Category Archives: security

Cyber Insurance – the New Black?

Cyber Insurance, the New Black?

by Sara Goldberger

Cyber attacks and cyber insurance, it’s on everybody’s lips and on the surface it seems relatively simple – a breach, there are victims, data is lost, and the insurance company pays up. It doesn’t seem that different from other insurances. With all of the reports of breaches over the past few years, some very alarming in terms of their scale, everyone wants cyber insurance coverage and believes this will protect them.

But there are many misconceptions about cyber insurance. For example, a UK Government survey last year showed that 52% of CEOs believe that they have coverage, yet less than 10% actually do. So what exactly is “cyber insurance,” what does it cover, and how does it cover cross-border crime?

Cyber-insurance protects businesses and individuals from Internet-based risks. Many insurers say that risks of this nature are typically excluded from traditional commercial, general liability policies. Coverage provided by cyber insurance policies may include:

  • First-party coverage against losses such as data destruction, extortion, theft, hacking, and denial of service attacks;
  • Liability coverage indemnifying companies for losses to others caused, for example, by errors and omissions, failure to safeguard data, or defamation;
  • Other benefits including regular security-audit, post-incident public relations and investigative expenses, and criminal reward funds.

There are several considerations to keep in mind when buying cyber insurance. Costs vary widely, but to purchase a $1M policy typically costs $5K to $25K per year for a medium-sized company. However, cyber policies might not pay out if your claim is delayed. Which raises the question: what happens if your organization suffers a breach during the coverage period but do not become aware for some time? An insurer may also not cover your claim based upon employee negligence or if your organisation failed to adhere to minimum required security practices specified in the policy.

And what happens if you suffer a cyber attack? Interestingly, 81% of US companies that have bought cyber insurance have never filed a claim. The median-sized claim is $76,984, though there are a few that are much bigger. It is those outliers that push the mean average claim up to $673,767. And what expenses does the claim cover? More than half of the claims that insurers pay out on cyber policies include the expense of legal and forensic specialists. Over 40% of claims recover the cost of notification to affected individuals and the cost of providing credit monitoring services.

In the Global Economic Crime Survey 2016 Report, cybercrime climbs to the second most reported economic crime affecting 32% of organisations, while at the same time close to 60% of the surveyed organisations do not even have a cyber incident response plan in place. Many companies also report feeling a lack of support and a notion of “not knowing what to do when an attack happens.” Organisations such as IT and auditing consultancies offer some help and support, but they rarely have a corporate-wide view. That’s an area where two recently formed organisations – Cyber Rescue Alliance and the Global Cyber Alliance can make a difference.

Cyber Rescue Alliance; is a Pan-European organisation aimed at helping the approximately 12,000 European SMEs that hold sensitive data on over 5,000 individuals. The organisation delivers a Comprehensive Business Response solution that includes instant, practical crisis management guidance and tiered response capability from pre-vetted organisations. In other words, the solution offers coordinated, tangible and practical business assistance across the full spectrum of challenges that follow a breach. In the event of an attack, Cyber Rescue Alliance will provide practical help and assistance to the many smaller businesses that can’t invest in a full-time CISO or PR Consultant with those services in order to mitigate the impact of a cyber-attack. In other words, it is the across-corporate, one-stop approach that makes Cyber Rescue Alliance unique.

Global Cyber Alliance (GCA) is unique as it partners across borders and sectors. Based on the organisation’s mantra “Do Something. Measure It.” GCA’s first effort is to tackle phishing, which is often the source of a breach. GCA is partnering with several organisations to implement two solutions:  to drive the deployment of DMARC and use of secure DNS services, and then to measure the effect — so that we all may accelerate eradication of phishing as a systemic cyber risk.

While addressing, and responding to, the needs of different sized organisations, Cyber Rescue Alliance and GCA are working together, thus ensuring that perhaps one of the biggest business problems of our time – cyber-attacks – are given the attention and solutions it needs. Only through this cooperation can we ensure that companies are implementing the best security practices available in order that cyber insurance policies will indeed insure them against these risks.

The author, Sara Goldberger, is the Head of Communications Global Operations and IT at Zurich Insurance Group and Board Member of GCA partner, Cyber Rescue Alliance. You can follow her on Twitter @saragoldberger.

Editor’s Note: The views expressed by the author are not necessarily those of the Global Cyber Alliance. 

Initially published on – http://globalcyberalliance.blogspot.ch/2016/05/cyber-insurance-new-black.html

Post #EP election: is back to basics for the #EU the way forward and to continued peace? or What should the club look like?

In the aftermath of the European elections with results that were expected and although I am uncomfortable with the results I can only state that the elections where free, fair and open and its results must be respected. No, it wasn’t Voltaire that said “those” words; it was Evelyn Beatrice Hall writing under the pseudonym of Stephen G Tallentyre in The Friends of Voltaire (1906), as a summation of Voltaire’s beliefs on freedom of thought and expression.

I myself join the large choir of critics saying that too much power have moved to the Centre and sincerely don’t think that more power to “Brussels” is the way forward is the answer to the situation we’re in now. It might be interesting to have a kind of “political memory” and to remind of that General de Gaulle himself, and many with him, considered that the way forward for Europe was an “imposing confederation” of European states. Maybe we should resuscitate that vision?

Being a staunch defender of the original reasons for creating the European Union, in particular the peace keeping, I feel that the EU stands in front of one of its biggest challenge since its creation – to keep the peace in Europe and our neighbouring regions.

No, I am not ”just another non-Federalist” but I do think that discussing what the club we are a member of should look like is something we need to do, and that this should be an ongoing discussion. And we need to take the good with the bad. I feel that this is the only way forward to achieve higher credibility for the European construction.

Could it be that “Back to basics” is the way forward?

Strictly business…??? Is your e-brand you or a professional version of you?

I was going through a friend’s book shelves – yes, there are still those of us that have books – and found the book “Never eat alone by Keith Ferrazzi.” On another note, I often find that many of these books are really talking about the Golden Rule, a more political correct term might be reciprocity: “Do unto others as you would have them do unto you.” Or as my great grandmother put it “a closed hand will not receive either.”

But I’m not going to go all philosophical, my issue lies elsewhere. Ferrazzi is talking about how to build long-lasting relationships and that those often start with you helping first. This is so obvious that one need to read; or hear it repetitious or it is forgotten. I have personally no issue with reaching out or to be reached out to, on the contrary I’m happy to help, and no I don’t keep score. And yes, I seriously believe that it is these interactions that make our world go around. In particular in a time when social media seems to transform us from simple PR:s to influencers of various ranges.

However; I have a feeling that it is never me “friend Sara” whom reach out (or very rarely) but the “professional Sara” in my role as PR/AR. Me “personal Sara” I don’t want to bother. As my ex-boyfriends can witness I’m a very private person, I don’t consider myself very interesting – but as a professional I have quite a lot to offer. And I dig in until projects are done or issues ironed out. This might be a question for a psychologist and whom might conclude that I need to work on my self-esteem, but I honestly don’t think I’m that unique. I mean who’d be interested in what I ate to dinner? Not even my most fervent fan, Mother, would consider that piece of news riveting.

Ferrazzi mentions the size of his Rolodex, a fantastic sum of 5000, people he can reach out to when in a pinch. I wish I could ask him personally how many of these that helps him personally, and how many that helps the super-CEO.

But on the other hand, does it matter? Am I putting too much emphasis on differentiating between “personal and private” and “public and official”? Today, when our digital footprint is an inherent part of our e-reputation or personal brand what is private and personal and what is not? Should we differentiate?

International Terrorist Alerts

I haven’t written this myself I readily admit – but it is still very funny…

  • The English are feeling the pinch in relation to recent terrorist threats and have raised their security level from ”Miffed” to ”Peeved.” Soon, though security levels may be raised yet again to ”Irritated” or even ”A Bit Cross” The English have not been ”A Bit Cross” since the blitz in 1940 when tea supplies all but ran out. Terrorists have been re-categorized from ”Tiresome” to a ”Bloody Nuisance.” The last time the British issued a ”Bloody Nuisance” warning level was during the great fire of 1666.
  • The Scots raised their threat level from ”Pissed Off” to ”Let’s get the Bastards”. They don’t have any other levels. This is the reason they have been used on the frontline in the British army for the last 300 years.
  • The Welsh are presently at the alert level of ”someone is out of key”.  Should things get more serious they’ll issue an injunction to bring back Aled Jones.  The highest level is a ”choral muster of Men of Harlech”.
  • The Irish remain at the long standing security level ”Provisional”.  The next step is to cordon off the Guinness brewery with armed Garda.  Assuming the Guinness holds out, the highest level is ”whoever you are you’re asking for a fight – begorrah”.
  • The French government announced yesterday that it has raised its terror alert level from ”Run” to ”Hide”. The only two higher levels in France are Collaborate” and ”Surrender.” The rise was precipitated by a recent fire that destroyed France’s white flag factory, effectively paralysing the country’s military capability. It’s not only the French who are on a heightened level of alert.
  • Italy has increased the alert level from ”Shout loudly and excitedly” to ”Elaborate Military Posturing.” Two more levels remain: ”Ineffective Combat Operations” and ”Change Sides.”
  • The Germans also increased their alert state from ”Disdainful Arrogance” to  ” Dress in Uniform and Sing Marching Songs.” They also have two higher levels: ”Invade a Neighbour” and ”Lose”.
  • Belgians, on the other hand, are all on holiday as usual, and the only threat they are worried about is NATO pulling out of Brussels.
  • The Spanish are all excited to see their new submarines ready to deploy. These beautifully designed subs have glass bottoms so the new Spanish navy can get a really good look at the old Spanish navy.
  • Americans meanwhile are carrying out pre-emptive strikes, on all of their allies, just in case.
  • The Canadians have been unable to define their threat levels for lack of agreement over the translations from English to French.  However, having already won two World Wars despite hindrance from their allies, they are not unduly concerned, and if necessary will bail out the Americans, British and French again regardless of sentiment in Quebec.
  • New Zealand has also raised its security levels – from ”baaa” to ”BAAAA!” Due to continuing defence cutbacks (the air force being a squadron of spotty teenagers flying paper aeroplanes and the navy some toy boats in the Prime Minister’s bath), New Zealand only has one more level of escalation, which is ”Shit, I hope Australia will come and rescue us”.
  • Australia, meanwhile, has raised its security level from ”No worries” to “She’ll be right, mate”. Three more escalation levels remain, ”Crikey!’, ”I think we’ll need to cancel the barbie this weekend” and ”The barbie is cancelled”. So far no situation has ever warranted use of the final escalation level.