The release of the NetDiligence® 2015 Cyber Claims Study, the only one of its kind, reveals the most current data on cyber security events and their true costs. NetDiligence President Mark Greisiger shares the latest findings, including the top areas of concern for both insurers and the C-Suite.
A Q&A with J.T. Malatesta of Maynard Cooper & Gale
Medical Informatics Engineering and subsidiary NoMoreClipboard revealed a breach last month affecting up to 3.9 million Americans which has now resulted in a series of class action lawsuits on behalf of victims. The incident is causing headaches for risk managers in the healthcare sector, including their cyber liability insurers. This event underscores how a catastrophic breach for one dominant service provider (in this case, Medical Informatics Engineering, the software company that provides the NoMoreClipboard service) can create a domino effect that impacts multiple organizations. Many insurers are also rightfully concerned about aggregated risk, since they could have multiple insureds and claims stemming from a single event such as this one. I spoke with J.T. Malatesta, chair of the cybersecurity practice of Maynard Cooper & Gale, about the implications of this event and how organizations can better prepare for vendor breaches.
A Q&A with Ben Barnow of Barnow Associates PC
The decision in the recent Neiman Marcus case was a game changer for the swiftly evolving legal climate around data breach events. By establishing the theory of “likely future fraud or injury” the court recognized that plaintiffs no longer have to prove the “impending certainty” of potential injury (as was previously established by the 2013 decision in Clapper v. Amnesty International). To find out more about its impact we talked to Ben Barnow of Barnow Associates PC.
A Q&A with Darren Guccione, Keeper Security
All too often data breaches arise from insufficient employee passwords—yet improving password security is an easy fix for most organizations to make. Darren Guccione, CEO and cofounder of Keeper Security, which offers password management software as a service, says that companies should be using the technology at their disposal to guard against cyber risk.
A Q&A with Joseph Loomis of CyberSponse
The fact is, most companies that have suffered a breach failed to detect the intrusion as it was occurring, and only made aware after the damage was done. A Intrusion Detection System (IDS) with organized and correlated data can be an invaluable solution for incident response—but only if the system is installed and managed correctly. I spoke with Joseph Loomis of CyberSponse about some of the issues around IDS and how companies can use them more effectively.
Q&A with Alex Cameron
In Canada, litigation and regulatory activity regarding privacy and data breaches have increased dramatically. I spoke with Alex Cameron of Fasken Martineau, a leading attorney in this area in Canada, about the factors contributing to the increasing risk and potential liability for organizations doing business in Canada. With the recent landmark changes to Canadian privacy law, discussed here, including mandatory breach notification, record keeping for all breaches, and fines, the trends identified below are sure to continue.
A Q&A with Michael Bruemmer of Experian Data Breach Resolution
The deadline for merchants transitioning to the EMV payment system looms: Organizations are expected to adopt the technology by October. I spoke to Michael Bruemmer of Experian Data Breach Resolution about a recently released Ponemon Institute study documenting industry attitudes toward this shift.
A Q&A with Zeb Ahmed of iland
While most companies seem to understand that preparation is necessary for worst case scenarios, there’s often confusion about what backup services can and can’t do, says Zeb Ahmed of iland. I asked Zeb about the differences between backup and disaster recovery and how organizations can determine which service they might need.
A Q&A with Benjamin Stone of the FBI
It’s becoming an increasingly common story: Cyber perpetrators lock systems down with malware and then demand payment to release them. I asked Benjamin Stone, Supervisory Special Agent of the FBI’s Cyber Criminal Squad in Philadelphia, about ransomware and current conditions for cyber criminal activity.
A Q&A with Joe Weiss of Applied Control Solutions
The security of industrial control systems is increasingly vulnerable to cyber-attack and the stakes for failure are extremely high, yet there’s little public understanding and media coverage about these very real risks. I talked to Joe Weiss of Applied Control Solutions about why industrial control systems should be the most important frontier in cyber security and what organizations can do to protect against this growing threat.