NOVEMBER 2014 CYBER & DATA SECURITY RISK SURVEY CONTENT:
|
|
- Joleen Cole
- 8 years ago
- Views:
Transcription
1 NOVEMBER 2014 CYBER & DATA SECURITY RISK SURVEY CONTENT: 2 KEY FINDINGS 3 PREVALENCE OF CYBER LIABILITY INSURANCE POLICIES 4 MOST EMPLOYERS FACE SUBSTANTIAL CYBER RISK 7 KNOWLEDGE AND PERCEPTION MATTER 7 THOSE WITH CYBER LIABILITY POLICIES TAKE PREVENTIVE MEASURES MORE SERIOUSLY
2 CYBER & DATA SECURITY RISK SURVEY REPORT 2014 CYBER & DATA SECURITY RISK SURVEY Marsh & McLennan Agency (MMA) recently completed a survey of 582 companies across the United States, asking about their perceptions of and exposures to cyber risk. The respondents were from small and midsize companies in a variety of industries. While headlines tend to focus on very large, household-name organizations, small and midsize employers can be more vulnerable to cyber-crime and unable to recover given the average cost of more than $200 per compromised record 1. This is the second such survey done by MMA, with a goal of helping small and midsize employers understand how they compare to others in regards to their cyber exposures and overall understanding of their risk. The first study was done in early 2013, was smaller (167 respondents), and was focused largely in Minnesota, with 82% of respondents based in the state. 582 small and midsize employers across the U.S. took part in the survey: Average/Median Revenue = $32.4M/$5M Average/Median Employees = 1648/ Employers with cyber liability insurance in place are more knowledgeable of the coverage, more aware of their own risks, and have greater protective measures in place than those without coverage. KEY FINDINGS Despite numerous major data breaches gaining substantial press in the recent past (Target, Home Depot, Goldman Sachs, etc.), most respondents remain relatively unaware of the cyber and data risks facing their own organizations or consider these risks to be inconsequential. Respondents overall do not consider themselves well-informed of this type of coverage. The prevalence of cyber liability policies among small and midsize employers is increasing, though two-thirds still do not have this kind of protection. Last year, only 16% reported having a cyber liability policy in place compared to 33% this year. While this is good news, employers seem to be at high risk, given the number of risks they face and their levels of preparedness for dealing with the aftermath or preventing a breach. Interestingly, respondents who have in place cyber liability insurance policies not only consider themselves more cognizant of the cyber-risks facing their organization, but also report having better measures in place to proactively reduce their risk of data breach. Not surprisingly, they also have greater exposures than respondents overall. In short, they are more cyber risk-aware than are those without such policies. 1 Ponemon Institute, 2014 Cost of Data Breach Study: United States. 2 Marsh & McLennan Agency
3 NOVEMBER 2014 PREVALENCE OF CYBER LIABILITY INSURANCE POLICIES As mentioned above, 33% of respondents reported having a cyber liability policy in place, which is a substantial increase over last year s survey. This coincides with respondents reporting an average need for coverage of 2.86 on a five-point scale, based on their admitted low level of understanding of the coverage (2.66 out of 5) and over zealous estimation of their own security (3.06 out of 5). This survey shows that employers are, in fact, facing substantial risk, and are arguably underestimating their risk and overestimating their levels of security. DO YOU HAVE CYBER LIABILITY INSURANCE? No (67%) Yes (33%) INDUSTRY DIFFERENCES There are notable industry differences when it comes to having cyber insurance. On the high end of the spectrum, 88% of respondents in the financial services industry have a policy in place while less than 17% of those in construction do so. Not surprisingly, the industries more likely than the 33% overall average likelihood (in this survey) to have a cyber policy include (from most likely to least): Financial Services Health Care Public Administration/Government/Schools Technology Nonprofit Hospitality Those industries less likely than the 33% overall average likelihood to have a cyber policy include (from most likely to least): Retail Other Professional Services Wholesale Trade Manufacturing Percent (%) Financial Services EMPLOYERS WITH CYBER LIABILITY INSURANCE BY INDUSTRY Health Care Public Administration/School Districts Technology Nonprofit Hospitality Other Retail Other Professional Services Wholesale Trade Manufacturing Transportation Construction Real Estate Agriculture Transportation Construction Marsh & McLennan Agency 3
4 CYBER & DATA SECURITY RISK SURVEY REPORT Real Estate Agriculture Retail in the less-likely group is a bit of a surprise because retail is typically considered to be an industry with relatively high cyber liability insurance adoption. It should be remembered, however, that this survey is of small and midsize employers. The retailers in this survey these had a median employee count of. CLAIMS It is interesting to note that 5.2% of those with policies have made a claim, a high number. Those who ve made claims have fewer median employees and lower median revenues than the overall group of respondents, and none reported being unsatisfied with how the insurance performed. CLAIMS BY INDUSTRY are substantially greater (89.9% and 64.7% respectively) than those without policies (average = $28.0 million, median = $4.3 million). Also, their median employee count (350) is more than three and a half times that of those without policies (81). Interestingly, though, the average number of employees is lower for those with policies (1556) than those without (1749). EMPLOYERS WITH CYBER LIABILITY INSURANCE POLICIES BY SIZE Median # EEs Avg. # EEs Median Revenue Avg. Revenue Employers with Cyber $7.0 M $53.2 M Liability Insurance Employers without Cyber $4.3 M $28.0 M Liability Insurance ALL EMPLOYERS 1648 $5.0 M $32.4 M 10% 10% 10% 10% 20% 40% Manufacturing Technology Other Professional Services Transportation Nonprofit Health Care MOST EMPLOYERS FACE SUBSTANTIAL CYBER RISK More than 80% of respondents face five or more cyber risks (as defined in this survey), with more than half exposed to seven or more, and more than a third exposed to eight or more. These numbers are slightly higher than last year s survey. While not meant to be an exhaustive list, the risks included in the survey were: Processing credit card transactions. Those that have made a claim break out by industry as follows: Health Care 40% Nonprofit 20% Transportation 10% Other Professional Services 10% Technology 10% Manufacturing 10% SIZE DIFFERENCES Employers with cyber policies tend to be larger by most measures. Their average ($53.2 million) and median ($7.0 million) revenues Holding past or present employee records. Processing/accessing banking information. Respondents One CYBER RISK EXPOSURES PER EMPLOYER 21 Two 31 Three 43 Four 71 Five 91 Six Seven Number of Risk Exposures 108 Eight 62 Nine 29 Ten 4 Marsh & McLennan Agency
5 NOVEMBER 2014 Having one of more computers connected to the Internet. Having a Web site that collects personal or confidential information from visitors. Holding client or customer information. Holding supplier information. Using the Cloud. Holding information subject to HIPAA. Having employees who use laptops and/or PDAs linked to the employer s network. Many of these are commonplace in today s work environments, and are often considered standard business operations. Each presents risk to an organization, and the more an employer is exposed to, the greater exposure they face. RISK FROM VENDORS & BUSINESS PARTNERS New in this year s survey, employers were asked about their outsourcing practices of business functions that are likely to involve personally identifiable, HIPAA, or other types of information they have and that ought to be protected. They were also asked about any due diligence procedures they follow to ensure their ability to recover damages if one of these service providers suffered a damaging breach. The results are not encouraging. Survey participants were asked whether they outsource the following functions: Credit Card Processing Reservations Insurance Claims Handling/Management Auditing (financial, IT, inventory, etc.) Payroll Billing Employee Benefits Administration IT Accounting or Tax Services Percent of Respondents (%) Percent of Respondents (%) Computer(s) connected to the Internet 58 Accounting or Tax Services 85 Process/access banking information 57 Payroll COMMON CYBER EXPOSURES 75 Hold client or customer information Hold past or present employee records Employees use laptops and/or PDAs linked to our network 91 Hold supplier information Process credit card transactions Hold information subject to HIPAA OUTSOURCED BUSINESS FUNCTIONS 49 Credit Card Processing 46 Auditing (financial, IT, inventory, etc.) Employee Benefits Administration IT 38 Insurance Claims Handling/Management 18 Human Resource Functions Billing Use the Cloud 8 Reservations 26 Web site collects personal or confidential information 2 Other Marsh & McLennan Agency 5
6 CYBER & DATA SECURITY RISK SURVEY REPORT Human Resource Functions Other Outsourcing is a common practice for small and midsize businesses. Payroll and accounting or tax services are each outsourced by more than 57% of respondents. Credit card processing, auditing, benefits administration and IT services are each outsourced by four out of ten respondents. Two-thirds of respondents reported outsourcing three or more of these, and 34.9% report using providers for five or more functions. Unfortunately, nearly four in ten (39.9%) employers do nothing to ensure their ability to be made whole and collect damages if one of their vendors were to lose or have information compromised for which they were responsible. This number doesn t improve much as the prevalence of providers increases 37% of those using five or more providers still do nothing to ensure their protection, a drop of only three percentage points. Additionally, just fewer than 24% ensure all vendors have accurate and adequate insurance in place. On the bright side, employers are more likely to take protective measures as their number of providers increases. Compared to the norm, employers that outsource five or more of the listed business functions are: 25% more likely to analyze the financial strength of ALL providers. 76% more likely to analyze the financial strength of SOME providers. 71% more likely to have attorney-reviewed contracts in place with SOME providers. 67% more likely to require SOME vendors to have adequate and accurate insurance. While these increases are definitely positive, the overall percentages remain relatively low in each category. Percent of Respondents (%) PROVIDER/VENDOR DUE DILIGENCE = all respondents = respondents w/ 5+ outsourced vendors Attorney-reviewed contracts are in place with ALL Attorney-reviewed contracts are in place with SOME 11.8 The financial strength of ALL these providers is analyzed Financial strength of SOME of these providers is analyzed ALL these vendors are required to have proper and adequate insurance in place SOME of these vendors are required to have proper and adequate insurance in place Verbal agreements with ALL these providers Verbal agreements with SOME of these providers We have NOT taken measures to ensure this Other If disaster does strike, 60% of these employers do not have a corporate recovery plan in place. That number dips slightly, to 55%, when looking at just those employers with five or more listed service providers. KNOWLEDGE & PERCEPTION MATTER Cyber risk and cyber security still isn t reliably making it into the executive-level discussions of small and midsize organizations. Nearly one in six (15.3%) never discuss the topic in the c-suite, and an additional 54.1% only discuss it at this level once or twice a year. This leaves less than a third (30.6%) who discuss it quarterly or more often. 25% 5% FREQUENCY OF C-SUITE DISCUSSIONS 15% 54% Often (more than monthly) Regularly (monthly or quarterly) Seldom (semi-annually or annually) Never 6 Marsh & McLennan Agency
7 NOVEMBER 2014 FREQUENCY OF C-LEVEL CYBER DISCUSSIONS Take NO measures to ensure vendors ability to make whole Analyze ALL vendors financial strength Require ALL vendors to have proper insurance Have contracts in place with ALL vendors Have a corporate recovery plan in place Regularly or Often 19.8% 19.8% 39.0% 11.6% 64.5% Seldom or Never 48.5% 4.9% 18.0% 3.9% 29.0% ALL RESPONDENTS 39.9% 9.5% 23.7% 6.4% 40.0% But when executives have this topic on their radar and discuss it regularly or often at the top levels of their organization, there are numerous correlations apparent in the survey. There are stark differences between those who report seldom or never discussing at the executive level their IT security issues and those who discuss it regularly or often. To illustrate, consider: Nearly half (48.5%) of those who report seldom or never discussing these issues at an executive level take no measures to ensure their outsourced business providers ability to make them whole if the business provider loses or compromises data for which they are responsible, compared to less than 20% of those who discuss these issues regularly or often do nothing. Those who discuss these issues regularly or often are two- to four-times as likely to ensure all vendors have proper insurance in place, have attorney-drafted contracts in place with all providers and analyze the financial strength of every business service provider. Those who discuss this regularly or often are more than twice as likely to have a corporate recovery plan in place. Respondents admitting they don t understand cyber liability insurance coverage are less likely to have measures in place to protect themselves. This lack of understanding is the dominant reason for not purchasing the insurance. Nearly half (48.7%) cite it as a reason, and when combined with those who assume incorrectly that the coverage is included in another policy, the number jumps to 60.8%. Examples of how this lack of understanding correlates with other areas include: 56.3% of those who admit not understanding the coverage have taken no measures to ensure their outsourced business partners ability to compensate them in the events of a breach, compared to 39.9% overall. Only 22.6% of these respondents report having a corporate recovery plan in place, compared to 40% overall. And, interestingly yet not surprisingly, these people are also less likely to discuss cyber security at the executive level. Nearly a quarter (23.1%) of them never discuss cyber security issues at all at that level of their organization, compared to 15.3% overall. THOSE WITH CYBER LIABILITY POLICIES TAKE PREVENTIVE MEASURES MORE SERIOUSLY The survey data suggest that once employers commit to investing in cyber liability insurance policies, they are more likely to understand the potential fallout and take measures to minimize the likelihood of a breach. They are also more likely to take measures to help recover from a damaging breach. Employers with cyber liability insurance policies in place are more likely to have initiated efforts to prevent the likelihood of a breach and additional non-insurance efforts to ensure their ability to recover from a harmful cyber breach. Most striking, perhaps, is the fact that more than two-thirds (67.7%) have a corporate recovery plan in place, which is a 69% better than survey respondents overall, and 155% better than those without policies. CORPORATE RECOVERY PLAN IN PLACE 27% No Yes 32% 73% 68% Without cyber liability insurance With cyber liability insurance Marsh & McLennan Agency 7
8 CYBER & DATA SECURITY RISK SURVEY REPORT Take NO measures to ensure vendors ability Analyze ALL vendors to make whole financial strength Require ALL vendors to have proper insurance Have contracts in place with ALL vendors Have a corporate recovery plan in place Respondents with cyber liability insurance Respondents without cyber liability insurance 23.4% 15.6% 35.4% 10.4% 67.7% 48.0% 6.4% 18.0% 4.4% 26.6% ALL RESPONDENTS 39.9% 9.5% 23.7% 6.4% 40.0% Additionally, employers with cyber liability policies are more likely to put efforts into ensuring their business vendors can make them whole in the event of a damaging data breach. For example, employers with cyber liability insurance are: More than twice as likely to evaluate the financial strength of all or some vendors than respondents overall. 144% more likely to evaluate the financial strength of all vendors than those without cyber insurance. 97% more likely to ensure vendors have accurate and adequate insurance in place than respondents without cyber insurance coverage. More than 40% less likely to do nothing to ensure their protection than respondents overall. Less than half as likely to do nothing than those without cyber policies. Being prepared to weather a cyber breach is important to all employers, but small and midsized ones are the most likely to be forced out of business due to the fallout from such an event. Insurance is just the beginning. Reputational damage is perhaps the most simply understood. Existing customers, potential customers, and business partners and vendors will rethink their willingness to do business with an employer that experiences a disastrous breach. Mending those relationships, if even possible, is costly. Keeping and finding new employees can prove to be substantially more difficult and hence, costly as well. As data breaches continue making headlines, the Court of Public Opinion will likely view negatively those employers who leave themselves open to and unprepared to handle these increasinglycommon events. MORE INFORMATION Additional insight into the survey data will be released over the coming months. Sign up to have it ed to you at or request to be added to the list by ing Jeff Mulfinger at mulfingerj@rjfagencies.com. You can get information specific to your organization by contacting your Marsh & McLennan Agency representative or Dan Hanson at hansond@rjfagencies.com or More information is online at 8 Marsh & McLennan Agency
9 NOVEMBER 2014 NOTES Marsh & McLennan Agency 9
10 For further information, please contact your local Marsh & McLennan Agency office or visit DAN HANSON Director, Management Liability Group For informational purposes only. Copyright 2013 Marsh & McLennan Agency LLC. All rights reserved.
Aftermath of a Data Breach Study
Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath
More informationACE European Risk Briefing 2012
#5 ACE European Risk Briefing 2012 IT and cyber risk respondent profiles The research was carried out between 13 April and 3 May 2012. The sample comprised 606 European risk managers, CROs, CFOs, COOs
More informationThird Annual Study: Is Your Company Ready for a Big Data Breach?
Third Annual Study: Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute
More information2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security
2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009
More informationIs Your Company Ready for a Big Data Breach?
Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication
More informationHow To Understand The State Of Business Continuity Preparedness
M ARKET STUDY The State of Business Continuity Preparedness Photo by Sergey Nivens Fotolia.com By STEPHANIE BALAOURAS Forrester Research and the Disaster Recovery Journal have partnered to field a number
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationCYBERSECURITY: Is Your Business Ready?
CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring
More informationMARSH REPORT October 2015. International Business Resilience Survey 2015
MARSH REPORT October 2015 International Business Resilience Survey 2015 CONTENTS October 2015 CONTENTS 3 Introduction 4 Non-traditional risks top concerns, both in terms of likelihood and impact 7 Insurance
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report
More informationWHITE PAPER BREACH, PRIVACY, AND CYBER COVERAGES: FACT AND FICTION CYBER COVERAGES
BREACH, PRIVACY, AND CYBER COVERAGES: FACT AND FICTION IDT911 1 DEFINITIONS 1. Cyber Programs - Focuses on services and systems related to technology and their use in business. Risks addressed include
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report
More informationRogers Insurance Client Presentation
Rogers Insurance Client Presentation Network Security and Privacy Breach Insurance Presented by Matthew Davies Director Professional, Media & Cyber Liability Chubb Insurance Company of Canada mdavies@chubb.com
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationBackup & Disaster Recovery
Backup & Disaster Recovery Backup & Disaster Recovery You already know that a security breach could cost you loss of critical data, your customers, your reputation, and even your business but do you know
More informationImplementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind
Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and
More informationSMALL BUSINESS REPUTATION & THE CYBER RISK
SMALL BUSINESS REPUTATION & THE CYBER RISK Executive summary In the past few years there has been a rapid expansion in the development and adoption of new communications technologies which continue to
More informationresearch report: field service, mobility & the cloud
research report: field service, mobility & the cloud An exclusive Field Service News research report exploring if, how and why field service companies are using the Cloud and mobile in 2015 FIELD SERVICE
More informationManaging Cyber Security as a Business Risk: Cyber Insurance in the Digital Age
Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013
More informationBAE Systems Cyber Security Survey Report
BAE Systems Cyber Security Survey Report Q1 2016 1 Copyright 2016 BAE Systems. All Rights Reserved. Table of Contents Page Number Objectives & Methodology 3 Executive Summary 4 Key Findings 7 Detailed
More informationData Security for Retail Consumers Perceptions, Expectations and Potential Impacts
Research Report Data Security for Retail Consumers Perceptions, Expectations and Potential Impacts Executive Summary Over the past few years, the personal information of millions of credit and debit card
More informationCybersecurity. Are you prepared?
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
More informationINFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT. October 2013. Sponsored by:
2013 INFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT & October 2013 & INFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT: The Third Annual Survey on the Current State of and Trends in Information
More informationAchieving Security in Workplace File Sharing. Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014
Achieving Security in Workplace File Sharing Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction Achieving
More information2014 REPORT ON THE STATE OF DATA BACKUP FOR SMBS
2014 REPORT ON THE STATE OF DATA BACKUP FOR SMBS BUSINESSES RUN ON DATA. To ensure that data is available to keep a business running, every small to medium sized business (SMB) needs to be prepared and
More informationExercising Your Enterprise Cyber Response Crisis Management Capabilities
Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.
More informationConfident? 5 common misconceptions about backup and recovery that put your organisation at risk
Confident? about backup and recovery that put your organisation at risk This paper includes: The backup and recovery performance of 48 UK firms polled. Insight in to repeat failure rates and staffing ratios
More informationWEBSITE SECURITY IN CORPORATE AMERICA Automated Scanning
WEBSITE SECURITY IN CORPORATE AMERICA Survey conducted by IDG Connect on behalf of Symantec IT Managers are Confident, but Corporate America is Running Big Risks We often think of malware as being designed
More informationThe economics of IT risk and reputation
Global Technology Services Research Report Risk Management The economics of IT risk and reputation What business continuity and IT security really mean to your organization Findings from the IBM Global
More information2015 Travelers Business Risk Index. Findings from a survey of U.S. business risk decision makers May 2015
2015 Travelers Business Risk Index Findings from a survey of U.S. business risk decision makers May 2015 Contents executive summary 2 Rising medical and benefit costs 3 Cyber risks 3 Legal liability 4
More informationService Availability Metrics
2014 Service Availability Benchmark Survey Published by Executive Summary This benchmark survey presents service availability metrics that allow IT infrastructure, business continuity, and disaster recovery
More informationNETWORK SECURITY FOR SMALL AND MID-SIZE BUSINESSES
NETWORK SECURITY FOR SMALL AND MID-SIZE BUSINESSES September, 2015 Derek E. Brink, CISSP, Vice President and Research Fellow IT Security and IT GRC Report Highlights p2 p4 p6 p7 SMBs need to adopt a strategy
More informationEmploying Best Practices for Mainframe Tape Encryption
WHITE PAPER: DATA ENCRYPTION BEST PRACTICES FOR MAINFRAME TAPE Employing Best Practices for Mainframe Tape Encryption JUNE 2008 Stefan Kochishan CA MAINFRAME PRODUCT MARKETING John Hill CA MAINFRAME PRODUCT
More informationMEETING THE CHALLENGE OF DATA MANAGEMENT
MEETING THE CHALLENGE OF DATA MANAGEMENT International Research White Paper November 2006 Independent research by Dynamic Markets Commissioned by QAS Foreword Background Meeting the challenge of data management
More informationHit ratios are still very low for Security & Privacy coverage: What are companies waiting for?
Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations
More informationUK 2015 Cyber Risk Survey Report
INSIGHTS UK 2015 Cyber Risk Survey Report June 2015 CONTENTS 1 Introduction 2 Work still to be done in terms of awareness/ ownership of cyber risk 5 Lack of data continues to prevent companies from adequately
More informationCYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY. October 2014. Sponsored by:
CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY October 2014 CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY Global reinsurer PartnerRe collaborated with Advisen to conduct a comprehensive market survey
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationHow To Find Out What People Think About Hipaa Compliance
Healthcare providers attitudes towards HIPAA compliance in 2015 Created July, 27 2015 Healthcare providers attitudes towards HIPAA compliance in 2015 Over the course of this last year the healthcare industry
More informationTHE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED
THE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED THE CYBER SECURITY PLAYBOOK 2 03 Introduction 04 Changing Roles, Changing Threat
More informationAvoiding The Hidden Costs. of the Cloud
Avoiding The Hidden Costs of the Cloud 2013 CONTENTS 4 5 6 7 8 9 10 INTRODUCTION ROGUE CLOUD IMPLEMENTATIONS CLOUD BACK UP AND RECOVERY INEFFICIENT CLOUD STORAGE COMPLIANCE AND ediscovery SSL CERTIFICATE
More informationPlan of Attack 5 Step Plan
Plan of Attack 5 Step Plan Naming those Digital Assets Practicing Digital Doomsday Training + Policies and Procedures Technology Tuning Security in the Supply Chain Next Steps Sample Plan 0 to 30 Days
More informationBusiness protection. Supporting resilient business plans.
Business protection. Supporting resilient business plans. Scottish Widows Business Protection Report September 2013 2 Contents. Introduction 6-7 Part 1. Dependence on key individuals. 8-9 Part 2. Why the
More informationLaw Firm Cyber Security & Compliance Risks
ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014
More informationState of Cloud Survey SOUTH AFRICA FINDINGS
2011 State of Cloud Survey SOUTH AFRICA FINDINGS CONTENTS Executive Summary... 4 Methodology... 6 Finding 1: Cloud security is top goal and top concern.................................. 8 Finding 2: IT
More informationData Recovery Service Providers: The Low Profile, High Impact Risk to Enterprise Security
Data Recovery Service Providers: The Low Profile, High Impact Risk to Enterprise Security Lynda C. Martel Executive Director, Government & Enterprise Business Relations DriveSavers Data Recovery, Inc.
More informationBIG SHIFT TO CLOUD-BASED SECURITY
GUIDE THE BIG SHIFT TO CLOUD-BASED SECURITY How mid-sized and smaller organizations can manage their IT risks and meet regulatory compliance with minimal staff and budget. CONTINUOUS SECURITY TABLE OF
More informationDefining the Gap: The Cybersecurity Governance Study
Defining the Gap: The Cybersecurity Governance Study Sponsored by Fidelis Cybersecurity Independently conducted by Ponemon Institute LLC Publication Date: June 2015 Ponemon Institute Research Report Defining
More informationData Security in Development & Testing
Data Security in Development & Testing Sponsored by Micro Focus Independently conducted by Ponemon Institute LLC Publication Date: July 31, 2009 Ponemon Institute Research Report Data Security in Development
More informationInstructions for Completing the Information Technology Officer s Questionnaire
Instructions for Completing the The (Questionnaire) contains questions covering significant areas of a bank s information technology (IT) function. Your responses to these questions will help determine
More informationWhat SMBs Don t Know Can Hurt Them Perceptions vs. Reality in the New Cyber Threat Landscape
What SMBs Don t Know Can Hurt Them Perceptions vs. Reality in the New Cyber Threat Landscape Contents Introduction 2 Many SMBs Are Unaware Of Threats 3 Many SMBs Are Exposed To Threats 5 Recommendations
More informationAre CAATs keeping you awake at night?
Are CAATs keeping you awake at night? SUMMARY: The importance of using Computer-Assisted Audit Techniques is discussed. A challenge is made regarding the audit profession s traditional methodology. The
More informationIT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS
IT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS Contents Introduction... 2 Key figures... 3 Methodology... 4 Concerns and priorities of IT managers: data comes first...
More informationOUTLOOK: PERSPECTIVES ON TOPICAL RISK AND INSURANCE ISSUES FOR UK CORPORATES
June 2013 MARSH INSIGHTS: OUTLOOK: PERSPECTIVES ON TOPICAL RISK AND INSURANCE ISSUES FOR UK CORPORATES Over recent months we have profiled several developments in relation to insurance claims specifically
More informationThe State Of Business Continuity Preparedness
14 DISASTER RECOVERY JOURNAL WINTER 2012 MARKET STUDY The State Of Business Continuity Preparedness F DISASTER By STEPHANIE BALAOURAS orrester Research and the Disaster Recovery Journal have partnered
More informationCyber Insurance Survey
Cyber Insurance Survey Prepared for ISO November 2014 In the following report, Hanover Research presents the results of an online survey gauging insurance industry interest in cyber security and the prevalence
More informationFinding a Cure for Medical Identity Theft
Finding a Cure for Medical Identity Theft A look at the rise of medical identity theft and what small healthcare organizations are doing to address threats October 2014 www.csid.com TABLE OF CONTENTS SUMMARY
More informationSoftware License Management: 2012 Software License Management Benchmark Survey SOLUTION WHITE PAPER
Software License Management: 2012 Software License Management Benchmark Survey SOLUTION WHITE PAPER TABLE OF CONTENTS EXECUTIVE SUMMARY................................................ 1 WHAT IS SOFTWARE
More informationRISK MITIGATION SERVICES. Take-and-Use Guidelines for Chubb Crime Insurance Customers
RISK MITIGATION SERVICES Take-and-Use Guidelines for Chubb Crime Insurance Customers RISK MITIGATION SERVICES Take-and-Use Guidelines For Chubb Crime Insurance Customers Prepared by Stephen Yesko, ARM
More informationAvoiding The Hidden Costs
Avoiding The Hidden Costs of the Cloud Germany Enterprise Results 2013 CONTENTS 4 5 6 7 8 9 10 INTRODUCTION ROGUE CLOUD IMPLEMENTATIONS CLOUD BACK UP AND RECOVERY INEFFICIENT CLOUD STORAGE COMPLIANCE AND
More informationRemarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014
Remarks by Thomas J. Curry Comptroller of the Currency Before the New England Council Boston, Massachusetts May 16, 2014 It s a pleasure to be with you back home in Boston. I was here just six weeks ago
More informationCorporate Security in 2016.
Corporate Security in 2016. A QA Report Study Highlights According to ThreatMetrix, businesses in the UK are at greater risk of cybercrime than any other country in the world. In a recent survey carried
More information2014 HIMSS Analytics Cloud Survey
2014 HIMSS Analytics Cloud Survey June 2014 2 Introduction Cloud services have been touted as a viable approach to reduce operating expenses for healthcare organizations. Yet, engage in any conversation
More informationCYBER SECURITY: NAVIGATING THE THREAT LANDSCAPE
CYBER SECURITY: NAVIGATING THE THREAT LANDSCAPE WHITE PAPER www.cibecs.com 2 Table of ontents 01 02 03 04 05 EXECUTIVE SUMMARY: CYBER SECURITY MANAGING YOUR ATTACK SURFACE DATA VULNERABILITY 1 THE ENDPOINT
More information2014 State of IT Changes Survey Results
2014 State of IT Changes Survey Results Results In 2014, change is the only constant. Changes to critical IT systems are a daily part of any IT organization s ability to meet the constant barrage of requests
More informationSOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT)
INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT THE FIFTH ANNUAL SURVEY ON THE CURRENT STATE OF AND TRENDS IN INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT Sponsored by October 2015
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationBEST PRACTICE GUIDE TO SMALL BUSINESS PROTECTION: BACKUP YOUR SMALL BUSINESS INFORMATION
BEST PRACTICE GUIDE TO SMALL BUSINESS PROTECTION: BACKUP YOUR SMALL BUSINESS INFORMATION ENTER YOUR BUSINESS depends on electronic customer lists, confidential information and business records. Protecting
More informationImpact of Data Breaches
Research Note Impact of Data Breaches By: Divya Yadav Copyright 2014, ASA Institute for Risk & Innovation Applicable Sectors: IT, Retail Keywords: Hacking, Cyber security, Data breach, Malware Abstract:
More informationWho s next after TalkTalk?
Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many
More informationDo you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape
January 2013 Do you know your privacy risks? How new technologies, changing business models, and emerging regulations are changing the data-protection landscape At a glance Threats to data security both
More informationCYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
More informationPosted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am
1 of 7 5/8/2014 7:34 PM Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am Editor s Note: David A. Katz is a partner at Wachtell, Lipton, Rosen & Katz specializing
More informationAnatomy of a Privacy and Data Breach
Anatomy of a Privacy and Data Breach Understanding the Risk and Managing a Crisis Adam Kardash: Partner, Heenan Blaikie LLP Robert Parisi: Senior Vice President, Marsh Leadership, Knowledge, Solutions
More informationAT&T s Business Continuity Survey: 2008
AT&T s Business Continuity Survey: 8 Introduction For the seventh consecutive year, AT&T has completed a survey of 5 Information Technology (IT) executives around the US. The goal was to learn what these
More informationDefining Data Security in 2015 and Beyond
Defining Data Security in 2015 and Beyond What you need to know about physical and virtual data security in a complex business environment Colocation Managed Cloud & Hosting Services Business Continuity
More informationTHE MATH OF FRAUD PREVENTION PESENTATION TO COMPANIES/CO-OPERATIVES ON A FRAUD PREVENTION STRATEGY
THE MATH OF FRAUD PREVENTION PESENTATION TO COMPANIES/CO-OPERATIVES ON A FRAUD PREVENTION STRATEGY BY DR PHILIP THEUNISSEN COMPUTUS BESTUURSBURO NOVEMBER 2008 - 2 - INTRODUCTION Fraud is by far the most
More informationThe Impact of Cybercrime on Business
The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted
More informationWhitepaper. The Missing Piece of Absence Management Turning Data into Dollars
Whitepaper The Missing Piece of Absence Management Turning Data into Dollars EXECUTIVE SUMMARY Liberty Mutual conducted a survey of more than 300 employers to better understand how employers address absence
More informationExposing the hidden cost of Payroll and HR Administration A total cost of ownership study
www.pwc.com/ca Exposing the hidden cost of Payroll and HR Administration A total cost of ownership study A PwC/ADP study March 2012 Executive overview Do you know how much your organization is really
More informationRemarks by. Thomas J. Curry. Comptroller of the Currency. Before the. Chicago. November 7, 2014
Remarks by Thomas J. Curry Comptroller of the Currency Before the 10 th Annual Community Bankers Symposium Chicago November 7, 2014 Good morning, it s a pleasure to be here today and to have this opportunity
More informationwww.bonddickinson.com Cyber Risks October 2014 2
www.bonddickinson.com Cyber Risks October 2014 2 Why this emerging sector matters Justin Tivey Legal Director T: +44(0)845 415 8128 E: justin.tivey The government estimates that the current cost of cyber-crime
More informationAcronis Digital Assets Research Findings: Unveiling Backup & Recovery Practices across Europe
Acronis Digital Assets Research Findings: Unveiling Backup & Recovery Practices across Europe March 2010 Contents - Executive Summary: Count the cost of a lost day - Methodology - Research Finding 1: Companies
More informationExamining the Dangers of Complexity in Network Security Environments AlgoSec Survey Insights
Examining the Dangers of Complexity in Network Security Environments AlgoSec Survey Insights Copyright 2012, AlgoSec Inc. All rights reserved Executive Summary An online survey of 127 IT security professionals,
More informationMeeting the Information Security Management Challenge in the Cyber-Age
Meeting the Information Security Management Challenge in the Cyber-Age November 2015 David Lam, CISSP, CPP Vice-President Citadel Information Group Copyright 2015. Citadel Information Group. All Rights
More informationWhite Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management
White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.
More informationWhite Paper September 2013 By Peer1 and CompliancePoint www.peer1.com. PCI DSS Compliance Clarity Out of Complexity
White Paper September 2013 By Peer1 and CompliancePoint www.peer1.com PCI DSS Compliance Clarity Out of Complexity Table of Contents Introduction 1 Businesses are losing customer data 1 Customers are learning
More informationSecurity Metrics to Manage Change: Which Matter, Which Can Be Measured?
Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Sponsored by FireMon Independently conducted by Ponemon Institute LLC Publication Date: April 2014 2 Security Metrics to Manage Change:
More informationCFO Changing the CFO Mindset on Cybersecurity
CFO Changing the CFO Mindset on Cybersecurity What CFOs don t know can hurt their bottom line Despite increasing cybersecurity involvement, too many CFOs still lack the cyber-savvy necessary to get ahead
More informationThe Unintentional Insider Risk in United States and German Organizations
The Unintentional Insider Risk in United States and German Organizations Sponsored by Raytheon Websense Independently conducted by Ponemon Institute LLC Publication Date: July 2015 2 Part 1. Introduction
More informationCherwell Software Software Audit Industry Report
Cherwell Software Software Audit Industry Report Cherwell Software has released the findings of its 2013 industry report that benchmarks software audit activity, trends, experiences, and perceptions among
More informationOECD PROJECT ON CYBER RISK INSURANCE
OECD PROJECT ON CYBER RISK INSURANCE Introduction 1. Cyber risks pose a real threat to society and the economy, the recognition of which has been given increasingly wide media coverage in recent years.
More informationThe State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015
The State of Data Security Intelligence Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report The State of Data Security
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationReputation Impact of a Data Breach U.S. Study of Executives & Managers
Reputation Impact of a Data Breach U.S. Study of Executives & Managers Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon
More informationSocial Media s Role in Crisis Management: A Call for Greater Legal Vigilance
Social Media s Role in Crisis Management: A Call for Greater Legal Vigilance INTRODUCTION From a viral video purporting to show poor treatment of banking customers, to a UK retailer s rogue employee live-tweeting
More information74% 2014 SIEM Efficiency Survey Report. Hunting out IT changes with SIEM
2014 SIEM Efficiency Survey Report Hunting out IT changes with SIEM 74% OF USERS ADMITTED THAT DEPLOYING A SIEM SOLUTION DIDN T PREVENT SECURITY BREACHES FROM HAPPENING Contents Introduction 4 Survey Highlights
More informationReducing Risk. Raising Expectations. CyberRisk and Professional Liability
Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today
More information