Cyber dominates top ten legal risks for business in 2016

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.insurancebusinessonline.com.au/news/cyber-dominates-top-ten-legal-risks-for-business-in-2016-211524.aspx

As the lines between work and personal use of increasingly prolific
technology become more and more blurred, the exposure to risk, for
businesses of all types, grows in parallel. According to the recent
findings of a wide ranging report released by Borden Ladner Gervais LLP
(BLG), a Canadian law firm, half of the top ten legal risks affecting
business in 2016 are cyber related.

Speaking to Insurance Business, Andrew Harrison, managing partner at BLG,
said that: “More and more, the lines between work and personal technologies
become so blurred that many employees no longer make a conscious
distinction between work and personal.”

Of the various risks identified, Harrison notes that the average cost of a
data breach is US$3.7m and larger organisations will be at the higher end
of the scale.
There is increasing fraud in e-payment systems; IT security failures due to
people (mis)using workplace computer systems; and compliance risk.
“Cyber has ramifications beyond the scope of the initial business in case
of malware or a cyber breach, and one of the interesting things about the
insurance business is that it is so wide ranging in its scope,” Harrison
said.

On the data security front, businesses, particularly small to mid-size
entities, often lack breach response policies, proper governance tools, and
employee privacy training programs to prevent or promptly respond to
breaches. They lack cyber security preparedness, which makes them
vulnerable to privacy class actions following a security breach involving
personal information.

In this era of Big Data, new business models and marketing techniques are
emerging, including facial recognition and personalization reaching new
levels of sophistication, as well as dynamic pricing practices, to name but
a few. Businesses need to consider whether personal information is properly
“de-identified”, what type of information should be considered as
“sensitive” in various contexts, how to obtain valid consent in compliance
with the “reasonable expectations” of customers, and how to deal with
technological innovation, shifting social norms, and building customer
trust through proper privacy practices.

The advent of mobile and digital wallets coupled with contactless payment
methods and the ever-increasing growth in on-line payments have made
e-payments become ubiquitous and have increased the need to develop
effective authentication protocols, technology, policies and procedures to
mitigate and reduce the risk of fraud.

2015 saw a number of high-profile cyber-sex related security breaches. Most
prominent being the Ashley Madison scandal, in which the personal details
of over 37 million people were exposed. Worryingly for employers, many
subscribers to the website had signed up using their professional email
accounts.

“It’s worth pausing at the beginning of the year to work out what people
need to be sensitive too,” said Harrison.
“We’re not trying to be dramatic but ignoring these risks is not helpful
either. Whenever there’s a risk there’s an opportunity for insurers,
because often that’s a way of sharing risk.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.