Category Archives: Reputation Risk

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

Holding Executives Accountable for Cybersecurity Failures

Posted on by

The average cost of a data breach for companies surveyed has grown to $4 million, a 29% increase since 2013, with the per-record costs continuing to rise, according to the 2016 Ponemon Cost of a Data Breach Study, sponsored by IBM. The average cost hit $158 per record, but they are far more costly in highly regulated industries—in healthcare, for example, businesses are looking at $355 each, a full $100 more than in 2013. These incidents have grown in both volume and sophistication, with 64% more security incidents reported in 2015 than in 2014.

Ponemon wrote:

Leveraging an incident response team was the single biggest factor associated with reducing the cost of a data breach–saving companies nearly $400,000 on average (or $16 per record). In fact, response activities like incident forensics, communications, legal expenditures and regulatory mandates account for 59 percent of the cost of a data breach. Part of these high costs may be linked to the fact that 70 percent of U.S. security executives report they don’t have incident response plans in place.

With so much on the line, more and more companies and consumers continue to search for whom to hold accountable for cybersecurity failures, and the message is becoming clearer: executives need to get serious or watch out.

In a recent report from Bay Dynamics, “How Boards of Directors Really Feel About Cyber Security Reports,” board members expressed a surprising amount of confidence in their abilities to understand and act on cyberrisk threats and indicated there are real risks on the table for IT and security executives. Almost all of those surveyed said that some form of action will be taken should these executives not provide useful and actionable information, with 59% claiming there is a good chance one or more security executives would lose their job over such reporting failures.

More board members (26%) ranked cybersecurity risk as their highest corporate priority than any other risk, including financial, legal, regulatory and competitive risks, and 89% said they are “very involved” in making cybersecurity decisions.

Following the typical presentations from IT and security executives, more than three in five board members are both significantly or very “satisfied” (64%) and “inspired” (65%), but 32% are significantly or very “worried,” and 19% are significantly or very “confused” and “angry.”

According to the report:

Of the information provided to them during these presentations, the majority of board members (97%) say they know exactly what to do or have a good idea of what to do with the information. This statistic, however, does conflict with IT and security executives’ thoughts on the information they present. Based on our December 2015 survey, only 40% of IT and security executives believe the information they provide the board is actionable. There is a clear disconnect here between what the board perceives is actionable information, and what IT and security executives define as data that can be used to make informed decisions.

“IT and security executives are focusing on what they believe are the most impactful issues: a) forward-looking information about known vulnerabilities that could potentially harm the company in the future, b) specifics about data that was lost as a result of known infiltrations and data breaches, and c) the impact of these infiltrations and breaches,” Bay reports. “Interestingly, while information about how much is spent to address cyber risk is reported by IT and security executives in less than one-half of the companies surveyed, this was the most commonly cited information that board members said they needed to make investments for cyber risk planning and expenditures.”

Bay also pointed to a critical challenge in the education gap of many board members and the reliance upon information security executives: a large portion of the education board members have on infosec is from the organization’s IT and security executives, and “when the person education you on cybersecurity is the same individual tasted with measuring and reducing cyberrisk, there’s a fundamental disconnect.” It is extremely difficult for board members to understand what they are missing without education of their own and a third-party audit in place.

As cyberrisk continues to become a top enterprise risk priority, the consequences of failure may impact more of the C-suite than just chief information security officers or top IT executives. In May, following a social engineering fraud case that resulted in a wire transfer of 50 million euros, Austrian aircraft parts manufacturer FACC fired its chief executive of 17 years. Some regulators also want to start holding chief executives accountable in a way that truly speaks to them: their paychecks.

online pharmacy suhagra with best prices today in the USA

According to a report from members of parliament on the British Culture, Media and Sport Select Committee, Britain’s status as the leading internet economy in the G20 is under threat from a combination of increasing reliance on digital infrastructure, and inadequate protection of it. To address the issue, they suggest that chief executives who fail to prevent cybersecurity breaches have a portion of their pay docked.

Such was the case with Baroness Harding, the chief executive of TalkTalk, Britain’s fourth-largest broadband provider, which suffered a high-profile cyberattack recently.

online pharmacy mobic with best prices today in the USA

Her performance bonus was slashed by more than a third as a result of the company’s security failings.

online pharmacy naprosyn with best prices today in the USA

“Companies must have robust strategies and processes in place, backed by adequate resources and clear lines of accountability, to stay one step ahead in a sophisticated and rapidly evolving environment,” said Jesse Norman, chairman of the committee. “Failure to prepare for or learn from cyber-attacks, and failure to inform and protect consumers, must draw sanctions serious enough to act as a real incentive and deterrent.”

Oil and Politics: Brazil’s Petrobras Scandal

Posted on by

PetrobasLast month, we focused on Mexico and specifically the state-owned oil company Pemex as a risk for companies selling or investing into Latin America. We saw that Pemex represents a drag on Mexican fiscal accounts and is imposing losses on suppliers and investors. This month, we turn our gaze to Brazil: it is similar to Mexico in that it has a dominant, politically charged state-owned oil company, but different because the scale of the crisis is much more severe, as are the risks to suppliers and investors.

Brazil is undergoing a major economic and political crisis, and its state-owned oil company, Petróleo Brasileiro S.A. (Petrobras), is right at the center of the trouble. Petrobras shares some of the same challenges as Pemex: It started as an entirely state-owned firm, was used as an instrument of government policy from inception and took on enormous quantities of debt in recent times, exemplified by its $11 billion debt issue in 2013—the largest on record for emerging markets.

Brazil, however, recognizing earlier than Mexico the necessity of foreign investment for a viable oil industry, opened up the sector in 1997 and eventually reduced the government shareholding to 64% (direct plus indirect). Petrobras expanded into deepwater areas in Angola and the Gulf of Mexico and became one of the few national oil companies able to equally compete with companies such as Royal Dutch Shell and Total.

In 2014, information about the extent of corruption between Petrobras board members, various politicians and business executives not only came to light, but also sparked official investigations and arrests. President Dilma Rouseff has been temporarily removed from office pending a trial by the Senate. The official charge against her is manipulating the federal budget by directing state banks to support spending programs. She was the chair of Petrobras when the corruption allegedly occurred, however, and she and her party (Partido dos Trabalhadores or PT) are perceived by many as at least partly responsible for the scandal.

It is likely that Rouseff will be permanently removed from office within six months, but the uncertainty does not end there: As of this writing, two cabinet ministers have been removed from office, and six more are under investigation. Dozens of politicians and executives have been convicted in connection with the scandal, and prosecutors have recovered $795 million in stolen money. The economy of Brazil shrank 3.8% in 2015 and is projected to shrink another 3.5% in 2016. Moody’s downgraded Petrobras to Ba2 in December 2015, and S&P cut the sovereign rating to BB with a negative outlook in February. With the Zika virus now causing a global health emergency and the Olympics beginning in August, one wonders how many more stresses Brazil can take before serious political unrest breaks out.

Like with Pemex, the Petrobras crisis is increasing risks to suppliers already: There are trade credit insurance claims stemming from suppliers to Petrobras, and the wider Brazilian economic downturn (combined with the commodity price trough) is giving rise to other credit losses. But the Brazilian crisis goes well beyond trade credit risk. Brazil is a $2.2 trillion economy and one of the largest bond issuers in the emerging markets. As a result, this crisis has global implications: Eurasia Group has Brazil as one of its top 10 global risks for 2016.

Mexico and Brazil are not the only countries dependent on state-owned oil (or other natural resource) companies that are facing major challenges: Venezuela, Ecuador, Nigeria, Angola, Russia—the list goes on and on. In Brazil, however, there are some mitigating circumstances that reveal a silver lining. First, 85% of Brazil’s sovereign debt is held domestically, meaning it is less affected by currency depreciation and is easier to reschedule. Provided Brazil takes on some painful fiscal reforms, the country can dig itself out of the economic crisis. Secondly, so far, officials have been able to investigate and prosecute some of the parties responsible, despite the defendants being some of the more powerful people in Brazil.

There is hope that Brazil’s institutions will emerge all the stronger for being able to correct wrongdoing, which may set the stage for a more just Brazil and a better investment and credit risk environment in the long run. In the meantime, we are likely to see severe market and political volatility. It is a good idea to closely monitor your exposure in Brazil and in other countries dependent on highly indebted state-owned natural resource companies.

The Dos, Don’ts and Maybes of Social Media

Posted on by

Social mediaIt takes one second to send a Tweet or Instagram post onto the internet for all to see. But for companies active on social media, the legal ramifications of those 140 characters or that one photo can last a whole lot longer.

At a recent seminar in New York, lawyers and communications professionals representing some of the world’s most famous brands learned a lot about the dos and don’ts of social media for companies, specifically companies interested in pushing boundaries but avoiding lawsuits. Perhaps more importantly, they learned a lot about the maybe dos and maybe don’ts through several real-world examples.

“When you get it wrong, it comes with a lot of implications,” said Maggie O’Neill, managing director and partner at strategic communications firm Peppercomm, which recently co-hosted the event with Davis & Gilbert LLP.

Sue Me, Maybe?

O’Neill and her counterpart, Davis & Gilbert marketing and promotions partner Allison Fitzpatrick, brought up one of the more famous “maybe don’ts” in recent memory: Peyton Manning’s proclamation after Super Bowl 50 that his first order of business was to “drink a lot of Budweiser,” setting off a social media firestorm.

“This had the potential to really blow up into something legal,” O’Neill said. After all, Manning isn’t a spokesman for Budweiser, but he does own several Budweiser distributors. The appearance of “free” advertising if, say, an implicit agreement between the two parties was in place, would have been a no-no, and the fact that it’s not common knowledge that Manning owns those distributors makes it a “maybe no-no.” Adeptly, a Budweiser communications pro tweeted that, while the brewer was “surprised and delighted” at Manning’s off-the-cuff endorsement, “Budweiser did not pay Peyton Manning” for it. While that tweet doesn’t guarantee Budweiser’s immunity from a government lawsuit, it certainly represents a skillful handling of the situation.

Know Your Subject

Not all companies have been as adept, O’Neill and Fitzpatrick pointed out. The Duane Reade chain famously got sued by Katherine Heigl after tweeting an unflattering photo of the actress coming out of one of its pharmacies carrying bags. Heigl sued for $6 million, claiming the company violated New York State and federal laws that protect the use of a person’s likeness for trade purposes. She eventually dropped the suit, but it made the kind of headlines Duane Reade – and most companies – never want.

Fast-food chain Arby’s, on the other hand, got universal kudos for its tweet about the hat worn by rapper Pharrell Williams at the 2014 Grammy’s, which looked similar to the one on the Arby’s logo. “Hey @Pharrell, can we have our hat back,” Arby’s tweeted, with the hashtag #GRAMMYs. Pharrell was a good sport about it, and when he eventually put the hat up for charity auction on eBay, Arby’s announced via Twitter that it was the party responsible for the $44,100 winning bid.

“The best part is, Pharrell did not sue,” Fitzpatrick said at the panel. But, she added, “it doesn’t mean there’s no risk.” One quick and easy first step, according to Fitzpatrick, is to do a quick Google search to “see if they’re litigious or not.”

Copyright Law in the 21st Century

For brands active on social media, copyright law is another consideration. Being mindful of trademarks like “Super Bowl” and “NCAA” while tweeting about events can save companies a lot of money from potential legal woes.

For instance, when TGI Friday’s pushed boundaries by petitioning the International Olympic Committee to make bartending an official sport, lawyers were kept in the loop to make sure the campaign garnered media and public interest on traditional and social media but didn’t cross any copyright law lines.

What’s next?

With technology constantly changing and regulators scrambling to adapt to those changes, Fitzpatrick said the next frontier could be regulatory action against celebrity spokespeople. It’s generally known around the world that Nike endorses Tiger Woods, but what if a celebrity whose endorsement deal is lesser-known doesn’t disclose the relationship in a tweet? This could be the next major question the Federal Trade Commission starts asking.

Key Guidelines

Fitzpatrick offered a few general guidelines that companies can follow.

  • When using hashtags, be careful not to suggest an endorsement or association between your brand and the event, unless there actually is one.
  • The more the merrier. See if other brands are tweeting about the event. If they are, chances are your legal risks are lower.
  • There are a lot of work-related reasons to follow, a brand, on social media, so most experts think a simple follow is probably okay. A “like” or a “share” could be a little dicier.
  • When in doubt, research, confirm, and speak to legal.

Switzerland, Norway Rank Highest in Supply Chain Resilience

Posted on by

Plummeting oil prices, natural catastrophes and political disruption in a borderless business environment are some of the threats to the resilience of countries that can impact supply chains, according to the 2016 FM Global Resilience Index, which aggregates data to help companies identify their key supply chain risks. The Index ranked the resilience of 130 countries to supply chain disruption based on drivers in three categories: economic, risk quality and supply chain factors.

This year’s top-rated country, Switzerland, traded places with Norway—a reflection of Norway’s drop in oil revenue at a time of falling crude oil prices. Rounding out the top 10 in the Index, in descending order, are Ireland, Germany, Luxembourg, the Netherlands, the central United States, Canada, Australia and Denmark.

The lowest-ranked country in 2016 is Venezuela (ranked 130) for the second year in a row. It is followed in ascending order by the Dominican Republic, Kyrgyz Republic, Nicaragua, Mauritania, Ukraine, Egypt, Algeria, Jamaica and Honduras.

For the second consecutive year, Ukraine (ranked 125, down from 107) was among the countries with the biggest drop, reflecting the high degree of tension the remains within the country as well as with Russia (ranked 75).

FM Global also noted:

Venezuela’s position at the bottom reflects its exposure to the natural hazards of wind and earthquake, perceptions of its lack of control of corruption and poor infrastructure and its ill-perceived local supplier quality.

France (ranked 19) and the United Kingdom (ranked 20) retained their positions from last year, while Germany (ranked 4) rose by two places.

The United States is segmented into three regions to reflect disparate natural hazards exposure:

Region 1, encompassing much of the East Coast, is ranked 11 in the Index.

Region 2, primarily the Western United States, is ranked 21.

Region 3, which includes most of the central portion of the country, is ranked 7 in the Index.
FM Global-infographic