US Senators Push for Jail Time for Executives Who Conceal Data Breaches

Fueled by anger over recent high-profile security breaches, congressional lawmakers on Nov. 30 filed a bill to potentially subject executives at organizations that do not disclose breaches to up to five years of jail time.

Members of the United States Senate Commerce Committee introduced a bill to propose prison sentences for any executives that conceal data breaches that cause any individual to lose more than $1,000. The bill, called the Data Security and Breach Notification Act, would also implement nationwide data breach notification standards, a topic that garnered significant attention during congressional hearings over breaches at Equifax, Yahoo, and Uber.

Erin Ayers, US senators push for jail time for executives who conceal data breaches (December 4, 2017), available with subscription at Advisen Cyber Front Page News.

Bridging the Insurance/InfoSec Gap: The SANS 2016 Cyber Insurance Survey

Cyber security insurance has become increasingly popular as significant data breaches have become more common. Unlike other information security (InfoSec) preparations, however, the purpose of cyber insurance is not defense; rather, it is the transfer of financial risk to a third party. The field is young, dynamic and multifaceted. InfoSec professionals, underwriters and brokers each have different roles in negotiating or implementing policies, as well as different metrics with which to gauge the value of a cyber insurance contract.

In a recent report published by SANS, it was highlighted that conceptual gaps often make it difficult for members of the cyber security and cyber insurance communities to find a common basis on which to develop reasonable standards of security and insurability.

“Bridging the Insurance/InfoSec Gap: The SANS 2016 Cyber Insurance Survey” Advisen Ltd. 2016 21 Jun. SANS | PivotPoint Analytics. 2016.

Beazley Sees 60 Percent Rise in Breaches Caused by Hacking and Malware

Data breach incidents caused by hacking and malware increased dramatically between 2014 and 2015, according to claim trends collected Beazley, provider of data breach response insurance. The firm also saw a 60 percent increase in data breaches last year, up from 777 in 2014 to 1,249 in 2015, and predicts an exponential rise in ransomware attacks.

In 2015, 32 percent of all claims handled by Beazley’s Breach Response team were caused by hacking or malware compared to 18 percent in 2014. Other causes of loss include unintended disclosure of records at 24 percent (down from 32 percent in 2014) and loss of physical records at an unchanged 16 percent. The fields of healthcare, higher education, and financial services were found to be particularly vulnerable.

Erin Ayers, Beazley sees 60 percent rise in breaches caused by hacking and malware (March 15, 2016), available with subscription at Advisen Cyber Front Page News.

Cybercriminals Stole More Than Data in 2015: Kaspersky Report

Mobile devices and financial institutions became primary targets for cybercriminals to steal money directly from individuals in 2015, according to a new report from Kaspersky Labs, which took a look at the type of cyber events that occurred most frequently this year and made predictions for the future.

While data breaches at large retailers seem to grab headlines and prompt litigation, Kaspersky found that targeted advanced persistent threat (APT) attacks against banks, government agencies, and other high-profile organizations rose in 2015. Not content to steal names, addresses, Social Security numbers, and other personally identifiable information, criminals interested in money and state secrets more assertively entered the cyber fray this year.

Ayers, Erin. “Cybercriminals stole more than data in 2015: Kaspersky report.” Advisen. Advisen Store, 12 January 2016. Web. 20 January 2016.

Cyber Represents Growth Area for Reinsurers: Aon Report

Reinsurers see cyber risk as a necessary area to offer capacity to meet the growing demand on primary insurers from clients and despite the prevalence of data breaches, the reinsurance industry should be able to meet the need, according to a new report from Aon.

“While there is still headline risk from recent data breaches such as Anthem, Inc., Premera Blue Cross, Experian / T-Mobile, and Ashley Madison, it still remains an opportunity for many who are willing to invest in resources to understand the dynamics of cyber as a peril and product,” noted Aon in its report.

Ayers, Erin. “Cyber represents growth area for reinsurers: Aon report.” Advisen. Advisen Store, 12 January 2016. Web. 18 January 2016.

Wyndham Agrees to Settle Landmark Legal Battle with FTC over Data Breaches

Wyndham Worldwide Corp. will set up a wide-ranging information security program to protect cardholder data as part of a settlement reached with the US Federal Trade Commission to end a case, filed in 2012, that effectively clarified the commission’s authority to regulate data security practices.

Wyndham is not required to pay any monetary fine but its obligations under the settlement will last for 20 years. The settlement does not apply to any other categories of personally identifiable information

“We chose to defend against this litigation based on our strong belief that we have had reasonable data security in place, and that the FTC’s position could have had a negative impact on the franchise business model,” said Wyndham, in a statement. “This settlement resolves these issues, and sets a standard for what the government considers reasonable data security of payment card information.

New study, recent criminal conviction sheds light on the ‘malicious insiders’ threat

While large cyber attacks and data breaches may get the headlines, a recent study prepared by the Ponemon Institute and Hewlett-Packard and a recent criminal conviction of a Los Angeles Times reporter that disclosed corporate passwords on a hacker website serve as additional reminders that “malicious insiders” still pose the largest security threat to an organization.

Ponemon Institute/Hewlett-Packard Study: Malicious Insiders Can Cause the Most Serious Cyber Incidents

The Ponemon Institute and Hewlett-Packard (HP) published the study, “2015 Cost of Cyber Crime Study: Global,” which provides insight into the increasing frequency and costs of cyber attacks against governments and businesses around the world.

Data Breach Costs Projected to Hit $2 Trillion in 2019

New research from Juniper suggests that the annual cost of data breaches will top $2 trillion in 2019, the brunt of it striking North America.

“While it is responsible for under 80% of global criminal data breaches, the high-value nature of US breaches means they account for over 90% of the global cost of data breaches,” stated UK-based Juniper Research. “We assume that the cost-per-record is going to increase in future, as more sensitive data is stored online as a matter of course.”