Category Archives: Uncategorized

Игроки всегда ценят удобный и стабильный доступ к играм. Для этого идеально подходит зеркало Вавады, которое позволяет обходить любые ограничения, обеспечивая доступ ко всем бонусам и слотам.

Cyber Blackout Could Cost Insurers $71 Billion, Lloyd’s Reports

Posted on by

A cyberattack targeting the U.S. power grid would have widespread economic implications, resulting in insurance claims of between $21.4 billion and $71.1 billion in a worst case scenario, according to a report by Lloyd’s.

Lloyd’s and the University of Cambridge’s Centre for Risk Studies recently released “Business Blackout,” which examines the insurance implications of a major cyberattack using the U.S. power grid as an example. In the scenario outlined, malware is used to infect control rooms for generating electricity in areas of the Northeastern U.S. The malware goes undetected and locates 50 generators that it can control, forcing them to overload and burn out. The scenario, described as “improbable but technologically possible,” leaves 15 states in darkness, meaning that 93 million people are without power.

Economic impacts include direct damage to assets and infrastructure, decline in sales revenue to electricity supply companies, loss of sales revenue for businesses and disruption to the supply chain. The total impact to the U.S. economy is estimated at $243 billion, rising to more than $1 trillion in the most extreme version of the scenario.

Claimant types fell into six categories:

Power generation companies

• Property damage to their generators.

• Business interruption from being unable to sell electricity as a result of property damage.

• Incident response costs and fines from regulators for failing to provide power.

buy xtandi online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/xtandi.html no prescription pharmacy

Defendant companies

• Companies sued by power generation businesses to recover a proportion of losses incurred under defendants’ liability insurance.

Companies that lose power – companies that suffer losses as a result of the blackout.

• Property losses (principally to perishable cold store contents).

• Business interruption from power loss (with suppliers extension).

• Failure to protect workforces or causing pollution as a result of the loss of power.

Companies indirectly affected – a separate category of companies that are outside the power outage but are impacted by supply chain disruption emanating from the blackout region.

• Contingent business interruption and critical vendor coverage.

buy estrace online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/estrace.html no prescription pharmacy

• Share price devaluation as a result of having inadequate contingency plans may generate claims under their directors’ and officers’ liability insurance.

Homeowners

• Property damage, principally resulting from fridge and freezer contents defrosting, covered by contents insurance.

Specialty

• Claims possible under various specialty covers, most importantly event cancellation.

 Other key findings of the report include:

• Responding to these challenges will require innovation by insurers. The pace of innovation will likely be linked to the rate at which some of the uncertainties revealed in this report can be reduced.

• Cyberattack represents a peril that could trigger losses across multiple sectors of the economy.

• A key requirement for an insurance response to cyber risks will be to enhance the quality of data available and to continue the development of probabilistic modelling.

buy inderal online haveagreatsmile.com/wp-content/uploads/2023/10/jpg/inderal.html no prescription pharmacy

• The sharing of cyberattack data is a complex issue, but it could be an important element for enabling the insurance solutions required for this key emerging risk.

Lowering the Detection Deficit: What Industries Can Gain from Continuous Monitoring

Posted on by

As cyber threats emerge and evolve each day, they pose challenges for organizations of all sizes, in all industries. Even though most industries are investing heavily in cybersecurity, many companies are still playing catch up, discovering breaches days, months, and even years after they occur. The 2015 Verizon DBIR shows that this “detection deficit” is still increasing: The time taken for attackers to compromise networks is significantly less than the time it takes for organizations to discover breaches.

The risk posed by third parties complicates the issue further. How can an organization allocate time and resources to trust their partners’ security when they are struggling to keep up with their own? Over the years, audits, questionnaires, and penetration tests have helped to assess third party risk. However, in today’s ever-changing cyber landscape, these tools alone do not offer an up-to-date, objective view. While continuous monitoring solutions can improve detection and remediation times for all organizations, the retail, healthcare, and utilities industries can especially benefit from greater adoption.

Retail

Some of the most notable data breaches have occurred in the retail sector. Recently, eBay asked its 145 million customers to change passwords after names, e-mail addresses, physical addresses, phone numbers and dates of birth were stolen. Retailers frequently work with new vendors and suppliers over time. Moreover, companies rely on point-of-sale systems (PoS) that are often susceptible to new types of malware. Compounded with the challenge of dealing with a large number of vendors and keeping up with new vulnerabilities, retail often ranks low in detection times. A recent study by Arbor Networks and the Ponemon Institute found that retailers take an average of 197 days to detect advanced threats on their networks.

Retail companies with tight budgets may not be able to commit the same amount of resources towards security as the Finance sector. Yet, implementing a continuous monitoring solution will enable companies to better monitor their own networks and stay on top of threats in their vendor ecosystem in a more cost-effective manner. Furthermore, it will also help retailers reduce detection and remediation times.

Healthcare

Healthcare providers have recently dominated headlines with large data breaches. In January, Premera disclosed that it lost information for roughly 11 million of its customers. A month earlier, Anthem Inc., said information of close to 70 million current and former employees and customers was stolen. Both of these breaches exposed personally identifiable information (PII) including SSNs and birthdays, and possibly medical information as well.

In general, healthcare providers have an immense amount of devices connected to their networks. Following widely known breaches in this sector, many criticized organizations for failing to encrypt files containing sensitive customer information. While stronger encryption would certainly help, these companies must also ensure their networks are secure in the first place. Weeks before the Premera breach, federal auditors told the organization that some of its network security practices were inadequate and vulnerable to attack. If Premera had been monitoring their networks with greater frequency, they may have learned of these vulnerabilities earlier, on their own. Subsequently, they may have had significantly more time to patch and prevent a breach.

Utilities

Companies in the Utilities sector are challenged with protecting critical infrastructure. These companies also hold a large amount of customer data, making them big targets for hackers looking to destroy or exfiltrate data. In 2014, nearly 70% of companies in the utility sector said they had been breached. Many companies also have reported attempts to have their data completely deleted or destroyed.

Breaches of Utility companies are often not disclosed, so the full scope of vulnerable companies are in this industry is not fully understood. However, a recent study found that 52% of companies in the Utilities industry had significant botnet infections. Greater monitoring will be necessary for companies in this sector to decrease the breadth of infection. Without it, our critical infrastructure and personal information remain vulnerable.

Narrowing the gap

For this “detection deficit” to narrow, companies need to monitor their own networks with greater frequency. As business have increasingly outsourced their operations over the years, they will also need to monitor third parties –and even fourth parties– to manage risk.

A recent survey found that 46% of companies that experienced a data breach took more than four months to detect a problem on their networks. Perhaps even more concerning is that 70% of these breaches were detected by a third party. Continuous monitoring solutions will enable organizations to detect intrusions as they occur. As a result, IT teams can spend more time and resources on fixing and remediating threats rather than detecting them in the first place.

Nobody wants to live the embarrassment of being told over the phone that they’ve been breached, or worse, read about it in the news. But as more organizations adopt continuous monitoring solutions, this experience should become far less frequent.

Linking ERM and the Insurance Underwriting Process

Posted on by

Enterprise Risk Management (ERM), in one form or another, has been around for almost two decades. The number of publicly traded companies, especially those in highly regulated industry sectors, have been deploying the ERM process primarily because they were pushed (explicitly or implicitly) to do so by the major credit rating agencies, government mandates such as SEC 33-9089 or Dodd-Frank, their internal/external auditors, or members of the board of directors.  No matter where the spark came from, however, the number of companies utilizing the ERM process continues to grow.

CFOs, CROs, and risk managers that have been practicing ERM for years have been incurring the expenses for doing so. As ERM programs mature it might be time to consider, in monetary terms, the value the company and its insurers places on all the work that has been done over the years. CFOs ask questions about return on investment (ROI) all the time – why not about ERM? Linking enterprise risk management and the insurance underwriting process is one approach to produce a tangible result. Because the vast majority of commercial insurance renewals are Jan. 1, CROs and risk managers should consider initiating a discussion with some of their insurers to determine the potential credits for having a functioning ERM program.

Brokers typically represent the vast majority of larger middle-market and Fortune 1000 publicly traded accounts. Brokers start to work with their larger accounts months before renewal dates and assemble a submission package for insurance underwriters. The inclusion of a timely and relevant ERM report to the underwriting submission that demonstrates the changes to the risk profile of the company should make a stronger case for favorable rate considerations for their clients. The general headings that we recommend for discussion within the underwriting submission include:

• Risk organization and governance

• Risk appetite, tolerance and limits

• Risk metrics and measurement

• Risk management process, procedures and controls

• Risk monitoring, reporting and communication

These are the same general areas that insurers themselves are being asked to discuss with their own regulators as part of the new Own Risk and Solvency Assessment (ORSA) soon to be issued by the National Association of Insurance Commissioners. If the broker or insurer does not think that having a functioning ERM program does not merit a price reduction – especially for directors & officers liability insurance – investigate further and dig deeper. Early in the renewal process is a good time for the risk manager, CRO, or CFO to meet directly with underwriters to discuss their ERM from two different perspectives: the amount of rate reduction, or the steps that could be taken to improve the risk profile enough to warrant a premium reduction.

Executive management of a company that adopted and implemented an ERM program five years ago should be considering the return on the investment that the company has made over the years. It will be up to the CFO and risk manager to demonstrate how the ERM process has been used to either change or improve the company’s risk profile from what it had been. We suggest a close working collaboration between the company and their insurance broker to craft an underwriting submission that details the benefits of the ERM program.

The collaboration would also be enhanced by including a company representative such as the CFO on the team, to represent the company in front of underwriters that may be encountering this negotiating tactic for the first time. Since the majority of corporate insurance renewals take place on Jan. 1, initiating a conversation in the summer with the insurance broker(s) involved would not be a bad idea. One caveat however, ERM in one company is not ERM in another. Completing a risk identification and assessment does not an ERM program make.

P&C Rates Remain Flat

Posted on by

The property and casualty insurance market remained flat through the first four months of this year, with many large P&C insurers holding a steady line, as rates, for the most part, have remained unchanged, according to MarketScout.

“We are in the insurance doldrums. There really isn’t even a breeze of significant movement anywhere,” Richard Kerr, CEO of MarketScout said in a statement. “The absence of rate movement could be yet another signal that insurers simply are not going to participate in a price-slashing war as was done in previous market cycles. Low interest rates and better underwriting tools are making insurers cautious.”

By coverage classification, only one line—business interruption—was down from last month at minus 1% versus flat, or zero increase. Workers compensation, directors and officers and EPLI were up from flat to plus 1%, according to the report.

Industry classes balanced out rate movement with contracting adjusting from plus 1% to flat, habitational from plus 1% to plus 2%, and public entity up from flat to plus 1%.

Measured by account size, small accounts (up to $25,000 premium) were up from plus 1% to plus 2%. Large accounts were down from flat to minus 1%. Rates for all other account sizes remained unchanged.

The National Alliance for Insurance Education and Research conducted pricing surveys used in MarketScout’s analysis of market conditions.

Following is a summary of June 2015 rates by coverage, account size  and industry class: