BreachExchange mailing list archives
In a world of changing threats, are you covered?
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 4 Aug 2014 19:32:00 -0600
http://business-reporter.co.uk/2014/08/in-a-world-of-changing-threats-are-you-covered/ Instinctively, we all understand the business world has changed and the proliferation of new technologies has shifted the way in which companies operate, and with that, the risk landscape. Historically, theft of funds and fraud were risks associated with physical criminal activity. This has been revolutionised to such an extent that business owners and risk managers should now appreciate that potential theft of intangible assets, customer data and disruption of IT networks are of equally significant concern. Identity theft, whether involving credit card numbers, bank account details, e-commerce account details or other Personally Identifiable Information (PII), represents a very real threat. These threats can cause significant financial damage to any institution, whether financial or commercial, SME or macro-cap. Likewise, the demarcation between institutions whose operating model was technology based and those that provided traditional advisory or execution services was historically acute. Advancements in both consolidation and service propositions now mean that such clear daylight between these services is often not possible. Skilled, professional advice is required to ensure these insurance needs are accurately identified, addressed and protected with market-leading, bespoke solutions. Legislation adds a further layer of exposure and complexity to clients’ needs. Arguably, the July 1, 2003 California Security Breach Notification Law set a precedent, the effects of which have rippled throughout the developed world. By placing the onus on companies to notify customers if their personal information may have been compromised, such laws create additional new financial risk. Financial risks associated with data security breaches can be fatal for some companies. For instance, the litigation that Target Corporation in the US is presently defending from banking institutions for the costs of reissuing 40 million credit and debit cards would be cataclysmic for a firm with less available financial resources. Even in the absence of specific legislation, and in the context of social networking technologies that enable individuals to share information at lightning pace, we rightly have a real expectation that the firms which we trust would advise us of any potential unauthorised access to our data, and that they would also assist us financially in mitigating our position. The costs associated with such mitigation, whether they be in the form of helplines or credit file monitoring, are significant. Such costs are now insurable. The message is clear. We acknowledge the world has changed and therefore we must acknowledge that historical solutions designed to provide historical protection are no longer adequate. Professional and expert advice and guidance is required, insurance arrangements should be changed, with obsolete solutions discarded in favour of appropriate solutions that address the changed and changing landscape in which we trade.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- In a world of changing threats, are you covered? Audrey McNeil (Aug 13)