Для тех, кто интересуется безопасным доступом к онлайн-играм, наш партнер предлагает зеркало Вавады, которое позволяет обходить любые блокировки и сохранять доступ ко всем функциям казино.

Businesses Ignore Significant Cybersecurity Risks to Proprietary Data

Knowledge assets are critical to any business remaining functional and competitive, yet this data is routinely exposed to the risk of theft and overlooked in cybersecurity risk management. According to a new report from the Ponemon Institute and law firm Kilpatrick Townsend & Stockton, the organizations are increasingly ineffective at safeguarding data like trade secrets, product design, development or pricing, and other proprietary information.

As breach notification laws, regulatory requirements, and reputation considerations draw more focus to cybersecurity surrounding personal data of customers or personnel, businesses are leaving more risk on the table regarding their most valuable assets, and that risk has a notable price tag.

In the past year, the average cost of remediating these attacks was about $5.4 million, and half of respondents estimated the maximum cost would range over $250 million, with seven out of ten placing it over $100 million. What’s more, on average, respondents believe only 35% of the losses resulting from knowledge asset theft would be covered by their current insurance policies.

The primary drivers of these costs, respondents said, were (out of 100 points):

knowledge asset theft costs

Why are so many businesses failing to take action against the risks to knowledge assets?

knowledge asset data theft risk

Among the findings, the report noted:

  • Theft is rampant. Seventy-four percent of respondents say it is likely that their company failed to detect a data breach involving the loss or theft of knowledge assets, and 60% state it is likely one or more pieces of their company’s knowledge assets are now in the hands of a competitor.
  • Companies don’t know what they need to protect, or how to protect it. Only 31% of respondents say their company has a classification system that segments information assets based on value or priority to the organization. Merely 28% rate the ability of their companies to mitigate the loss or theft of knowledge assets by insiders and external attackers as effective. The great majority who rate their programs as not effective cite as the primary reasons a lack of in-house expertise (67%), lack of clear leadership (59%), and lack of collaboration between different job functions (56%).
  • Executives and boards aren’t focused on the issue and its resolution. A data breach involving knowledge assets would impact a company’s ability to continue as a going concern according to 59% of respondents, but 53% replied that senior management is more concerned about a data breach involving credit card information or Social Security numbers than the leakage of knowledge assets. Only 32% of respondents say their companies’ senior management understands the risk caused by unprotected knowledge assets, and 69% believe that senior management does not make the protection of knowledge assets a priority. The board of directors is often even more in the dark. Merely 23% of respondents say the board is made aware of all breaches involving the loss or theft of knowledge assets, and only 37% state that the board requires assurances that knowledge assets are managed and safeguarded appropriately.
  • Careless employees and unchecked cloud providers are key risk areas. The most likely root cause of a data breach involving knowledge assets is the careless employee, but employee access to knowledge assets is not often adequately controlled. Fifty percent of respondents replied that both privileged and ordinary users have access to the company’s knowledge assets. Likewise, 63% of respondents state that their company stores knowledge assets in the cloud, but only 33% say their companies carefully vet the cloud providers storing those assets.

Thanks in part to the lack of action currently, there is plenty businesses can easily do to improve.

“Companies face a serious challenge in the protection of their knowledge assets. The good news is there are steps to take to reduce the risk,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “First of all, understand the knowledge assets critical to your company and ensure they are secured. Make sure the protection of knowledge assets, especially when sharing with third parties, is an integral part of your security strategy, including incident response plans. To address the employee negligence problem, ensure training programs specifically address employee negligence when handling sensitive and high value data.”

Smaller Companies More Vulnerable to Employee Theft

It stands to reason that larger organizations would be more at risk of embezzlement by employees, but the reverse has been shown to be the case.

buy augmentin online pelmeds.com/wp-content/uploads/2023/10/jpg/augmentin.html no prescription pharmacy

Organizations with fewer than 150 employees are particularly at risk, accounting for 82% of all embezzlement cases, HiscoxHiscox2 found in its new report, Embezzlement Study: A report on White Collar Crime in America. Smaller organizations with tight-knit workforces are particularly vulnerable because of the trust and empowerment given to employees.

Incorporating employee theft cases active in the U.S. federal court system in 2015, the study found that 69% represented companies with less than 500 employees. Perpetrators are often “regular people who are smart, well-liked, and those you’d least expect to steal,” according to Hiscox.

buy rogaine online pelmeds.com/wp-content/uploads/2023/10/jpg/rogaine.html no prescription pharmacy

 How does a trusted employee become a criminal?

buy pepcid online pelmeds.com/wp-content/uploads/2023/10/jpg/pepcid.html no prescription pharmacy

Motivations can range from financial pressure to a belief that they are underpaid by the company.

Employees with more tenure, access and control over finances are found to take the largest amounts. While the type of fraud can vary by industry, what is consistent is access to funds. In fact, managers were found more likely to steal than other employees.

Hiscox3

For the second year in a row, the greatest number of cases, 17%, was in the financial services industry and second was nonprofits at 16%. Labor unions ranked third, followed by real estate/construction. The largest scheme was a $7 million loss in Texas; followed by ones in Connecticut at $9 million, Ohio at $8.7 million and Utah at $4 million.

Hiscox4

Schemes include taking cash or bank deposits, forging checks, fraudulent credit card use, fake invoices and false billing of vendors and payroll fraud.

Companies can protect themselves in a number of ways, including putting checks and balances in place, performing background checks on employees who handle money and teaching employees how to detect fraud, according to Hiscox.

Hiscox5

The study findings also include:

Hiscox

Risk Landscape: Coverage Trends to Watch

Being aware of your company’s new and changing risks is critical for sound risk management. As the year progresses, we have identified growing risks facing
companies, and their directors and officers, that are likely to impact policyholders. These risks include cybersecurity, Telephone Consumer Protection Act (TCPA) lawsuits, drones, wage and hour lawsuits and food recalls. The risks and issues to watch out for are expanded below:

Cybersecurity

Cyberattacks against businesses doubled in 2015 and are expected to continue to increase as attackers become even more sophisticated. Watch out for:

Phishing scams and social engineering fraud. In social engineering scams, hackers utilize phishing, purporting to be legitimate employees or third parties try to trick businesses into wiring funds or allow access to their systems. Although many businesses have crime insurance that covers “computer systems fraud,” ambiguous provisions or liability limits may restrict coverage. SomCompliancee courts have held that fraud coverage applies only when intrusions are unauthorized, but not when an unwitting employee falls prey to an online scam.

Data breaches. Companies should also be conscious about their coverage for data breaches, which increasingly present significant exposures. Insurers often contest whether data breaches constitute “publication” of private information, and, if so, whether an insurer’s duty to defend applies. This is particularly important as the storage of consumer data is a lynchpin of many businesses’ operations and marketing.
Businesses need to ensure that their commercial insurance policies adequately cover their business risks and consider purchasing dedicated cyber policies.

Coverage for TCPA claims

Certain efforts to engage with consumers may come at a steep cost. Under the Telephone Consumer Protection Act (TCPA), businesses that send unsolicited faxes, voice calls or text messages to consumers may be held liable for at least $500 per violation.

General liability coverage of TCPA claims. In recent years, commercial general liability (CGL) insurers have increasingly added broad exclusions to their policies for TCPA claims. Moreover, courts are split on whether “right to privacy” coverage in CGL policies cover these claims. Some courts uphold coverage only for losses from incidents that divulge confidential information (secrecy-related claims), whereas others uphold coverage for unsolicited communications, even if they do not republish confidential information.
While such coverage may be restricted under CGL policies, policyholders may have coverage under their directors’ and officers’ (D&O) insurance.

LA Lakers test case for D&O coverage. In 2016, the Ninth Circuit will likely address this issue in an appeal by the Los Angeles Lakers. The franchise’s marketing campaign included sending unsolicited text messages to fans. When sued under the TCPA, the franchise sought coverage for its defense costs under its D&O policy. In April 2015, a California federal court rejected coverage, finding that the policy’s “invasion of privacy” exclusion precluded coverage.
As businesses seek to engage consumers directly through various media, they should consider whether their insurance protects against TCPA claims.

UAVs and Insurance in 2016

Unmanned aerial vehicles (UAVs), or drones, promise to revolutionize not just commerce but insurance as well. The United States Federal Aviation Administration (FAA) estimates that, by 2023, annual global spending on UAVs will total $11.5 billion, and by 2020, about 30,000 commercial and civil drones will dot the skies.

Drone property loss and liability. The rise of drones raises several risks. The most obvious of these risks are loss of property and third-party liability. Use of drones for package or cargo delivery raises the risk of damage to the UAV itself—or its payload, which is usually the bigger loss. As shown by recent news reports and the first lawsuit, Boggs v. Merideth (W.D. Ky.), operators face liability for costs of defense and settlements or judgments payable to third-party claimants when UAVs go astray. With drones’ ability to film and collect data, other risks include privacy-related claims and data breach and hacking.

New coverage provisions. In June 2015, the Insurance Services Office, Inc. (ISO), approved new coverage provisions addressing commercial use of drones. The new ISO provisions modify standard CGL and umbrella/excess liability policy forms and merit close consideration by policyholders.
Because these new provisions are untested, policyholders should review them carefully against their entire insurance program and consult with insurance advisors to ensure that new provisions or policies provide the protection needed. Companies using UAVs should consider the aviation insurance market and also assess the need for cyber insurance coverage for privacy and data-breach exposures.

Wage-and-Hour Lawsuits

Cases alleging violations of the Fair Labor Standards Act (FLSA) have shot up in recent years. In 2015, almost 9,000 FLSA cases were filed in federal court, up more than 10% from 2014, and 30% from 2011. State courts have also experienced high volumes of wage-and-hour cases. California and New York recently enacted laws that allow directors, officers, and in New York, “top 10 shareholders” to be held personally liable for wage-and-hour violations.
Traditionally, companies have looked to their employment practices liability (EPL) and D&O insurance to protect against the defense and liability costs in wage-and-hour lawsuits. However, EPL insurance policies today regularly exclude coverage for such claims. Unlike EPL policies, D&O policies do not routinely exclude such coverage, but are including such exclusions with increasing frequency. As a result, policyholders must review D&O policies carefully to ensure that they protect against the threats posed by such claims.
Brokers and insurers have been developing new insurance products that specifically address these increasing wage-and-hour exposures. Policyholders, particularly those with significant operations in California and New York, should consider these newly emerging wage-and-hour specialty policies to ensure that they are adequately protected.

Food Contamination and Recall Coverage

The number of food product recalls for alleged contamination, undisclosed ingredients and other mislabeling issues also has risen dramatically. Although CGL and business property insurance policies provide some protection against liability for food contamination and recalls, savvy food companies should also consider specialized recall and contamination coverage.
These specialized policies may cover the reasonable costs that a policyholder incurs, for example, to examine its products for contamination, announce and institute a product recall, safely destroy contaminated products, and reimburse distributors and retailers for down-stream recall costs. Such policies often include crisis management coverage to help the policyholder mitigate negative media reports.

Varying types of special coverage. Because recall and contamination policies are not standardized, individual insurers offer differing policy terms and levels of coverage. Companies contemplating the addition of such coverage, or pursuing coverage under an existing policy, should closely examine the policy to understand the scope and limitations of coverage.

Items to watch. When purchasing such coverage, food companies need to identify their primary risks and negotiate the broadest possible coverage. In addition, because such policies often include very strict notice requirements, policyholders should give notice as soon as a recall arises to avoid coverage denial on late notice grounds.

Christina Buschmann, Linda Powell and Adrian Torres, Perkins Coie Insurance Recovery attorneys, also contributed to this article.

Customers Accept Hacking Risks, But Hold Businesses Fully Accountable for Cyber Risk

While most consumers are coming to consider hacking normal, they are definitely far from letting businesses off the hook for their failures to guard against cyberthreats. According to a new study from enterprise security firm Centrify, about three quarters of adults say it is probably or definitely normal and expected for businesses and large organizations to be hacked, and 66% of adults in the U.S. are at least somewhat likely to stop doing business with a company that has suffered a cyberbreach – a figure that rises to 75% in the U.K.

Consumers also firmly believe that the burden of responsibility for guarding against cyberrisk falls squarely on businesses. On a 10-point scale, two thirds of respondents rated corporations as a nine or 10 in terms of how responsible they should be for preventing hacks and securing customers’ personal information. When companies are hacked, they consequently also bear the burden of being fully accountable to their customers, and many are failing, further compounding the odds of concrete consequences from clients. In the U.S., 41% said that corporations do not take enough responsibility when they are hacked, a sentiment shared by 50% of U.K. respondents.

The study found that 21% of U.S. consumers say they are “very likely” to stop doing business with a company that has been hacked. Those most likely to do so include those who have had their personal information compromised in a hack, those who are tech savvy, and those who are frequent online shoppers.

“The study clearly points to the need for organizations to dramatically bolster their security systems and do everything in their power to protect consumer information and prevent a breach,” said Tom Kemp, CEO of Centrify. “When companies put customer data at risk they are really putting their entire business at risk. Consumers simply will not tolerate doing business with hacked organizations. It’s time for organizations to take full responsibility for their security and put the proper measures in place once and for all.”

Check out some of the study’s findings in the infographic below:

Centrify Infographic