was demanded to release control of a computer back to the user.

According to White House Homeland Security Advisor Tom Bossert, 300,000 people in 150 countries were impacted.

In his news release that went with the list, Selzer said, “It is important that cyber vigilance begins at home. Knowing some common-sense precautions can keep you and your personal information safer.”

Too little, too late.

The Internet research agency Statistica says insurance and the financial sector are very vulnerable. And it put this chart together to show you just how vulnerable your business is:

Who’s affected most by ransomeware and why starting with infections by industry:

  Services — 38%

  Manufacturing — 17%

  Public administration — 10%

  Insurance, finance & real estate — 10%

  Wholesale trade — 9%

The leading cause of those infections:

  Spam/ phishing emails — 46%

  Lack of employee training — 36%

  Malicious websites / web ads — 12%

  Other — 5%

  Lack of security — 1%

Lots of quotes from experts and lots of advice starting with Michael Kaiser — the executive director of the non-profit National Cyber Security Alliance — who put what we all need to do now the best. “It is of utmost importance that cybersecurity ... be a top priority of businesses and organizations large and small,” he said.

Kathy Brown the Internet Society’s president and CEO added, “Law enforcement, IT professionals, consumers, business, and the public sector all have responsibility to act to keep enabling the good that the Internet brings. We have a shared responsibility to collaboratively get this under control.”

How bad is it? Bad. Researchers say 6% of the people of the world have been impacted by this or other malware. Brown said most people are ill-equipped to deal with ransomware and whopping 25% say they have no idea what to do if their computer was attacked.

Fen Osler Hampson is the director of global security at CIGI. He said, “Ransomware attackers have discovered that they don't have to steal or destroy your data to enrich themselves, they just have to hold it hostage. Our survey data shows that many people are willing to pay to get their data back, which makes such attacks highly profitable.”

Dan Burke heads Hiscox USA. His firm’s Hiscox Cyber Readiness Report 2017 checked with 3,000 businesses in the United States, the United Kingdom and Germany. He said it found, “In the US alone, 63% of firms reported experiencing a cyber incident in the past year, and 47% said they had two or more.”

And Burke and the report said those attacks and all cyber crime cost the global economy $450 billion last year. “Larger companies (250+ employees) had a somewhat higher risk, with 72% reporting one or more incidents, compared to 60% of smaller firms (less than 249 employees).”

Kaiser added, “When we see whole systems like the National Health System in the United Kingdom directly targeted, it reinforces how dependent we have become on our data-driven networks.”

Back to Selzer. These are his wise words of wisdom:

  Set strong passwords and don’t share them with anyone. Set them with at least eight characters, including letters, numbers and symbols.

  When using unfamiliar websites, be sure the URL begins with "https." The "s" at the end indicates it is a secure site.

  Keep your operating system, browser, and other critical software optimized by installing updates, including antivirus and anti-spyware updates.

  Maintain an open dialogue with your family, friends and community about Internet safety. Let them know you take it seriously.

  Limit the amount of personal information you post online, and use privacy settings to avoid sharing information widely.

  Be cautious about what you receive or read online — if it sounds too good to be true, it probably is. Also, if a message sounds out of character for the sender, or includes nothing but a link in the body of the email, it may be suspicious. Check with the person who purportedly sent you the message to make sure it is legitimate.

  Cyber attackers often take advantage of current events to conduct "phishing" attacks, where they will attempt to obtain personal information by posing as a trustworthy organization. Verify the legitimacy of the organization’s request by contacting the company by another means.

  Limit the type of business you conduct on public Wi-Fi networks. Don’t do your online shopping from an internet café. Do business with credible companies, and devote one credit card with a small credit line to online purchases.

  Password-protect your smart phone.

  Finally, and maybe most importantly, check your homeowners or identity theft insurance policies for the level of coverage you have in case of a cyberattack on your devices.

“The continual increase in cyber traffic means that home computer networks and smart devices are more vulnerable" than ever. We need to be vigilant in making sure our personal information is kept secure,” Selzer said.

NAS chief underwriter Mike Palotay agreed and said the attack also points out how small and medium businesses are woefully short of cyber insurance. He says these businesses need to take note and get insured.

“This has been an indiscriminate attack. It’s not targeted. You don’t have a hacker behind each attack on each company — it’s really more of an automated thing. It’s basically just spray and pray, really. You’ve got small companies who are experiencing outages and disruptions and having to pay extortions. And then you’ve got FedEx and the National Health Service [in the UK] and a bunch of much larger organizations experiencing problems,” he said.

But the bottom-line, Palotay said is, “Small and medium-sized business are very, very underinsured. The last figures I saw for small businesses that buy cyber insurance were in the single digits. This might be a wake-up call.”

By the way, Microsoft has a malware link to keep you posted on WannaCry. You can access it here.

 

Source links: PropertyCasualty360.com, Insurance Business America

Tags:  Cyber Breach  Cyber Insurance  Cyber Security  Insurance Content  Insurance Industry  Insurance News  Special Report: The WannaCry Virus Aftermath  Weekly Industry News 

Share |
PermalinkComments (0)
 

A Big Client Concern: Data Protection

Posted By Administration, Tuesday, April 18, 2017

Big data is a big deal in insurance. It’s become critical for underwriting and rating. That’s not lost on the National Association of Insurance Commissioners (NAIC). The NAIC recently formed its Big Data Task force to look at what needs to be done to protect data from an insurer’s perspective to that of the regulator.

Charles Angell who is the deputy commissioner and chief actuary of the Alabama Department of Insurance is on the task force. He recently told the 2017 Ratemaking and Product Management Workshop of the Casualty Actuarial Society that the task force wants a clear understanding of the data insurers are collecting and how that data is being collected. That will lead to knowing how insurers and third-party insurance operations are using what they collect.

Another issue. Making sure the data collected complies with state insurance laws and regulations and is not being misused.

It’s equally important that consumers know their data is being collected and how they can control some of the availability of that data and how it relates to the cost of their insurance. “How can consumers alter their risk characteristics if they don’t even know what data is collected? Should there be some kind of disclosure notice [required]?” Angell said.

Lastly, the task force wants to make sure the data is properly used to determine potential risk. That leads to questions as to whether automation — and the vendors that develop it — should be examined like the insurance advisory groups that develop loss costs.

In other words, the data collection issue is quite complex. And Angell and the task force are leaning toward creating a consulting team to assist state regulators with technical reviews. “This consulting team would not be a regulator. It would not be approving or disapproving any statistical models. It would simply advise [an insurance department] on any issues it found with the way a model is constructed,” he said.

And Angell said this process will also benefit insurers because all technical objections will be raised and dealt with in a central forum rather than in a bunch of different jurisdictions.

Source link: Insurance Journal

Tags:  A Big Client Concern: Data Protection  Cyber Attacks: An Accelerating Crisis & Now the FI  Cyber Breach  Cyber Insurance  Cyber Security  Insurance Content  Insurance Industry  Insurance News  Weekly Industry News 

Share |
PermalinkComments (0)
 
Page 1 of 6
1  |  2  |  3  |  4  |  5  |  6

A special thank you to our KKlub Members for their support.