Monthly Archives: November 2024

An Underwriters Guide to Cyber Risk: Managing 3rd Party Risk – Part 3

Posted on by
Reply

Due to the length of this detailed topic, it will be broken into multiple parts. Previous portions here:

An Underwriters’ Guide to Cyber Risk: Managing 3rd Party Risk – Part 1
An Underwriters’ Guide to Cyber Risk: Managing 3rd Party Risk – Part 2

Technical Approvals in Cybersecurity: A Missing Pillar of Risk Management

In traditional industries, technical approval processes are a vital part of ensuring safety and reliability. For example, companies often pay to have their devices tested and approved by organizations like UL, which rigorously test products to ensure safety and reliability. Safety-critical devices—such as fire alarms, fire pumps, and safety doors—require approval before being used by insured parties, giving insurers the confidence that these devices will perform when needed.

Cybersecurity, however, lacks a similar robust system of technical approvals. Without an established process, standards in cybersecurity are often vague and difficult to enforce. For instance, many standards simply state that an organization must have a “firewall” or use “industry-standard encryption.” These requirements are difficult to enforce because they are vague—what exactly qualifies as an acceptable firewall, and who verifies it? There are many products that could meet these requirements on paper, but without an approval process, there is no consistent or provable standard of quality.

Technical approvals are ultimately an absolutely necessary step to establishing universally high standards. This is what will, eventually, end the problem of high levels of third party risk forever. It is an unavoidable part of standardizing risk management in technology and reign in losses. It will, unfortunately, be difficult to make great progress in cyber security until such time as a robust system of independent testing and approval is established. This will create the “ecosystem of trust” that is necessary to enforce security.

A Well-Established and Necessary Process
It is unusual that cybersecurity proceeds without technical approval, but this reflects an outdated mindset in IT, where buyers assume all risk without warranties or guarantees. Technical approval is a well-established process in many industries, providing independent verification that a product meets specific standards and ensuring accountability. It is no longer the 1980’s, and software and IT products are no longer specialty products or experimental, but this mentality still persists.

Continue reading

Just How Bad Are We Doing With Cyber Security? Lets look at the past week…

Posted on by
Reply

So just how bad is ransomware and cyber security in general? To get an impression, lets look at the past week. Just over the past 7 days, there have been over a dozen major ransomware attacks, though a few have not been well reported in the news media. The fact is, we have fallen for a kind of creeping normality. It’s not normal and it should not be considered a routine thing to see this happen.

Starbucks Impacted By Cyber Attack
Stop & Shop Hit By Cyber Incident – May Result In Bare Shelves
Supply Chain Management Vendor Blue Yonder Succumbs to Ransomware
The City of Odessa, TX Experiences a Cyber Incident
Weeks Later, Problems Persist At Hannaford Supermarkets
Wirral University Teaching Hospital Experiences Major Cyber Incident
Retailers Struggle After Attack on Supply Chain Provider Blue Yonder
RRCA Accounts Management Falls Victim to Play Ransomware Attack
Aspen Healthcare Services Announces Data Breach
Zyxel Firewalls Targeted in Recent Ransomware Attacks
Fintech Giant Finastra Investigates Data Breach

Continue reading

Does your kid play video games? Sue about it!

Posted on by
2

Ah yes, we are as overly and overtly litigious society, and there is no doubt about it. Certainly not when an old scheme comes up, yet again. The evil daemon? That’s right, video games. Video games, along with comic books, and that dang-blasted rock and roll music – this is why kids these days don’t know the value of a dollar!

Leaving aside the sarcasm for a moment…

Video games have been demonized as addictive, a waste of time, an encourager of violence and a gateway to satanism, ever since they first debuted in the 1970’s. Today most adults are used to the banter, because anyone under the age of 60 grew up with it. Video games tend to be the low hanging fruit for what people think is offensive and dangerous. They always have been, but now that it is so familiar, it seems less likely that anyone would take it seriously.

Well, there are law firms who feel otherwise.

Here are a few ads that I came across on social media, over the past few weeks.

Continue reading

How The Failure Of Cyber Security Cost Harris the Election

Posted on by
Reply

Many do not realize this, but Donald Trump largely won the election because of cyber security failings by the current administration. Don’t believe me? Cyber security losses are a huge factor in inflation and have caused a massive economic problem, which has decimated healthcare and cost billions to government agencies, all while financing Hamas and the war in Ukraine.

These macroscopic problems may not seem to be linked to cyber security losses, but they are. While politicians like to pretend it is a minor, specialized issue, the fact is that cyber losses are now decimating business and hurting the monetary supply. They are a huge factor in why American businesses are failing and why it is harder than ever to compete. The pain that Americans feel at the gas pump, when they get their pay check, pay for insurance and the problems in the world are not 100% caused by poor management of cyber risks, but that is part of it.

The biggest problem, as I have stated before, is that we simply cannot improve things until the insurance sector cleans up its act. The moral crisis we now are seeing is caused primarily by the insurance sector, which has made the decision that it is fine to lose money on cyber security and it’s fine to raise rates. They’ve created a monster, and that monster can’t be kept at bay until regulators wise up and recognize that insurance must be held accountable for the disgusting and despicable conduct of cyber security underwriters.

Continue reading