This document provides a summary of a cyber security breakfast briefing for small and medium-sized enterprises (SMEs). The briefing included welcome and introductory remarks, presentations on good cyber governance, GDPR compliance, insurance aspects of cyber risk, examples of recent cyber breaches, and a discussion of current threats to SMEs. Key points emphasized included the importance of board-level cyber security oversight, having a cyber security strategy and risk management in place, avoiding GDPR fines and other consequences of data loss or security incidents, and understanding common cyber threats facing SMEs today. Examples of recent breaches demonstrated the costs of ransomware, data breaches, and other attacks.
Many of the early adopters of cyber risk transfer were based in the US, (owing to the extremely strict legal requirement to notify all customers affected by a data breach). However recent developments are showing that cyber risks are not just a US problem. The past 18 months Aon has seen a dramatic increase in the number of companies outside the US purchasing cyber risk transfer.
The document discusses various topics related to cyber insurance and cyber risks. It reports on startling cybercrime numbers from Australia's cybercrime reporting network, and how Lloyd's is appealing to brokers to help standardize cyber risk data collection. It also discusses how the Australian and US governments will strengthen their partnership to combat cybercrime, and predictions that cyber insurance in Asia will significantly increase in the next few years.
Please find enclosed some of the material relating to our ANZIIF CPD accredited Cyber Insurance training.
If the noise and rhetoric is getting too much, let us come and walk you through the how, what , when and where of Cyber Insurance
Cyber risks and liabilities February 2017Gary Chambers
The document discusses cyber security threats facing UK businesses. It notes that on average, each UK business was subject to 230,000 cyber attacks in 2016. Nearly half of all UK businesses have been infected with ransomware in the last two years. Large businesses are vulnerable due to overconfidence in their cyber defenses and lack of formal security programs, while SMEs often lack defenses and doubt they could be targets. Recent cases saw charities fined for screening donors and individuals fined for stealing customer data.
Cyber risks and liabilities newsletter jan feb 2017Kieren Windsor
The document discusses cyber security threats facing UK businesses. It notes that on average, each UK business was subject to 230,000 cyber attacks in 2016. Nearly half of all UK businesses have been infected with ransomware in the last two years. Large businesses are vulnerable due to overconfidence in their cyber defenses and lack of formal security programs, while SMEs often lack defenses and doubt they could be targets. Recent cases saw charities fined for screening donors and individuals fined for stealing customer data.
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The Summit is organised by DIGIT, with support from ScotlandIS, Police Scotland, SBRC, The Cyber Academy and ISACA. The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
The document discusses the changing data protection laws in the EU and risks to businesses from data breaches. It notes that the cost of data breaches to businesses has doubled in the last year. The new EU regulations will require companies to share liability for data breaches by third-party service providers. Fines under the new laws may be up to 5% of a company's annual worldwide turnover. The document advises businesses to ensure adequate protection against data breaches and to plan responses to limit potential damage.
Many of the early adopters of cyber risk transfer were based in the US, (owing to the extremely strict legal requirement to notify all customers affected by a data breach). However recent developments are showing that cyber risks are not just a US problem. The past 18 months Aon has seen a dramatic increase in the number of companies outside the US purchasing cyber risk transfer.
The document discusses various topics related to cyber insurance and cyber risks. It reports on startling cybercrime numbers from Australia's cybercrime reporting network, and how Lloyd's is appealing to brokers to help standardize cyber risk data collection. It also discusses how the Australian and US governments will strengthen their partnership to combat cybercrime, and predictions that cyber insurance in Asia will significantly increase in the next few years.
Please find enclosed some of the material relating to our ANZIIF CPD accredited Cyber Insurance training.
If the noise and rhetoric is getting too much, let us come and walk you through the how, what , when and where of Cyber Insurance
Cyber risks and liabilities February 2017Gary Chambers
The document discusses cyber security threats facing UK businesses. It notes that on average, each UK business was subject to 230,000 cyber attacks in 2016. Nearly half of all UK businesses have been infected with ransomware in the last two years. Large businesses are vulnerable due to overconfidence in their cyber defenses and lack of formal security programs, while SMEs often lack defenses and doubt they could be targets. Recent cases saw charities fined for screening donors and individuals fined for stealing customer data.
Cyber risks and liabilities newsletter jan feb 2017Kieren Windsor
The document discusses cyber security threats facing UK businesses. It notes that on average, each UK business was subject to 230,000 cyber attacks in 2016. Nearly half of all UK businesses have been infected with ransomware in the last two years. Large businesses are vulnerable due to overconfidence in their cyber defenses and lack of formal security programs, while SMEs often lack defenses and doubt they could be targets. Recent cases saw charities fined for screening donors and individuals fined for stealing customer data.
The national Scot-Secure Summit is the largest annual Cyber Security Conference in Scotland: the event brings together senior IT leaders and Information Security personnel, providing a unique forum for knowledge exchange, discussion and high-level networking.
The Summit is organised by DIGIT, with support from ScotlandIS, Police Scotland, SBRC, The Cyber Academy and ISACA. The conference programme is focussed on promoting best-practice cyber security; looking at the current trends, the key threats - and offering practical advice on improving resilience and implementing effective security measures.
The document discusses the changing data protection laws in the EU and risks to businesses from data breaches. It notes that the cost of data breaches to businesses has doubled in the last year. The new EU regulations will require companies to share liability for data breaches by third-party service providers. Fines under the new laws may be up to 5% of a company's annual worldwide turnover. The document advises businesses to ensure adequate protection against data breaches and to plan responses to limit potential damage.
This presentation explores the risk facing all charities and businesses if adequate thought is not given to the protection and security of one of its most treasured assets, its website.
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
Youth in foster care face unique risks to their identity.In this webinar we discuss the risks, as well as tips for better protection. Watch on demand here: https://symc.ly/2N8cELV.
This document summarizes cyber risks and data breaches. It discusses the growing threat of cyber crime and costs of data breaches. Mandatory breach disclosure laws have significantly increased costs for US companies, with the average data breach costing $7.2 million compared to $1.9 million in the UK without such laws. Examples of large breaches include Sony, which suffered a breach of 77 million user records costing an estimated $171 million. The document examines risks like hacking, theft, and human error, as well as emerging issues around cloud computing and mobile devices.
This document provides an overview and summary of key aspects of the General Data Protection Regulation (GDPR) which takes effect on May 25, 2018. It discusses the major requirements organizations need to comply with including demonstrating accountability, implementing appropriate technical and organizational security measures, addressing new individual rights to personal data, and potential penalties for non-compliance. The document emphasizes the need for organizations to audit their data holdings, document their data management practices, and develop a GDPR compliance action plan. It also provides contact information for additional GDPR resources and updates.
Il World Energy Focus, nuovo mensile online della WEC's community, una e-publication gratuita per essere sempre aggiornato sugli sviluppi del settore energetico. Il World Energy Focus contiene news, interviste esclusive e uno spazio dedicato agli eventi promossi dai singoli Comitati Nazionali.
Aon - Cyber Insurance in the World of Cyber CriminalsCSNP
This document discusses cyber insurance and cyber risk. It addresses myths about cyber insurance, outlines various types of cyber risks and insurance coverages, and provides examples of significant data breaches and cyber attacks suffered by companies, including the costs incurred. The goal is to demonstrate how cyber insurance can help companies manage cyber risk and recover from incidents through insurance payouts and risk management strategies.
*Webinar* CCPA: Get Your Business ReadyMoEngage Inc.
The impact of non-compliance with the California Consumer Privacy Act (CCPA) could be severe! If you're a business owner or an executive responsible for data and compliance for your organization, this presentation by Marit Davey - Data Privacy Compliance Expert can be helpful.
This document provides an overview of cyber risk management and regulation. It discusses the following key points:
1) The European Union has proposed new, unified data protection rules across EU member states to combat cybercrime and strengthen online privacy. It is also establishing a European Cybercrime Centre.
2) Regulation of data protection varies by state in the US, with some states like California having very strict notification requirements for data breaches.
3) Regulators worldwide are increasing scrutiny of cyber liabilities and there is an expectation that regulatory penalties for companies that fail to adequately protect against cyber risks will be stepped up.
In May 2018, the European Union’s General Data Protection Regulation (GDPR) will take effect. Companies that do not comply might be fined 20M or 4% of the annual global turnover whichever is greater. Despite the evident threat, GDPR is also a huge opportunity to rethink how your business works and to turn that threat into an opportunity. GRAKN.AI – a knowledge base – provides all you need to turn the centralized record of users that GDPR is asking companies to create and use it to provide value to your users. Adding them to the knowledge base as well as your content or product opens many new perspectives.
Webinar Agenda:
1. What does fraud look like during the COVID-19 crisis.
2. Emerging threats in payments fraud.
3. Best practices to combat payment fraud.
The document summarizes a data breach that occurred at TalkTalk, a UK telecommunications company, in October 2015. It provides background on TalkTalk's history and reputation for poor service. In October 2015, TalkTalk experienced a cyber attack that compromised the personal data of 4 million customers. This led to negative media coverage and investigations. The breach significantly damaged TalkTalk's reputation, share price, and customer loyalty in the short and long term. The document analyzes TalkTalk's communications response and provides lessons for improving cybersecurity, breach response, and protecting corporate reputation.
While the use of Data Analytics produces excellent results, they’re commonly applied in a tactical way for specific functional areas within an organization. This tactical approach often falls short of realizing the full potential of Data Analytics. Going beyond initial results, a more systematic approach to Data Analytics can help drive organizational learning (human and machine) from the various remediation processes.
In this Webinar, we’ll discuss 3 areas of Analytics Automation: (1) Producing the findings, (2) Managing the findings, and (3) Learning from the findings.
Key takeaways:
· The value of Analytics Automation
· Understanding the various technologies (i.e. RPA, AI, etc.)
· Practical ideas for deploying and managing Analytics Automation
· Using a more structured approach to remediation exceptions
· Benefits of Root Cause Analysis
· Using Analytics Automation to get a broader, more complete view of your organization over time
This document summarizes an article from The Corporate Governance Advisor on tools for boards to oversee cybersecurity risk. It discusses the business impacts and litigation/regulatory risks of cyber attacks. It outlines how boards have an oversight duty to ensure proper information and reporting systems exist to manage cybersecurity risk. The document provides examples of cybersecurity disclosure from companies like Target and Home Depot. It discusses SEC guidance on cybersecurity disclosure and notes boards must exercise oversight in good faith to avoid liability for failures.
This document provides an overview and summary of a webinar titled "Mastering Consent, Do Not Sell, Consumer Rights, and Look Back Requirements" presented by TrustArc. The webinar covered key topics related to the California Consumer Privacy Act (CCPA) including definitions of terms like "sale" and "service provider", an overview of consumer rights under CCPA, requirements for obtaining consent for sale of personal information, and how to prepare for and handle consumer rights requests. The webinar included polls to gauge participant challenges and discussed the CCPA regulations and recent amendments that provide clarification and exemptions around certain topics.
A simple, beautiful guide to understanding GDPR (General Data Protection Regulation).
All businesses in the UK and EU need to comply with GDPR by the 25th of May 2018 or risk hefty fines.
Use this free, visual guide to understand how you need to comply.
We'll be looking at what your customers' rights are, privacy by design, breach notifications, data security and more.
Finally, we'll give you a GDPR action checklist so you can take right steps to comply with the legislation in time.
On-demand recording link:https://info.trustarc.com/WB-2019-06-19-GDPR-Compliance-Convince-Customers-Partners-Board.html?utm_source=slideshare
Many companies have invested significant time and resources trying to design and implement GDPR compliance programs. Internally, they may have generated hundreds or thousands of pages of project plans, policies, processes and reports – including records of processing, DPIA reports and much more. But how can you demonstrate to internal stakeholders, clients and partners that you have a comprehensive program and that your processes and products are GDPR-compliant?
This webinar will provide these key takeaways:
-The current state of an official GDPR certification and codes of conduct
-Case studies of how companies are demonstrating compliance
-The benefits of an external third party GDPR validation
Using international standards to improve US cybersecurityIT Governance Ltd
Understand the current cyber threat facing US businesses, President Obama's proposed data protection act and how you can implement international standards to get your business cybersecure in this informative webinar with expert Alan Calder.
This document provides an overview of cyber threats facing businesses in Gloucestershire. It discusses rising cybercrime rates nationally and locally, with the average financial loss to Gloucestershire from cybercrime being over £250,000 per month. Typical cyber attacks include phishing, ransomware, and DDoS attacks. The document urges businesses to purchase cyber insurance, stresses the importance of complying with new GDPR regulations, and provides resources for reporting cyber incidents and getting help. It concludes by recommending basic cybersecurity practices for businesses and individuals to better protect themselves online.
The document summarizes QBE's cyber and data security insurance product. It covers risks associated with non-physical assets like data and network risks, providing public relations support, asset recovery costs, business interruption costs, regulatory fines, and privacy breach costs. It also covers employee dishonesty, cyber extortion, and IP infringement. Red24 provides 24/7 crisis management support. Claims are handled by experienced specialists familiar with technology and cybersecurity issues.
This presentation explores the risk facing all charities and businesses if adequate thought is not given to the protection and security of one of its most treasured assets, its website.
Symantec Webinar | National Cyber Security Awareness Month: Fostering a Secur...Symantec
Youth in foster care face unique risks to their identity.In this webinar we discuss the risks, as well as tips for better protection. Watch on demand here: https://symc.ly/2N8cELV.
This document summarizes cyber risks and data breaches. It discusses the growing threat of cyber crime and costs of data breaches. Mandatory breach disclosure laws have significantly increased costs for US companies, with the average data breach costing $7.2 million compared to $1.9 million in the UK without such laws. Examples of large breaches include Sony, which suffered a breach of 77 million user records costing an estimated $171 million. The document examines risks like hacking, theft, and human error, as well as emerging issues around cloud computing and mobile devices.
This document provides an overview and summary of key aspects of the General Data Protection Regulation (GDPR) which takes effect on May 25, 2018. It discusses the major requirements organizations need to comply with including demonstrating accountability, implementing appropriate technical and organizational security measures, addressing new individual rights to personal data, and potential penalties for non-compliance. The document emphasizes the need for organizations to audit their data holdings, document their data management practices, and develop a GDPR compliance action plan. It also provides contact information for additional GDPR resources and updates.
Il World Energy Focus, nuovo mensile online della WEC's community, una e-publication gratuita per essere sempre aggiornato sugli sviluppi del settore energetico. Il World Energy Focus contiene news, interviste esclusive e uno spazio dedicato agli eventi promossi dai singoli Comitati Nazionali.
Aon - Cyber Insurance in the World of Cyber CriminalsCSNP
This document discusses cyber insurance and cyber risk. It addresses myths about cyber insurance, outlines various types of cyber risks and insurance coverages, and provides examples of significant data breaches and cyber attacks suffered by companies, including the costs incurred. The goal is to demonstrate how cyber insurance can help companies manage cyber risk and recover from incidents through insurance payouts and risk management strategies.
*Webinar* CCPA: Get Your Business ReadyMoEngage Inc.
The impact of non-compliance with the California Consumer Privacy Act (CCPA) could be severe! If you're a business owner or an executive responsible for data and compliance for your organization, this presentation by Marit Davey - Data Privacy Compliance Expert can be helpful.
This document provides an overview of cyber risk management and regulation. It discusses the following key points:
1) The European Union has proposed new, unified data protection rules across EU member states to combat cybercrime and strengthen online privacy. It is also establishing a European Cybercrime Centre.
2) Regulation of data protection varies by state in the US, with some states like California having very strict notification requirements for data breaches.
3) Regulators worldwide are increasing scrutiny of cyber liabilities and there is an expectation that regulatory penalties for companies that fail to adequately protect against cyber risks will be stepped up.
In May 2018, the European Union’s General Data Protection Regulation (GDPR) will take effect. Companies that do not comply might be fined 20M or 4% of the annual global turnover whichever is greater. Despite the evident threat, GDPR is also a huge opportunity to rethink how your business works and to turn that threat into an opportunity. GRAKN.AI – a knowledge base – provides all you need to turn the centralized record of users that GDPR is asking companies to create and use it to provide value to your users. Adding them to the knowledge base as well as your content or product opens many new perspectives.
Webinar Agenda:
1. What does fraud look like during the COVID-19 crisis.
2. Emerging threats in payments fraud.
3. Best practices to combat payment fraud.
The document summarizes a data breach that occurred at TalkTalk, a UK telecommunications company, in October 2015. It provides background on TalkTalk's history and reputation for poor service. In October 2015, TalkTalk experienced a cyber attack that compromised the personal data of 4 million customers. This led to negative media coverage and investigations. The breach significantly damaged TalkTalk's reputation, share price, and customer loyalty in the short and long term. The document analyzes TalkTalk's communications response and provides lessons for improving cybersecurity, breach response, and protecting corporate reputation.
While the use of Data Analytics produces excellent results, they’re commonly applied in a tactical way for specific functional areas within an organization. This tactical approach often falls short of realizing the full potential of Data Analytics. Going beyond initial results, a more systematic approach to Data Analytics can help drive organizational learning (human and machine) from the various remediation processes.
In this Webinar, we’ll discuss 3 areas of Analytics Automation: (1) Producing the findings, (2) Managing the findings, and (3) Learning from the findings.
Key takeaways:
· The value of Analytics Automation
· Understanding the various technologies (i.e. RPA, AI, etc.)
· Practical ideas for deploying and managing Analytics Automation
· Using a more structured approach to remediation exceptions
· Benefits of Root Cause Analysis
· Using Analytics Automation to get a broader, more complete view of your organization over time
This document summarizes an article from The Corporate Governance Advisor on tools for boards to oversee cybersecurity risk. It discusses the business impacts and litigation/regulatory risks of cyber attacks. It outlines how boards have an oversight duty to ensure proper information and reporting systems exist to manage cybersecurity risk. The document provides examples of cybersecurity disclosure from companies like Target and Home Depot. It discusses SEC guidance on cybersecurity disclosure and notes boards must exercise oversight in good faith to avoid liability for failures.
This document provides an overview and summary of a webinar titled "Mastering Consent, Do Not Sell, Consumer Rights, and Look Back Requirements" presented by TrustArc. The webinar covered key topics related to the California Consumer Privacy Act (CCPA) including definitions of terms like "sale" and "service provider", an overview of consumer rights under CCPA, requirements for obtaining consent for sale of personal information, and how to prepare for and handle consumer rights requests. The webinar included polls to gauge participant challenges and discussed the CCPA regulations and recent amendments that provide clarification and exemptions around certain topics.
A simple, beautiful guide to understanding GDPR (General Data Protection Regulation).
All businesses in the UK and EU need to comply with GDPR by the 25th of May 2018 or risk hefty fines.
Use this free, visual guide to understand how you need to comply.
We'll be looking at what your customers' rights are, privacy by design, breach notifications, data security and more.
Finally, we'll give you a GDPR action checklist so you can take right steps to comply with the legislation in time.
On-demand recording link:https://info.trustarc.com/WB-2019-06-19-GDPR-Compliance-Convince-Customers-Partners-Board.html?utm_source=slideshare
Many companies have invested significant time and resources trying to design and implement GDPR compliance programs. Internally, they may have generated hundreds or thousands of pages of project plans, policies, processes and reports – including records of processing, DPIA reports and much more. But how can you demonstrate to internal stakeholders, clients and partners that you have a comprehensive program and that your processes and products are GDPR-compliant?
This webinar will provide these key takeaways:
-The current state of an official GDPR certification and codes of conduct
-Case studies of how companies are demonstrating compliance
-The benefits of an external third party GDPR validation
Using international standards to improve US cybersecurityIT Governance Ltd
Understand the current cyber threat facing US businesses, President Obama's proposed data protection act and how you can implement international standards to get your business cybersecure in this informative webinar with expert Alan Calder.
This document provides an overview of cyber threats facing businesses in Gloucestershire. It discusses rising cybercrime rates nationally and locally, with the average financial loss to Gloucestershire from cybercrime being over £250,000 per month. Typical cyber attacks include phishing, ransomware, and DDoS attacks. The document urges businesses to purchase cyber insurance, stresses the importance of complying with new GDPR regulations, and provides resources for reporting cyber incidents and getting help. It concludes by recommending basic cybersecurity practices for businesses and individuals to better protect themselves online.
The document summarizes QBE's cyber and data security insurance product. It covers risks associated with non-physical assets like data and network risks, providing public relations support, asset recovery costs, business interruption costs, regulatory fines, and privacy breach costs. It also covers employee dishonesty, cyber extortion, and IP infringement. Red24 provides 24/7 crisis management support. Claims are handled by experienced specialists familiar with technology and cybersecurity issues.
This document provides an overview of cyber risks management and cyber insurance. It discusses key topics like the costs of data breaches, regulations like GDPR, prevention strategies, how insurers evaluate cyber risk, and available insurance covers. Appendices provide more details on the historical development of cyber insurance and common types of first-party and third-party insurance covers. Resources are also listed for getting cyber insurance quotes in Greece and learning more about privacy and cybersecurity risk advising.
Patrick Bourk, National Cyber Practice Leader from Hub International, discusses the various cyber policies available for mid size commercial businesses. He also showcases the various types of risk to consider when working with an insurer.
Gowlings - November 12, 2014
In an ever-increasing digital world, all businesses face challenges in managing and protecting sensitive and confidential information. In this presentation Gowlings and Marsh Canada Limited addressed best practices for responding to a cyber breach, and what types of insurance may be available to respond to such a loss. Topics included:
• Trends, and the evolution of cyber insurance/products
• The D&O connection, cyber is a strategic business risk
• Risk Management Strategies
• Best Practices in Breach Response.
This document summarizes a presentation on protecting businesses from cyber risks. It discusses the growing nature and costs of cyber threats and data breaches for businesses. These include increased electronic data production, more devices being connected online, and outsourced IT services increasing potential data loss. The document outlines sources of cyber risk like targeted attacks, human error, and theft of devices. It discusses the types of insurable and uninsurable cyber losses for businesses and where losses could potentially be covered by insurance like E&O, CGL, D&O or cyber/tech policies. The presentation emphasizes that businesses should be aware of their cyber risk exposure and proactively assess their insurance coverage, as policies may not fully cover all losses from a
This presentation covers the current and future exposures that construction-related firms face related to cyber incidents. In addition, it covers how insurance carriers view underwriting cyber risks in the current market. Finally, the presentation provides an overview on how firms can prevent and repsond to cyber incidents.
Cyber Risk Management in the New Digitalisation Age - Mitigating Risk with Cy...Netpluz Asia Pte Ltd
This document discusses cyber insurance and common misconceptions about cyber risk. It provides statistics about Chubb's global cyber practice and the types of cyber incidents experienced by companies. The average costs of responding to cyber events are shown by expense category. Case studies demonstrate how Chubb assists clients that experience ransomware attacks, data breaches, and other cyber incidents. Coverage includes incident response costs, data recovery, business interruption, and liability protection. The role of cyber insurance is to provide an expert response and help minimize impacts of cyber attacks.
Payment fraud is a persistent threat in today's digital world. Even some of these fraud events were found connected with the best credit card payment companies to top credit card payment processing. Visit us at: https://webpays.com/best-credit-card-payment-companies.html
This document discusses cyber privacy insurance and the General Data Protection Regulation (GDPR). It provides an overview of data breach costs by industry. GDPR fines can be up to 20 million Euros or 4% of annual global turnover for breaches. Under GDPR, breaches must be reported to regulators within 72 hours and affected individuals if there is a high risk. The document also summarizes common cyber insurance coverage types like crisis management, cyber extortion, data asset protection, and business interruption. It analyzes past insurance claims payouts and causes of loss. Websites for cyber insurance quotes and resources are also listed.
Hackers exploited a vulnerability in the company's website, gaining access to client records containing personal information for 3,000 people. The hackers threatened to release the data unless a ransom was paid. In response, the company's legal, IT forensics, public relations, and cybersecurity teams worked to investigate the breach, notify regulators and affected individuals, recover systems, and manage reputational fallout. The total costs of responding were estimated at £1.8 million, demonstrating why cyber insurance is recommended to help cover expenses from such incidents.
The document summarizes a panel discussion on cyber insurance. It provides an overview of the cyber insurance market trends, including rising premiums and number of carriers. It also outlines average costs of cyber attacks and losses in 2018. The panel discusses whether cyber insurance is needed and what types of coverage it provides. Specific examples are given of claims related to crime/cyber and technology errors and omissions insurance. Attendees are invited to join future Triangle Security User Group discussions.
The Unseen Enemy - Protecting the Brand, the Assets and the Customers BDO_Consulting
Michael Barba and Jeff Hall discuss the most pressing cyber-threats facing retailers and what companies can do in the event of a cyber breach, data loss or claim. Mr. Barba is a managing director and Mr. Hall is a senior manager with BDO Consulting.
Legal vectors - Survey of Law, Regulation and Technology RiskWilliam Gamble
Survey of law, regulation and technology risk including new cyber security regulations, HIPAA, European Privacy GDPR, Internet of Things Liability, State Law
William Gamble
FORUM 2013 Cyber Risks - not just a domain for ITFERMA
This document summarizes cyber risks and insurance responses. It discusses evolving cyber threats facing European companies and how cyber risks are not just an IT issue. Key points include: most clients are extremely concerned about cyber attacks; the top causes of data breaches are hacking and stolen credentials; and cyber insurance claim volumes have risen significantly in recent years. The document also outlines how cyber insurance can help respond to incidents by providing services like breach coaching, legal defense, forensic investigations, and crisis management. Finally, it discusses challenges with relying solely on traditional insurance policies to address cyber risks and the need for specialized cyber insurance products and risk mitigation strategies.
This deck aims to layout a feasible groundwork for companies that have experienced cyber attacks. In this deck, we used an insurance company known as InsureGlobal for our analysis on the possible cyber-security response framework.
IT Security In 2016: Hull
14.30 - 16.00. Thurs 28th April @ Allia Future Business Centre, Peterborough
Slide deck taken from the Will Your Business Get Hacked? business breakfast seminar on Thursday 28th April at Allia Future Business Centre, London Road, Peterborough.
Speakers:
Phil Denham - Commercial Director @ Kamarin Computers
James Burchell - Senior Sales Engineer @ Sophos
Will Your Business Get Hacked - Hull (Apr 28)HBP Systems Ltd
IT Security In 2016: Hull
08.30 - 10.00. Thurs 28th April @ C4DI, Hull
Slide deck taken from the Will Your Business Get Hacked? business breakfast seminar on Thursday 28th April at C4DI @ TheDock, Queens St, Hull.
Speakers:
Phil Denham - Commercial Director @ HBP Systems
James Burchell - Senior Sales Engineer @ Sophos
Similar to Exeter - Cyber Security Breakfast Briefing (20)
This document summarizes a breakfast briefing on green business and green Cornwall held on March 5th, 2020. It provides an agenda for the event including introductions to Fourth Element and Cornwall Council's Climate Change team, as well as examples of assistance provided to local businesses to address sustainability. The briefing covered PKF Francis Clark's work in areas like energy reporting and sustainable investment mandates. Upcoming events on topics like the circular economy, construction, and sustainable finance were also announced.
The document summarizes key changes to the Solicitors Regulation Authority (SRA) Accounts Rules, which came into effect in November 2019. It provides examples of setting up and maintaining client ledgers in accordance with the new rules. Key points include: client money must be paid promptly into a client account; costs can only be transferred from the account after issuing a bill; and withdrawals require client authorization or prescribed circumstances.
This document provides an overview of grant funding opportunities and the BIG Productivity program. It summarizes a presentation given by representatives from PKF Francis Clark and the Cornwall Development Company. The presentation covered various types of grants available including the RDPE Growth Program and Innovate UK funding. It also provided details about the BIG Productivity program goals of supporting 175 businesses, creating 175 jobs, and improving business productivity. Tips were given on the grant application process including understanding eligibility, project planning, and responding to scoring criteria.
Truro December Breakfast briefing - Grants - a last hurrah!PKF Francis Clark
This document provides an overview and agenda for an event on EU grants, specifically focusing on the RDPE Growth Programme. The agenda includes presentations on an overview of the RDPE Growth Programme, key legal aspects like state aid, tips for making successful grant applications, and implications of Brexit. Special guests will also speak. The RDPE Growth Programme provides grants to rural businesses and food processors to help them grow and create jobs. Eligibility requirements and maximum grant amounts depend on the type of project and location. Post-Brexit, businesses may face rapid regulatory and market changes, so preparing for uncertainty is important. The event aims to help businesses understand funding opportunities and readiness for potential Brexit impacts.
Exeter - Essential 6-monthly Finance Directors' Update - November 2019PKF Francis Clark
This round of seminars will, as always, provide you with key updates and issues affecting FDs and business owners as shown in the programme below. We will also endeavour to include any relevant Brexit updates and will take questions from the audience.
Plymouth - Essential 6-monthly Finance Directors' Update - November 2019PKF Francis Clark
This round of seminars will, as always, provide you with key updates and issues affecting FDs and business owners as shown in the programme below. We will also endeavour to include any relevant Brexit updates and will take questions from the audience.
Bristol - Essential 6-monthly Finance Directors' Update - November 2019PKF Francis Clark
This round of seminars will, as always, provide you with key updates and issues affecting FDs and business owners as shown in the programme below. We will also endeavour to include any relevant Brexit updates and will take questions from the audience.
For innovative businesses it is vital to take advantage of support that can enable a business to grow. This includes tax reliefs aimed at the different stages in a business’s life cycle and the various avenues that are available for raising finance to take the business to the next level of its development. In this session we will look at the early stage of R&D claims and funding opportunities, through to share schemes, EIS and international expansion and the correlation with raising finance, both equity and debt, culminating in the final stage of the business being sold, what this can look like and how to be prepared.
Bodmin - Essential 6-monthly Finance Directors' Update - November 2019PKF Francis Clark
This round of seminars will, as always, provide you with key updates and issues affecting FDs and business owners as shown in the programme below. We will also endeavour to include any relevant Brexit updates and will take questions from the audience.
Taunton - Essential 6-monthly Finance Directors' Update - November 2019PKF Francis Clark
This round of seminars will, as always, provide you with key updates and issues affecting FDs and business owners as shown in the programme below. We will also endeavour to include any relevant Brexit updates and will take questions from the audience.
Bournemouth - Essential 6-monthly Finance Directors' Update - November 2019PKF Francis Clark
This document provides a directors' update for Bournemouth Essential covering the 6-month period of November 2019. It discusses navigating turbulent times amid political and economic uncertainty. The document announces new appointments to the firm and provides an agenda for an upcoming seminar covering various financial and tax topics, including property tax matters, financial reporting, VAT updates, and risks to businesses. It aims to help clients make sense of the current chaotic environment.
Breakfast briefing F&D 'waste not want not' October 2019PKF Francis Clark
The document provides information on waste reduction in the food and drink sector, including practical advice and innovative solutions. It discusses the large amount of food and plastic waste produced globally each year and the environmental impacts. Various initiatives from governments and organizations to tackle waste are outlined, from targets and funding to industry partnerships. Businesses taking action to reduce plastic and food waste through packaging changes and recycling programs are highlighted. Practical examples of innovating companies developing new products from waste are also presented.
The document provides an overview of the draft Cornwall and Isles of Scilly Local Industrial Strategy. It identifies key strengths and challenges in the "place," "people," "infrastructure," and foundations of productivity. The strategy seeks to build on regional strengths like natural assets, renewable energy production, and devolved powers to address challenges like economic productivity lagging the UK average and an aging population. The goal is for the carbon neutral regional economy to create business and quality of life opportunities by 2030.
This document discusses business valuations at different stages of a company's lifecycle, including start-up, growth, and established phases. It addresses valuation methods like net asset value, discounted cash flow, and comparative multiples. Key factors discussed for each phase include shareholder agreements, intellectual property, growth capital, management incentives, and exit strategies. Legal considerations are also outlined regarding shareholders' agreements, leaver provisions, and deferred vs earn out structures.
Whilst uncertainty is unhelpful to many in the sector, the delay to Brexit has seen a continuing boom in the commercial property market in the South West, with 1.7m square feet of space coming on stream over the last 12 months – concentrated in the industrial and logistic sectors. What is clear is that those in the property sector, whether developer, landlord, investor or landowner need to concentrate on exploiting opportunities and managing costs wherever possible.
Property is still a key asset, giving strong income returns and means of capital preservation for the investor and wider family. Our highly knowledgeable and experienced advisers will offer practical, constructive insights and advice
With over 300 debt finance options currently available to businesses, we thought it timely to have a look at that market.
Presenters include:
. Michael Cass (Capitalise)
. Rachel Taylor (SWIG Finance)
. Andrew James (PKF Francis Clark)
In addition to an overview of the debt market, presentations will include tips on how to access the finance that matches your business’ requirements.
This month’s Breakfast Briefing is based on the hottest topic in company ownership – Employee Ownership Trusts.
South West firm, Paradigm Norton is the latest business to make headlines by becoming employee owned. It follows hot on the heels of Richer Sounds joining the most well-known employee owned company, John Lewis. High street staple Lush has also started the journey.
PKF Francis Clark will be joined by Christian Wilson from Stephens Scown to look at the Employee Ownership Trust model from a legal and tax perspective. We will also hear some of the factors that are stimulating increasing interest in the model, including the results of research showing that the greater staff engagement and lower staff turnover associated with this model helps to employee owned companies to achieve:
- Sales increase of 4.6% per year
- EBITDA increase of 25.5% per year
- Productivity increase of 4.5% per year
We will also consider some of the practical issues to be considered in deciding whether this is an option to pursue and in implementation. There will be a brief mention of some other related (i.e., employee engagement) issues.
The seminar is timed to coincide with the expected publication dates of the new Academies Financial Handbook and the new Academies Accounts Direction. We will cover the main changes in a clear and understandable way.
These technical presentations will be complemented by other relevant and topical matters, including, governance and risk management, VAT and Integrated Financial Curriculum Planning - which is currently a very popular financial health check review of the ESFA.
Our intention is for the seminars to be relaxed and informal, offering you opportunities to ask questions and to meet your counterparts from other Trusts.
Topics include:
• Update on the Academies Accounts Direction
• Update on the Academies Financial Handbook
• What does a good board look like?
• Integrated Curriculum Financial Planning
• Are you managing risk?
• VAT Update
The seminar is timed to coincide with the expected publication dates of the new Academies Financial Handbook and the new Academies Accounts Direction. We will cover the main changes in a clear and understandable way.
These technical presentations will be complemented by other relevant and topical matters, including, governance and risk management, VAT and Integrated Financial Curriculum Planning - which is currently a very popular financial health check review of the ESFA.
Our intention is for the seminars to be relaxed and informal, offering you opportunities to ask questions and to meet your counterparts from other Trusts.
Topics include:
• Update on the Academies Accounts Direction
• Update on the Academies Financial Handbook
• What does a good board look like?
• Integrated Curriculum Financial Planning
• Are you managing risk?
• VAT Update
Unveiling the Dynamic Personalities, Key Dates, and Horoscope Insights: Gemin...my Pandit
Explore the fascinating world of the Gemini Zodiac Sign. Discover the unique personality traits, key dates, and horoscope insights of Gemini individuals. Learn how their sociable, communicative nature and boundless curiosity make them the dynamic explorers of the zodiac. Dive into the duality of the Gemini sign and understand their intellectual and adventurous spirit.
How are Lilac French Bulldogs Beauty Charming the World and Capturing Hearts....Lacey Max
“After being the most listed dog breed in the United States for 31
years in a row, the Labrador Retriever has dropped to second place
in the American Kennel Club's annual survey of the country's most
popular canines. The French Bulldog is the new top dog in the
United States as of 2022. The stylish puppy has ascended the
rankings in rapid time despite having health concerns and limited
color choices.”
Building Your Employer Brand with Social MediaLuanWise
Presented at The Global HR Summit, 6th June 2024
In this keynote, Luan Wise will provide invaluable insights to elevate your employer brand on social media platforms including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok. You'll learn how compelling content can authentically showcase your company culture, values, and employee experiences to support your talent acquisition and retention objectives. Additionally, you'll understand the power of employee advocacy to amplify reach and engagement – helping to position your organization as an employer of choice in today's competitive talent landscape.
SATTA MATKA SATTA FAST RESULT KALYAN TOP MATKA RESULT KALYAN SATTA MATKA FAST RESULT MILAN RATAN RAJDHANI MAIN BAZAR MATKA FAST TIPS RESULT MATKA CHART JODI CHART PANEL CHART FREE FIX GAME SATTAMATKA ! MATKA MOBI SATTA 143 spboss.in TOP NO1 RESULT FULL RATE MATKA ONLINE GAME PLAY BY APP SPBOSS
The Genesis of BriansClub.cm Famous Dark WEb PlatformSabaaSudozai
BriansClub.cm, a famous platform on the dark web, has become one of the most infamous carding marketplaces, specializing in the sale of stolen credit card data.
How to Implement a Strategy: Transform Your Strategy with BSC Designer's Comp...Aleksey Savkin
The Strategy Implementation System offers a structured approach to translating stakeholder needs into actionable strategies using high-level and low-level scorecards. It involves stakeholder analysis, strategy decomposition, adoption of strategic frameworks like Balanced Scorecard or OKR, and alignment of goals, initiatives, and KPIs.
Key Components:
- Stakeholder Analysis
- Strategy Decomposition
- Adoption of Business Frameworks
- Goal Setting
- Initiatives and Action Plans
- KPIs and Performance Metrics
- Learning and Adaptation
- Alignment and Cascading of Scorecards
Benefits:
- Systematic strategy formulation and execution.
- Framework flexibility and automation.
- Enhanced alignment and strategic focus across the organization.
At Techbox Square, in Singapore, we're not just creative web designers and developers, we're the driving force behind your brand identity. Contact us today.
[To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
This presentation is a curated compilation of PowerPoint diagrams and templates designed to illustrate 20 different digital transformation frameworks and models. These frameworks are based on recent industry trends and best practices, ensuring that the content remains relevant and up-to-date.
Key highlights include Microsoft's Digital Transformation Framework, which focuses on driving innovation and efficiency, and McKinsey's Ten Guiding Principles, which provide strategic insights for successful digital transformation. Additionally, Forrester's framework emphasizes enhancing customer experiences and modernizing IT infrastructure, while IDC's MaturityScape helps assess and develop organizational digital maturity. MIT's framework explores cutting-edge strategies for achieving digital success.
These materials are perfect for enhancing your business or classroom presentations, offering visual aids to supplement your insights. Please note that while comprehensive, these slides are intended as supplementary resources and may not be complete for standalone instructional purposes.
Frameworks/Models included:
Microsoft’s Digital Transformation Framework
McKinsey’s Ten Guiding Principles of Digital Transformation
Forrester’s Digital Transformation Framework
IDC’s Digital Transformation MaturityScape
MIT’s Digital Transformation Framework
Gartner’s Digital Transformation Framework
Accenture’s Digital Strategy & Enterprise Frameworks
Deloitte’s Digital Industrial Transformation Framework
Capgemini’s Digital Transformation Framework
PwC’s Digital Transformation Framework
Cisco’s Digital Transformation Framework
Cognizant’s Digital Transformation Framework
DXC Technology’s Digital Transformation Framework
The BCG Strategy Palette
McKinsey’s Digital Transformation Framework
Digital Transformation Compass
Four Levels of Digital Maturity
Design Thinking Framework
Business Model Canvas
Customer Journey Map
Industrial Tech SW: Category Renewal and CreationChristian Dahlen
Every industrial revolution has created a new set of categories and a new set of players.
Multiple new technologies have emerged, but Samsara and C3.ai are only two companies which have gone public so far.
Manufacturing startups constitute the largest pipeline share of unicorns and IPO candidates in the SF Bay Area, and software startups dominate in Germany.
Best Competitive Marble Pricing in Dubai - ☎ 9928909666Stone Art Hub
Stone Art Hub offers the best competitive Marble Pricing in Dubai, ensuring affordability without compromising quality. With a wide range of exquisite marble options to choose from, you can enhance your spaces with elegance and sophistication. For inquiries or orders, contact us at ☎ 9928909666. Experience luxury at unbeatable prices.
𝐔𝐧𝐯𝐞𝐢𝐥 𝐭𝐡𝐞 𝐅𝐮𝐭𝐮𝐫𝐞 𝐨𝐟 𝐄𝐧𝐞𝐫𝐠𝐲 𝐄𝐟𝐟𝐢𝐜𝐢𝐞𝐧𝐜𝐲 𝐰𝐢𝐭𝐡 𝐍𝐄𝐖𝐍𝐓𝐈𝐃𝐄’𝐬 𝐋𝐚𝐭𝐞𝐬𝐭 𝐎𝐟𝐟𝐞𝐫𝐢𝐧𝐠𝐬
Explore the details in our newly released product manual, which showcases NEWNTIDE's advanced heat pump technologies. Delve into our energy-efficient and eco-friendly solutions tailored for diverse global markets.
The 10 Most Influential Leaders Guiding Corporate Evolution, 2024.pdfthesiliconleaders
In the recent edition, The 10 Most Influential Leaders Guiding Corporate Evolution, 2024, The Silicon Leaders magazine gladly features Dejan Štancer, President of the Global Chamber of Business Leaders (GCBL), along with other leaders.
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Neil Horowitz
On episode 272 of the Digital and Social Media Sports Podcast, Neil chatted with Brian Fitzsimmons, Director of Licensing and Business Development for Barstool Sports.
What follows is a collection of snippets from the podcast. To hear the full interview and more, check out the podcast on all podcast platforms and at www.dsmsports.net
Taurus Zodiac Sign: Unveiling the Traits, Dates, and Horoscope Insights of th...my Pandit
Dive into the steadfast world of the Taurus Zodiac Sign. Discover the grounded, stable, and logical nature of Taurus individuals, and explore their key personality traits, important dates, and horoscope insights. Learn how the determination and patience of the Taurus sign make them the rock-steady achievers and anchors of the zodiac.
The APCO Geopolitical Radar - Q3 2024 The Global Operating Environment for Bu...APCO
The Radar reflects input from APCO’s teams located around the world. It distils a host of interconnected events and trends into insights to inform operational and strategic decisions. Issues covered in this edition include:
4. GOOD GOVERNANCE IN CYBER
Ciaran Martin, CEO of the National Cyber Security Centre (the governments cyber centre),
speaking on 12 September 2018 at the CBI Cyber Conference included the following quotes:
‘My message today is aimed at board level and general corporate leadership, which is key to
managing this crucial risk.’
‘When we look at some of the advice given around the world on how to manage corporate
cyber security risk, it’s basically about governance. Good governance is necessary.’
• Cyber Security Strategy.
• Risk Management.
• Regulation and Certification Controls.
5. AVOIDABLE CONSEQUENCES
• GDPR fines.
• Loss of data assets.
• Loss of finances.
• Loss of trust.
Elizabeth Denham, Information Commissioner, delivering a speech on
GDPR and accountability.
‘If a business can’t show that good data protection is a cornerstone of their practices,
they’re leaving themselves open to a fine or other enforcement action that could
damage bank balance or business reputation.’
Since GDPR came into effect less than 12
months ago there have been over 130
enforcement actions taken by ICO including
almost 80 monetary fines.
6. PROGRAMME
9.00 - Current threats to SMEs - Laura Cowie, Devon & Cornwall Police
9.35 – The GDPR landscape - Ben Travers, Stephens Scown
10.05 - Insurance aspects - Jonathan Cox, Pavey Group a Gallagher Company
10.30 - Examples of recent breaches - Peter Lannon, PKF Francis Clark
11.00 - Close
10. BEN TRAVERS – HEAD OF IP & IT
b.travers@stephens-
scown.co.uk
01392 210700
LinkedIn – Ben
Travers
11. RECAP
• May 2016 – GDPR becomes law, 2 year grace period
• April 2018 – business panics, consumers rebel against
‘consent emails’
• May 2018 – GDPR comes into force
• June 2018 – everyone becomes a self-proclaimed
‘GDPR’ expert
12. TRENDS SINCE MAY 2018
• Increasing awareness of rights amongst consumers
• Businesses start (over reporting) breaches
• ICO actively investigates breaches
• UK business still largely in the dark
• Increase in confusing and contradictory commentary in the
market
• Review of previous advice from non-experts
13. COMMON MISTAKES
(WE STILL SEE BUSINESSES MAKE)
• Not having a data map
• Assuming it’s an HR or IT or Marketing issues and not taking
a holistic view
• Not responding fully to a SAR
• Sharing data in non-compliant ways (look at 3rd party platforms)
• Sending unnecessary consent emails
• Relying on Legitimate Interest
• Unable to respect the ‘Right to be forgotten’ requests
14. HOW TO GET IT RIGHT
• How to complete a data map
• When to use ‘consent’ emails
• How to run a legitimate interest test
• How not to share data
• How to respond to a SAR
15. PREDICTIONS
• Cookies
• The end of soft opt-in
• B2B consent
• Telemarketing
• Withdrawing consent
• OTTs and VOIP
• Privacy shield
• Weaponisng SARs
• Compliance in USA?
• Increased consumer awareness
20. 20
Cyber &/or Crime
Cyber Liability Insurance provides businesses with protection against financial
loss resulting from the loss of personal and/or corporate data.
Cover addresses the first and third-party risks ranging from the loss of a
single laptop or file to the hacking of a companies website or network.
Security
Breach
Data
Breach
Operational
failure
Main policy triggers:
Crime Insurance provides businesses with protection
against financial loss resulting from criminal or fraudulent
taking, obtaining or appropriation of money, securities,
funds or property.
21. • SMEs subjected to circa 65,000 attacks every day, of which 4,500 are successful…
• …this equates to one every 19 seconds
• Average cost of “clear up” £25,700 – ignoring wider issues1
• Despite this just 10% of SMEs purchase a Cyber Insurance policy2
1 – Hiscox, October 2018, “UK Small Businesses targeted with 65,000 attempted cyber attacks per day”
2 - PWC, April 2019 “PwC Survey shows that SMEs are cyber insurers’ number one target for growth”
Cyber – The scale of the problem
22. “There is no technology today that cannot be defeated
by social engineering.”
- Frank W. Abagnale
To be solid, insurance must be flexible
24. ajginternational.com
An HR recruiter for a healthcare organisation accidentally attached
the wrong file when sending an email to four job applicants. The
file included HR demographic data consisting of 43,000 former
employee names, addresses, and national ID numbers.
The insured telephoned the Incident Response Hotline for
assistance and an incident response manager was assigned. Legal
services were brought in to manage regulatory implications.
Scenario 1 – Employee Error
Chubb 2018.
25. ajginternational.com
Scenario 1 – Potential Impact
Privacy Liability - mismanagement of personal and/ or corporate confidential
information, violation of company privacy policy.
• Defence expenses arising from regulatory investigation.
• Defence & settlement costs for claims employees that had identity stolen.
Incident Response Expenses
• Incident response manager fees
• Notification to affected individuals
• Identity theft monitoring services for affected individuals
• Legal consultation fees
TOTAL COST: £186,000
- £55,000
- £100,000
- £5,000
- £3,000
- £13,000
- £10,000
26. ajginternational.com
The data centre which hosted an online retail company’s website
became the target of a distributed denial of service attack. The
attack flooded the data centre’s network with so much traffic that
their network failed. This made the online retail company’s
website inaccessible for a period of six hours before backup
systems were able to restore 100% functionality. The insured in
this scenario is the online retailer. After telephoning the insurers
Incident Response Hotline, an incident response manager was
assigned.
Scenario 2 – Denial of Service Attack
Chubb 2018.
27. ajginternational.com
Scenario 2 – Potential Impact
Recovery Costs
• Increased cost of working required to get website functioning properly
• Costs to subcontract with external service provider
Business Interruption
• Lost sales and revenue from website downtime
Incident Response Expenses
• IT forensics firm
• Legal consultation fees
• Incident response manager fees
TOTAL COST: £144,000
- £12,000
- £95,000
- £12,000
- £10,000
- £6,000
28. ajginternational.com
An employee of a car components manufacturing company clicked on a
malicious link in an email and malware was downloaded onto the
company server, encrypting all information. A message appeared on
the employee’s computer demanding £10,000 to be paid by Bitcoin in
the next 48 hours in exchange for the decryption key.
Scenario 3 – Ransomware Attack
The company telephoned the insurers Incident Response
Hotline for assistance. The assigned incident response
manager brought in IT forensic investigators to assess the
validity of the threat and to determine whether the
company could avoid paying the ransom.
Chubb 2018.
29. ajginternational.com
Scenario 3 – Potential Impact
Network Security Liability – failure of insured’s network security in defending
against computer malicious acts.
Cyber Extortion – costs associated with addressing extortion threats to release
information or malicious code unless extortion monies were paid
• Information technology consultant fees to assess backup capabilities
Incident Response Expenses
• Forensic investigation costs to locate malware, analyse impact, ensure
containment, and calculate extent of loss.
• Legal consultation fees
• Incident Response Manager fees
Data Asset Loss – costs associated with replacing lost or corrupted
data
TOTAL COST: £60,000
- £14,000
- £18,000
- £7,000
- £6,000
- £15,000
30. ajginternational.com
An employee for a consultancy company sent an internal email
containing negative comments regarding a service provider. The
email was forwarded to others within the organisation and
eventually was sent externally.
The email was seen by the service provider and a defamation
lawsuit was brought against the consultancy company for harming
the service provider’s reputation.
Scenario 4 – Media – Disparagement via Email
Chubb 2018.
31. ajginternational.com
Scenario 4 – Potential Impact
TOTAL COST: £181,000
Media Liability – third party claims arising from Insured’s Internet media
activities. Wrongful Acts include product defamation, disparagement, trade
libel, false light, plagiarism, and more
• Defence and settlement costs for claims from service provider
Incident Response Expenses
• Crisis communication services
• Public relations expert fees to minimise reputational impact
• Incident response manager fees
- £150,000
- £12,000
- £16,000
- £3,000
32. ajginternational.com
Hackers gained unauthorised access to account information located on
a school district’s network due to an unknown vulnerability. The
account information included names, email addresses, national ID
numbers, and financial account information of 20,000 past and
present faculty and students. After multiple students and teachers
reported suspicious activity on their email, IT discovered that an
unauthorised user was in the system.
The school district telephoned the Insurers Incident
Response Hotline and an incident response manager
was assigned.
Scenario 5 – Unauthorised Access
Chubb 2018.
33. ajginternational.com
Scenario 5 – Potential Impact
TOTAL COST: £243,000
Privacy Liability – mismanagement of personal and/ or corporate confidential information.
• Defence expenses arising from regulatory investigation due to irresponsible
management of private information
• Defence and settlement costs for claims from individual that had identity stolen
Network Security Liability – failure to effectively protect insured’s network from malware,
hacking, denial of service attacks or unauthorised use or access
Incident Response Expenses
• Forensic investigation costs to locate vulnerability, analyse impact, ensure containment,
and calculate extent of loss
• Notification to affected individuals
• Identity theft monitoring services to affected individuals
• Costs to set up and operate a call centre for enquiries
• Public relations expert fees to minimise reputational impact of the incident
• Legal consultation fees
• Incident response manager fees
- £75,000
- £40,000
- £80,000
- £9,000
- £6,000
- £1,000
- £10,000
- £9,000
34. ajginternational.com
An employee received a call purporting to be from the company’s
bank saying there had been a problem with a payment, possibly
caused by a virus. The caller told the employee that the payment
would have to be made manually and managed to extract some,
but not all, of the bank security code.
The employee became suspicious and alerted managers who
immediately informed the bank. The bank put a stop on the
account but not before eight transactions had been
made, totalling more than £430,000.
Scenario 6 – Crime – Funds Transfer Fraud
Chubb 2018.
35. ajginternational.com
Scenario 6 – Potential Impact
TOTAL COST: £430,000
Crime Loss – fraudulent taking, obtaining, or appropriation of money,
securities, or property - £430,000
36. “The knock on effect of a data breach can be
devastating. When customers start taking their
business elsewhere, that can be a real body blow.”
- Christopher Graham – Information Commissioner of the United Kingdom - 2016
To be solid, insurance must be flexible
38. 3
8
• Solid IT security
• IT penetration testing
• IT System backups (at least
weekly)
• Portable IT hardware encryption
• Regular IT patch installs
• Strong data access controls
(Principle of Least Privilege)
• Disaster recovery/incident
response plans
• Strong staff awareness training
• Contractual protection from 3rd
parties
• Low PCI compliance level (3 or 4)
• Managed reliance on internet
based trading
• Multi step, multi person
verification process for
payments
Positive risk features
41. CYBER SECURITY - THE FIGURES 2019
Of the businesses
that reported
breaches
48%
identified at least one
breach or attack per
month.
31%
of UK businesses
have done a cyber
risk assessment in
the last 12 months.
Just
33%
of UK
businesses have
a cyber security
policy.
98%
of UK businesses
rely on some form of
digital
communication or
service.
32%
of UK businesses
have identified
and reported
cyber security
breaches in the
last 12 months.
78%
of businesses
say that cyber
security is a high
priority for them.
Statistics taken from the Office of National Statistics Cyber Security Breaches Survey 2019
42. CASE 1
A client was defrauded of £5,000 by a cyber criminal.
What happened
By gaining access to the client’s email and duplicating a
legitimate email requesting that funds be paid to a
certain account. The money requested in the original
email was still owed.
Create strong passwords.
Use different passwords.
Keep them secret.
Restrict access to devices that are logged in.
How was it done
How to prevent it
43. CASE 2
A large, corporate client gave a cyber criminal £200,000 after a phone call.
What happened
How was it done
An account password was reset by a third party. By
understanding company structure an employee was
manipulated into believing a secure account was
compromised. Using multiple privileges a new holding
account was created with details provided by the
scammer. Company funds were transferred.
How to prevent it
Segregation of duties.
Clear procedures.
44. CASE 3
A large company had the personal details of over 145 million
individuals stolen costing the company approximately £336 million
so far.
What happened
How was it done
A vulnerability in an outdated piece of software was
targeted and exploited by hackers. This gave them
access to the company’s databases largely
unchallenged. The attackers remained undetected in
the system for over 2 months.
Efficient patch management.
Clear structure and responsibilities within the IT
department.
Regular audits and assessments.
How to prevent it
45. THE VISIBLE COST AND THE UNSEEN COST
Time lost dealing with breaches or attacks.
Staff prevented from carrying out daily tasks.
Damage to reputation or loss of trust.
Small business - £4,180
Medium business - £9,270
Large business - £22,700
Visible costs in 2019
Unseen costs
Statistics taken from the Office of National Statistics Cyber Security Breaches Survey 2019
46. THE WIDER WORLD
Average losses to firms from breaches in the last 12 months
Netherlands - £294,000
Belgium - £376,000
Germany - £701,000
UK - £188,000
Reported attacks on SMEs have increased significantly.
Overall cyber-readiness has stalled.
Nearly 2/3rds of firms have experienced cyber related issues
with their supply chains.
Statistics taken from Hiscox Cyber Readiness Report 2019
50. 01392 667000
Exeter
01722 337661
Salisbury
01823 275925
Taunton
01803 320100
Torquay
01872 276477
Truro
01752 301010
Plymouth
01202 663600
Poole
Francis Clark LLP is a member firm of the PKF International Limited network of legally independent firms and does not accept any responsibility or liability for the actions or inactions on the part of any other
individual member firm or firms.
Text below is just for example of speech. Feel free to change as you wish.
Good governance for cyber means having a plan, understanding the risks, and owning them. Technology is now omnipresent and is not set to go away any time soon, therefore we must find ways to deal with this and whatever scenarios it may present us with. At Francis Clark over the last few years we have seen an increase in clients expressing a desire to properly tackle the issue of Cyber and seeking advice on how to do so.
Having a Cyber Security Strategy is key to good governance as it demonstrates a knowledge of the risks and threat that cyber attacks can pose. This top-down approach helps to generate a plan of actions designed to improve the security and resilience of your services and your digital infrastructure.
Risk management is understanding what you care about and why you care about it. What would happen if you no longer had access to a particular service or you were unable to keep certain sensitive information private? How would this affect the businesses and is that acceptable?
Regulation is becoming ever more important and certification is required by these regulatory bodies to prove that you are responsible with the data you are in control of or are processing. The presentations by the rest of my colleagues here today will hopefully put into perspective how critical it is to begin taking responsibility and becoming accountable by taking the necessary steps to protect yourselves and those you work with.
Text below is just for example of speech. Feel free to change as you wish.
The potential for negative consequences over everything we’re going to discuss this morning is great and should be treated seriously. Having been a part of post incident management for various clients with PKF Francis Clark I can tell you that prevention is always better than cure.
In Insurance Company minds:
Cyber tends to mean information and data risk
Crime is for money, funds, assets even if cyber is the mechanism used to perpetrate the loss
If you are looking at buying insurance cover be mindful of your obligations under the Insurance Act, your brokers will have advised you on this.
1 Fair presentation of risk
Clear and accessible format
Having made a reasonable search for the information
More difficult for cyber and crime risk than some more established areas.
Takeaways: As innocent as it may seem, human error can be very costly, and it occurs more
frequently than expected. It’s important to understand that cyber is not only related to
technological incidents. Many of the claims we see stem from very simple mistakes.
Takeaways Distributed Denial of Service (DDoS) attacks are becoming more powerful as the use of
easily hacked internet of things devices increases. To minimise impact of a scenario like this one, it
is important to build a business continuity plan that ensures critical business applications, systems,
and activities do not rely on only one critical IT provider. Chubb’s incident response managers and
vendors are experienced in dealing with DDoS attacks and will assist in getting your business back
on track as soon as possible.
Takeaways While the Bitcoin demand was less than the costs incurred under the insurance policy,
it is encouraged by both Europol and the FBI that cyber ransoms should not be paid. Not only does
paying the ransom perpetuate criminal activity, but it also highlights a company’s lack of effective
and responsible backup procedures. Backups should be stored off-site and off-network. Chubb
understands that there are certain scenarios when paying a ransom is the last but best option,
which is why Chubb’s incident response vendors are equipped with Bitcoin wallet capability if
necessary.
Takeaways Due to the sensitivity of such a claim and the potential damage to a client’s reputation,
it is important for companies to act quickly to mitigate any potential loss or damage. By ringing the
Chubb Incident Response Hotline we can ensure the correct specialists are appointed to work with
the client and communicate effectively with the service provider to resolve issues and bring the
matter to a conclusion.
Takeaways This scenario highlights the importance of storing sensitive information under the
necessary protections. Up to date firewalls, intrusion detection software, and encryption of
databases are just a few ways to responsibly maintain the privacy of employee and customer
information. This example also highlights the many ways Chubb’s policy may respond to cyber
events. The incident response manager provides assistance in organising the nearly ten different
services associated with this one event, from defence costs to public relations expenses and more.
Takeaways Due to the sensitivity of such a claim and the potential damage to a client’s reputation,
it is important for companies to act quickly to mitigate any potential loss or damage. By ringing the
Chubb Incident Response Hotline we can ensure the correct specialists are appointed to work with
the client and communicate effectively with the service provider to resolve issues and bring the
matter to a conclusion.
Intro – my background.
Constantly in the news cycle. Cases targeting individuals to large companies.
Talk about some real world examples of breaches, a few numbers to help us understand the scale.
Hiscox study claims there is a successful attack against a small UK business every 19 seconds with the number of attempted attacks being 65,000 per day. That’s one attack every 1.3 seconds
By the end of this presentation there will have been between 1,100 and 1,200 cyber attacks on small UK businesses. The number of successful attacks will be between 80-90.
Change drivers are: Negative outcome, GDPR.
Invoice redirection facilitated by weak password.
Human factor.
STORY – Not required, just for study.
First of all the client’s email account was breached. This happened because they had a weak, non-complex password. Passwords can be cracked quite easily in this day and age with the use of something called a bot-net which is a kind of virtual supercomputer built from hundreds or thousands of unsuspecting “slave” computers. Using such a method a non-complex password of 8 characters or less can be cracked in under 2 seconds. Even on a regular computer without using any special techniques this would only take 2 days of leaving the computer running in the background. Once the attacker had access to the account they found an invoice pdf which they were able to alter. They edited the bank account details to redirect the invoice payment to an account that they could access. This is actually quite a common attack now and the invoices that they have edited are indistinguishable from the original. The client had to pay twice here as they then still had to pay the original invoice.
This is an example of social engineering and improper segregation of duties.
Human Factor.
STORY – Not required, just for study.
This case is a bit more sophisticated than the last one and required a deal of reconnaissance beforehand in order to understand specifically who they needed to target. The scammer first managed to force a password reset onto the client’s bank account in order to manufacture the scenario of the account having been breached. The scammer then phoned the employee with access to the company account and impersonated a bank official. They informed the employee that the account had been breached and that they needed to reset the password immediately as the funds in the account were potentially at risk. They also told the employee that they had created a secure “holding” account where the funds should be transferred for the mean time until they could verify that the company account was no longer under threat. Using elevated privileges the employee both created a new payee account and then transferred the funds. Whilst transferring the funds the employee received a legitimate Challenge and Accept from the bank which they confirmed. Because they had done this the transfer was perceived as fully legitimate by the bank and the funds were irrecoverable. It’s worth nothing that this attack occurred late on a Friday and the scammer instilled a sense of panic and urgency into their target in order to more easily manipulate them.
Patch management vulnerability.
Poor IT infrastructure management.
Lack of people accepting responsibility.
Human factor.
STORY – Not required, just for study.
Once again a more sophisticated attack but also one that could have been prevented with a few simple procedures. This particular company is an international entity with many different offices and departments spread across the world. The key part here is the number of departments. There were several independent IT departments that didn’t have a proper central reporting point. One of these IT departments had created a portal or form online for customers to send complaints to, but no longer claimed ownership of this form. After a time a vulnerability was reported in some software that was used for this form. The creators of the software responded by issuing an update, or patch, which fixed the issue. The fall down here was no one any longer taking ownership of this online, easily accessible form. It wasn’t updated. The attackers used this to enter the companies systems and travel through them until they found something of use to them. This just happened to be the customer database complete with all the personal information that you wouldn’t want sold online including: names, addresses, dates of birth, email addresses, SSN, NIN. They remained undetected in the system for over two months.
This is of individual breaches with negative outcomes.
With 48% of businesses that have reported, reporting at least one breach per month this can add up very quickly.
Annual averages small business (2018 - £3,160, 2017 - £2,450).
Productivity affected, potential loss of business to business relationships.
Hiscox report taken over 7 western world countries. UK, USA, Germany, France, Belgium, Netherlands, Spain.
Business becoming unavoidably international, internet and GDPR.
UK mean largest incident cost £103,000.
One German firm reported a cost of £37 million from a single incident.
Belgian firms most likely to be attacked, US firms the least likely.
5G – unprecedented integration of services. More than just fast internet, will allow for widespread connectivity of devices.
Internet of things – explain it briefly, why is this potentially a problem? Hacked car, hacked kettle, hacked baby monitor. So many access points
Huawei concerns / FVEY – give brief overview
PKF-FC takes Cyber Security seriously.
If anyone has any concerns or is unsure about how to tackle the issue please feel free to get in touch with us and we’d be happy to help.
Government cyber awareness campaign.
Government 10 steps to cyber security guidance.
Cyber Essentials accreditation.
Change your passwords, ensuring they are strong.
Inform relevant parties (banks etc).
Consider shutting your systems down.
Report the incident to ActionFraud.
Communicate to all involved, both external and internal. It is important all stakeholders, including customers and clients, understand what has happened.
If appropriate, engage a third party expert to assess the extent of the breach and advise on corrective action.
Document everything you do.
Ransomware, Phishing, Data Leakage, Hacking, Insider Threat.
High awareness for GDPR lower awareness of its implications for cyber security. (€20million or 4% global turnover, whichever is higher).
Crown Prosecution Service was fined £350,000 for losing sensitive data.