Category Archives: Emerging Risk

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

New Approaches Needed for Effective Data Risk Management

Posted on by

virus

Over time, the role of corporate legal departments has expanded to address the increasing risks in corporations—from increasing involvement in implementing corporate policies to leading employee training on procedures for managing electronic communications, social media, and bring your own device (BYOD) policies. This shift, however, is not enough to meet the challenges posed by an increasing range of risks proliferating within global organizations. Legal and compliance groups must also take the lead in finding new ways to leverage the power inherent in their data and address the challenges posed by massive data stores, information and network security challenges, as well as regulatory compliance requirements.

Failings of Traditional Strategies

In the past, organizations used straightforward, people-intensive methods to search for and remediate risk. For example, organizations instituted policies training, hoping that it would be sufficient to corral employee use of electronic communications, BYOD, and social media. Some may have formed working groups or intradepartmental committees designed to consider the implications of data privacy or information security for their businesses. Others rely on basic technology, such as keyword searches, that trigger electronic alerts when they find a hit in a document.

While these tools are still important to demonstrate compliance, they are insufficient alone to monitor for risk.

buy estrace online www.biop.cz/slimbox/css/gif/estrace.html no prescription pharmacy

Older technology falls short when it comes to handling unstructured data, such as e-mail. For example, discerning employees will be too cautious to use triggering keywords such as “donations” or “bribes” when referring to illicit activity. Keywords are also notoriously inaccurate: if over-inclusive, they may yield a stockpile of irrelevant information, while under-inclusive keywords could omit critical documents from discovery.

Trends Drive New Risk Management Approaches

Three recent trends—escalations in data volumes, increasing threats to data privacy and security, and heightened regulatory scrutiny—highlight the need for more intensive means to investigate risk in organizations.

1-Burgeoning Data Stores

With today’s hyperfocus on information, risk follows data. The more data sources organizations have, and the more locations for storage of data, the greater the legal exposure.

Email is perhaps the most insidious source of risk, as hackers may look to exploit unwitting employees who may open spoofed e-mails containing malware or viruses designed to attack the corporate network. Along with e-mail, employees also have more ways than ever to share confidential corporate data such as trade secrets with outsiders. Newer forms of unstructured data, such as social media and instant messaging, allow people to disperse troubling information even more rapidly than before.

As more organizations look for low-cost storage for their data reserves, they have turned to the cloud—yet another source of potential risk to data privacy. Cloud providers may be susceptible to the same hacker schemes as employees. Moreover, depending on the terms of their service-level agreements, they could employ lax security protocols, lack disaster-recovery plans, share data with other clients, or transfer data to third parties, all without notifying the data owner. Furthermore, depending on the location of the cloud storage, it may trigger the application of international laws that protect data privacy and prevent the processing or transfer of a corporation’s data.

2-Data Privacy and Security

Traditional approaches to risk management are poorly equipped to meet the demands imposed by today’s data privacy and security regulations, particularly when it comes to the need to protect personally identifiable information, protected health information, nonpublic information, trade secrets, and privileged data.

This is especially true for global organizations, which are likely to have information cross international borders and trigger other nations’ data privacy schemes. Many nations have adopted restrictive schemes designed to protect their citizens’ personal information, such as the European Union’s Data Protection Directive, which controls when and how organizations can collect, process, store, alter, retrieve, and transmit this personal data. Many nations in the Asia-Pacific region have also created data privacy regimes, including China, which has blocking statutes that forbid the cross-border transfer of documents that contain “state secrets” as well as confidential commercial information.

Domestically, organizations must worry about laws such as the Health Information Technology for Economic and Clinical Health (HITECH) Act, which extends the Health Insurance Portability and Accountability Act (HIPAA) to a covered entity’s third-party business associates. Under HIPAA’s Security Rule, organizations and their business associates must take reasonable measures to safeguard protected health information.

buy tamiflu online www.biop.cz/slimbox/css/gif/tamiflu.html no prescription pharmacy

Organizations must vigilantly monitor their data to ensure there are no gaps in security that would violate these rules.

3-Regulatory Enforcement

The nation’s regulatory framework is becoming more complex almost by the day. Regulations that supplement laws such as the Foreign Corrupt Practices Act (FCPA) and the International Traffic in Arms Regulations (ITAR) have generated new areas of vulnerability, particularly when it comes to third-party relationships.

For example, the current administration has taken the position that no FCPA infraction is too small to prosecute. Organizations that fail to take proactive measures to search for, disclose, and remediate misconduct are likely to face substantial penalties if a regulatory agency discovers misconduct. Traditional tools, such as internal audits, are not up to the task of detecting the malfeasance of internal fraudsters, who may mask their corrupt behavior with code words or other innuendo that make it difficult to discover using keywords. Unless more advanced tools are used, an organization’s best defense against fraud might be reliance on tipsters.

A similar approach is required to ensure compliance with ITAR. This law imposes stiff penalties, including millions in fines, against U.S. organizations that export “defense articles” without government authorization. “Articles” is defined so broadly that it covers technical, defense-related data in documents, blueprints, drawings, photographs, plans, or instructions. The Directorate of Defense Trade Controls, the U.S. agency that enforces ITAR, is likely to take a more lenient approach with companies that have implemented a rigorous compliance program and that voluntarily disclose and remediate any failures.

Data-Driven Tools

Risk professionals now have a number of advanced analytics tools at their disposal to counteract the additional risks that lurk in emerging forms of data. Linguistic analysis techniques can identify instances where employees use seemingly innocuous words or phrases to engage in subterfuge. Concept clustering is a tool that isolates subtle patterns within documents that seem dissimilar to the untrained—or undigitized—eye. These conceptual search tools can identify patterns in documents, based on keywords or chunks of text, and flag the documents that refer to items that might fall within ITAR’s purview. Data visualization tools can analyze relationships and look for troubling connections that might violate the FCPA, such as links between employees, vendors, and foreign officials. In addition, anomaly detection tools can scan records for irregularities, such as unusual recurring payments.

Counsel, risk and compliance professionals can also apply tools such as technology-assisted review (TAR) to prioritize documents for review based on the likelihood that they contain material of concern. Using TAR, experienced legal counsel code a seed set of documents for relevancy to the issue at hand. Once done, they feed these documents into a computer that is programmed to uncover the logical reasoning behind the lawyers’ coding decisions. Sophisticated algorithms then apply that logic across an entire document population.

buy cytotec online www.biop.cz/slimbox/css/gif/cytotec.html no prescription pharmacy

The process is iterative, so that ultimately the computer’s logic closely mirrors the lawyers’ coding decisions. Organizations can use TAR to limit the population of documents for review, thus expediting the data mining process.

Climate Change’s Impact on Cities and Businesses

Posted on by

Growing populations around the globe have created larger cities, as well as greater concentrations of risk. It is projected that a rise in sea levels and increased intensity of events will amplify the impact of hurricanes, tornadoes, heat waves, floods and droughts. Because of this, climate change is seen as one of the biggest threats to cities and businesses and could account for an estimated 20% of the global GDP by the end of this century, according to “Business Unusual: Why the climate is changing the rules for our cities and SMEs” by AXA.

While some cities have worked to put resilience plans in place to reduce the impact of flooding and other disasters, there is much to be done and businesses are vulnerable, especially small- to medium-sized enterprises (SMEs). Only 26% of SMEs have taken action to protect themselves, yet 54% are worried about the impact climate change could have on their business, and the number rises to 75% in emerging markets, the study found.

AXA-SME impact

“These disasters would be magnified by the fact that populations and assets have never been so concentrated in disaster-prone areas,” Henri de Castries, chairman and CEO of AXA Group said in the report. “Half of the world’s population now resides in cities, often along coastlines, and this proportion is due to rise to nearly two-thirds by the middle of the century, representing some 6.4 billion people. It comes as little surprise, then, that 80% of the climate change adaptation costs for 2010-2050 would be borne by urban areas.”

According to the report, these are common elements of resilience planning:

  • Risk assessments to identify key vulnerabilities.
  • Adaptation of essential infrastructure to withstand changes to the environment.
  • Development of flood defenses to protect inhabited areas from flooding caused by extreme weather events and increased rainfall.
  • Urban planning and relocation of buildings, including adapting to future developments that allow greater resilience to the consequences of climate change.
  • Development of emergency warning and response plans—emergency response planning is a core pillar of resilience strategy.
  • Community engagement and awareness-raising activities.

Additional findings:

Impact IImpactII

 

Cyber Insurance Purchasing Up, But Breaches Felt in Prices and Limits

Posted on by

NEW YORK—At yesterday’s Advisen Cyber Insights Conference, Zurich and Advisen released the fifth annual Advisen Cyber Survey of U.S. risk managers, finding a 9% acceleration in cyber liability insurance purchasing from 2014 to 2015. The firm has seen a 26% increase in the number of respondents who have coverage since the first survey in 2011.

Companies are taking cyberliability more seriously, Zurich reports, with the number of organizations developing data breach response plans up 10% from last year. What’s more, companies appear to be better recognizing the sheer amount of value at risk, with two-thirds of respondents saying they have either increased their policy limits or are considering doing so. While Zurich found that more organizations view information security as an organizational challenge rather than the purview of the IT department alone, and respondents said that boards and executive management are taking cyberrisk more seriously, those who have not yet obtained cyber coverage say it is because their superiors still do not see the need. There is also still a considerable difference in take-up rates among large corporations and small and mid-sized businesses, with Catherine Mulligan, senior vice president and national underwriting manager of specialty E&O, telling the audience there is an approximate 20-point spread between the groups.

“This year’s cyber survey shows that demand for coverage and higher limits has increased tremendously and we at Zurich have seen double digit growth year over year,” said Bryan Salvatore, president of specialty products for Zurich North America. “That is why we are heavily invested in identifying risks and delivering solutions and why we are committed to staying at the forefront of this issue.”

Marsh has also seen considerable growth in cyber liability insurance purchasing among its clients. According to the insurer’s new midyear cyber benchmarking report, the number of U.S.-based Marsh clients purchasing standalone cyber insurance increased 32% in the first half of 2015, up from 26% growth during this period in 2014. By sector, members of the education industry made up the biggest growth, with 155% more clients purchasing the coverage, followed by power and utilities with a 100% increase and manufacturing with a 76% increase. The healthcare sector remains Marsh’s largest buyer of cyber coverage, with 41% of all clients in this industry purchasing it by the end of the first half of 2015.

Cyber liability insurance growth rates

Sessions throughout the conference made clear that insurers—and the industry at large—are still struggling with what is also risk managers’ biggest challenge: data. Completely evaluating the true value at risk with cyber liability continues to elude both sides, although many new approaches and consultancy services are emerging. Further, the dearth of actuarial data not only compounds the challenges of the cyberrisk assessment process, but make it hard for the industry to set pricing and limits with confidence.

“It is hard for insurers to be prudent with cyber as risk managers often do not fully understand how to measure their exposure,” Mulligan said.

“Actuarial data is the Holy Grail of the cyberinsurance market: we’re all searching for it and it’s just not there,” said Bob Parisi, cyber product leader at Marsh, who moderated a session on the struggle to quantify and model cyberrisk.

In addition to the actuarial uncertainty, the considerable number of large losses over the past few years is continuing to push up the cost of cyber, forming what Willis executive vice president Peter Foster described as a “hot” market that will have to cool and solidify with time. Parisi chose to describe the market as “brittle” after absorbing several hundred million dollars in losses, and a range of insurers and brokers reported that premiums have increased dramatically as a result. The Marsh study found that price increases across industries averaged 19%, with 32% increases among retailers, the most frequently breached sector over the past few years.

cyber insurance limits purchased

While these breaches and better estimates of the real cost of cyber incidents have helped many companies realize they may be underinsuring for cyber liability, the move to correct this is getting more difficult. Insurers have said repeatedly that there is plenty of capacity in the cyberinsurance market and many buyers have increased the limits purchased, but higher limits of liability are increasingly hard to come by, and none really exist in excess of $100 million. Particularly for businesses that have yet to implement serious efforts to address information security, rate increases appear sure to continue, and simply buying more coverage will not only be unsustainable, but may not even be possible as insurers give more thought to the capacity they are willing to commit to these risks.

“There is just not enough capacity to extend $50 to $100 million limits to every account,” said Greg Vernaci, AIG’s head of cyber in the United States and Canada. “We are looking to reward those companies with a robust information security posture who go beyond and take a multifaceted approach to managing cyberrisk.”

Great ShakeOut Brings Awareness to Earthquake Dangers

Posted on by

New research into earthquake activity in the United States has revealed that nearly half of all Americans are at risk of potential ground shaking from earthquakes. This is almost twice the previous estimate of 75 million, according to the U.S. Geological Survey (USGS).

“The new exposure estimate is nearly double the previous 2006 estimate of 75 million Americans in 39 states, and is attributed to both population growth and advances in science,” William Leith, USGS senior science advisor for earthquake and geologic hazards and co-author of the study said in a statement. “Populations have grown significantly in areas prone to earthquakes, and USGS scientists have improved data and methodologies that allow for more accurate estimates of earthquake hazards and ground shaking.

online pharmacy champix with best prices today in the USA

ShakeOut

To bring awareness to this potential danger, a number of organizations worldwide are participating today in the Great ShakeOut, which encourages individuals and organizations to develop contingency plans and practice earthquake drills.

During the drill, participants practice “drop, cover, and hold on,” the recommended safety action to take during an earthquake.

ShakeOut 1

Take cover under a sturdy desk or table, and hold on to it securely. If there is not a desk or table nearby, drop to the floor against an interior wall, then protect your head and neck with your arms.

online pharmacy cellcept with best prices today in the USA

Avoid exterior walls, windows, hanging objects, mirrors, tall furniture, large appliances, and kitchen cabinets filled with heavy objects or glass.

online pharmacy buspar with best prices today in the USA

While on the ground, look around and see what objects could fall during a potential earthquake, and make sure to secure or move those items after the drill.

The Great ShakeOut recommends that organizations:

Meet with department heads to review plan and obtain their buy-in, if necessary, and determine what level of drill your organization will conduct and who will participate. Consider drilling at a higher level to engage staff to be more effective during a disaster. (Drill manuals are available in ShakeOut regional website in the Resources section)

  • Level 1 – Simple: Drop, Cover and Hold On
  • Level 2 – Basic: Life Safety Drill
  • Level 3 – Intermediate: Decision-Making Drill
  • Level 4 – Advanced: Business Operations Drill

Create a drill/exercise plan that includes an overview of what your drill will consist of (even if just drop, cover and hold on), what you expect to happen during the drill, and a feedback session after the drill to identify strengths and weaknesses

  • Inform employees/staff participants of date and time of drill, your expectations for their participation, and the benefits of the drill
  • Encourage suppliers, vendors, contractors, partnering organizations, and others in your network to participate – as a means of protecting your organization – and share ShakeOut resources with them. (Consider other tasks that can protect your organization and supply chain, such as having service agreements in place to ensure that the services or products you rely on will be available after disaster)

Create an employee awareness campaign:

  • Post ShakeOut banners and signs throughout your organization to encourage and remind employees, vendors, and customer to participate
  • Initiate an email campaign to employees, staff, and customers with information and tips on how to prepare at home and work
  • Encourage employees to post a ShakeOut-related safety message on their outgoing email messages.

Review and use materials in the Resources section of your regional ShakeOut website:

• Drill broadcast audio/video recordings

• Earthquake safety recommendations for people with disabilities, for people in stores, etc.

• Custom flyers for many organization types

Hold a drill on ShakeOut day (or an alternative date)

  • Have post-drill discussions to hear what people learned and plan next steps.