[BreachExchange] Cybersecurity is one of the top risks organizations must manage in 2017

Audrey McNeil audrey at riskbasedsecurity.com
Tue May 2 18:44:06 EDT 2017


Cybersecurity and privacy continue to make headlines. Experts have more
questions than answers addressing risk management concerns in the evolving
cybersecurity market.

High-profile data breach incidents

On March 7, 2017, the CIA got doxed by the anti-secrecy organization
WikiLeaks. Nearly 9,000 documents appeared online showing the CIA sought to
observe conversations, online browsing habits and other activities by
infiltrating the systems that contained them, such as Apple and Android
smartphones, laptops, TVs and even cars. The government is not alone.

Nearly every industry that handles sensitive data has been breached

Healthcare: ransomware attacks are projected to rise 250%, and hackers were
responsible for 106 major healthcare data breaches in 2016.
Financial services: Despite ranking only third in volume of security
incidents, the financial services industry came in first in number of
incidents leading to confirmed data losses.
Insurance: Risk is twofold in this market, because insurers are not only
targets of hackers, they're also providers of coverage to victims.
Education: At the beginning of February 2016, the University of Central
Florida announced a data breach had affected approximately 63,000 current
and former students, faculty and staff.

Third-party vendor risk

Third-party vendors remain a growing source of concern. Companies are
well-advised to look beyond their own cybersecurity policies and standards
to the potentially bigger risk that arises from giving third-party vendors
direct access into their systems. Indeed, low-tech threats like errors by
vendors' employees represent an often-overlooked danger to company data
security. Newer technology trends such as enterprise-level SaaS
provisioning and cloud data storage and processing offer new possibilities
and perils alike.

Given the inevitability of cybersecurity breaches, companies are
increasingly looking to insurers to offset the losses they are likely to
face after suffering an attack. However, because the cyber insurance market
is young and growing rapidly, the scope and availability of policies is
still fluid. Companies should carefully review the specifics and limits of
coverage. According to one source, most questions right now are focused on
coverage for business interruptions and losses related to fraudulent

Smaller companies may face even bigger challenges. Few small companies have
the staff or the resources to actively manage cybersecurity risk, and many
assume that their business risks are small. Despite their smaller size,
these businesses will incur the same level of breach-related costs as
larger companies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170502/b7e99db1/attachment.html>

More information about the BreachExchange mailing list