In a world of changing threats, are you covered?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://business-reporter.co.uk/2014/08/in-a-world-of-changing-threats-are-you-covered/

Instinctively, we all understand the business world has changed and the
proliferation of new technologies has shifted the way in which companies
operate, and with that, the risk landscape.

Historically, theft of funds and fraud were risks associated with physical
criminal activity. This has been revolutionised to such an extent that
business owners and risk managers should now appreciate that potential
theft of intangible assets, customer data and disruption of IT networks are
of equally significant concern.

Identity theft, whether involving credit card numbers, bank account
details, e-commerce account details or other Personally Identifiable
Information (PII), represents a very real threat. These threats can cause
significant financial damage to any institution, whether financial or
commercial, SME or macro-cap.

Likewise, the demarcation between institutions whose operating model was
technology based and those that provided traditional advisory or execution
services was historically acute. Advancements in both consolidation and
service propositions now mean that such clear daylight between these
services is often not possible. Skilled, professional advice is required to
ensure these insurance needs are accurately identified, addressed and
protected with market-leading, bespoke solutions.

Legislation adds a further layer of exposure and complexity to clients’
needs. Arguably, the July 1, 2003 California Security Breach Notification
Law set a precedent, the effects of which have rippled throughout the
developed world. By placing the onus on companies to notify customers if
their personal information may have been compromised, such laws create
additional new financial risk.

Financial risks associated with data security breaches can be fatal for
some companies. For instance, the litigation that Target Corporation in the
US is presently defending from banking institutions for the costs of
reissuing 40 million credit and debit cards would be cataclysmic for a firm
with less available financial resources.

Even in the absence of specific legislation, and in the context of social
networking technologies that enable individuals to share information at
lightning pace, we rightly have a real expectation that the firms which we
trust would advise us of any potential unauthorised access to our data, and
that they would also assist us financially in mitigating our position. The
costs associated with such mitigation, whether they be in the form of
helplines or credit file monitoring, are significant. Such costs are now
insurable.

The message is clear. We acknowledge the world has changed and therefore we
must acknowledge that historical solutions designed to provide historical
protection are no longer adequate. Professional and expert advice and
guidance is required, insurance arrangements should be changed, with
obsolete solutions discarded in favour of appropriate solutions that
address the changed and changing landscape in which we trade.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!