Plain English Cyber in 3 articles, 2 numbers and 1 action.
This week: Insurer says solicitors are driving up the cost of cyber insurance, and the SEC says it wants to know what cyber expertise is in the boardroom.
This week’s action: Check your children aren’t roaming the mean streets of the online world.
If you’d prefer to listen to Cyber 3-2-1: This week’s episode is accessible from https://www.codeinmotion.ie/podcast or wherever you get your podcasts.
1: Solicitors are driving the increasing costs of cyber insurance
Cyber Ireland recently published an interesting insight into cyber insurance trends in Ireland. Written by an insurance broker, it points to the increasing cost of cover, primarily driven by the scourge of ransomware.
According to the author, Brian O’Mara of O’Leary Insurances, while “most commercial insurances take time for claims to catch up with premiums [..] cyber Insurance is unique in that insured incidents tend to be resolved relatively quickly. This means that pricing of premiums can quickly be tailored to factor in the ‘claims environment’, so ransomware trends have quickly translated to increased premiums. Insurers have responded by asking for much more detail [..] and also by limiting the ransomware cover.”
O’Mara also notes that “the sheer frequency and severity of losses have made some sectors extremely hard to insure. [Alongside manufacturers,] solicitors are also a prime target; a leading insurer has advised that the profession accounts for 15% of their total premium, but over 60% of the total ransomware claim payments.”
O’Mara goes on to suggest ways to maximise the chances of getting cover and to minimise the cost of cover, including the value of having relevant certifications or aligning to recognised standards.
Call me if you want to identify the most appropriate certificate or standard for your business. And if you are a solicitor or other professional services firm, I suggest you do this sooner rather than later, before insurers refuse to cover you for cyber risk.
2: The SEC will force cyber security expertise into America’s boardrooms
A recent article on Forbes.com discusses how the Securities Exchange Commission (the SEC) in the US is turning its attention to cyber risk.
“This year is the twentieth anniversary of the U.S. legislation known as The Sarbanes-Oxley Act (SOX)”. It forced the boards of US public companies “to have a director in the boardroom who understood a financial statement and accounting issues. The next corporate director competency that the SEC is now transforming is boardroom cyber expertise. [..] With the rapidly changing cyber risk environment that faces every company, cyber risk presents clear and present equity, financial and litigation threats. Risk is heightened in companies that do not have corporate directors who understand these issues. [..] These issues are significant enough that the SEC is now proposing to require disclosure of boardroom cyber expertise, as they did 20 years ago with financial expertise. [..] As happened with SOX, regulators around the world will also likely mirror this requirement, creating a global acceleration of cyber board transformation.”
3: Is your child roaming the streets on their own?
A video released by CyberSafeKids is a short but effective demonstration of how crazy it is for us to allow our kids to roam around the online world without any supervision. While the child in the youTube video ‘only’ ends up at an over-18s horror movie, we can all think of far more horrific things that could have happened to a young child that is left to roam the streets on their own.
The same goes for the online world.
It’s a great reminder that while we may think they are safe within the walls of our homes, if they are online, they are still roaming the streets.
An insurance technology provider, ZyWave, has agreed to pay $11 million to settle a class action lawsuit relating to a 2021 data breach that allowed attackers to steal customers’ names, social security numbers, driver’s licence numbers and other personal data. The lawsuit claimed that the breach occurred because ZyWave failed to implement “reasonable cyber security measures”. The company also took two months to tell consumers about the breach.
To know what “reasonable cyber security measures” look like, I recommend you consider the numerous globally-recognised cybersecurity certifications or standards that are out there. If you don’t know where to start, I can help.
$4.3 million dollars’ worth of cryptocurrency was stolen from 52 people over the course of 10 days, according to SlowMist, a blockchain security firm. SlowMist have said the victims were fooled by ads that appeared when they searched for specific terms on Google. When they clicked on one of the ads, they were brought to a malicious website that fooled them into revealing the password to their cryptocurrency wallets.
1: Check in and check on what the vulnerable people in your life are doing online
The CyberSafeKids video that I mentioned earlier is worth one minute of your time.
If you have children or other vulnerable people in your life (for example, older relations), check in on what they are doing online and make sure you are comfortable with their activities and their online acquaintances.
And if you have other vulnerable people in your life (for example, older relations), it’s no harm to also speak to them about the dangers of roaming the streets of the online world.