Exploring the Latest Cyber Risk Trends in EMEA
|
|
- Frederick Lindsey
- 7 years ago
- Views:
Transcription
1 Aon Risk Solutions Aon Centre for Innovation and Analytics Exploring the Latest Cyber Risk Trends in EMEA Aon Cyber Risk Diagnostic Tool, September 2014 Risk. Reinsurance. Human Resources.
2 Table of Contents Introduction...3 The Aon Cyber Diagnostic Tool...4 EMEA - Varied Levels of Technical Protection...5 Increased Risk Factors...6 Boardroom Attitude Towards Cyber Risk Blurring the Digital Perimeters...7 Use of Third Parties... 7 Bring Your Own Device ( BYOD ) Data Breach in the Past 12 Months...8 Dealing with Loss of Systems...9 Aon s Cyber Clarity Process...10 Aon s Cyber Insurance Solution...11 Benchmarking Your Cyber Risk Exposures Key Contacts...14
3 Introduction No industry sectors are entirely immune from a cyber-attack. The digital interconnectivity of business operations, suppliers and customers means that any organisation is vulnerable to potentially catastrophic electronic data theft or sabotage. This inter-reliance between organisations, and the growing prevalence of cloud computing, social media, corporate bring your own device policies, big data and state-sponsored espionage have catapulted cyber risk into one of the top concerns of business leaders today. It is possible companies may not have the correct focus when it comes to tackling this emerging threat. They may be focused exclusively on protection, on encryption and firewalls for example, when they should be considering potential responses for when the systems are breached. An example of this type of behaviour could be the danger in relying solely on IT Departments to set the strategy for management on Cyber Risks. It is becoming increasingly apparent that guidance on these matters must come from the top down, and management must involve multiple stakeholders. Aon s goal is to help clients succeed in and understand emerging risks, requirements and insurance implications, and to use risk understanding to drive better business decisions. It is our hope that this report helps you in Cyber risk identification and management. As the leading global provider of risk management services, insurance and reinsurance brokerage, and human capital consulting, Aon is proud to provide our clients with the most innovative solutions and the most informative risk insights and data available. Aon s unmatched global network and extensive client base allows us to develop the industry s most comprehensive data, reports and analysis. At Aon we can benchmark your cyber exposures and help you build a cyber-risk management and mitigation plan giving you clarity and cover for your business. By analysing the data gathered from Aon s Cyber Diagnostic Tool, this report highlights industries and scenarios which are particularly vulnerable to a loss of a large magnitude due to a cyber risk event across EMEA. In an effort to demonstrate how cyber risk can affect a myriad of industries, Aon s data combines the responses of companies in a large range of industries, everything from manufacturing to utilities. We will also examine the importance of achieving Cyber Clarity for your business and outline some examples of how this can be done, highlighting the benefits of quantification. Best regards, Sarah Stephens Head of Cyber & Commercial E&O - EMEA Aon Risk Solutions sarah.stephens@aon.com Constantin Beier CEO Aon Centre for Innovation & Analytics Aon Risk Solutions constantin.beier@aon.ie Aon Risk Solutions 3
4 The Aon Cyber Diagnostic Tool The Aon Cyber Diagnostic Tool aims to help risk managers better identify and understand their exposure to cyber risk. The tool uses a series of multiple choice questions to assess how employees use technology, the current controls in place and management s attitude to cyber risk. The tool then provides meaningful insight into the most important cyber risk topics and includes practical guidance on related governance frameworks that should be in place, as part of an effective cyber risk management strategy. Respondents by industry 18% 7% 12% Education Financial Services Healthcare 3% 9% 7% 3% 13% Hospitality (Travel, Hotel, Airlines) Industrial/Manufacturing/Construction Legal and Professional Services Online sector and/or Communications and Technology Others Public Services 21% 4% 3% Retail Utilities Total risk score by country Based on the overall responses to questions regarding the key internal and external factors that affect cyber risks, EMEA based companies report a high level of overall risk consistent with the Global average. As noted below, countries such as the,, and the score particularly highly There are numerous underlying factors which relate to this score. 4 Exploring the Latest Cyber Risk Trends in EMEA
5 EMEA - Varied Levels of Technical Protection Is there consistent encryption of sensitive/critical data stored on your company laptops? 19.4% 18.2% 26.6% 39.5% 37.9% 36.7% 33.3% 32.7% 57.3% 61.1% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% The encryption of a company s mobile media is a fundamental step in creating an information security system. We found that certain countries across EMEA have consistent encryption of sensitive/critical data stored on company laptops. Four countries across EMEA score above the global average, demonstrating an awareness of the importance of encryption. However, even within the highest rated country, almost four in ten companies are not adequately protecting the digital information they hold. Is there a formal process to manage and configure the critical application systems as well as the company s firewall, antivirus/antimalware software? 90.9% 86.8% 85.0% 83.3% 82.8% 81.4% 78.8% 77.8% 74.2% 73.4% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% 100.0% Traditionally, anti-virus protection has been one of the primary tools used to minimize the likelihood of breach networks and devices from malicious attacks. Respondents were asked whether their organization has a formal process in place to closely monitor the usage of antivirus/antimalware software. The survey found that across a number of the EMEA countries standards are relatively high. However, some countries clearly view the matter as more serious than others. For instance, sits below the on this matter. Aon Risk Solutions 5
6 Increased Risk Factors Boardroom Attitude Towards Cyber Risk Recent data breaches at major corporations highlight the increasing sophistication and persistence of cyber-attacks. The challenge of protecting information systems and key data assets such as financial and personal information and the financial, reputational and regulatory damage that arise when firms fail to do so have led boards to increase their level of oversight of cyber security. In order to make privacy and security key parts of any data management programme, a coordinated effort is required by a diverse range of stakeholders within an organisation. Increasing the level of boardroom focus on cyber risk helps define the culture of data protection within the organisation. To assess whether boards are actively addressing cyber risk management, respondents were asked about the level of oversight related to cyber risk in terms of regular updates and reports. Regular board updates, security updates and enterprise risk management stakeholder meetings, with constant monitoring of aggregate risk and elevated risk levels 3.2% 22.2% 21.5% 18.6% 18.2% 17.3% 17.0% 26.3% 35.9% 41.7% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% 45.0% The chart above shows that there is a relatively low level of Board involvement across EMEA. Not surprisingly, this is also reflected in the. There will be increasing pressure on an organisation s Board to familiarise themselves with the company mechanisms associated with cyber risk and security. Recent high profile cyber-attacks and subsequent losses have left the positions of high profile executives untenable. An understanding of the severity of the threat has become an absolute requirement, imperative to the future of the business in many cases. 6 Exploring the Latest Cyber Risk Trends in EMEA
7 Blurring the Digital Perimeters Use of Third Parties Do any of your business partners hold personal data on your behalf (eg. payroll processing company, outsourcing administration), or provide IT services? 72.2% 71.0% 69.3% 63.5% 62.2% 60.8% 60.5% 58.6% 54.5% 50.0% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% In recent decades, the use of third party technology has transformed the way in which companies interact with their customers and business partners. In order to facilitate day-to-day activities, processes and systems have been developed to help minimize transaction costs and increase levels of customer service. However, entrusting your data to a third party does not relieve you of your duty of care with respect to protecting the security of that information which is something which companies need to be aware of. The Aon Cyber Diagnostic survey shows that Irish companies have the highest level of usage of Third Party data services within the sample of European countries. The figure shows that over 60% of companies entrust their data to business partners. While the benefits of sharing such information may help improve their products and services through increased efficiency, this increased data footprint may represent a higher level of risk with an increased dependence on a technological infrastructure which may not be fully within their control. Bring Your Own Device (BYOD) A recent key trend in the corporate world has been employee use of personal devices, such as tablets, phones and laptops, to conduct company business. This, while having practical benefits, opens a company up to new exposures. Savings on cost and time are the two frequently cited benefits, but organisations must examine if the risks associated with such a business practise outweigh the benefits. Without ownership of all the devices and systems used for business, the company could find it increasingly difficult to safeguard from potential threats. The survey showed that two-thirds of Irish companies allow their employees to use their own devices to access privileged company information and applications. Aon Risk Solutions 7
8 BYOD in your company 77.4% 74.0% 72.7% 66.7% 66.2% 65.8% 65.4% 64.4% 51.4% 33.3% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% Data Breach in the Past 12 Months The results have found that in some EMEA countries a large percentage of companies had a data breach or a serious technical outage in the past 12 months. Countries such as the,,,, and have the largest number of breaches or technical issues, while the global average indicates that one in three companies report suffering from some type of incident during the period. Have you been subjected to any data breaches or significant system failures (whether due to malicious activity or not) in the last 12 months? 8.3% 22.2% 26.1% 25.7% 38.0% 36.8% 36.5% 36.4% 35.5% 35.5% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% 8 Exploring the Latest Cyber Risk Trends in EMEA
9 Dealing with Loss of Systems If systems or data are damaged or lost, it is highly likely that the functionality of the company will be restricted, if not stopped. Respondents in almost all countries believed there would there be a significant impact on their business should they lose access to critical applications and systems even for a few hours. This table highlights the importance companies now place on IT and the potential impact to business continuity that a cyber threat could cause. How long do you believe your critical applications and systems can be shut down before significant damage is caused to your company? - Less than 6 hours 27.3% 66.7% 65.8% 61.3% 55.6% 54.8% 52.1% 51.9% 50.8% 49.5% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% In the next section we will demonstrate the importance of achieving Cyber Clarity in your organisation. Aon Risk Solutions 9
10 Aon s Cyber Clarity Process It is of great importance for a company to understand the exposures it faces. Gaining cyber exposure clarity is now business critical. There are a number of different methods used to achieve this involving scenario testing, assessment of potential financial impact on a company, assessment or the risk maturity level of your cyber risk management procedures and also the insurability of your cyber risk. Below we outline three important steps for each company to take when attempting to understand their exposures when it comes to cyber insurance. Gaining Cyber Exposure Clarity The entity will be required to qualify and prioritise certain cyber scenarios and develop a method whereby it can quantify the consequences of any exposures. This in turn should then allow the company to provide a high-level estimation of holes in coverage or losses which will give a subsequent quantitative assessment of business interruption from cyber. Cyber Risk Management Assessment A key aspect of protecting a company against risks is of course being sufficiently able to mitigate the risks where possible. Each company should assess their cyber risk management capabilities (firewalls, system operational procedures) and ideally benchmark these standards against ISO 27000, aspiring to be as efficient as possible. Cyber Insurance Risk Review Following the identification of potential threat scenarios the company should then analyse the insurability and transferability of these risks through a series of analytical processes. These will look at any potential policy response or coverage. The above steps will allow the company to understand if current policies in action will cover any potential cyber loss. The company should use the results of this output to adjust the scope and limit of current insurance policies and to make a data-driven decision about purchasing a cyber insurance policy. Through this method Aon has identified five main benefits of a company quantifying their cyber risks. 10 Exploring the Latest Cyber Risk Trends in EMEA
11 1. Quantification defines the exposure and any potential impact Developing an understanding of the effect of an incident instead of purely examining the cause which is often the case with most organisations. 2. Quantification uncovers the relative severity of various cyber risks against financial objectives All too often the implications of intangible asset damage are overlooked which can lead to a loss of intellectual property, negating years of research and development. 3. Quantification focuses investment in mitigation (IT & processes) Well-defined exposures can help steer IT investment to where it is needed proving beneficial to the entire organisation through the mitigation of potential risk. 4. Quantification is a catalyst to increase awareness in the organisation Putting a value on an exposure organically increases interest and further can make it easier to communicate the importance of the exposure to the organisation. 5. Quantification enables an informed discussion about the transfer of risk Boiling down to the basics of insurance, the transfer of risk is fundamental to how organisations do business. Understanding this exposure will determine whether the company is paying the correct level of premium or transferring the correct level of risk. Aon s Cyber Insurance Solution In recent years, Boards of Directors and C-Suite Officers are becoming increasingly aware of the seriousness and complexity of cyber risk leading to a substantial increase in the adoption of Cyber Risk cover. The chart below shows that Cyber Risks cover has grown at a compound growth rate of 38% annually between 2009 and 2014 which made it Aon s fastest growing product during the period. Total premium - compound growth rate Cyber Risks 38.0% Political Risk 20.0% Financial Lines 16.0% Product Contamination 13.0% Aviation Liability 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% 30.0% 35.0% 40.0% % Growth Rate Data Source: Aon Global Risk Insight Platform (GRIP) Aon Risk Solutions 11
12 Companies that are most likely to purchase Cyber Risks cover are those in industries such as Financial Institutions, Technology & Communications, Health Care and Retail & Wholesale Trade. Each of these sectors stores large amounts of information about their customers and has a high degree of dependency on technology to manage this information and any cyber incident is more likely to have a material impact due to the very personal nature of the records being stored. The below graph ranks industry sectors by their share or the total cyber insurance premium placed by Aon in 2013 globally. Cyber risks premium by industry Tech & Communications Health Care Services 11.7% Retail and Wholesale Trade 9.6% Professional Services 7.5% Business & Personal Services 7.3% Public Sector Ent & Leisure 4.3% Pharma/Chem 3.6% Food/Agri 3.6% 6.1% Others 8.5% 14.8% Financial Institutions 22.8% 0.0% 5.0% 10.0% 15.0% 20.0% 25.0% Percentage of Total Cyber Risks Premium 2013 Data Source: Aon Global Risk Insight Platform (GRIP) Average Limit Purchased - Compound Annual Growth Rate Entertainment & Leisure 16.8% Public Sector 15.9% Retail & Wholesale Trade 9.9% Professional Services 6.0% Financial Institutions 5.6% Technology & Communications 3.9% 0.0% 2.0% 4.0% 6.0% 8.0% 10.0% 12.0% 14.0% 16.0% 18.0% Data Source: Aon Global Risk Insight Platform (GRIP) % Growth Rate 12 Exploring the Latest Cyber Risk Trends in EMEA
13 The amount of limits purchased by companies also increased in the 2009 to 2013 period with average limits increasing across Entertainment & Leisure, the Public Sector and Retail & Wholesale Trade. Limits also increased across Financial Institutions and Technology & Communications as companies have become aware of the increasing need to protect their critical technology infrastructure. Benchmarking Your Cyber Risk Exposures Build a framework for discussion with Aon s Cyber Risk Diagnostic Tool, which will provide a high-level understanding of the risks facing your organisation. Upon answering a series of multiple choice questions, you will receive a tailored cyber insight report that will help identify the key internal and external factors that may affect your levels of cyber risks. The report also includes practical guidance on the related governance framework that should be in place as part of an effective cyber risk management strategy. The tool is available in seven languages and in the coming year we expect to be able to provide more detailed and targeted cyber risk insights to our clients than ever before. Aon clients can receive customised benchmarking of their cyber risk report against peer companies, tailored by industry, geography, or specific risk factor. Both the tool and the report can be used to engage other company stakeholders into the process, such as chief information officers, IT security, data privacy leaders, legal, HR and finance. To receive your complimentary report, complete the diagnostic at aoncyberdiagnostic.com or for further information please contact your local Aon office. Aon Risk Solutions 13
14 Key Contacts Sarah Stephens Head of Cyber & Commercial E&O - EMEA Aon Risk Solutions sarah.stephens@aon.com Constantin Beier CEO Aon Centre for Innovation & Analytics Aon Risk Solutions constantin.beier@aon.ie Michael Spellman Director Aon Global Risk Consulting Aon Risk Solutions michael.spellman@aon.ie Aon plc All rights reserved. The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
15 About Aon Aon plc (NYSE:AON) is the leading global provider of risk management, insurance and reinsurance brokerage, and human resources solutions and outsourcing services. Through its more than 66,000 colleagues worldwide, Aon unites to empower results for clients in over 120 countries via innovative and effective risk and people solutions and through industry-leading global resources and technical expertise. Aon has been named repeatedly as the world s best broker, best insurance intermediary, best reinsurance intermediary, best captives manager, and best employee benefits consulting firm by multiple industry sources. Visit aon.com for more information on Aon and aon.com/ manchesterunited to learn about Aon s global partnership with Manchester United. aon.com Risk. Reinsurance. Human Resources.
Aon Risk Solutions Global Risk Consulting Captive & Insurance Management. Cyber risk and the captive market - a match made in the cloud?
Aon Risk Solutions Global Risk Consulting Captive & Insurance Management Cyber risk and the captive market - a match made in the cloud? With increasing news coverage of cyber-attacks and despite indications
More informationReal Estate Practice. Fact-Based Solutions for Real Estate Risk Management. Risk. Reinsurance. Human Resources.
Aon Risk Solutions Real Estate Practice Real Estate Practice Fact-Based Solutions for Real Estate Risk Management Risk. Reinsurance. Human Resources. Today s Real Estate Risk Trends and Priorities Our
More informationExecutive Liability Insurance
Aon Risk Solutions Financial Services Group Life Sciences Industry Practice Executive Liability Insurance Solutions from Experts in the Life Sciences Industry Challenges on the Rise for Life Sciences Companies
More informationCaptive & Insurance Management
Aon Risk Solutions Global Risk Consulting Captive & Insurance Management Location of captive parent company 500+ captives 250-500 captives 51-249 captives 10-50 captives
More informationReducing Cyber Risk in Your Organization
Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than
More informationOrganization transformation in times of change
Organization transformation in times of change Insurance is sold, not bought is a phrase of unknown attribution, but common wisdom for decades. Thus, insurers and most financial services organizations
More informationFleet Complete. Insight. Innovation. Intervention.
Fleet Complete Insight. Innovation. Intervention. Risk. Reinsurance. Human Resources. Empower Results Aon UK Limited is authorised and regulated by the Financial Conduct Authority 1 Aon is market leader
More informationProperty Insurance Market Report United States. Summary and Forecast Q1 14
Property Insurance Market Report United States Summary and Forecast Q1 14 Property Summary Property underwriters enjoyed a profitable 2013 due to lower losses and higher rates, which followed two-plus
More informationCGI Cyber Risk Advisory and Management Services for Insurers
CGI Cyber Risk Advisory and Management Services for Insurers Minimizing Cyber Risks cgi.com 3 As organizations seek to create value in today s highly interconnected world, they inherently increase their
More informationClient Engagement and Compensation Guide
Aon Risk Solutions Client Engagement and Compensation Guide Risk. Reinsurance. Human Resources. Introduction The aim of this document is to provide a high-level summary of the work that Aon Risk Solutions
More informationACE European Risk Briefing 2012
#5 ACE European Risk Briefing 2012 IT and cyber risk respondent profiles The research was carried out between 13 April and 3 May 2012. The sample comprised 606 European risk managers, CROs, CFOs, COOs
More informationCYBER AND PRIVACY INSURANCE: LOSS MITIGATION SERVICES
CYBER AND PRIVACY INSURANCE: LOSS MITIGATION SERVICES How can you better prepare and respond to cyber risks? ACE developed Loss Mitigation Services to help policyholders understand and gauge various areas
More informationTechnology and Cyber Resilience Benchmarking Report 2012. December 2013
Technology and Cyber Resilience Benchmarking Report 2012 December 2013 1 Foreword by Andrew Gracie Executive Director, Special Resolution Unit, Bank of England On behalf of the UK Financial Authorities
More informationSOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT)
INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT THE FIFTH ANNUAL SURVEY ON THE CURRENT STATE OF AND TRENDS IN INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT Sponsored by October 2015
More informationUK 2015 Cyber Risk Survey Report
INSIGHTS UK 2015 Cyber Risk Survey Report June 2015 CONTENTS 1 Introduction 2 Work still to be done in terms of awareness/ ownership of cyber risk 5 Lack of data continues to prevent companies from adequately
More informationCyber security: Are consumer companies up to the challenge?
Cyber security: Are consumer companies up to the challenge? 1 Cyber security: Are consumer companies up to the challenge? A survey of webcast participants kpmg.com 1 Cyber security: Are consumer companies
More informationSafety Management Function Organization and Responsibilities
Safety Management Function Organization and Responsibilities An Aon Survey September 2011 Aon Global Risk Consulting Casualty Risk Consulting Christopher Iovino, Managing Director 2011 Aon Corporation
More informationCYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY
CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY October 2015 CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY Global reinsurer PartnerRe has once again collaborated with Advisen to conduct a comprehensive
More informationAttachment 21.1 AON: Insurance Premium Forecast Report September 2014
Attachment 21.1 AON: Insurance Premium Forecast Report September 2014 Insurance Premium Forecast SA Power Networks September 2014 FINAL REPORT Contents Executive Summary 1 1. Background and Approach 2
More informationINFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT. October 2013. Sponsored by:
2013 INFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT & October 2013 & INFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT: The Third Annual Survey on the Current State of and Trends in Information
More informationCyber Risk Management
Cyber Risk Management A short guide to best practice Insight October 2014 So what exactly is 'cyber risk'? In essence, cyber risk means the risk connected to online activity and internet trading but also
More informationMitigating Bring Your Own Device (BYOD) Risk for Organisations
Mitigating Bring Your Own Device (BYOD) Risk for Organisations Harness the benefits and mitigate the risks of BYOD espiongroup.com Executive Summary Mobile devices such as smart phones, tablets, or laptops
More informationMARSH REPORT October 2015. International Business Resilience Survey 2015
MARSH REPORT October 2015 International Business Resilience Survey 2015 CONTENTS October 2015 CONTENTS 3 Introduction 4 Non-traditional risks top concerns, both in terms of likelihood and impact 7 Insurance
More informationConsiderations for Financial Advisors Regarding Corporate E&O Insurance Coverage
Aon Risk Solutions Considerations for Financial Advisors Regarding Corporate E&O Insurance Coverage January 2015 Risk. Reinsurance. Human Resources. Introduction Recent statistics indicate that the number
More informationData Security: Fight Insider Threats & Protect Your Sensitive Data
Data Security: Fight Insider Threats & Protect Your Sensitive Data Marco Ercolani Agenda Data is challenging to secure A look at security incidents Cost of a Data Breach Data Governance and Security Understand
More informationONLINE AND MOBILE BANKING, YOUR RISKS COVERED
ONLINE AND MOBILE BANKING, YOUR RISKS COVERED WITH KASPERSKY FRAUD PREVENTION ONLINE AND MOBILE BANKING, YOUR RISKS COVERED WITH KASPERSKY FRAUD PREVENTION Financial fraud is a serious risk with damaging
More informationOECD PROJECT ON CYBER RISK INSURANCE
OECD PROJECT ON CYBER RISK INSURANCE Introduction 1. Cyber risks pose a real threat to society and the economy, the recognition of which has been given increasingly wide media coverage in recent years.
More information2012 Hospital and Physician Professional Liability
2012 Hospital and Physician Professional Liability Benchmark Analysis October 2012 Risk. Reinsurance. Human Resources. Empower Results Introduction 2 Executive Summary 3 Emerging Trends in State Legislation
More informationAon commentary - draft Property, Stock and Business Agents Amendment (Professional Indemnity Insurance) Regulation 2012
Aon commentary - draft Property, Stock and Business Agents Amendment (Professional Indemnity Insurance) Regulation 2012 NSW Fair Trading 5 October 2012 1. Introduction This document has been prepared in
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationGeneral Insurance Industry
Aon Hewitt Performance, Reward & Talent General Insurance Industry Remuneration Report (Australia) Information pack 2015 Risk. Reinsurance. Human Resources. 354 positions from Data in this report covers
More informationCybersecurity. Considerations for the audit committee
Cybersecurity Considerations for the audit committee Insights on November 2012 governance, risk and compliance Fighting to close the gap Ernst & Young s 2012 Global Information Security Survey 2012 Global
More information2014 EMEA Financial Institutions Industry Report
Aon Risk Solutions Aon Centre for Innovation and Analytics 2014 EMEA Financial Institutions Industry Report Powered by the Aon Global Risk Management Survey and Aon GRIP, December 2014 Risk. Reinsurance.
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More informationThird party assurance services
TECHNOLOGY RISK SERVICES Third party assurance services Delivering assurance over your service providers The current third party service provider environment Corporate UK has been transformed in recent
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationA NEW APPROACH TO CYBER SECURITY
A NEW APPROACH TO CYBER SECURITY We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward. Positively
More informationHow to protect, inform & grow your business with trade credit insurance
Aon Risk Solutions How to protect, inform & grow your business with trade credit insurance Risk. Reinsurance. Human Resources. 2 How to protect, inform & grow your business with trade credit insurance
More informationNine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity
Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationWILLIS RETAIL PRACTICE ADVICE AND PROTECTION FOR THE RETAIL SECTOR
WILLIS RETAIL PRACTICE ADVICE AND PROTECTION FOR THE RETAIL SECTOR CUSTOMER RELATIONSHIPS. BRAND. REPUTATION. PROFIT MARGIN. PROFIT MARGIN. AS A RETAILER YOU WORK HARD TO GROW THEM - AS AN INSURANCE AND
More informationCYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY
CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY INTRODUCTION Information security has evolved. As the landscape of threats increases and cyber security 1 management becomes
More informationAddressing Cyber Risk Building robust cyber governance
Addressing Cyber Risk Building robust cyber governance Mike Maddison Partner Head of Cyber Risk Services The future of security The business environment is changing The IT environment is changing The cyber
More informationAon Risk Maturity Index
Aon Risk Solutions Aon Risk Maturity Index Insight Report, October 2014 Risk. Reinsurance. Human Resources. Table of Contents Executive Summary...1 Accentuating the Upside, Smoothing the Downside...2 The
More informationInsurance implications for Cyber Threats
Lillehammer Energy Claims Conference Lillehammer March 7, 2014 Insurance implications for Cyber Threats How enterprises need to prepare for the inevitable JLT is one of the world s largest providers of
More informationTable of Contents. Application Vulnerability Trends Report 2013. Introduction. 99% of Tested Applications Have Vulnerabilities
Application Vulnerability Trends Report : 2013 Table of Contents 3 4 5 6 7 8 8 9 10 10 Introduction 99% of Tested Applications Have Vulnerabilities Cross Site Scripting Tops a Long List of Vulnerabilities
More informationCyber/ Network Security. FINEX Global
Cyber/ Network Security FINEX Global ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over
More informationCOUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide
COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E Protecting Key Assets: A Corporate Counterintelligence Guide E X E C U T I V E Counterintelligence for the
More informationEmployee Benefits Panel, October 6, 2015 PROFESSION INNOVATION DIVERSITY
Employee Benefits Panel, October 6, 2015 PROFESSION INNOVATION DIVERSITY Moderator and Speakers Sabrina Hartusch: Global Head of Insurance, Triumph, Switzerland; president of SIRM Paolo Marini: Global
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationBuilding a Comprehensive Mobile Security Strategy
WHITE PAPER Building a Comprehensive Mobile Security Strategy A key to safeguarding data and apps is finding the right partner. protecting mobile environments has become more complex. Fortunately, solutions
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationSupporting information technology risk management
IBM Global Technology Services Thought Leadership White Paper October 2011 Supporting information technology risk management It takes an entire organization 2 Supporting information technology risk management
More informationA Guide to the Cyber Essentials Scheme
A Guide to the Cyber Essentials Scheme Published by: CREST Tel: 0845 686-5542 Email: admin@crest-approved.org Web: http://www.crest-approved.org/ Principal Author Jane Frankland, Managing Director, Jane
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationA blueprint for an Enterprise Information Security Assurance System. Acuity Risk Management LLP
A blueprint for an Enterprise Information Security Assurance System Acuity Risk Management LLP Introduction The value of information as a business asset continues to grow and with it the need for effective
More informationUnisys Security Insights: Global Summary A Consumer Viewpoint - 2015
Unisys Security Insights: Global Summary A Consumer Viewpoint - 2015 How consumers in 12 countries feel about: Personal data security, ranked by industry Region-specific security perceptions Research by
More informationCyber Security Evolved
Cyber Security Evolved Aware Cyber threats are many, varied and always evolving Being aware is knowing what is going on so you can figure out what to do. The challenge is to know which cyber threats are
More informationCyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things
Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations
More informationInformation Security Services
Information Security Services Information Security In 2013, Symantec reported a 62% increase in data breaches over 2012. These data breaches had tremendous impacts on many companies, resulting in intellectual
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationHealth Care Practice. An Integrated Approach to Meet the Financial and Risk-Related Needs of Health Care Organizations. Aon Risk Solutions
Aon Risk Solutions Health Care Practice An Integrated Approach to Meet the Financial and Risk-Related Needs of Health Care Organizations Risk. Reinsurance. Human Resources. Empower Results 1. Solutions
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationWhitepaper. How to Implement a Strong BYOD Policy. BYOD on the Rise - But with Challenges
How to Implement a Strong BYOD Policy Mobility carries with it promises of convenience, productivity, and remarkable amounts of information at everyone s fingertips. While smartphones and other devices
More informationRisk appetite How hungry are you?
Risk appetite How hungry are you? 8 by Richard Barfield Richard Barfield Director, Valuation & Strategy, UK Tel: 44 20 7804 6658 Email: richard.barfield@uk.pwc.com 9 Regulatory pressures, such as Basel
More informationCyber-reputation: risk turbocharged
The GlobalEthicist MATEJ MODERC Cyber-reputation: risk turbocharged By Andrea Bonime-Blanc Companies that suffer a cyber-attack can find the biggest damage is to their reputation. They need to protect
More informationRISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer
RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.
More informationIT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski
IT AUDIT Current Trends and Top Risks of 2015 2 02 Eric Vyverberg WHO WE ARE David Kupinski Randy Armknecht Associate Director Internal Audit Protiviti 317.510.4661 eric.vyverberg@protiviti.com Managing
More informationAppendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises
Appendix Key Areas of Concern i. Inadequate coverage of cybersecurity risk assessment exercises The scope coverage of cybersecurity risk assessment exercises, such as cybersecurity control gap analysis
More informationCyber Risk: Global Warning? by Cinzia Altomare, Gen Re
Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in
More informationTable of Contents. Foreword... 3. Adopting a Risk Appetite Statement... 5. Linking Risk Appetite to Reinsurance... 8. Focus on Earnings...
Global Reinsurance and Risk Appetite Report 2016 Table of Contents Foreword... 3 Adopting a Risk Appetite Statement... 5 Linking Risk Appetite to Reinsurance... 8 Focus on Earnings... 11 Focus on Capital...
More informationWho s next after TalkTalk?
Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many
More informationInformation Technology
Information Technology Information Technology Session Structure Board of director actions Significant and emerging IT risks Practical questions Resources Compensating Controls at the Directorate Level
More informationBitSight Insights Global View. Revealing Security Performance Metrics Across Major World Economies
BitSight Insights Global View Revealing Security Performance Metrics Across Major World Economies Introduction There is no denying the global nature of 21st century business. The export and import of goods
More informationCyber Security - What Would a Breach Really Mean for your Business?
Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber
More informationGuideline. Operational Risk Management. Category: Sound Business and Financial Practices. No: E-21 Date: June 2016
Guideline Subject: Category: Sound Business and Financial Practices No: E-21 Date: June 2016 1. Purpose and Scope of the Guideline This Guideline sets out OSFI s expectations for the management of operational
More informationImplementing Practical Information Security Programs
Implementing Practical Information Security Programs CISO Summit March 17-19, 2013 Presented by: David Cass, SVP & Chief Information Security Officer, Elsevier Information Security & Data Protection Office
More informationHEALTH CARE AND CYBER SECURITY:
HEALTH CARE AND CYBER SECURITY: Increasing Threats Require Increased Capabilities kpmg.com 1 HEALTH CARE AND CYBER SECURITY EXECUTIVE SUMMARY Four-fifths of executives at healthcare providers and payers
More informationBusiness Continuity Management Systems. Protecting for tomorrow by building resilience today
Business Continuity Management Systems Protecting for tomorrow by building resilience today Vital statistics 31% 40% of UK businesses have been affected by bad weather related transport problems, power
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report
More informationehealth 2.0: How health systems can gain a leadership role in digital health Gerardo Aue, Stefan Biesdorf, Nicolaus Henke
ehealth 2.0: How health systems can gain a leadership role in digital health Gerardo Aue, Stefan Biesdorf, Nicolaus Henke Health systems around the world clearly recognise the potential of digital health;
More informationOctober 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches
October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title
More informationCyber Risks and Insurance Solutions Malaysia, November 2013
Cyber Risks and Insurance Solutions Malaysia, November 2013 Dynamic but vulnerable IT environment 2 Cyber risks are many and varied Malicious attacks Cyber theft/cyber fraud Cyber terrorism Cyber warfare
More informationAon Risk Solutions. Aon Trade Credit. Unlocking the Value of Trade Credit Insurance
Aon Risk Solutions Aon Trade Credit Unlocking the Value of Trade Credit Insurance Trade Credit and the Global Economy If your business crosses borders, consider these questions: Do you regularly sell to
More informationBuilding the business case for continuity and resiliency
Global Technology Services Research Analysis Risk Management Building the business case for continuity and resiliency The economics of IT risk and reputation and their importance to business continuity
More informationRisk management systems of responsible entities
Attachment to CP 263: Draft regulatory guide REGULATORY GUIDE 000 Risk management systems of responsible entities July 2016 About this guide This guide is for Australian financial services (AFS) licensees
More informationBusiness Continuity and Disaster Planning
WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and
More informationCyber Security: Confronting the Threat
09 Cyber Security: Confronting the Threat Cyber Security: Confronting the Threat 09 In Short Cyber Threat Awareness and Preparedness Active Testing Likelihood of Attack Privacy Breaches 9% 67% Only 9%
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationProtecting Your Credit Union
Protecting Your Credit Union A More Strategic Approach 2013 As a credit union, you are strategic in everything you do. Shouldn t your approach to risk/insurance be the same? Why do you buy directors and
More informationPRIORITIZING CYBERSECURITY
April 2016 PRIORITIZING CYBERSECURITY Five Investor Questions for Portfolio Company Boards Foreword As the frequency and severity of cyber attacks against global businesses continue to escalate, both companies
More informationProtecting your business interests through intelligent IT security services, consultancy and training
Protecting your business interests through intelligent IT security services, consultancy and training The openness and connectivity of the digital economy today provides huge opportunities but also creates
More informationThird Annual Study: Is Your Company Ready for a Big Data Breach?
Third Annual Study: Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute
More informationCLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY
CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for
More informationInformation Security: Business Assurance Guidelines
Information Security: Business Assurance Guidelines The DTI drives our ambition of prosperity for all by working to create the best environment for business success in the UK. We help people and companies
More informationRISK MANAGEMENT POLICY
RISK MANAGEMENT POLICY Approved by Governing Authority February 2016 1. BACKGROUND 1.1 The focus on governance in corporate and public bodies continues to increase. It resulted in an expansion from the
More informationAon Hewitt Retirement and Investment. 2015 Hot Topics in Retirement. Risk. Reinsurance. Human Resources.
Aon Hewitt Retirement and Investment 2015 Hot Topics in Retirement Risk. Reinsurance. Human Resources. Table of Contents Executive Summary.... 1 Financial Wellness and Overall Strategy.... 2 Defined Contribution
More information