Category Archives: Administration

Cyber Insurance – the New Black?

Cyber Insurance, the New Black?

by Sara Goldberger

Cyber attacks and cyber insurance, it’s on everybody’s lips and on the surface it seems relatively simple – a breach, there are victims, data is lost, and the insurance company pays up. It doesn’t seem that different from other insurances. With all of the reports of breaches over the past few years, some very alarming in terms of their scale, everyone wants cyber insurance coverage and believes this will protect them.

But there are many misconceptions about cyber insurance. For example, a UK Government survey last year showed that 52% of CEOs believe that they have coverage, yet less than 10% actually do. So what exactly is “cyber insurance,” what does it cover, and how does it cover cross-border crime?

Cyber-insurance protects businesses and individuals from Internet-based risks. Many insurers say that risks of this nature are typically excluded from traditional commercial, general liability policies. Coverage provided by cyber insurance policies may include:

  • First-party coverage against losses such as data destruction, extortion, theft, hacking, and denial of service attacks;
  • Liability coverage indemnifying companies for losses to others caused, for example, by errors and omissions, failure to safeguard data, or defamation;
  • Other benefits including regular security-audit, post-incident public relations and investigative expenses, and criminal reward funds.

There are several considerations to keep in mind when buying cyber insurance. Costs vary widely, but to purchase a $1M policy typically costs $5K to $25K per year for a medium-sized company. However, cyber policies might not pay out if your claim is delayed. Which raises the question: what happens if your organization suffers a breach during the coverage period but do not become aware for some time? An insurer may also not cover your claim based upon employee negligence or if your organisation failed to adhere to minimum required security practices specified in the policy.

And what happens if you suffer a cyber attack? Interestingly, 81% of US companies that have bought cyber insurance have never filed a claim. The median-sized claim is $76,984, though there are a few that are much bigger. It is those outliers that push the mean average claim up to $673,767. And what expenses does the claim cover? More than half of the claims that insurers pay out on cyber policies include the expense of legal and forensic specialists. Over 40% of claims recover the cost of notification to affected individuals and the cost of providing credit monitoring services.

In the Global Economic Crime Survey 2016 Report, cybercrime climbs to the second most reported economic crime affecting 32% of organisations, while at the same time close to 60% of the surveyed organisations do not even have a cyber incident response plan in place. Many companies also report feeling a lack of support and a notion of “not knowing what to do when an attack happens.” Organisations such as IT and auditing consultancies offer some help and support, but they rarely have a corporate-wide view. That’s an area where two recently formed organisations – Cyber Rescue Alliance and the Global Cyber Alliance can make a difference.

Cyber Rescue Alliance; is a Pan-European organisation aimed at helping the approximately 12,000 European SMEs that hold sensitive data on over 5,000 individuals. The organisation delivers a Comprehensive Business Response solution that includes instant, practical crisis management guidance and tiered response capability from pre-vetted organisations. In other words, the solution offers coordinated, tangible and practical business assistance across the full spectrum of challenges that follow a breach. In the event of an attack, Cyber Rescue Alliance will provide practical help and assistance to the many smaller businesses that can’t invest in a full-time CISO or PR Consultant with those services in order to mitigate the impact of a cyber-attack. In other words, it is the across-corporate, one-stop approach that makes Cyber Rescue Alliance unique.

Global Cyber Alliance (GCA) is unique as it partners across borders and sectors. Based on the organisation’s mantra “Do Something. Measure It.” GCA’s first effort is to tackle phishing, which is often the source of a breach. GCA is partnering with several organisations to implement two solutions:  to drive the deployment of DMARC and use of secure DNS services, and then to measure the effect — so that we all may accelerate eradication of phishing as a systemic cyber risk.

While addressing, and responding to, the needs of different sized organisations, Cyber Rescue Alliance and GCA are working together, thus ensuring that perhaps one of the biggest business problems of our time – cyber-attacks – are given the attention and solutions it needs. Only through this cooperation can we ensure that companies are implementing the best security practices available in order that cyber insurance policies will indeed insure them against these risks.

The author, Sara Goldberger, is the Head of Communications Global Operations and IT at Zurich Insurance Group and Board Member of GCA partner, Cyber Rescue Alliance. You can follow her on Twitter @saragoldberger.

Editor’s Note: The views expressed by the author are not necessarily those of the Global Cyber Alliance. 

Initially published on – http://globalcyberalliance.blogspot.ch/2016/05/cyber-insurance-new-black.html

Annonser

Gender Equality in the Board Room

To all of you crying out for women in your board room I have the following question and comment:

  • What is you think a woman can do but a man can’t? (And vice versa…)
  • Instead of crying, open your eyes and look around. We’re here and we’re competent.

The Disenfranchisement That Isn’t

They are disenfranchised

we’ve heard it more and more in various political analysis always in relation to the so-called grievance parties and their voters, think UKIP, Front National, Sweden Democrats, Vlaams Belang, and even if they are not parties – Trump and to a certain extend Sanders (although for his voters it’s more “quaint but unrealistic”). It’s an argument which has been repeated with higher and higher voices and more and more intensely. You know, like we all do when we are trying to convince ourselves that something we doubt are really the gospel.

I started with looking up what disenfranchised means, and Merriam Webster defines it as

to deprive of a franchise, of a legal right, or of some privilege or immunity; especially :  to deprive of the right to vote

in other words, in the original meaning it is a conscious act of someone that puts another person in the position of disenfranchisement. But in the criticism I have read is has come to mean a group of people that seemingly have removed themselves from [mainstream] society.

However, my question is – have they? In the latest Edelman Trust Barometer their results show an increasing trust divide towards businesses and governments. Neither, it is felt by the large majority, deliver. Personally, when it comes to politics I agree. More and more I have the sense that [national] politics is kindergarten for overpaid party players that has been elected, not so much based on competence, but because they turned up and that doesn’t dare to take real responsibility. The difference is that since I belong to the informed public, as defined by Edelman, aged 24 – 64; college educated; in top 25% income per age group in each country; report significant media consumption and engagement in business news; my criticism is more likely to be seen as well-informed and to the point while someone not from this group saying the same will be considered as disenfranchised.

Again, I ask, are the voters that vote on these “grievance parties” disenfranchised? Maybe they have looked at their society and see a reality where their worries are not listened to, where they have increasing difficulties in finding jobs that makes ends meet, where ghettos are on the rise, where jobs are moved elsewhere and where politicians, whom frankly often should know better, seems to be locked in endless wars of power instead of doing what they where elected to do – deliver a society of [relative] inclusion. Based on this maybe, just think the thought, these so-called disenfranchised voters have made their analysis and decided to protest almost the only way we can protest in a democratic society – by casting our ballots.

But what happens when they turn up, and don’t forget, grievance parties often get their voters to turn up and vote in a much higher extent than traditional parties, and decide to exercise what at the same time is their citizen right and obligation? They are reproached for voting on the wrong party. If that was me treated like that, I’d be raving mad in white linen. And not only that, I’d be even more convinced that I am right.

So, my advice, to the mainstream parties, should they care and bother – if you want to bridge the widening gulf of distrust meet the grieved electorate and show, with measurable actions and without retreating into populism I mean e.g. globalism is here to stay; that you take their world view seriously and continuously and not just when it’s that time in the election cycle.

Dearth of Women in Juncker’s Commission – But Stop Moping Its Competence Not Gender That Counts

In the wake of President Juncker’s announcement of the members of the new European Commission the overall comments seems to be ”Not enough women.” And yes, 9 women out of 28 is far cry from 50-50. And being a woman with certain aspirations myself; I do find it abysmally bad that the Member States can’t do better on the area of gender balance on senior top positions. But there is one question I don’t seem to find and that is Why? I have yet to see one person officially asking why this skewed situation the case.

Could it be that the national senior posts are filled with only men? (An incredibly sad state in itself should this be the case.) Maybe the Member States didn’t look hard enough? Could it be that the women asked actually weren’t all that interested? We simply don’t know. What we see is a bad result but nothing about the process leading up to this result.

What we do know however, that we are many competent women that are out there that are not considered because it does seem to be that W2M that are then norm.

But what ire immensely in this whole debate is the general approach that it is only gender that counts, and because we are women our competencies are interchangeable. Well, here’s a surprise for you – we are NOT! Just as little, actually are men, but no one seems to think that is the case.

So, yes let’s keep our eyes on the ball – a gender balanced society, but let’s not go overboard on the way getting there.

This time it’s different – yeah right…

I don’t think there has been a bigger agreement in the European Parliament and the European Commission that the time to reform Europe, in order to save it, has come. Pity then that the result is as drastic as rearranging the deck chairs on Titanic.

Remember the election slogan “This time it’s different”? It was the promise we voters got. Now was the end of shady backroom deals. But this was a highly polished version of the truth. To use a mild euphemism. Because the fact is that there has never been more backroom dealing like the one we’ve seen these past weeks and the winners are the usual suspects and the losers us voters, subsequent loss of respect for [European] democracy can be considered as collateral damage.

So what we have now is a Commission president that seemingly didn’t want the job, that wasn’t on any ballot and is being sent to an institution that seemingly despairs his arrival.

But as a gloomy reality we live in for the moment and the fact that institutions appear at their worst as this backroom dealing is done this is still the best opportunity we’ve had in a long time to reform the EU.

Is this the worst lobbying campaign – ever?

No, it probably isn’t but it’s recent which is why I react. Still, the campaign might beat the pens I wrote about in the post” Why are there so many bad Public Affairs campaigns?” https://goldkom.wordpress.com/2012/06/21/why-are-there-so-many-bad-public-affairs-campaigns/

emmaWhat makes it so fascinating is that it comes from a gathering of interest groups that should know something about communications: European Federation of Journalists, European Magazine Media Association, European Newspaper Publishers’ Association and European Publishers Council. It is a pity they went down this road because they are trying to achieve something that is extremely dear and close to my heart –safeguarding freedom of press and public access to documents. So it makes it all together sadder when they mess up like they do. It started last Friday, when a representative for one of these groups called and wanted to follow-up on their sending this petition. Nothing strange about that, on the contrary it’s quite advisable to do. Only she called on a speaker phone and from what seemed to be a child care centre filled with energetic and happily playing children, loud happy children, which gave the phrase “dynamic phone call” a whole new meaning.

And I don’t want to be arrogant – but the office in-box is filled with petitions and requests and proposals and without any doubt they are all highly important and affect a lot of people. It is a question about time and possibilities and taking into account our constituency’s interest; since they elected us on a programme they can expect us to work according to that programme first and foremost. This issue here is, however, right up our tree.

During the Friday conversation I asked the person on the other side of the phone to resend the petition and please, in the email could she write a couple – max. 10 – bullet points of what they want to achieve and what they hope we would do? And I would see to that the message was put in the hands of the Member of European Parliament I work with. Needless to say, nothing came.

This morning another person called from the same constellation and for the same follow-up. So either they are eager or they have limited internal communications. It was good that he did because now, finally, I got the petition and the bullet points and it is worse than I could imagine. Interesting is that that they don’t propose any amendments or changing the writing of the article in question, they are simply asking us to sign a petition. To what avail? What do they think they will achieve with that petition?

A simple well thought through campaign starting earlier in the process and not two days before the vote, could have changed the outcome of the vote. Now, the results and the future state of press freedom are anybody’s guess…

Affirmative action for Women in the EU – No, thank you!

The other day I attended an event in Brussels. In a networking town like this, and Washington DC, that is nothing unusual. It was an industry event, so people representing their companies working with public affairs and in IT and Internet in general. So relatively ”new” industries. That isn’t anything exceptional either. No what was so exceptional was that of the maybe 50 people present four (4) were women. Of which one woman was married to one of the guys attending the event.

Yes, you read correct – out of 50 people, 3 were women working in the industry. And this is a fairly normal room in this town.

I find the figures remarkable and the situation so wrong I can’t begin to explain. And probably shouldn’t because, to quote President Reagan “You can’t print what I think.” But I still don’t want legislation remedying this.

Why don’t I want legislation to deal with this unbalance? First of all, affirmative action is discrimination, it departs from the principle that equal rights are always right. Affirmative actions leads to polarization, collectivization, and identity politics. Should increasingly educated women, all over the world, which on our own merits, sometimes against all odds, made it through tough educations be discarded in a future where men find it increasingly difficult to keep up? Because, one must see that affirmative action goes both ways.

These irrelevant criteria – gender, ethnicity, sexual orientation, the list is endless, which helps individuals to advance their careers, will also be the defining criteria should this individual fall. Individual skills won’t matter, these criteria will still define the individual and spill over on the group as such, i.e. a woman gets on in her career to through affirmative action, if she fails ALL women become incompetent. Affirmative action also suppose that individuals are exchangeable which clearly we are not. So, in my case, as long as we have a woman on our team, we’re fine. Does that even begin to sound right to you?

Finally, there is the minor detail about property and private ownership, a privately owned company, indeed any company shouldn’t be required to hire any one else than the person they believe can do the job.

Still, 3 professional women in a room of 50 professionals seems, well – unbalanced.