Organizations are struggling to manage increasing cyber risks and losses from cyber attacks. While financial costs are increasing, other changes may have a greater impact. Regulations are expanding who is responsible for cybersecurity and penalties for non-compliance are becoming more aggressive. Business models may also need to change as supply chains are impacted and new technologies are adopted. However, changes may not be happening quickly enough given the rapidly evolving threat landscape.
Cost of Cybercrime Study in Financial Services: 2019 Reportaccenture
Now in its 9th year, this new Accenture presentation explores the impact associated with cybercrime, quantifying the cost of cyberattacks and analyzing trends in malicious activities in the financial services industry. And this year for the first time, we look to the future so that financial services organizations can better target their funds and resources and open up new revenue opportunities to unlock economic value.
Aon’s cyber capabilities can support organisations in embracing
a risk based approach. This facilitates the deployment of a
more effective cyber insurance strategy to help optimise the
total cost of risk associated with cyber exposures
HACKERONE
HACKER-POWERED SECURITY REPORT
2017
Executive Summary
Hacker-Powered Security: a report drawn from 800+ programs
and nearly 50,000 resolved security vulnerabilities.
Bug bounty and hacker-powered security programs are becoming the norm, used by organizations as diverse as Facebook and the U.S. government. Forty-one percent of bug bounty programs were from industries other than technology in 2016. Top companies are rewarding hackers up to $900,000 a year in bounties and bounty rewards on average have increased 16 percent for critical issues since 2015. Despite
bug bounty program adoption and increased reward competitiveness, vulnerability disclosure programs still lag behind. Ninety-four percent of the Forbes Global 2000 companies do not have policies.
It’s time to give security teams the tools they need to keep up with ever-faster development. This report examines the broadest platform data set available and explains why organizations like General Motors, Starbucks,
Uber, the U.S. Department of Defense, Lufthansa, and Nintendo have embraced continuous, hacker-powered security.
Go to www.esgjrconsultinginc.com to learn more about Software/Network Engineering Solutions for the 21st Century Digital Economy, IoT and IoE Concepts.
Latin america cyber security market,symantec market share internet security,m...Ashish Chauhan
Get Ken Research Latest report on Brazil Cyber Security Market which covers Cyber Crimes Losses in Brazil,Future Endpoint Security Market,Symantec Market Share Internet Security,Avast Total Security Competition,McAfee Antivirus Market Share,Trustwave Competition Antivirus,Latin America Cyber Security Market,Cybercrime in Brazil
Cost of Cybercrime Study in Financial Services: 2019 Reportaccenture
Now in its 9th year, this new Accenture presentation explores the impact associated with cybercrime, quantifying the cost of cyberattacks and analyzing trends in malicious activities in the financial services industry. And this year for the first time, we look to the future so that financial services organizations can better target their funds and resources and open up new revenue opportunities to unlock economic value.
Aon’s cyber capabilities can support organisations in embracing
a risk based approach. This facilitates the deployment of a
more effective cyber insurance strategy to help optimise the
total cost of risk associated with cyber exposures
HACKERONE
HACKER-POWERED SECURITY REPORT
2017
Executive Summary
Hacker-Powered Security: a report drawn from 800+ programs
and nearly 50,000 resolved security vulnerabilities.
Bug bounty and hacker-powered security programs are becoming the norm, used by organizations as diverse as Facebook and the U.S. government. Forty-one percent of bug bounty programs were from industries other than technology in 2016. Top companies are rewarding hackers up to $900,000 a year in bounties and bounty rewards on average have increased 16 percent for critical issues since 2015. Despite
bug bounty program adoption and increased reward competitiveness, vulnerability disclosure programs still lag behind. Ninety-four percent of the Forbes Global 2000 companies do not have policies.
It’s time to give security teams the tools they need to keep up with ever-faster development. This report examines the broadest platform data set available and explains why organizations like General Motors, Starbucks,
Uber, the U.S. Department of Defense, Lufthansa, and Nintendo have embraced continuous, hacker-powered security.
Go to www.esgjrconsultinginc.com to learn more about Software/Network Engineering Solutions for the 21st Century Digital Economy, IoT and IoE Concepts.
Latin america cyber security market,symantec market share internet security,m...Ashish Chauhan
Get Ken Research Latest report on Brazil Cyber Security Market which covers Cyber Crimes Losses in Brazil,Future Endpoint Security Market,Symantec Market Share Internet Security,Avast Total Security Competition,McAfee Antivirus Market Share,Trustwave Competition Antivirus,Latin America Cyber Security Market,Cybercrime in Brazil
Protecting the Oil and Gas Industry from Email ThreatsOPSWAT
Due to the high value of its supply chain, commodities, transactions, and intellectual property, the oil and gas industry is an ideal target for socially-engineered email attacks. Oil producers, brokers, and transporters must learn how to use preventative measures to mitigate the risks of falling prey to a spear phishing attack.
Symantec Internet Security Threat Report 2014 - Volume 19Symantec
The 2014 Internet Security Threat Report gives an overview of global threat activity for the past year based on data from Symantec’s Global Intelligence Network.
Adjusting Your Security Controls: It’s the New NormalPriyanka Aash
Most of us learned cybersecurity practices based on the application of controls that were part of a framework. Once the framework was implemented then the controls didn’t change often. It’s time to adjust our thinking and recognize that on-going adjustment of controls may be a better indicator of cyber-maturity than adherence to any framework.
(Source: RSA USA 2016-San Francisco)
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
We are living in an always-on world using different communications devices, systems and networks. As privacy and protecting one’s identity is becoming increasingly important, the task of protecting these devices, systems and networks from cyber attack is no longer an option, it is a necessity.
Michael Daly, Chief Technology Officer for Cybersecurity & Special Missions at Raytheon, described global cybersecurity trends during his presentation at the 2015 Chief Information Officer Leadership Forum in Boston on March 26. In his presentation, “Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs,” Daly pointed out that cybersecurity is becoming a major concern for C-level executives.
Marloes Klop, Director, Ipsos MORI Reputation Centre presented business, government and public perspectives on cybercrime with an expert panel of Paul Abrahams, Head of Global Corporate Communications, RELX, Chi Onwurah MP, Shadow Minister for Business, Energy and Industrial Strategy, Culture, Media and Sport & Chair of the Internet, Communications and Technology APPG, and Gordon Morrison, Director of Government Relations, Intel Security & Vice Chair, Tech UK Cyber Management Committee.
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead.
Presented by Matthew Rosenquist at the 2016 Connected Security Expo (CSE) @ ISC West http://www.connectedsecurityexpo.com/
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone.
Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead. Organizations must not only address what is ongoing, but also prepare for how cyber-threats will maneuver in the future.
The 2016 Cybersecurity Predictions presentation showcases the cause-and-effect relationships and provides insights and perspectives of the forthcoming challenges the industry is likely to face and how we can be better prepared for it.
Protecting the Oil and Gas Industry from Email ThreatsOPSWAT
Due to the high value of its supply chain, commodities, transactions, and intellectual property, the oil and gas industry is an ideal target for socially-engineered email attacks. Oil producers, brokers, and transporters must learn how to use preventative measures to mitigate the risks of falling prey to a spear phishing attack.
Symantec Internet Security Threat Report 2014 - Volume 19Symantec
The 2014 Internet Security Threat Report gives an overview of global threat activity for the past year based on data from Symantec’s Global Intelligence Network.
Adjusting Your Security Controls: It’s the New NormalPriyanka Aash
Most of us learned cybersecurity practices based on the application of controls that were part of a framework. Once the framework was implemented then the controls didn’t change often. It’s time to adjust our thinking and recognize that on-going adjustment of controls may be a better indicator of cyber-maturity than adherence to any framework.
(Source: RSA USA 2016-San Francisco)
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
We are living in an always-on world using different communications devices, systems and networks. As privacy and protecting one’s identity is becoming increasingly important, the task of protecting these devices, systems and networks from cyber attack is no longer an option, it is a necessity.
Michael Daly, Chief Technology Officer for Cybersecurity & Special Missions at Raytheon, described global cybersecurity trends during his presentation at the 2015 Chief Information Officer Leadership Forum in Boston on March 26. In his presentation, “Global Megatrends in Cybersecurity – A Survey of 1,000 CxOs,” Daly pointed out that cybersecurity is becoming a major concern for C-level executives.
Marloes Klop, Director, Ipsos MORI Reputation Centre presented business, government and public perspectives on cybercrime with an expert panel of Paul Abrahams, Head of Global Corporate Communications, RELX, Chi Onwurah MP, Shadow Minister for Business, Energy and Industrial Strategy, Culture, Media and Sport & Chair of the Internet, Communications and Technology APPG, and Gordon Morrison, Director of Government Relations, Intel Security & Vice Chair, Tech UK Cyber Management Committee.
CSE 2016 Future of Cyber Security by Matthew RosenquistMatthew Rosenquist
Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead.
Presented by Matthew Rosenquist at the 2016 Connected Security Expo (CSE) @ ISC West http://www.connectedsecurityexpo.com/
Top 10 cybersecurity predictions for 2016 by Matthew RosenquistMatthew Rosenquist
Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone.
Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead. Organizations must not only address what is ongoing, but also prepare for how cyber-threats will maneuver in the future.
The 2016 Cybersecurity Predictions presentation showcases the cause-and-effect relationships and provides insights and perspectives of the forthcoming challenges the industry is likely to face and how we can be better prepared for it.
Combating Cybersecurity Challenges with Advanced AnalyticsCognizant
Using an AI-powered analytics platform, IT organizations can shift from a reactive approach to security breaches, to proactively identifying increasingly sophisticated threat vectors and quickly resolving exploitable vulnerabilities.
Growing incidents of cyber hacking and security breaches of information systems (e.g., Sony, Target, JPMorgan Chase, Home Depot, Cathay Pacific Airlines) threaten the sustainability of many firms and costs the U.S. economy more than $100 billion annually. Business organizations should take these threats seriously and improve their Information Technology (IT) governance and compliance, and cybersecurity risk assessment and controls to effectively prevent cyber hacking and cybersecurity breaches. The existence and persistence of cyber-attacks has elevated expectations for boards of directors to exert greater risk and compliance oversight and for executives to develop and implement managerial strategies for risk management processes to combat cyber-attacks. This paper examines the importance and relevance of IT governance measures including the board oversight function and managerial risk assessment strategies in preventing cyber-attacks. This paper provides policy, practical and research implications.
Data centric security key to digital business success - ulf mattsson - bright...Ulf Mattsson
With the exponential growth of data generation and collection stemming from new business models fueled by Big Data, cloud computing and the Internet of Things, we are potentially creating a cybercriminal's paradise where there are more opportunities than ever for that data to end up in the wrong hands. The biggest challenge in this interconnected world is merging data security with data value and productivity. If we are to realize the benefits promised by these new ways of doing business, we urgently need a data-centric strategy to protect the sensitive data flowing through these digital business systems. In this webinar, Ulf Mattsson explores these issues and provides solutions to bring together data insight and security to safely unlock the power of digital business.
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
Cyber attacks have increased in frequency and severity, and financial institutions are particularly interesting targets to cyber criminals. Join this presentation to learn the latest cybersecurity threats and challenges plaguing the financial industry, and the policies and solutions your organization needs to have in place to protect against them.
Viewers will learn:
• Current trends in Cyber attacks
• FFIEC Cyber Assessment Toolkit
• NIST Cybersecurity Framework principles
• Security Metrics
• Oversight of third parties
• How to measure cybersecurity preparedness
• Automated approaches to integrate Security into DevOps
About the Presenter:
Ulf Mattsson is the Chief Technology Officer of Security Solutions at Atlantic BT, and earlier at Compliance Engineering. Ulf was the Chief Technology Officer and a founder of Protegrity, He invented the Protegrity Vaultless Tokenization, Data Type Preservation (DTP2) and created the initial architecture of Protegrity's database security technology. Prior to Protegrity, Ulf worked 20 years at IBM in software development and in IBM's Research organization, in the areas of IT Architecture and Security, and received a US Green Card of class ‘EB 11 – Individual of Extraordinary Ability’ after endorsement by IBM. Ulf is the inventor of more than 45 patents in the areas of Encryption, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention
Cyber Resilience is like muscle – training helps you achieve more. In this Ransomware Bootcamp seminar, you will learn about the changes to cyber insurance and how to prepare for them, an inside perspective from a ransomware negotiator, and steps on how to train your resilience muscle to strengthen your defensive and offensive strategies.
.
Join CynergisTek on December 9th at our free, virtual Ransomware Bootcamp providing insider insights and unique value to help you stay ahead of the curve and protect yourself from being the next target.
2018 State of Cyber Reslience in Healthcareaccenture
Accenture’s 2018 State of Cyber Resilience report reveals that healthcare payers and providers are improving cyber resilience even as targeted attacks more than doubled over the last year. Visit https://accntu.re/2RNIQJN to learn more.
Board Governance, Stakeholder Focus and Integrated Reporting James Deiotte
Lecture at Cleveland State on emerging markets board governance with a focus on stakeholder differences and different reporting requirements for such stakeholders and regulators.
Investment in Poland and support programsJames Deiotte
Presentation for investors considering a move to Poland. Provided overview of macroeconomic environment and incentive programs from the EU and Polish government
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Cyber risk reporting aicpa framework
1. CHALLENGES IN MANAGING CYBER RISKS
A DEVELOPING FRAMEWORK TO EXPLAIN HOW ORGANIZATIONS
ARE TRYING TO MANAGE CYBERSECURITY RISK
JAMES T DEIOTTE
AUGUST 2017
2. CURRENT CLIMATE
1 Losses from cyber-attacks increase
CHANGING CONDITIONS
2 Others changes taking place – may
have greater impact beyond costs
MOVING BEYOND COSTS
3 This shift has expanded the
stakeholder group
RESPONSE OF THE AICPA
4
Framework for reporting on cyber risk
management
TECHNOLOGY SOLUTIONS
5
Creating the cybersecurity
ecosystem
AGENDA
SECTION HEADINGS
4. CYBER RISK EXPANSION IS ON FIRE
• Fuel
• Complexity and interconnectivity that has created caused
stakeholder expansion
• Human nature
• Heat
• Press and political pressure
• Regulatory and legislative responses globally
• Oxygen
• Aggressive nature of hackers
• Expanding use of new products under IoT
• Prevention
• Need for improved risk management – a different and
holistic approach with focus on people
• Need for comprehensive and enabling technologies
5. COMPANIES ARE JUST LEARNING THEY
ARE UNDERINSURED
GAP BETWEEN COVERAGE AND DAMAGES WIDENS
• Target Corp announced that its 2013 will cost an estimated
$230 million; insurance coverage was $90 million
• Home Depot expects $232 million in expenses; insurance
coverage was $100 million
• Anthem ran into difficulties in coverage after an attack
compromised 70 million records; future insurance coverage
requires Anthem to pay the first $25 million in any future
attacks 5
6. VULNERABILITY
• “37.2% of U.S. organizations had a botnet grade of ‘B’ or lower", meaning these organizations have a higher
likelihood of experiencing a publicly disclosed data breach. Source: Global Security Performance: How Do Top
Nations Stack Up?
• “Companies with a rating of 400 or lower are five times more likely to have a breach than those with a rating of 700
or more.” Source: BitSight Security Ratings Correlated To Breaches
• “Crypto-style ransomware grew 35 percent in 2015.” Source: Symantec 2016 Internet Security Threat Report
• “Education accounted for 6.6 percent of all reported cybersecurity incidents in 2015.” Source: 2016 Internet Security
Threat Report from Symantec
• “99% of computer users are vulnerable to exploit kits (software vulnerabilities).” Source: Heimdal Security
• “59% of employees steal proprietary corporate data when they quit or are fired.” Source: Heimdal Security
• “28% of organizations have experienced an advanced persistent threat attack, and three-quarters have failed to
update their third-party vendor contracts to include better protection against APTs.” Source: 2015 Advanced Persistent
Threat Awareness Study, as quoted in Trustwave Security Stats
• “63% of businesses don't have a ‘fully mature’ method to track and control sensitive data.” Source: 2014 State of Risk
Report, as quoted in Trustwave Security Stats
Page 6
7. BREACH STATISTICS
• In 2016, there have been 454 data breaches with nearly 12.7 million records exposed. Source: 2016 Identity Theft Resource Center
Data Breach Category Summary
• “In 93% of breaches, attackers take minutes or less to compromise systems.” Source: 2016 Data Breach Investigations Report from
Verizon
• “Four out of five victims [of a breach] don’t realize they’ve been attacked for a week or longer.” Source: 2016 Data Breach
Investigations Report from Verizon
• “In 7% of [breach] cases, the breach goes undiscovered for more than a year.” Source: 2016 Data Breach Investigations Report
from Verizon
• “30% of phishing emails are opened. And about 12% of targets goon to click the link or attachment.” Source: 2016 Data Breach
Investigations Report from Verizon
• “In 60% of cases, attackers are able to compromise an organization within minutes.” Source: 2015 Data Breach Investigations Report
from Verizon
7
8. COST STATISTICS
• “80% of analyzed breaches had a financial motive.” Source: 2016 Data Breach Investigations Report from Verizon
• “68% of funds lost as a result of a cyber attack were declared unrecoverable.” Source: Heimdal Security
• "Impact from trade secret theft ranges from 1% to as much as 3%of a nation’s GDP – using the World Bank’s GDP estimate
of $74.9trillion in 2003, loss of trade secrets may range from $749 billion to as high as $2.2 trillion annually.“ Source:
Global State of Information Security Survey 2015 from PwC
• “The U.S. government has spent $100 billion on cybersecurity over the past decade, and has $14 billion budgeted for
cybersecurity in2016.” Source: The Business of Cybersecurity: 2015 Market Size, Cyber Crime, Employment, and Industry
Statistics from Forbes
• “The cyber insurance market—mainly a U.S. market—has grown from $1 billion to $2.5 billion over the past two years, and
it is expected to grow dramatically and expand globally over the next five years.” Source: The Business of Cybersecurity:
2015 Market Size, Cyber Crime, Employment, and Industry Statistics from Forbes. See Also: Security Ratings For Cyber
Insurance
• “The forecast average loss for a breach of 1,000 records is between $52,000 and $87,000.” Source: 2015 Data Breach
Investigations Report from Verizon
8
9. CYBER INSURANCE COVERAGE ILLUSTRATED
Type of company Sector Revenues Limits Premium
% of
revenues
Limites % of
revenue
Coverage for
worst case
scenario
IT CONSULTING & DATA HOSTING PROVIDER IT 1,500,000 2,000,000 3,643 0.243% 133.333% (500,000)
HEALTHCARE SAAS PROVIDER HC 2,000,000 2,000,000 9,398 0.470% 100.000% 0
HEALTHCARE IT
PROVIDER/CONSULTING/PROJECTMANAGEMENT HC 4,500,000 5,000,000 34,600 0.769% 111.111% (500,000)
CALL CENTER
Communic
ations 20,000,000 5,000,000 19,800 0.099% 25.000% 15,000,000
FIBER OPTICS COMMUNICATIONS PROVIDER
Communic
ations 35,000,000 10,000,000 47,000 0.134% 28.571% 25,000,000
INDUSTRY: HEALTHCARE HC 25,000,000 1,000,000 12,900 0.052% 4.000% 24,000,000
INDUSTRY: EDUCATION ED 25,000,000 1,000,000 6,000 0.024% 4.000% 24,000,000
INDUSTRY: RETAIL RETAIL 50,000,000 1,000,000 26,000 0.052% 2.000% 49,000,000
INDUSTRY: E-COMMERCE IT 50,000,000 1,000,000 37,000 0.074% 2.000% 49,000,000
RESTAURANT MFG 50,000,000 1,000,000 10,000 0.020% 2.000% 49,000,000
HEALTHCARE IT PROVIDER HC 1,200,000 5,000,000 15,900 1.325% 416.667% (3,800,000)
HEALTHCARE SAAS PROVIDER (STARTUP) IT 1,500,000 5,000,000 30,420 2.028% 333.333% (3,500,000)
ELECTRONIC HEALTH RECORDS (EHR) PROVIDER HC 5,000,000 1,000,000 8,010 0.160% 20.000% 4,000,000
E-WASTE COMPANY MFG 1,500,000 2,000,000 3,564 0.238% 133.333% (500,000)
PSYCHOLOGIST’S OFFICE HC 1,000,000 1,000,000 1,600 0.160% 100.000% 0
DOCTOR’S OFFICE HC 1,700,000 1,000,000 1,800 0.106% 58.824% 700,000
SAAS PROVIDER IT 3,000,000 200,000 6,000 0.200% 6.667% 2,800,000
FAST FOOD Consumer 15,000,000 1,000,000 9,000 0.060% 6.667% 14,000,000
DATA STORAGE CENTER IT 15,000,000 20,000,000 120,000 0.800% 133.333% (5,000,000)
Source: https://databreachinsurancequote.com/cyber-insurance/cyber-insurance-data-breach-insurance-premiums/
11. OTHER CHANGES TO TAKE NOTE OF
• Business and relationship models will change
• Defense industry and auto industry
• Expansion of stakeholder responsibilities by regulatory authorities
Aggressive changes in penalty regimes
• European Union
• South Africa
12. BUSINESS MODEL CHANGES
• Push down demands into supply
chains impacting entire industries
over the next few years
• Accelerated by the introduction and
increasing use of products
considered by the Internet of Things
(IoT)
• Mobility transformation in the auto
industry will accelerate changes to
manufactures, suppliers and service
providers (e.g. repair shops)
14. GOVERNANCE IS CHANGING
NY'S FSO REGULATION (500.03) RECENTLY FINALIZED
THE CYBERSECURITY POLICY SHALL BE REVIEWED BY THE
COVERED ENTITY’S BOARD OF DIRECTORS OR EQUIVALENT
GOVERNING BODY, AND APPROVED BY A SENIOR OFFICER OF
THE COVERED ENTITY
THE CYBERSECURITY POLICY SHALL ADDRESS, AT A MINIMUM, THE
FOLLOWING AREAS:
INFORMATION SECURITY; DATA GOVERNANCE AND CLASSIFICATION;
ACCESS CONTROLS AND IDENTITY MANAGEMENT; BUSINESS CONTINUITY
AND DISASTER RECOVERY PLANNING AND RESOURCES;
CAPACITY AND PERFORMANCE PLANNING; SYSTEMS OPERATIONS AND
AVAILABILITY CONCERNS; SYSTEMS AND NETWORK SECURITY; SYSTEMS AND
NETWORK MONITORING;
SYSTEMS AND APPLICATION DEVELOPMENT AND QUALITY ASSURANCE;
PHYSICAL SECURITY AND ENVIRONMENTAL CONTROLS; CUSTOMER DATA
PRIVACY;
VENDOR AND THIRD-PARTY SERVICE PROVIDER MANAGEMENT; RISK
ASSESSMENT; AND INCIDENT RESPONSE.
15. ARE CHANGES TAKING PLACE FAST ENOUGH?
15
If you are in a
domain of losses
– will take more
risk
If you are in a
domain of gains
– will be more
risk adverse
16. EU RESPONSE – ATTEMPT TO CHANGE THE
PARADIGM
Yet, EU laws related to identity protections provide the following fine regime:
Non-compliance can lead to an administrative fine up to €10,000,000 or in case of an undertaking, up to
2% of the total worldwide annual turnover of the preceding financial year, whichever is higher! (In some
cases – the penalty is raised to the greater of €20,000,000 or 4% of global revenues.
16
SailPoint Survey Confirms Enterprises have GDPR on their Mind
75 percent recognize the important role identity governance plays within GDPR compliance plans
LONDON, March 7, 2017 – SailPoint, the leader in identity management, surveyed customers and attendees at
this week’s Gartner IAM Summit about their plans for meeting compliance requirements associated with the
General Data Protection Regulation (GDPR) which goes into effect in 2018. Of approximately 100 survey
respondents, 80 percent see GDPR as a priority even if they don’t have a specific plan in place (only 25
percent of respondents have an established plan) to comply with the regulation. Of those who are planning
ahead for GDPR, most (75 percent) recognize the important role that identity governance plays in helping them
to be GDPR-ready by 2018.
17. ARE OTHER COUNTRIES FOLLOWING THE EU?
• YES – South Africa is leading and
has already enacted the Protection
of Personal Information legislation
(POPI) that has been signed by the
President.
• Failure to comply with the Act can
impose on the executive management
of public and private sector bodies a
personal liability.
19. APPRECIATING THE CYBER RELATED CHALLENGES
NOW AN AREA OF FOCUS AND SHARED CONCERNS WITH IT
STAKEHOLDERS
• Shareholders
• Board of directors
• Audit committee
• Chief Executive Officer
• Chief Financial Officer
• Chief Risk Officer
• Chief Information (CIO/CTO)
• Human Resources
• PR/Markets
• Capital markets
• Engineering and manufacturing floor
• Business partners
• Others (supply chain relationships)
MANAGE
COSTS
• Protection strategic information
• Improve insights through
analytics
• Manage stakeholder
relationships with greater
transparency
• Delivery self-provided
information with new tools for
savvy users
• Manage disruptions
• Help people better use their
technology based tools more
safely
• Manage cloud solutions
19
DELIVER VALUE
• Increase productivity of
employees through
connectivity and
collaboration
• Connect complex supply
chains across the world
• Agility
• Aligned and enabler of the
business model
• Control costs (server and
communication maintenance)
• Deliver actionable
information
• Protection of personal
information
PROTECT
ENTERPRISE
VALUE
20. STAKEHOLDER FOCUS OR AREAS OF CONCERN
SOME OF THE CHANGES - ILLUSTRATED
• Boards - Concern around reputational risk and overall enterprise value
• CEOs - Concerns about protecting their strategies and sensitive information
• Finance teams – Concern around reporting and compliance obligations (Sarbanes
Oxley, etc.)
• HR – Concerns around privacy protections
• Engineers – Concerns around connecting product to suppliers or customers
• Production – Concerns around automation and greater use of robotics
• Financial institutions – around use of BOTS, trading algorithms, regulatory and market
concerns 20
23. HOWEVER, THE INDUSTRY IS MOVING
• The cyber security market is growing
• Global budgets are increasing – but not even close to the increase in losses/insurance
• In 2013 - $1.5 billion in funding was allocated to 240 cyber security firms
• Combinations and consolidations will continue to evolve
• Dell/EMC/RSA – spin off
• Palantir in talks about an IPO
• Initiatives observed like Mach37 Cybersecurity accelerator
(https://www.mach37.com/) and interesting collaborations like Lockheed and
GE – opening a center in Israel
Page 23
24. TECHNOLOGY OFFERS A PROMISING FUTURE
• Simon Crosby, CTO at Bromium, calls machine
learning the pipe dream of cybersecurity,
arguing that “there’s no silver bullet in
security.” What backs up this argument is the
fact that in cybersecurity, you’re always up
against some of the most devious minds,
people who already know very well how
machines and machine learning works and
how to circumvent their capabilities. Many
attacks are carried out through minuscule and
inconspicuous steps, often concealed in the
guise of legitimate requests and commands.
• https://techcrunch.com/2016/07/01/exploiti
ng-machine-learning-in-cybersecurity/
26. AICPA FRAMEWORK
RELEASED MAY 1, 2017
The AICPA has developed a framework that will
serve as a critical step to enabling a consistent,
market-based mechanism for companies worldwide to
explain how they’re managing cybersecurity risk,”
Coffey explained. “We believe investors, boards,
audit committees and business partners will see
tremendous value in gaining a better understanding
of organizations’ cybersecurity risk management
efforts. That information, combined with the CPA’s
opinion on the effectiveness of management’s efforts,
will increase stakeholders’ confidence in
organizations’ due care and diligence in managing
cybersecurity risk.
https://www.aicpa.org/Press/PressReleases/2017/P
ages/AICPA-Unveils-Cybersecurity-Risk-Management-
Reporting-Framework.aspx
Prevention of security
events
Physical and
logical access
Authentication
•Credential
management
•Privileged user
management
Database security
•Data loss prevention
•Data destruction
•Data backup
Virus detection
and prevention
•Firewalls and
perimeter security
•Secure system
configuration
•Intrusion prevention
Change
management
•Application changes
•Patch management
Detection of
security events
• Response of events
• Mitigation and recovery