Category Archives: Brussels

Cyber Insurance – the New Black?

Cyber Insurance, the New Black?

by Sara Goldberger

Cyber attacks and cyber insurance, it’s on everybody’s lips and on the surface it seems relatively simple – a breach, there are victims, data is lost, and the insurance company pays up. It doesn’t seem that different from other insurances. With all of the reports of breaches over the past few years, some very alarming in terms of their scale, everyone wants cyber insurance coverage and believes this will protect them.

But there are many misconceptions about cyber insurance. For example, a UK Government survey last year showed that 52% of CEOs believe that they have coverage, yet less than 10% actually do. So what exactly is “cyber insurance,” what does it cover, and how does it cover cross-border crime?

Cyber-insurance protects businesses and individuals from Internet-based risks. Many insurers say that risks of this nature are typically excluded from traditional commercial, general liability policies. Coverage provided by cyber insurance policies may include:

  • First-party coverage against losses such as data destruction, extortion, theft, hacking, and denial of service attacks;
  • Liability coverage indemnifying companies for losses to others caused, for example, by errors and omissions, failure to safeguard data, or defamation;
  • Other benefits including regular security-audit, post-incident public relations and investigative expenses, and criminal reward funds.

There are several considerations to keep in mind when buying cyber insurance. Costs vary widely, but to purchase a $1M policy typically costs $5K to $25K per year for a medium-sized company. However, cyber policies might not pay out if your claim is delayed. Which raises the question: what happens if your organization suffers a breach during the coverage period but do not become aware for some time? An insurer may also not cover your claim based upon employee negligence or if your organisation failed to adhere to minimum required security practices specified in the policy.

And what happens if you suffer a cyber attack? Interestingly, 81% of US companies that have bought cyber insurance have never filed a claim. The median-sized claim is $76,984, though there are a few that are much bigger. It is those outliers that push the mean average claim up to $673,767. And what expenses does the claim cover? More than half of the claims that insurers pay out on cyber policies include the expense of legal and forensic specialists. Over 40% of claims recover the cost of notification to affected individuals and the cost of providing credit monitoring services.

In the Global Economic Crime Survey 2016 Report, cybercrime climbs to the second most reported economic crime affecting 32% of organisations, while at the same time close to 60% of the surveyed organisations do not even have a cyber incident response plan in place. Many companies also report feeling a lack of support and a notion of “not knowing what to do when an attack happens.” Organisations such as IT and auditing consultancies offer some help and support, but they rarely have a corporate-wide view. That’s an area where two recently formed organisations – Cyber Rescue Alliance and the Global Cyber Alliance can make a difference.

Cyber Rescue Alliance; is a Pan-European organisation aimed at helping the approximately 12,000 European SMEs that hold sensitive data on over 5,000 individuals. The organisation delivers a Comprehensive Business Response solution that includes instant, practical crisis management guidance and tiered response capability from pre-vetted organisations. In other words, the solution offers coordinated, tangible and practical business assistance across the full spectrum of challenges that follow a breach. In the event of an attack, Cyber Rescue Alliance will provide practical help and assistance to the many smaller businesses that can’t invest in a full-time CISO or PR Consultant with those services in order to mitigate the impact of a cyber-attack. In other words, it is the across-corporate, one-stop approach that makes Cyber Rescue Alliance unique.

Global Cyber Alliance (GCA) is unique as it partners across borders and sectors. Based on the organisation’s mantra “Do Something. Measure It.” GCA’s first effort is to tackle phishing, which is often the source of a breach. GCA is partnering with several organisations to implement two solutions:  to drive the deployment of DMARC and use of secure DNS services, and then to measure the effect — so that we all may accelerate eradication of phishing as a systemic cyber risk.

While addressing, and responding to, the needs of different sized organisations, Cyber Rescue Alliance and GCA are working together, thus ensuring that perhaps one of the biggest business problems of our time – cyber-attacks – are given the attention and solutions it needs. Only through this cooperation can we ensure that companies are implementing the best security practices available in order that cyber insurance policies will indeed insure them against these risks.

The author, Sara Goldberger, is the Head of Communications Global Operations and IT at Zurich Insurance Group and Board Member of GCA partner, Cyber Rescue Alliance. You can follow her on Twitter @saragoldberger.

Editor’s Note: The views expressed by the author are not necessarily those of the Global Cyber Alliance. 

Initially published on – http://globalcyberalliance.blogspot.ch/2016/05/cyber-insurance-new-black.html

Annonser

So why are weekly commutes so scary, again?

When job hunting you come across the oddest reasons for being turned down, one of the oddest is geographic proximity. If I look for a job in the London area, a likely scenario, what is the big deal with me doing a weekly commute? On my dime and time, might I add. As long as I’m in the office 8.30 Monday morning isn’t that all that counts?

Is is this purely a UK issue? It being an island and all?

I frankly don’t understand, which is why this BBC article is so strange for me. While we’re not all property tycoons living in South of France I still don’t see the big thing about weekly commutes.

On the contrary, I see it as a possibility to personal growth and professional development.

http://www.bbc.com/capital/story/20141118-the-worlds-longest-commutes

After careful consideration….

When job hunting, this is an automated message we’ve all received and we know that those words isn’t the beginning of a new and fruitful relationship. Fair enough and not that much of a problem; an organisation should recruit the person they believe can do the job.

No, what bothers me is the time lapsed between the application and this answer. Yesterday I submitted my CV to a large company for a Communications Director position. I immediately received a confirmation that they had received my application. And 32 minutes later I received this follow-up message:

Thank you for your recent application to XXXX.

After careful consideration we have decided not to progress with your application at this point in time as we have identified candidates that more closely match our requirements.

Please continue to review our current opportunities on the careers page of our website at xxx, to ensure consideration for future roles.

Thank you for the interest you’ve shown and may we wish you every success in your search for a new role.

Yours sincerely,

XXX Talent Acquisition

Really? My application was carefully considered for the whole of 32 minutes. And that during a time of day when not many are at the office. How careful can you be in 32 minutes? Personally, I not only find this behaviour unprofessional I also find it rude.

I understand we all play the Taleo guessing game and unless my CV doesn’t contain the correct key words it won’t show up. But I would advice the responsible managers to programme an automated timer to the answer and hold it for 24 hours. It would at least make you look minimally professional.

 

Gender Equality in the Board Room

To all of you crying out for women in your board room I have the following question and comment:

  • What is you think a woman can do but a man can’t? (And vice versa…)
  • Instead of crying, open your eyes and look around. We’re here and we’re competent.

PR’s and journalists – are we really that unprofessional?

Our level of professionalism is something I query every now and then. In particular when it comes to what is called “press contacts” in my line of business.

Let me explain with an example:

I am at interview (always there it happens) and the prospective employer asks me: Whom do you know at FT/the Economist/Computer World… (just pick your favourite news outlet).

The thinking being that as long as you know a journalist at these outlets your news will get printed. Seriously? Are we that unprofessional? Are journalists? Personally I am convinced that if a piece of news is of interest for that outlet, or rather its readers, it will get printed whether I know that journalist or not. OK, I understand that from a purely human angle it is easier to speak with, and listen too, someone you know – at least in a professional capacity – than a complete stranger. After all we’re only human, but evaluating if content are news worthy or not, surely that’s independent of personal ties?

It is my job as PR/Communications to explain to the eager person on my side of the fence that Yes, this is a completely new product it is of interest. No, bug fix number 1055 is not of interest even if it took you six months to fix it.

And I remain strong in my belief that if I indeed get to “know” the journalist, the outlet and its readers i.e. understand what triggers them and what they find interesting in what I might provide them with they will listen. Maybe not publish, I get that, but at least listen.

I must say that I find the approach above deplorable and unprofessional both concerning us as PR/Communicators and concerning journalists.

Or am I naïve?

Change at the Grassroots – How to Attract Government Attention

Being heard and enacting social reform is not just a problem under authoritarian regimes. Even in democracies, where newspapers have been filled with headlines on people crying out for change, we see little development or legislative change.

The Occupy Movement saw thousands of people protest the international capitalist system, camping in sub-zero temperatures for months on end; while thousands of students in the UK took to the streets to protest against rising tuition fees and its effects on social mobility. From Syrian citizens to Sri Lanka’s Tamils, from American activists to China’s Tibetan monks, people in every corner of the world are crying out for change.

The only two examples (I can think of) where the grassroots managed was the Pirate movement against the Anti-counterfeiting Trade Agreement, ACTA, that got voted down in the European Parliament, and the tragic desperation of Tarek al-Tayeb Mohamed Bouazizi that led to the Arab Spring.

With little relative change, it begs the question, is anyone listening? What about us ‘little people’? Also, do we want it? Because while it is enticing with the image of David vs. Goliath, the fact is that some of the changes that happened through grassroot protests can be considered as revolutions through violence.

Here are a couple of points which will help you achieve attention of governments and help you lobby your case. In short, persistence and preparation are key.

Article originally published on Grassroot Diplomat: http://www.grassrootdiplomat.org/news/2015/5/11/change-at-the-grassroots-how-to-attract-government-attention

Networking yourself [to a new job]

I’m following this Coursera MOOC on “International Leadership and Organizational Behaviour”, #ILOB and I quite enjoy it. Although I don’t really know about the academic endeavour and value with these classes new learning is always positive.

Today’s lecture is about the Impact of Social Networks on Organizations and Groups, it speaks about different types of networks – strong vs. weak, closed vs. open etc. But I wonder, does it (= networking) work? And if you find yourself in a surrounding aka network and you’re the odd man out what good will a network be to you? In my own situation e.g. it is no secret that I’m looking for a new job and that I come with a good experience and competencies to execute in the jobs I apply for. Only I seem to exist in some Boy zone, that is Brussels public affairs in IT, and even if I turn over backwards I will never be male so I literally don’t fit in. This is not a criticism, it is stating facts of human nature, I believe that the correct academic term is Homophily, i.e. we bond easier with people whom are similar to ourselves. But with result is that unless we dare to go outside the famous box our network will look as ourselves. From a sheer business point of view that while a closed network like this will offer good ways to collaborate, higher trust etc., closed networks like these will also see lack of innovation, high redundancy in competencies and so on. Of course, I understand that there are two in any connection and I am entirely open to the fact that I’m the weak spot in any [future] relationship. Then the question is – what does that say about me? Maybe I haven’t invested enough in my network? Possibly. Like so much in our lives networks are earned, it could be that I haven’t earned my network. On the other hand none of “my” contacts have just landed in my lap.

I’ve always been a firm believer in “keeping shut and getting the work done” and that this will eventually pay off in more interesting jobs, tasks and better remuneration. Yes, I admit there are limits to my altruism and both the landlord and myself like the concept of paying the monthly bills in full, every month. An old-fashion concept I know, but one that I like because well, it works. But no, not so. Apparently I have to look at my wide network as a strategic asset. Dear me, these a people I’ve passed a good time with having coffee or so, but now they are suddenly an asset. I find it all a bit disconcerting, because while I don’t mind helping out as much as I can myself when someone asks for help I dislike the notion of being an asset. And if I dislike this it is easy to assume that so does my counterparts.

So while I understand that No Man is an Island I’m remain a bit uneasy of the concept of regarding my fellow human beings as assets. And to balance the giving and taking. Or am I maybe over thinking the art of networking?

%d bloggare gillar detta: