On Cybersecurity Insurance

Schneier on Security

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Cyber insurance appears to be a weak form of governance at present. However, the cost of external response services is covered, which suggests insurers believe ex-post responses to be more effective than ex-ante mitigation.

Major Israeli Insurance Company Hacked

Adam Levin

The personal information of thousands of Israeli citizens has been compromised as the result of a cyberattack on Shirbit, a leading insurance company. . The post Major Israeli Insurance Company Hacked appeared first on Adam Levin.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Krebs on Security

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S. government reported Thursday that nearly three million people filed unemployment claims last week, bringing the total over the last two months to more than 36 million.

Cyber insurance: A guide for businesses

IT Governance

That’s why they organisations increasingly relying on cyber insurance policies to cover the costs when data breaches and cyber attacks occur. But just how helpful is cyber insurance? What is cyber insurance? How does cyber insurance work? Who needs cyber insurance?

Cybersecurity Insurance Not Paying for NotPetya Losses

Schneier on Security

This will complicate things: To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. and other governments labeled the NotPetya attack as an action by the Russian military their claim was excluded under the "hostile or warlike action in time of peace or war" exemption. cybersecurity hacking insurance malware ransomware russia war

Ransomware and the Role of Cyber Insurance via Teach Privacy

IG Guru

Professor Daneil Solove interviews Kimberly Horn about Cyber Insurance and Ransomeware here. The post Ransomware and the Role of Cyber Insurance via Teach Privacy appeared first on IG GURU. Business IG News Information Governance information privacy information security Privacy Risk News Security Daniel Solove Insurance Kimberly Horn Ransomware Teach Privacy

17 Cybersecurity Products the Cyber Insurance Industry Says Are Worthwhile via Claims Journal

IG Guru

Insurance broker Marsh has unveiled the inaugural class of cybersecurity products and services receiving a Cyber Catalyst designation that is part of an evaluation program its backers hope will bring greater clarity in the crowded cybersecurity marketplace. Cyber Catalyst by Marsh, launched earlier this year, convened cyber insurers Allianz, AXIS, AXA XL, Beazley, CFC, Munich […].

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies. This means all insurers, agencies, and brokers doing business in Ohio are covered.

Digital Preservation -- High Stakes for Finance and Insurance Companies

AIIM

In a recent AIIM survey, 85% of finance and insurance executives said that digital preservation was “important” or “very important” to their organizations – even higher than the 77% reported in other industries. Despite this declared importance – 62% say that “Archiving and long-term digital preservation is a key part of our enterprise information governance and management strategy” -- the reality in most financial organizations is very different.

Data Governance Tools: What Are They? Are They Optional?

erwin

Data governance tools used to occupy a niche in an organization’s tech stack, but those days are gone. The rise of data-driven business and the complexities that come with it ushered in a soft mandate for data governance and data governance tools. Data governance refers to the strategic and ongoing efforts by an organization to ensure that data is discoverable and its quality is good. Research indicates business leaders recognize the need for data governance tools.

What’s Next for Ransomware in 2021?

Threatpost

Breach Featured Government Hacks Malware Vulnerabilities Web Security Webinars 2020 business plan Cyber Insurance Cybereason data stolent DDoS Digital Shadows double extortion IBM Incident response payouts ransomware trends what's next

What is data governance in healthcare?

Collibra

As a result, data governance in healthcare is non-negotiable. Data governance is about managing data and processes so data can be used as a consistent, secure and organized asset that meets policies and standards. Why is data governance important for a healthcare organization?

How to make sure your cyber insurance policy pays out

IT Governance

Cyber insurance is big business these days. Damages incurred by information security incidents generally aren’t covered in commercial insurance policies, so a specific policy is necessary to help cover the costs of things like forensic investigation, incident response and notification procedures. The most common reasons that insurers reject cyber insurance claims are organisations’ failure to.

Unemployment Insurance Fraud and Identity Theft: Up Close and Personal

Lenny Zeltser

The most likely way in which you’ll learn that you’ve fallen victim to the identity theft-based unemployment insurance scam is by receiving an unsolicited debit card in the mail. People in New York, where I live, use ny.gov for many interactions with the state government. Even once you discover that you’re a victim, it’s unclear what is involved in cleaning up your reputation with the government organization that manages unemployment insurance in your state.

Podcast Episode 117: Insurance Industry Confronts Silent Cyber Risk, Converged Threats

The Security Ledger

In this episode of the podcast (#117), we go deep on one of the hottest sectors around: cyber insurance. In the first segment, we talk with Thomas Harvey of the firm RMS about the problem of “silent cyber” risk to insurers and how better modeling of cyber incidents is helping to address that threat. In this episode of the podcast (#117), we go deep on one of the hottest sectors around: cyber insurance. The insurance was dirt cheap. Are insurers ready?

Governance, Technology, and Capitalism.

John Battelle's Searchblog

Our lives are now driven in large part by data, code, and processing, and by the governance of algorithms. Synonymous with progress, asking not for permission, fearless of breaking things – in particular stupid, worthy-of-being-broken things like government, sclerotic corporations, and fetid social norms – the technology industry reveled for decades as a kind of benighted warrior for societal good. Do they think that means there’s no governance ?

Data governance use cases – 3 ways to implement

Collibra

However, once you have a system of record in place for your data, your organization can implement many valuable data governance use cases more easily. . In this post, we’ll highlight the top three most valuable data governance use cases. Make it a data governance use case.

Rapper Scams $1.2M in COVID-19 Relief, Gloats with ‘EDD’ Video

Threatpost

Government Privacy Web Security arrested BEC big wizza Business Email Compromise CARES Act EDD Fontrell Antonio Baines Fraud Identity theft Nuke Bizzle Pandemic Unemployment insurance Phishing phishing scam PUA scattered canary tax data Tax Fraud

Using Information Governance to Manage the Commingling of Minors’ Claim Files

InfoGoTo

As these and other statutes evolve and legal holds are lifted, insurers need to be prepared to address their legacy records. For P&C insurers, the handling of retention and disposition of minor claims files have historically been challenging due to poor information governance (IG) practices. Insurers’ real-world experiences. One insurer stated that, “digital files and paper files are indexed the same. What insurance companies can do.

Data Governance Tools: What Are They? Are They Optional?

erwin

Data governance tools used to occupy a niche in an organization’s tech stack, but those days are gone. The rise of data-driven business and the complexities that come with it ushered in a soft mandate for data governance and data governance tools. Data governance refers to the strategic and ongoing efforts by an organization to ensure that data is discoverable and its quality is good. Research indicates business leaders recognize the need for data governance tools.

Cyberattack shuts down La Porte County government systems

Security Affairs

Government computer systems at La Porte County, Indiana, were shut down after a cyber attack hit them on July 6. On July 6, a cyber attack brought down government computer systems atLa Porte County, Indiana. At the time of writing, there were only a few details about the attack, according to LaPorte County Commission President Dr. Vidya Kora, county employees were no able to access to any government email or website.

South Carolina’s Insurance Cybersecurity Law Takes Effect in 2019

Adam Levin

South Carolina became the first state to pass a law requiring all insurance entities to create and maintain a cybersecurity and data breach response program. . Among the law’s provisions is a requirement to notify the state government within 72 hours in the event of a breach or cybersecurity event affecting 250 or more people, the protection of policyholder’s personally identifiable information, and an annual statement detailing their breach response plan. .

Cyber Insurance: Addressing Your Risks and Liabilities

Hunton Privacy

After a number of high-profile data breaches, corporate cybersecurity is facing increased scrutiny and attention from consumers, the government and the public. In a webinar, entitled Cyber Insurance: Addressing Your Risks and Liabilities , hosted by Hunton & Williams LLP and CT , Hunton & Williams partners Lon A. Cyber Insurance Cybersecurity Multimedia Resources Security Breach Consumer Protection Lisa Sotto

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

based supplier of identity access management (IAM) systems, which recently announced a partnership with Omada, a Copenhagen-based provider of identity governance administration (IGA) solutions. These vendors drilled down on “governance and attestation,” coming up with advanced ways to enable companies to monitor and report cyber risk profiles to government and industry auditors. Governance and attestation quickly became a very big deal.

Access 143

Governance in Healthcare: Recognizing a Strategic Imperative

Perficient Data & Analytics

The subject of governance often comes up whenever leadership is asked about some of the more critical capabilities that an organization must possess. This is often driven by regulatory and compliance concerns, but as data becomes more essential to business and clinical decisions – as well as the recognition of information, content, and knowledge as an asset – the need for quality, integrity, and timeliness of the information is also driving a recognition of the importance of governance.

Our Data Governance Is Broken. Let’s Reinvent It.

John Battelle's Searchblog

My current work is split between two projects: One has to do with data governance, the other political media. And second… Governance. Government – well for sure, I’d wager that’s increased given who’s been running the country these past two years. But Governance? Data Governance. Because we have slouched our way into an architecture of data governance that is broken, that severely retards economic and cultural innovation, and that harms society as a whole.

MY TAKE: Poorly protected local government networks cast shadow on midterm elections

The Last Watchdog

It’s easy to think of it as a problem the federal government must address or something that enterprises deal with, but cybersecurity has to be addressed closer to home, as well. His company supplies a co-managed SIEM service to mid-sized and large enterprises, including local government agencies. Security of local and state government agencies takes on a higher level of urgency as we get closer to the midterm elections.

Why ‘dirty data’ can derail health insurers' analytics

Information Management Resources

Payer Edition Payers Healthcare analytics Data governance Value-based careJordan Bazinsky of Cotiviti says the need to inherently trust information is essential to gain trustworthy insights.

Insurers plan increased use of agile development

Information Management Resources

Hardware and software Information systems Data governance Enterprise information management Data and information management NovaricaBut carriers still struggle with hiring IT talent, according to new research from Novarica.

SilverTerrier gang uses COVID-19 lures in BEC attacks against healthcare, government organizations

Security Affairs

Nigerian cyber gang SilverTerrier, specialized in BEC attacks, used COVID-19 lures in recent attacks on healthcare and government organizations. Researchers at Palo Alto Networks observed a Nigerian cyber gang, tracked as SilverTerrier and specialized in BEC attacks, using COVID-19 lures in a recent wave of attacks on healthcare and government organizations.

Why Cybersecurity Pros Should Care About Governance

Getting Information Done

Cybersecurity professionals need to understand the information risks their organization faces and how to leverage information governance, along with technology, to get the biggest bang for their buck. As a result, companies are turning to cyber insurance. Certainly, insurers will be happy for the additional business, but they won’t be handing out claim payouts easily. It makes one wonder if these programs or incentives will resemble what health insurance providers are dong.

Regulatory Update: NAIC Fall 2020 National Meeting

Data Matters

The National Association of Insurance Commissioners (NAIC) held its Fall 2020 National Meeting (Fall Meeting) December 3-9, 2020. NAIC Adopts the Group Capital Calculation Template and Instructions and Related Revisions to the Insurance Holding Company Act. Insurance groups will be exempt from filing a GCC if. insurance groups that operate in that jurisdiction. NAIC Continues Efforts to Address Innovation and Technology in the Insurance Sector.

Paper 65

China: Navigating China: Episode 10: Stricter data localisation and security rules for financial and insurance data in China

DLA Piper Privacy Matters

The PFI Guidelines will apply to regulated banks, financial institutions and insurance companies. account information (when and where the account was set up); PFI that is not included in C2 Information and C3 Information; Class 2 (“C2 Information”) – a certain level of impact to data subjects if leaked: account information (such as account number, account user name, securities and insurance account numbers); transaction data (e.g. Carolyn Bigg, Hong Kong.

From the CTO: From Information Governance to Information Asset Management

Everteam

We need to change our thinking from a pure information governance perspective – which today is very much about risk mitigation – to one that is more focused on the value side of the coin and on helping corporate users understand the quality and business value of the corporate information assets they try to use. The post From the CTO: From Information Governance to Information Asset Management appeared first on EVERTEAM.

“An act of war”: Zurich American refuses to pay out on cyber insurance policy following NotPetya attack

IT Governance

US food giant Mondelez is suing insurance company Zurich American for denying a $100 million (£76 million) claim filed after the NotPetya attack. The UK government and the CIA blame the attack on Russian state-sponsored hackers, claiming it was the latest act in an ongoing feud between Russia and Ukraine. In that regard, it was a job well done, with one report estimating that insurers could expect to pay out more than $80 billion (£61 billion) as a result of the attack.

Four Use Cases Proving the Benefits of Metadata-Driven Automation

erwin

As such, traditional – and mostly manual – processes associated with data management and data governance have broken down. The banking, financial services and insurance industry typically deals with higher data velocity and tighter regulations than most. Metadata-Driven Automation in the Insurance Industry. Insurance is another industry that has to cope with high data velocity and stringent data regulations.

Spigraph, Everteam & ImageFast Provide Critical Information Governance Solutions to European Market

Everteam

London (UK), Paris (FR) – April 2, 2019 Spigraph, one of the leading European Value Added distributors in the capture and digital transformation market and part of Everteam Group, a leader in information governance solutions, is pleased to announce the availability of two products from the Everteam Information Governance Suite to their portfolio: everteam.discover and everteam.policy. We have on boarded ImageFast as our reseller for the Everteam Information Governance products.

GDPR’s First 150 Days Impact on the U.S.

Threatpost

Government Privacy Apple CEO Tim Cook GDPR General Data Protection Regulation Health Insurance Portability and Accountability Act HIPAA International Conference of Data Protection and Privacy Commissioners ConferenceWeighing the impact of GDPR and how the historic legislation has shaped privacy protection measures in the U.S., so far.

GDPR 77

Researchers Mixed on Sanctions for Ransomware Negotiators

Threatpost

Financial institutions, cyber-insurance firms, and security firms have all been put on notice by the U.S. Government Malware evil corp fines penalties ransomware ransomware negotiators Sanctions to pay or not pay treasury department

How insurers can comply with Massachussetts cybersecurity regulations

Information Management Resources

Carriers will need someone who owns data at an enterprise level to ensure effective governance. Cyber security Compliance Regtech