Tag:risk management

1
Boards Push Insurers to Quantify Cyber Risks
2
10 Considerations for Developing a Data Breach Response Plan
3
Top Five Cybersecurity Insurance Tips
4
Cybersecurity Risk Management – Financial Services Entities Required to Act
5
Cyber Insurance is Only a (Small) Part of the Solution
6
UK Government Issues Cybersecurity Insurance Report

Boards Push Insurers to Quantify Cyber Risks

By Cameron Abbott and Rebecca Murray

US risk management firm Advisen recently held the Cyber Risk Insights Conference where insurers, brokers, corporate risk managers and CSOs came together to discuss the importance of company CFOs quantifying cybersecurity risks. Panelists included the risk managers of Merck and Time, who both classified cybersecurity risk exposure as a top danger faced by corporations. Time’s risk management department, for example, is working to quantify the company’s exposure to cyber attacks so that it can transfer some of the risks to insurers. However, Time’s director of risk management says culling all cyber-risk-management information together in a meaningfully predictive way is a challenging task.

Furthermore, gaining assistance from insurers about how to quantitatively define cybersecurity risk is also problematic as the insurance industry is only getting started on truly understanding how to forecast cyber losses. Cyber security practice leader for insurance broker Lockton Cos, Ben Beeson has revealed that insurers have only really become aware of the vast extent of loss that can eventuate when handling personal data this year. Keeping up with incredibly evolving and dynamic cybersecurity threats is sure to be an immense challenge for insurers. Read more here.

10 Considerations for Developing a Data Breach Response Plan

By Jim Bulling and Michelle Chasser

A quick response to a data breach is key to mitigating its impact. The Office of the Australian Information Commissioner (OAIC) recommends that all entities have a data breach response plan in place and has recently released draft guidance on how to develop such a plan.

The guidance recommends that the plan include setting out the actions to be taken in the event of a breach and the team members involved in those actions. Here are some questions for your organisation to consider based on the OAIC’s draft guidance to developing a data breach response plan.

1. What constitutes a data breach?

2. What actions should your staff take?

3. Who is a member of the response team?

4. When does a breach needs to be escalated to senior management?

5. Who is responsible for contacting and managing any affected individuals?

6. Who decides whether to contact law enforcement or regulators?

7. How are records of data breaches kept?

8. How will you identify and address any weaknesses in data handling that contributed to a data breach?

9. Are there any steps your cybersecurity insurance policy requires you to follow?

10. How will you test your response plan?

The OAIC’s Guide to developing a data breach response plan Consultation draft can be found here.

Top Five Cybersecurity Insurance Tips

By Jim Bulling and Roberta Anderson

The increased risks posed by cybersecurity breaches has meant that many organisation are looking to insurance to address some of the exposure. But cybersecurity insurance is still new and there are things which companies wishing to purchase cybersecurity insurance should look out for. Here are five tips if you are considering obtaining or renewing a cybersecurity insurance policy.

Read More

Cybersecurity Risk Management – Financial Services Entities Required to Act

By Jim Bulling

It seems clear following the release in March this year of ASIC Report 429 Cyber Resilience, that all Australian Financial Services Licensees and superannuation funds are currently required to include in their risk management framework measures aimed at addressing the risks posed by cybersecurity breaches.

In addressing the risks ASIC recommends that the U.S. National Institute for Standards and Technology (NIST) framework is a relevant risk management tool. The NIST standards set out the key objectives of an appropriate risk framework:

  • identify the critical assets and governance processes
  • protect critical assets
  • detect breaches and incidents
  • responses to breaches and incidents
  • recovery and reinstatement of systems.

You can download a copy of the framework here

These objectives will need to be merged into the existing financial services policy frameworks which financial services entities already have in place.

Cyber Insurance is Only a (Small) Part of the Solution

By Jim Bulling

Insurers in the U.S. and Europe are forecasting that the market for cyber insurance will grow exponentially in the next five years as more companies look to beef up protection against malicious cyber attacks.

While the insurers see a significant new market emerging, there are signs that they are wary of the risks and this is impacting on premiums and the limitations being placed on cover. There are a number of insurers offering cyber cover in the Australian market and companies looking for additional protection would be well served by closely examining the terms of the proposed cover to ensure it extends to the more significant cyber risks and does so in a way that complements rather than overlaps the existing insurance program which an organisation has in place (eg Public Indemnity , Directors and Officers Liability, Crime and Property).

It is also worth noting that insurance should only be seen as one component of an organisation’s risk management processes around cybersecurity. A leading insurance broker has suggested that investment in technology is the most important factor in reducing the risk profile while the contribution from insurance is much more modest and to be effective needs to be accompanied by investment in technology.

UK Government Issues Cybersecurity Insurance Report

by Jim Bulling and Julia Baldi

The UK government has issued a report on cybersecurity insurance which details new joint initiatives between government and the insurance sector to help firms get to grips with cyber risk. The report encourages businesses and financial institutions to review their risk management processes and seek to obtain ‘Cyber Essentials certifications’ from insurers to ensure adequate cybersecurity is in place.

View the  Press Release and Report.

Copyright © 2024, K&L Gates LLP. All Rights Reserved.