Insurance and Ransomware

Schneier on Security

Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping. Although it is a societal problem, cyber insurers have received considerable criticism for facilitating ransom payments to cybercriminals.

Cyber Insurers Pull Back Amid Increase in Cyber Attacks, Costs

eSecurity Planet

The explosion of ransomware and similar cyber incidents along with rising associated costs is convincing a growing number of insurance companies to raise the premiums on their cyber insurance policies or reduce coverage, moves that could further squeeze organizations under siege from hackers.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

U.S. Secret Service: “Massive Fraud” Against State Unemployment Insurance Programs

Krebs on Security

A well-organized Nigerian crime ring is exploiting the COVID-19 crisis by committing large-scale fraud against multiple state unemployment insurance programs, with potential losses in the hundreds of millions of dollars, according to a new alert issued by the U.S.

Major Israeli Insurance Company Hacked

Adam Levin

The personal information of thousands of Israeli citizens has been compromised as the result of a cyberattack on Shirbit, a leading insurance company. . The post Major Israeli Insurance Company Hacked appeared first on Adam Levin.

Cyber insurance: A guide for businesses

IT Governance

Cyber threats are so numerous that it’s impossible to prevent security incidents altogether. That’s why they organisations increasingly relying on cyber insurance policies to cover the costs when data breaches and cyber attacks occur. But just how helpful is cyber insurance?

Delivering business value for insurance companies

Collibra

Recapping a discussion moderated by Stijn Christiaens and featuring insurance data experts from Deloitte UK . Insurance is a data-intensive business. Insurance companies need data to better assess risks and price policies competitively, but also profitably.

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. Issuance of the Framework is notable as it represents the first official guidance by a U.S. Lacewell stated that cybersecurity is the biggest risk for government and private organizations and described how the Framework is based on “extensive dialogue with industry and experts.”. Rigorously Measure Insured Risk.

17 Cybersecurity Products the Cyber Insurance Industry Says Are Worthwhile via Claims Journal

IG Guru

Insurance broker Marsh has unveiled the inaugural class of cybersecurity products and services receiving a Cyber Catalyst designation that is part of an evaluation program its backers hope will bring greater clarity in the crowded cybersecurity marketplace. Cyber Catalyst by Marsh, launched earlier this year, convened cyber insurers Allianz, AXIS, AXA XL, Beazley, CFC, Munich […].

New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process

Hunton Privacy

As reported on the Hunton Insurance Recovery blog , on February 4, 2021, the New York Department of Financial Services (“NYDFS”), which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. 2 (2021) regarding “Cyber Insurance Risk Framework” (the “Guidelines”), calling on insurers to take more stringent measures in underwriting cyber risks. sought coverage for expenses under its property insurance policy.

Data Governance Tools: What Are They? Are They Optional?

erwin

Data governance tools used to occupy a niche in an organization’s tech stack, but those days are gone. The rise of data-driven business and the complexities that come with it ushered in a soft mandate for data governance and data governance tools. Data governance refers to the strategic and ongoing efforts by an organization to ensure that data is discoverable and its quality is good. It is also used to make data more easily understood and secure.

Ohio Adopts National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law

Data Matters

On December 19, 2018, Ohio adopted the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. By doing so, Ohio joins South Carolina as the second state to have adopted the Model Law and the fourth state – along with Connecticut and New York – to have enacted cybersecurity regulations for insurance companies. This means all insurers, agencies, and brokers doing business in Ohio are covered.

Our Data Governance Is Broken. Let’s Reinvent It.

John Battelle's Searchblog

When it comes to many of the things I am going to talk about here, I am not an expert. If I am expert at anything at all, it’s asking questions of technology, and of the media and marketing platforms created by technology. Wired was kind of a first album, as it were, and it focused on the story broadly told. It’s Broke. Let’s Fix It. And it is that impact that has led me to the work I am doing now, here in New York. Only it’s just … more urgent.

Unemployment Insurance Fraud and Identity Theft: Up Close and Personal

Lenny Zeltser

The most likely way in which you’ll learn that you’ve fallen victim to the identity theft-based unemployment insurance scam is by receiving an unsolicited debit card in the mail. People in New York, where I live, use ny.gov for many interactions with the state government.

The benefits of a flexible operating model in data governance

Collibra

Data governance is the essential foundation for organizations looking to create business value from data. It creates the structure that enables collaboration on and analysis of trusted data. Setting up effective data governance, however, can be quite challenging. Who governs it?

Top 6 Best Practices for Data Governance

Collibra

Data governance is a very intricate field, so implementing and sustaining data governance comes with a suite of challenges. Luckily, thousands, if not millions, of organizations use data governance to improve their operations, so you can learn from others’ mistakes and successes.

Digital Preservation -- High Stakes for Finance and Insurance Companies

AIIM

It is time to think about Digital Preservation differently — as a dedicated capability that keeps long-term information alive and usable and trusted and easily found. In a recent AIIM survey, 85% of finance and insurance executives said that digital preservation was “important” or “very important” to their organizations – even higher than the 77% reported in other industries. Why is it particularly important in finance and insurance?

Experts: Breach at IT Outsourcing Giant Wipro

Krebs on Security

Indian information technology (IT) outsourcing and consulting giant Wipro Ltd. [ NYSE:WIT ] is investigating reports that its own IT systems have been hacked and are being used to launch attacks against some of the company’s customers, multiple sources tell KrebsOnSecurity. 12, Nair sent a statement that acknowledged none of the questions Wipro was asked about an alleged security incident involving attacks against its own customers.

IT 181

Podcast Episode 117: Insurance Industry Confronts Silent Cyber Risk, Converged Threats

The Security Ledger

In this episode of the podcast (#117), we go deep on one of the hottest sectors around: cyber insurance. In the first segment, we talk with Thomas Harvey of the firm RMS about the problem of “silent cyber” risk to insurers and how better modeling of cyber incidents is helping to address that threat. In this episode of the podcast (#117), we go deep on one of the hottest sectors around: cyber insurance. The insurance was dirt cheap. Are insurers ready?

Governance, Technology, and Capitalism.

John Battelle's Searchblog

Or, Will Nature Just Shrug Its Shoulders? Technology forces us to recalculate what it means to be human – what is essentially us , and whether technology represents us, or some emerging otherness which alienates or even terrifies us. Our lives are now driven in large part by data, code, and processing, and by the governance of algorithms. Now, maybe it’s time. Do they think that means there’s no governance ? We call these systems government.

How to make sure your cyber insurance policy pays out

IT Governance

Cyber insurance is big business these days. Damages incurred by information security incidents generally aren’t covered in commercial insurance policies, so a specific policy is necessary to help cover the costs of things like forensic investigation, incident response and notification procedures. The most common reasons that insurers reject cyber insurance claims are organisations’ failure to.

What is data governance in healthcare?

Collibra

The data that healthcare organizations hold is incredibly valuable – it’s perhaps the most valuable asset they have. As a result, data governance in healthcare is non-negotiable. Why is data governance important for a healthcare organization? Who creates it? Who uses it?

Using Information Governance to Manage the Commingling of Minors’ Claim Files

InfoGoTo

As these and other statutes evolve and legal holds are lifted, insurers need to be prepared to address their legacy records. For P&C insurers, the handling of retention and disposition of minor claims files have historically been challenging due to poor information governance (IG) practices. As you work towards creating an IG process around these files, it’s important you ask yourself the following questions: What do you consider to be the age of majority?

Data Governance Tools: What Are They? Are They Optional?

erwin

Data governance tools used to occupy a niche in an organization’s tech stack, but those days are gone. The rise of data-driven business and the complexities that come with it ushered in a soft mandate for data governance and data governance tools. Data governance refers to the strategic and ongoing efforts by an organization to ensure that data is discoverable and its quality is good. It is also used to make data more easily understood and secure.

SilverTerrier gang uses COVID-19 lures in BEC attacks against healthcare, government organizations

Security Affairs

Nigerian cyber gang SilverTerrier, specialized in BEC attacks, used COVID-19 lures in recent attacks on healthcare and government organizations. SilverTerrier has been active since at least 2014, it is a collective of over hundreds of individual threat actors.

Cyberattack shuts down La Porte County government systems

Security Affairs

Government computer systems at La Porte County, Indiana, were shut down after a cyber attack hit them on July 6. Experts believe it was a ransomware attack. On July 6, a cyber attack brought down government computer systems atLa Porte County, Indiana. At the time of writing, there were only a few details about the attack, according to LaPorte County Commission President Dr. Vidya Kora, county employees were no able to access to any government email or website.

Data Intelligence and Its Role in Combating Covid-19

erwin

Shirley Ann Jackson, president of RPI, states that “because this is a global pandemic, there is a huge amount of epidemiological data that has to be folded in to understand the disease globally, to be able to understand populations and how it can effect populations differently.”.

Zurich refuses to pay Mondelez for NotPetya damages because it’s ‘an act of war’

Security Affairs

Zurich American Insurance Company is refusing to refund its client because consider the attack as “an act of war” that is not covered by its policy. The US food giant Mondelez is suing Zurich for $100 Million after the insurance company rejected its claim to restore normal operations following the massive NotPetya ransomware attack. The company declared that its shipping and invoicing was disrupted during the last four days of Q2.

Data governance use cases – 3 ways to implement

Collibra

Establishing data as a strategic asset is not easy and it depends on a lot of collaboration across an organization. However, once you have a system of record in place for your data, your organization can implement many valuable data governance use cases more easily. .

List of Data Breaches and Cyber Attacks in March 2021 – 21 Million Records Breached

IT Governance

Don’t be fooled by the fact that we only recorded 20,995,371 breached records in March; it was one of the leakiest months we’ve ever seen, with 151 recorded incidents.

South Carolina’s Insurance Cybersecurity Law Takes Effect in 2019

Adam Levin

South Carolina became the first state to pass a law requiring all insurance entities to create and maintain a cybersecurity and data breach response program. . Among the law’s provisions is a requirement to notify the state government within 72 hours in the event of a breach or cybersecurity event affecting 250 or more people, the protection of policyholder’s personally identifiable information, and an annual statement detailing their breach response plan. .

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

Governance, risk, and compliance (GRC) software helps businesses manage all of the necessary documentation and processes for ensuring maximum productivity and preparedness. Third-party governance. Additionally, Forrester named it a Contender in its Q1 2020 GRC Wave.

Insurers plan increased use of agile development

Information Management Resources

But carriers still struggle with hiring IT talent, according to new research from Novarica. Hardware and software Information systems Data governance Enterprise information management Data and information management Novarica

China: Navigating China: Episode 10: Stricter data localisation and security rules for financial and insurance data in China

DLA Piper Privacy Matters

The PFI Guidelines will apply to regulated banks, financial institutions and insurance companies. It includes (personal and non-personal) information which is collected, processed, generated and secured through the provision of financial products or services within China.

MY TAKE: Poorly protected local government networks cast shadow on midterm elections

The Last Watchdog

In March 2018, the city of Atlanta fell victim to a ransomware attack that shut down its computer network. It’s easy to think of it as a problem the federal government must address or something that enterprises deal with, but cybersecurity has to be addressed closer to home, as well. His company supplies a co-managed SIEM service to mid-sized and large enterprises, including local government agencies. It’s an authority that states don’t have.

Why Cybersecurity Pros Should Care About Governance

Getting Information Done

We’ve all heard for years that information technology (IT) and cybersecurity require people, process, and technology; however, over the years, “people” and “process” have not received the same attention as “technology.” Cybersecurity in many organizations has been regarded as a technical problem, handled by technical people and buried in IT. As a result, companies are turning to cyber insurance. Will this be the cyber insurance equivalent to Fitbit?

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

The Last Watchdog

It’s not for lack of trying. based supplier of identity access management (IAM) systems, which recently announced a partnership with Omada, a Copenhagen-based provider of identity governance administration (IGA) solutions. It wasn’t too long before the single sign-on suppliers and the provisioning vendors began to merge; most of the leaders were acquired by tech giants like Oracle, IBM, Cisco, CA Enterprises and Sun Microsystems. It’s one more step in the right direction.

Access 102

Four Use Cases Proving the Benefits of Metadata-Driven Automation

erwin

The volume and variety of data has snowballed, and so has its velocity. As such, traditional – and mostly manual – processes associated with data management and data governance have broken down. So it’s safe to say that organizations can’t reap the rewards of their data without automation. The banking, financial services and insurance industry typically deals with higher data velocity and tighter regulations than most.

“An act of war”: Zurich American refuses to pay out on cyber insurance policy following NotPetya attack

IT Governance

US food giant Mondelez is suing insurance company Zurich American for denying a $100 million (£76 million) claim filed after the NotPetya attack. The confectioner, which owns Cadbury and Oreo, says it lost 1,700 servers and 24,000 laptops as the ransomware swept through its systems. The UK government and the CIA blame the attack on Russian state-sponsored hackers, claiming it was the latest act in an ongoing feud between Russia and Ukraine.

When it rains, it pours

InfoGovNuggets

Certainly a bank accused of similar conduct with respect to accounts, credit cards, mortgage loans, and auto insurance wouldn’t do anything so dastardly. Board Compliance Compliance (General) Controls Corporation Culture Directors Duty Employees Governance Internal controls Oversight PolicyWells Fargo, much in the news of late, make Page One, again. “Wells Fargo Faces 401(k) Probe,” The Wall Street Journal , April 27, 2018 A1.

Governance in Healthcare: Recognizing a Strategic Imperative

Perficient

The subject of governance often comes up whenever leadership is asked about some of the more critical capabilities that an organization must possess. This is often driven by regulatory and compliance concerns, but as data becomes more essential to business and clinical decisions – as well as the recognition of information, content, and knowledge as an asset – the need for quality, integrity, and timeliness of the information is also driving a recognition of the importance of governance.

MDM 21