Multiple Drivers For Cyber Security Insurance
|
|
- Ellen Hill
- 8 years ago
- Views:
Transcription
1 ANALYST BRIEF Multiple Drivers For Cyber Security Insurance EXPECTATIONS PLACED ON INSURANCE CARRIERS RISE WITH MARKET GROWTH Author Andrew Braunberg Overview There has been considerable good news for insurance carriers over the past couple of months. Several market surveys demonstrate fairly strong adoption of cyber security policies among businesses based in the United States. Another set of reports in circulation suggests that US public businesses are heeding Securities and Exchange Commission (SEC) guidance to better explain potential cyber risks. More transparency regarding cyber risk and cyber attacks is expected to drive greater adoption of cyber insurance as a means of demonstrating better corporate risk management. It is becoming a mainstream assumption that insurance carriers can help organizations with cyber risk management, both in the traditional risk transfer sense and in the broader sense that they can act as neutral arbiters of cyber security best practices. This is readily demonstrated in the recent push by the White House to promote greater insurance carrier participation in the National Institute of Standards and Technology (NIST) effort to create a cyber security best practices framework for critical infrastructure providers.
2 NSS Labs Findings Recent market surveys put cyber security insurance adoption at approximately one third of large US businesses. Insurance carriers are being pulled into the creation of the NIST cyber security framework, raising their profile among security professionals. The White House is hopeful that this interaction will help to foster a competitive cyber insurance market. An examination of recent SEC files reveals that US public companies are more forthcoming with details regarding their cyber security risk profiles. Proposed reform of European Union (EU) data protection laws is expected to accelerate cyber security insurance adoption in Europe. NSS Labs Recommendations Enterprises should view cyber security insurance as an important component of their overall risk management strategy. US- based public companies must understand and keep abreast of current SEC expectations for cyber risk/incident disclosure and, just as importantly, current industry best practice for reporting. Enterprises should better leverage information technology (IT) security teams when selecting cyber security insurance and when explaining risk profiles. Insurance carriers should more fully consider and assess the differences among security vendors and products, in particular the differences in overall security readiness that are achievable based on the specific products used for defense- in- depth strategies. 2
3 Analysis Survey Says... According to a recent Ponemon Institute survey 1 of risk management professionals in US private sector organizations, cyber security has become a mainstream business concern. Respondents rate the need to protect against cyber security risks as comparable to other insurable risks, such as natural disasters or fire. Confirming the severity of this concern, 31 percent of the organizations in the survey state that they currently have a cyber security policy, and 39 percent state that their organizations have plans to purchase a policy. Ponemon also asked respondents to disclose which employees within their organizations make the decisions to purchase cyber insurance. Interestingly, chief information security officers (CISOs) and IT security personnel have little influence regarding choice of insurance carrier. Risk management teams are most likely to evaluate carriers and influence buying decisions. Other important influencers are business unit leaders, general counsels, and chief financial officers (CFOs). Respondents cited formal risk assessments conducted by the insurer as the most common means of determining their required level of coverage. That insurance carriers would want to perform their own risk assessment is not surprising, nor is the assumption that carriers are becoming repositories of information on security best practices. As discussed in the analyst brief Cyber Security Insurance: Self- Insure Or Hedge Your Bets? The Current State Of The Market, however, there is little consistency among the cyber security policies offered by carriers. This is at least partly due to a lack of consistency in the manner in which rates are determined. Inhibitors To Cyber Security Insurance Respondents in the Ponemon survey with no current plans to obtain insurance (30 percent) include among their reasons the belief that premiums are too high and/or include too many exclusions, restrictions, and uninsurable risks ; the belief that existing property and casualty policies cover cyber risk (almost always not the case); and the inability to purchase policies because of an organization s current risk profile. For those under the impression that the insurance carriers would add some much needed data rigor to the cyber security risk management markets, there is some bad news: they simply are not there yet. The truth is that carriers believe that technical controls account for a relatively small percentage of the overall security posture of an organization and that they can build risk models without a detailed understanding of the specifics of the technical controls in place within a particular customer. 1 resources/ponemon- study- managing- cyber- security- as- business- risk 3
4 Critical Infrastructure Providers The current Administration is investigating several strategies to convince critical infrastructure providers to adopt better risk postures. The White House is exploring ways to incentivize critical infrastructure vendors to adopt the cyber security best practice framework currently being developed through the NIST, the goal of which is to help critical infrastructure providers reduce their risk exposure through the adoption of agreed upon best practices. The NIST has until February 2014 to produce a final version of the framework, which was mandated in a February 2013 Executive Order. Adoption of the framework is voluntary, however, and this has convinced the Administration that a set of initiatives should be created to entice critical infrastructure providers to adopt the framework. Working to align the framework with the same types of controls that insurance carriers require when writing cyber security insurance policies is viewed as a way to encourage adoption of the framework. The strategy is to include insurance carriers in the process of developing the framework with the goal of building underwriting practices that promote the adoption of cyber risk- reducing measures and risk- based pricing and foster a competitive cyber insurance market. 2 In other words, it is hoped that adoption of the framework will lead to lower cyber security insurance premium costs. Unfortunately, after several preliminary iterations, the framework document remains an exceptionally high level document. SEC Cyber Risk Guidance For Publicly Traded Companies In 2011, the Division of Corporation Finance within the US Securities and Exchange Commission (SEC) issued its first guidance (i.e., recommendations) to public companies regarding the disclosure of cyber risk. While the guidance does not mandate specific disclosures, it does suggest the direction that the SEC would like to see disclosures move. The Division of Corporation Finance is the entity within the SEC that selectively reviews public company SEC files for compliance with disclosure requirements. For this reason, Division disclosure guidance documents are taken seriously by public companies. The requirement for publicly traded companies to report on their cyber risk and to detail any cyber attacks is expected to drive them to be more transparent and responsive regarding efforts to mitigate this risk through technical security controls or cyber risk insurance. This is similar to the way in which state security breach notification laws (currently in place in 46 of the 50 US states) have driven the market for cyber risk insurance to pay for the costs associated with breach disclosures. 2 support- adoption- cybersecurity- framework 4
5 Topic Number 2 The SEC guidance was presented in a document titled CF Disclosure Guidance: Topic No. 2, 3 dated October 13, The document notes that there is no existing disclosure requirement that explicitly refers to cyber security risks and cyber incidents, but it states a number of disclosure requirements may impose an obligation on registrants to disclose such risks and incidents... Therefore, as with other operational and financial risks, registrants should review, on an ongoing basis, the adequacy of their disclosure relating to cyber security risks and cyber incidents. The document goes on to caution public companies that when determining whether risk factor disclosure is required, we expect registrants to evaluate their cyber security risks and take into account all available relevant information, including prior cyber incidents and the severity and frequency of those incidents. If cyber risks are deemed material, then appropriate disclosures suggested in the document include: Discussion of the details of operations that contribute to material cyber security risks and discussion of any potential costs and impact Discussion of the details of operations that are outsourced to third parties, which may contribute to material cyber security risks, and discussion of how to mitigate these risks Description of any cyber incidents that are individually, or in the aggregate, material, including a description of the costs and impacts Risks related to latent cyber incidents that may remain undetected Description of relevant cyber security insurance coverage The Willis Reports The insurance carrier Willis has been attempting to quantify the degree to which large US private sector organizations are following the SEC- recommended guidelines. Willis has this year released two reports on this topic. The first, which was released in April 2013, focused on the Fortune 500; 4 and the second, which covered the Fortune 1000, 5 was released in September The reports offer some good news to proponents of better cyber risk disclosure. They reveal that 85 percent of Fortune 500 companies are following the SEC guidance to some degree, by providing a level of disclosure regarding cyber exposures. That is a reasonable start, but the details of the report demonstrate that large public companies still are a long way from implementing the full scope of SEC cyber reporting recommendations. Willis notes that the number of organizations disclosing details of actual cyber events was only 1 percent. It notes that this percentage seems low considering the number of attacks that appear in the press on a regular basis. It also notes that in spite of SEC guidance requests, no dollar figures associated with the costs of attacks are presented in any Fortune 1000 company SEC filings. One of the more interesting data points that surfaces in the Willis reports is that just 6 percent of the Fortune 500 mention cyber insurance in their SEC filings. 3 topic2.htm 4 content/uploads/2013/05/willis- Cyber- Disclosure_2013.pdf 5 content/uploads/2013/08/willis- Fortune Cyber- Report_09-13.pdf 5
6 This number is much lower than several recent market surveys suggest, including the Ponemon survey discussed earlier. Another example is a recent report 6 by Chubb, which indicates that about 36 percent of public companies in the US purchase cyber risk insurance. That is not too far from the Ponemon survey result, which revealed that number as 31 percent. But why the discrepancy between these surveys and that which is reported to the SEC? One possible explanation is that companies are overreporting their insurance coverage to survey takers, which would suggest that the SEC filing numbers reflect more accurately the true market uptake for cyber risk insurance. But the other explanation would be that corporations are attempting to downplay cyber risk in their SEC filings and are therefore underreporting risks in general and risk reduction and risk transfer strategies in particular. The latter explanation may bear out, given the apparent underreporting on technical risk protection deployments (for example, firewalls and AV). The Willis reports note that only 52 percent of the Fortune 500 and only 25 percent of the Fortune 1000 mention these protections being in place. Common sense, industry best practice, and a multitude of compliance mandates under which large businesses operate in the United States, make these reported numbers suspect. It is difficult to imagine a Fortune 1000 organization operating today without at least elementary network and endpoint security products protecting its assets. So at a high level, it seems that public companies are beginning to embrace the SEC guidance on cyber security; however, the level of detail that the SEC was expecting is still almost universally missing in the Fortune 1000 SEC filings. For this reason, Senate Commerce Committee Chairman Jay Rockefeller continues to push to strengthen cyber risk disclosure requirements. In a letter to the SEC Chairperson earlier this year, Rockefeller wrote: Investors deserve to know whether companies are effectively addressing their cyber security risks just as investors should know whether companies are managing their financial and operational risks... Formal guidance from the SEC on this issue will be a strong signal to the market that companies need to take their cyber security efforts seriously. 7 With respect to cyber risk, public companies currently navigate between disclosing too little information and disclosing too much. They are being advised by the SEC against underreporting their cyber risk posture, but they are also taking care not to oversell their ability to protect against cyber risk. Given the level of guidance the SEC is currently promoting, it is highly likely that it will increasingly scrutinize public companies that completely omit disclosure of cyber security risks and incidents. What is less clear, but perhaps more interesting, is the degree to which the SEC will pursue public companies that are considered to have mischaracterized their ability to reduce or transfer cyber security risks through technical controls and insurance policies, respectively. As the Willis examination of the SEC files of the Fortune 1000 shows, a considerably high percentage of the largest companies in the United States claim not to have the resources to adequately limit the consequences of cyber attacks. This includes a quarter of all health care, high tech, and banking organizations in the Fortune Meanwhile, In The EU Interestingly, the market for cyber security insurance in the European Union is only a fraction of the current market in the United States. (The gross domestic product [GDP] of the EU is larger than that of the United States) bd16-4bbd- 8d64-8c15ba0e4e51 6
7 Insurance giant Allianz estimates that the current US cyber security insurance market is approximately USD $1.3 billion, while the EU is generating about USD $200 million. 8 A draft data protection regulation currently working through the EU Parliament might help jump- start the cyber security insurance market in Europe, however. The reforms, which were first proposed in January 2012, would replace the current Data Protection Directive (95/46/EC). A component of the proposed regulation would mandate broader and stricter requirements for private organizations to disclose data breaches and cyber attacks. It is estimated that the new rules would impact 40,000 businesses. 9 This increased transparency into cyber risk is expected to drive broader adoption of cyber insurance. 8 insurance- is- zurichs- new- focus/ / 9 7
8 Reading List Cyber Security Insurance: Self- Insure Or Hedge Your Bets? The Current State Of The Market. NSS Labs insurance- self- insure- or- hedge- your- bets 8
9 Contact Information NSS Labs, Inc. 206 Wild Basin Rd Building A, Suite 200 Austin, TX USA +1 (512) This analyst brief was produced as part of NSS Labs independent testing information services. Leading products were tested at no cost to the vendor, and NSS Labs received no vendor funding to produce this analyst brief NSS Labs, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the express written consent of the authors. Please note that access to or use of this report is conditioned on the following: 1. The information in this report is subject to change by NSS Labs without notice. 2. The information in this report is believed by NSS Labs to be accurate and reliable at the time of publication, but is not guaranteed. All use of and reliance on this report are at the reader s sole risk. NSS Labs is not liable or responsible for any damages, losses, or expenses arising from any error or omission in this report. 3. NO WARRANTIES, EXPRESS OR IMPLIED ARE GIVEN BY NSS LABS. ALL IMPLIED WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON- INFRINGEMENT ARE DISCLAIMED AND EXCLUDED BY NSS LABS. IN NO EVENT SHALL NSS LABS BE LIABLE FOR ANY CONSEQUENTIAL, INCIDENTAL OR INDIRECT DAMAGES, OR FOR ANY LOSS OF PROFIT, REVENUE, DATA, COMPUTER PROGRAMS, OR OTHER ASSETS, EVEN IF ADVISED OF THE POSSIBILITY THEREOF. 4. This report does not constitute an endorsement, recommendation, or guarantee of any of the products (hardware or software) tested or the hardware and software used in testing the products. The testing does not guarantee that there are no errors or defects in the products or that the products will meet the reader s expectations, requirements, needs, or specifications, or that they will operate without interruption. 5. This report does not imply any endorsement, sponsorship, affiliation, or verification by or with any organizations mentioned in this report. 6. All trademarks, service marks, and trade names used in this report are the trademarks, service marks, and trade names of their respective owners. 9
Breach Found. Did It Hurt?
ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many
More informationENTERPRISE EPP COMPARATIVE REPORT
ENTERPRISE EPP COMPARATIVE REPORT Security Stack: Socially Engineered Malware Authors Bhaarath Venkateswaran, Randy Abrams, Thomas Skybakmoen Tested Products Bitdefender Endpoint Security v5.3.15.539 ESET
More informationInternet Advertising: Is Your Browser Putting You at Risk?
ANALYST BRIEF Is Your Browser Putting You at Risk? PART 2: CLICK FRAUD Authors Francisco Artes, Stefan Frei, Ken Baylor, Jayendra Pathak, Bob Walder Overview The US online advertising market in 2011 was
More informationDATA CENTER IPS COMPARATIVE ANALYSIS
DATA CENTER IPS COMPARATIVE ANALYSIS Security Value Map (SVM) 2014 Thomas Skybakmoen, Jason Pappalexis Tested Products Fortinet FortiGate 5140B, Juniper SRX 5800, McAfee NS- 9300, Sourcefire 8290-2 Overview
More informationDATA CENTER IPS COMPARATIVE ANALYSIS
DATA CENTER IPS COMPARATIVE ANALYSIS Total Cost of Ownership () 2014 Thomas Skybakmoen, Jason Pappalexis Tested s Fortinet FortiGate 5140B, Juniper SRX 5800, McAfee NS- 9300, Sourcefire 8290-2 Overview
More informationMobile App Containers: Product Or Feature?
ANALYST BRIEF Mobile App Containers: Product Or Feature? APPLE AND SAMSUNG HAVE TAKEN BIG STEPS WITH CONTAINERIZATION Author Andrew Braunberg Overview Secure workspaces, or containers, used for isolating
More informationCan Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?
ANALYST BRIEF Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities? Author Randy Abrams Tested Products Avast Internet Security 7 AVG Internet Security 2012 Avira Internet Security
More informationWEB APPLICATION FIREWALL COMPARATIVE ANALYSIS
WEB APPLICATION FIREWALL COMPARATIVE ANALYSIS Security Value Map (SVM) Author Thomas Skybakmoen Tested Products Barracuda Networks Web Application Firewall 960 Citrix NetScaler AppFirewall MPX 11520 Fortinet
More informationSSL Performance Problems
ANALYST BRIEF SSL Performance Problems SIGNIFICANT SSL PERFORMANCE LOSS LEAVES MUCH ROOM FOR IMPROVEMENT Author John W. Pirc Overview In early 2013, NSS Labs released the results of its Next Generation
More informationDATA CENTER IPS COMPARATIVE ANALYSIS
DATA CENTER IPS COMPARATIVE ANALYSIS Security 2014 Thomas Skybakmoen, Jason Pappalexis Tested Products Fortinet FortiGate 5140B, Juniper SRX 5800, McAfee NS- 9300, Sourcefire 8290-2 Data Center Overview
More information2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles
FIREWALL COMPARATIVE ANALYSIS Total Cost of Ownership (TCO) 2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles Tested s Barracuda F800, Check Point 12600, Cyberoam CR2500iNG, Dell SonicWALL
More informationEvolutions in Browser Security
ANALYST BRIEF Evolutions in Browser Security TRENDS IN BROWSER SECURITY PERFORMANCE Author Randy Abrams Overview This analyst brief aggregates results from NSS Labs tests conducted between 2009 and 2013
More informationNEXT GENERATION FIREWALL COMPARATIVE ANALYSIS
NEXT GENERATION FIREWALL COMPARATIVE ANALYSIS Security Value Map (SVM) Author Thomas Skybakmoen Tested Products Barracuda F800b Check Point 13500 Cisco ASA 5525-X Cisco ASA 5585-X SSP60 Cisco FirePOWER
More informationENTERPRISE EPP COMPARATIVE ANALYSIS
ENTERPRISE EPP COMPARATIVE ANALYSIS Socially Engineered Malware Randy Abrams, Jayendra Pathak, Ahmed Garhy Tested Products Fortinet Fortigate 100D Management station Forticlient- 5.0.7.333 McAfee VirusScan
More informationBROWSER SECURITY COMPARATIVE ANALYSIS
BROWSER SECURITY COMPARATIVE ANALYSIS Privacy Settings 2013 Randy Abrams, Jayendra Pathak Tested Vendors Apple, Google, Microsoft, Mozilla Overview Privacy is an issue on the front lines of the browser
More informationAn Old Dog Had Better Learn Some New Tricks
ANALYST BRIEF An Old Dog Had Better Learn Some New Tricks PART 2: ANTIVIRUS EVOLUTION AND TECHNOLOGY ADOPTION Author Randy Abrams Overview Endpoint protection (EPP) products are ineffective against many
More information2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles
FIREWALL COMPARATIVE ANALYSIS Performance 2013 Thomas Skybakmoen, Francisco Artes, Bob Walder, Ryan Liles Tested Products Barracuda F800, Check Point 12600, Cyberoam CR2500iNG, Dell SonicWALL NSA 4500,
More informationWILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES
WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.
More informationInternet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT
Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT TESTED PRODUCTS: AVG Internet Security Network Edition v8.0 Kaspersky Total Space Security v6.0 McAfee Total Protection for Endpoint Sophos
More informationNavigating the NIST Cybersecurity Framework
Navigating the NIST Cybersecurity Framework Explore the NIST Cybersecurity Framework and tools and processes needed for successful implementation. Abstract For federal agencies, addressing cybersecurity
More informationCyber Risks Connect With Directors and Officers
Cyber Risks Connect With Directors and Officers Implications of the New SEC Guidance on Cyber Security February 2012 Lockton Companies, LLC The Securities and Exchange Commission (SEC) has changed the
More informationCloud- Based Security Is Here to Stay
ANALYST BRIEF Cloud- Based Security Is Here to Stay HOSTED SECURITY IS BECOMING A PART OF THE SECURITY INFRASTRUCTURE Author Rob Ayoub Overview As the popularity of cloud- based services has grown, so
More informationCORPORATE AV / EPP COMPARATIVE ANALYSIS
CORPORATE AV / EPP COMPARATIVE ANALYSIS Exploit Evasion Defenses 2013 Randy Abrams, Dipti Ghimire, Joshua Smith Tested Vendors AVG, ESET, F- Secure, Kaspersky, McAfee, Microsoft, Norman, Panda, Sophos,
More informationCompliance in the Age of Cloud
ANALYST BRIEF Compliance in the Age of Cloud THE GOOD, THE BAD, AND THE UGLY Author Andrew Braunberg Overview Cloud is a nebulous term, but fundamentally, the term denotes that IT resources are delivered
More informationThe CISO s Guide to the Importance of Testing Security Devices
ANALYST BRIEF The CISO s Guide to the Importance of Testing Security Devices Author Bob Walder Overview Selecting security products is a complex process that carries significant risks if not executed correctly;
More information(e) Upon our request, you agree to sign a non-electronic version of this TOS.
MasterCard SecureCode Terms of Service Welcome and thank you for choosing to use the MasterCard SecureCode service ( MasterCard SecureCode ) from Southbridge Credit Union. Please read this Terms of Service
More informationCyber Governance Preparing for the Inevitable Perimeter Breach
SAP Brief SAP Extensions SAP Regulation Management by Greenlight, Cyber Governance Edition Objectives Cyber Governance Preparing for the Inevitable Perimeter Breach Augment your preventive cybersecurity
More informationMechanics of Currency Hedged Indices
EQUITY 101 Global Mechanics of Currency Hedged Indices CONTRIBUTORS Sabrina Salemi Manager, Strategy and Global Equity Indices sabrina.salemi@spdji.com Philip Murphy, CFA Vice President, North American
More informationLexisNexis Emerging Issues Analysis
2012 Emerging Issues 6204 Research Solutions February 2012 Click here for more Emerging Issues Analyses related to this Area of Law. On October 13, 2011, the Division of Corporate Finance of the Securities
More informationMANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS
MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS RRD Donnelley SEC Hot Topics Institute May 21, 2014 1 MANAGING CYBERSECURITY RISK AND DISCLOSURE OBLIGATIONS Patrick J. Schultheis Partner Wilson
More informationEmploying Best Practices for Mainframe Tape Encryption
WHITE PAPER: DATA ENCRYPTION BEST PRACTICES FOR MAINFRAME TAPE Employing Best Practices for Mainframe Tape Encryption JUNE 2008 Stefan Kochishan CA MAINFRAME PRODUCT MARKETING John Hill CA MAINFRAME PRODUCT
More informationGENOA, a QOL HEALTHCARE COMPANY WEBSITE TERMS OF USE
GENOA, a QOL HEALTHCARE COMPANY WEBSITE TERMS OF USE IF YOU HAVE A MEDICAL EMERGENCY, YOU ARE INSTRUCTED IMMEDIATELY TO CALL EMERGENCY PERSONNEL (911). DO NOT RELY ON THIS WEBSITE OR THE INFORMATION PROVIDED
More informationSoftware- Defined Networking: Beyond The Hype, And A Dose Of Reality
ANALYST BRIEF Software- Defined Networking: Beyond The Hype, And A Dose Of Reality Author Mike Spanbauer Overview Server virtualization has brought the network to its knees. Legacy architectures are unable
More informationSecuring Amazon It s a Jungle Out There
ANALYST BRIEF Securing Amazon It s a Jungle Out There PART 1 CONTROLS AND OPTIONS OFFERED BY AMAZON Author Rob Ayoub Overview Infrastructure as a service (IaaS) is a foundational component of modern cloud
More informationCyber Liability Insurance
Annual Board of Directors Conference 29 April 2014 TOC - 1 The Cyber Risk Landscape 2 Regulation Changes 3 Case Study Why to insure 4 Page 2 The Cyber Risk Landscape 2013 Lloyds Risk Index : Cyber Risk
More informationAN INSIDE LOOK AT S&P MILA 40
DID YOU KNOW? This article originally appeared in the Summer 2013 edition of INSIGHTS, a quarterly publication from S&P DJI, and summarizes key aspects of the S&P MILA 40 Index originally featured in Benchmarking
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationWhy Is DDoS Prevention a Challenge?
ANALYST BRIEF Why Is DDoS Prevention a Challenge? PROTECTING AGAINST DISTRIBUTED DENIAL-OF-SERVICE ATTACKS Authors Andrew Braunberg, Mike Spanbauer Overview Over the past decade, the threat landscape has
More informationExamining the Evolving Cyber Insurance Marketplace
Prepared Testimony and Statement for the Record of Ola Sage Founder and CEO e-management Hearing on Examining the Evolving Cyber Insurance Marketplace Before the Senate Committee on Commerce, Science,
More informationTERMS OF USE. Last Updated: October 8, 2015
1666 K Street, N.W. Washington, DC 20006 Telephone: (202) 207-9100 Facsimile: (202) 862-8430 www.pcaobus.org TERMS OF USE Last Updated: October 8, 2015 This Terms of Use Agreement (this "Agreement") is
More informationGus P. Coldebella (@g_co) Partner, Goodwin Procter LLP Former General Counsel, Dept. of Homeland Security. What are we going to talk about today?
Cyber Security Meets Corporate Securities: The SEC's Authority to Regulate Companies' Cyber Defenses and Corporate Directors' Fiduciary Responsibilities Gus P. Coldebella (@g_co) Partner, Goodwin Procter
More informationHEALTHCARE BUSINESS INTELLIGENCE (BI) MARKET
HEALTHCARE BUSINESS INTELLIGENCE (BI) MARKET By Function (Reporting, OLAP, Monitoring), Application (Clinical & Financial), Technology (Traditional, Cloud, Mobile), End User (Hospitals, Clinics, ACO, HIE,
More informationHow To Create A Firewall Security Value Map (Svm) 2013 Nss Labs, Inc.
FIREWALL COMPARATIVE ANALYSIS Security Value Map (SVM) 2013 Frank Artes, Thomas Skybakmoen, Bob Walder, Vikram Phatak, Ryan Liles Tested Products Barracuda F800, Check Point 12600, Cyberoam CR2500iNG,
More informationE-Sign Disclosure & E-Statements Terms and Conditions
(888) 734-4567 info@allianceassociationbank.com www.allianceassociationbank.com E-Sign Disclosure & E-Statements Terms and Conditions E-Sign Disclosure Alliance Association Bank is a division of Western
More informationVerified by Visa Terms of Service Credit Card Accounts
Verified by Visa Terms of Service Credit Card Accounts Welcome and thank you for choosing to use the Verified by Visa authentication service ("Verified by Visa"). Please read this Terms of Service Agreement
More informationSECURITY SAVINGS BANK MONMOUTH, IL STRONGHURST, IL MOBILE REMOTE DEPOSIT SERVICES AGREEMENT, TERMS AND CONDITIONS
SECURITY SAVINGS BANK MONMOUTH, IL STRONGHURST, IL MOBILE REMOTE DEPOSIT SERVICES AGREEMENT, TERMS AND CONDITIONS Mobile remote deposit services are designed to provide the ability for you to make deposits
More information2013 North America Auto Insurance Pricing Benchmark Survey Published by
2013 North America Auto Insurance Pricing Benchmark Survey Published by Earnix 2013 1 Executive Summary With the goal of helping insurance executives and pricing professionals learn from the experiences
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationScriptless Test Automation. Next generation technique for improvement in software testing. Version 1.0 February, 2011 WHITE PAPER
Scriptless Test Automation Next generation technique for productivity improvement in software testing Version 1.0 February, 2011 WHITE PAPER Copyright Notice Geometric Limited. All rights reserved. No
More informationIndividual and Family Health Insurance Researching, Shopping and Buying Health Insurance: The Insurance Exchange Effect
Individual and Family Health Insurance Researching, Shopping and Buying Health Insurance: The Insurance Exchange Effect GoHealthInsurance Consumer Reports Third Business Quarter 2009 Table of Contents
More informationMobile Banking and Mobile Deposit Terms & Conditions
Mobile Banking and Mobile Deposit Terms & Conditions PLEASE CAREFULLY REVIEW THESE TERMS AND CONDITIONS BEFORE PROCEEDING: This Mobile Banking and Mobile Deposit Addendum ( Addendum ) to the Old National
More informationAsia Insurance Co. Ltd.
Primary Credit Analyst: Eunice Tan, Hong Kong (852) 2533-3553; eunice.tan@standardandpoors.com Secondary Contact: Mark Li, Beijing (861) 6569-2998; mark.haihu.li@standardandpoors.com Table Of Contents
More informationNew York State Department of Financial Services. Update on Cyber Security in the Banking Sector: Third Party Service Providers
New York State Department of Financial Services Update on Cyber Security in the Banking Sector: Third Party Service Providers April 2015 Update on Cyber Security in Banking Sector: Third-Party Service
More informationMeasuring Volatility in Australia
CONTRIBUTOR Berlinda Liu Director Global Research & Design berlinda_liu@spdji.com How is VIX computed? Select first and second month OTM puts and OTM calls Compute implied volatility for each maturity
More informationGetting Smart About Revenue Recognition and Lease Accounting
SAP Thought Leadership Paper Revenue Recognition and Lease Accounting Getting Smart About Revenue Recognition and Lease Accounting What the Rule Changes Mean for Your Business Table of Contents 4 New Rules
More informationWILLIS SPECIAL REPORT: 10K DISCLOSURES HOW TECHNOLOGY AND TELECOM COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES
WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW TECHNOLOGY AND TELECOM COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the technology and telecommunications
More informationGENOA, a QoL HEALTHCARE COMPANY GENOA ONLINE SYSTEM TERMS OF USE
GENOA, a QoL HEALTHCARE COMPANY GENOA ONLINE SYSTEM TERMS OF USE By using the Genoa Online system (the System ), you acknowledge and accept the following terms of use: This document details the terms of
More informationTaking the Pulse of the U.S. Healthcare Market
February 2016 CONTRIBUTORS Glenn K. Doody, CFA Vice President Product Management glenn.doody@spdji.com Michael Taggart, FSA Consultant michael.taggart@spdji.com Taking the Pulse of the U.S. Healthcare
More informationTEST METHODOLOGY. Hypervisors For x86 Virtualization. v1.0
TEST METHODOLOGY Hypervisors For x86 Virtualization v1.0 Table of Contents 1 Introduction... 4 1.1 The Need For Virtualization... 4 1.2 About This Test Methodology And Report... 4 1.3 Inclusion Criteria...
More informationManaging Cyber Security as a Business Risk: Cyber Insurance in the Digital Age
Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013
More informationThe promise and pitfalls of cyber insurance January 2016
www.pwc.com/us/insurance The promise and pitfalls of cyber insurance January 2016 2 top issues The promise and pitfalls of cyber insurance Cyber insurance is a potentially huge but still largely untapped
More informationBank of Denver Mobile Deposit User Agreement ( Agreement ):
This Agreement contains the terms and conditions for the use of BANK OF DENVER Mobile Deposit, and/or other remote deposit capture services that BANK OF DENVER or its affiliates ( BANK OF DENVER, us, or
More informationIAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know
IAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know Moderator: Elaine Wolff, Partner Corporate Finance and Securities Practice, Jenner & Block Mary Ellen
More informationDON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? Gregg Sommer, CAIA Head of Operational Risk Assessments St. Louis MERCER 2015 0 CYBERSECURITY BREACHES
More informationCROWDFUNDING WHAT IS CROWDFUNDING?
CROWDFUNDING PBI Business Lawyers Institute 5 November 2015 G. Philip Rutledge, Partner Bybel Rutledge LLP, Lemoyne, PA 17043 rutledge@bybelrutledge.com WHAT IS CROWDFUNDING? Much over used term to describe
More informationCovered California. Terms and Conditions of Use
Terms and Conditions of Use Contents: Purpose Of This Agreement Privacy Policy Modification Of This Agreement Permission To Act On Your Behalf How We Identify You Registration Additional Terms For Products
More informationMoney One Federal Credit Union Pocket 2 Pocket Service E-SIGNATURE AND ELECTRONIC DISCLOSURES AGREEMENT
Money One Federal Credit Union Pocket 2 Pocket Service E-SIGNATURE AND ELECTRONIC DISCLOSURES AGREEMENT You are signing up to use the Pocket 2 Pocket service powered by Acculynk that allows you to send
More informationCybersecurity Risk Factors: Five Tips to Consider When Any Public Company Might be The Next Target
10 February 2014 Practice Groups: Capital Markets Insurance Coverage The text of this article was first published by Law360 on February 10, 2014. Cybersecurity Risk Factors: Five Tips to Consider When
More informationBusiness Mobile Deposit Capture Terms & Conditions
Business Mobile Deposit Capture Terms & Conditions DESCRIPTION The mobile deposit capture services ("Mobile Deposit" or "Services") are designed to allow you to make deposits to your checking, money market
More informationENTERPRISE EDITION INSTALLER END USER LICENCE AGREEMENT THIS AGREEMENT CONSISTS OF THREE PARTS:
ENTERPRISE EDITION INSTALLER END USER LICENCE AGREEMENT THIS AGREEMENT CONSISTS OF THREE PARTS: A. VNC SERVER ENTERPRISE EDITION END USER LICENCE AGREEMENT B. VNC VIEWER ENTERPRISE EDITION END USER LICENCE
More informationSukuk Liquidity Trends
PRACTICE ESSENTIALS SUKUK 21 GLOBAL Liquidity Trends CONTRIBUTOR Michele Leung Associate Director, Fixed Income Indices michele.leung@spdji.com While global sukuk issuance declined by 13% in 213, the liquidity
More informationInsurance Considerations Related to Data Security and Breach in Outsourcing Agreements
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
More informationTHE U.S. INFRASTRUCTURE EFFECT INTERVIEW BY CAROL CAMERON
This interview originally appeared in the Summer 24 edition of InSIGHTS, a quarterly publication from S&P Dow Jones Indices. THE U.S. INFRASTRUCTURE EFFECT INTERVIEW BY CAROL CAMERON Every four years,
More informationcomputer to identify you as a unique user and to take into account your personal preferences and technical information. We use:
BMS CONSULTING WEBSITE TERMS AND RULES OF USE www.bms-consulting.com This site and associated websites referenced by links (collectively, the Site) provide information on services, projects, solutions
More informationINDEX-BASED INVESTING
PART 4 INDEX-BASED INVESTING N. (IN-DEKS BEYST IN-VEST-ING) AN INVESTMENT BASED ON PRODUCTS LINKED TO INDICES, SUCH AS INDEX MUTUAL FUNDS, ETFs AND OPTIONS CONTRACTS. 1 INDEX-BASED INVESTING Index-based
More informationCYBER SECURITY SPECIALREPORT
CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber
More informationPractice Essentials. Index-Linked Insurance Products 201 THE S&P MIDCAP 400 AND ITS ROLE IN INDEXED INSURANCE PRODUCTS
Index-Linked Insurance Products 201 Practice Essentials THE S&P MIDCAP 400 AND ITS ROLE IN INDEXED INSURANCE PRODUCTS S&P Indices licenses insurance carriers to use the S&P 500 and the S&P MidCap 400 within
More informationShould Costing Version 1.1
Should Costing Identify should cost elements early in the design phase, and enable cost down initiatives Version 1.1 August, 2010 WHITE PAPER Copyright Notice Geometric Limited. All rights reserved. No
More informationLegal Notices. Purpose and Scope of Website. StanCorp Financial Group, Inc. Contact Us. Public Affairs. Special Investigations Unit
Legal Notices The following describes the policies and practices of StanCorp Financial Group, Inc ( StanCorp Financial ) and its affiliates, vendors, and licensors with regards to the collection and use
More informationStatement of Work. for. Online Event Registration Product Deployment for Salesforce Implementation. for. Open Web Application Security Project (OWASP)
Statement of Work for Online Event Registration Product Deployment for Salesforce Implementation for Open Web Application Security Project (OWASP) July 9, 2010 TABLE OF CONTENTS INTRODUCTION... 3 SCOPE...
More informationSERVICE TERMS AND CONDITIONS
SERVICE TERMS AND CONDITIONS Last Updated: April 19th, 2016 These Service Terms and Conditions ( Terms ) are a legal agreement between you ( Customer or you ) and Planday, Inc., a Delaware corporation
More informationSolving the Security Puzzle
Solving the Security Puzzle How Government Agencies Can Mitigate Today s Threats Abstract The federal government is in the midst of a massive IT revolution. The rapid adoption of mobile, cloud and Big
More informationVENDOR MANAGEMENT. General Overview
VENDOR MANAGEMENT General Overview With many organizations outsourcing services to other third-party entities, the issue of vendor management has become a noted topic in today s business world. Vendor
More informationLitigating Privacy, Data Breach and Cybersecurity Issues in 2014: The SEC View on Disclosure Obligations
Litigating Privacy, Data Breach and Cybersecurity Issues in 2014: The SEC View on Disclosure Obligations American Bar Association Section of Litigation Annual Conference 2014 Spring Program Scottsdale,
More informationMarketsandMarkets. http://www.marketresearch.com/marketsandmarkets-v3719/ Publisher Sample
MarketsandMarkets http://www.marketresearch.com/marketsandmarkets-v3719/ Publisher Sample Phone: 800.298.5699 (US) or +1.240.747.3093 or +1.240.747.3093 (Int'l) Hours: Monday - Thursday: 5:30am - 6:30pm
More informationCyber Risk: Global Warning? by Cinzia Altomare, Gen Re
Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in
More informationState Governments at Risk: The Data Breach Reality
State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO
More informationHit ratios are still very low for Security & Privacy coverage: What are companies waiting for?
Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations
More informationLooking Down Under: An Approach to Global Equity Indexing in Australia
January 2015 CONTRIBUTOR Michael Orzano, CFA Director, Global Equity Indices michael.orzano@spdji.com Looking Down Under: An Approach to Global Equity Indexing in Australia The benefits of incorporating
More informationThe Nuts and Bolts of Fixed Indexed Annuities
PRACTICE ESSENTIALS INSURANCE 101 U.S. The Nuts and Bolts of Fixed Indexed Annuities CONTRIBUTORS Alan Grissom Global Head of Insurance Ryan Christianson Channel Management Associate ryan.christianson@spdji.com
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationSOFTWARE LICENSE AGREEMENT
SOFTWARE LICENSE AGREEMENT This Software License Agreement (the "Agreement") is made as of the day of, 2015 ( Effective Date ), by and between ("Company"), located at and ("Subscriber"), located at. Both
More informationZIMPERIUM, INC. END USER LICENSE TERMS
ZIMPERIUM, INC. END USER LICENSE TERMS THIS DOCUMENT IS A LEGAL CONTRACT. PLEASE READ IT CAREFULLY. These End User License Terms ( Terms ) govern your access to and use of the zanti and zips client- side
More informationE-SIGN and EFT Disclosures and Online/Mobile Banking User Agreement
E-SIGN and EFT Disclosures and Online/Mobile Banking User Agreement Electronic Delivery of Disclosures and Notices By selecting the Electronic Disclosure check box, you are consenting to receive the Online/Mobile
More informationGuide to the Dow Jones Corporate Bond Index
Guide to the Dow Jones Corporate Bond Index Contents 01. Introduction...3 02. Key Features...3 2.1 Base Date and Base Value...3 2.2 Calculation...3 2.3 Methodology...3 2.4 Dissemination...4 2.5 Weighting...4
More informationHow to Protect against the Threat of Spearphishing Attacks
ANALYST BRIEF How to Protect against the Threat of Spearphishing Attacks Author Randy Abrams Overview NSS Labs researchers have identified spearphishing as the most common targeted method sophisticated
More informationEmoeHost agrees to provide to Client the Services agreed upon between EmoeHost and Client as selected by Client at www.emoehostmaine.com.
EmoeHost Service Agreement 1. Site Services EmoeHost agrees to provide to Client the Services agreed upon between EmoeHost and Client as selected by Client at www.emoehostmaine.com. 2. Payment & Invoicing
More informationAlliance for Fertility Preservation Website and Fertility Preservation Services Locator and Referral System Terms and Conditions of Use
Alliance for Fertility Preservation Website and Fertility Preservation Services Locator and Referral System Terms and Conditions of Use PLEASE READ THESE TERMS AND CONDITIONS OF USE (the "TERMS") CAREFULLY
More information