Breach Detection

Subscribe to Breach Detection

One way to protect your business from financial loss, reputational damage, and the expense of regulatory scrutiny in the event of a data breach is to require your vendors, with access to your customer and employee personally identifiable information, to carry cyber insurance.

Many businesses routinely require their vendors to promise to indemnify them from any loss or expense arising out of the vendor’s goods or services. They also routinely require their vendors to maintain certain types and amounts of
Continue Reading Cyber Insurance: Why you should require certain vendors to have it

The Department of Justice Cybersecurity Unit recently issued its “best practices” for cybersecurity incidents, while the SEC recently circulated a cybersecurity “guidance update.”  These publications recommend that companies institute certain policies and procedures for cybersecurity based on each agency’s experience in the area.

The agencies’ suggestions are good ones.  More importantly, like NIST’s Cybersecurity Framework, such recommendations may become de facto standards that regulators, courts, and juries look to when they assess whether your company’s
Continue Reading Regulatory Update: DOJ and SEC Issue Privacy and Cybersecurity Recommendations

Threat Intelligence is, very simply, network defense techniques that leverage knowledge (i.e. intelligence and counter intelligence) about adversaries so that organizations can build a superior information base which decreases the chances of an attacker compromising their networks. Gartner more specifically defines it as “Evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to the menace or hazard.”

Vulnerability
Continue Reading Threat Intelligence – What You Should Be Doing

The marquee breaches that have occurred recently (i.e. Anthem, Home Depot, Morgan Stanley, Target, Linked In, and Sony) have helped U.S. Fortune 1000 companies understand that data security must be taken seriously.  Not only must companies invest in their data security, but they must proactively manage and protect it.  Previously, large corporations generally considered hacking attacks and general security breaches as “Force Majeure” events in that they were both unpredictable and unpreventable.  Therefore, many of the Fortune 1000 purchased cyber
Continue Reading Cyber Attacks: Small/Mid Cap Companies Beware

*This is the fourth post in a five-part series on cyber insurance, culminating in a webinar entitled “Insurance Coverage for Privacy and Data Breaches, Hot Topics and Critical Issues” on Wednesday, April 22, 2015, at 12:00-1:00 p.m. Eastern. 

Common questions we often hear from CEOs, CFOs, and Directors of businesses and public and private institutions are “How do we determine our cyber insurance coverage needs?  In other words, how do we know that we have enough insurance to protect our
Continue Reading Cyber Insurance: How Do I Determine My Coverage Needs?

Many data breaches have been in the news lately across many industries, such as:

  • Retail (e.g., Target, Home Depot)
  • Healthcare (e.g., Anthem, Premera)
  • Technology (e.g., AT&T, Apple)
  • Entertainment (e.g., Sony, Blizzard)
  • And others

While the types of attacks, exposed vulnerabilities, and type and number of records compromised all vary among these breaches, there is one thing in common to all: They all had to respond to the breach.

An Incident Response Plan (IRP) is a best practice that, unfortunately,
Continue Reading The Importance of an Incident Response Plan

When we secure an asset, we usually know where it is and have a series of controls to protect it. For a house or office building, it is the address and we secure it with locks and perhaps a security service. For a car, we have the VIN and maybe a tracking device if the car is valuable as well as keys and alarms to control access. By and large, we have ingrained in our psyches how to protect physical
Continue Reading The “Where” of Data Security

*This is the third post in a five-part series on cyber insurance, culminating in a webinar entitled “Insurance Coverage for Privacy and Data Breaches, Hot Topics and Critical Issues” on Wednesday, April 22, 2015 at 12:00-1:00 p.m. Eastern. 

Common questions we often hear from CEOs and CFOs are “what do cyber insurance policies cover and how much do they cost?”

Cyber risk insurance policies typically offer both first-party coverage (covering the policyholder’s losses) and third-party coverage (covering defense costs and
Continue Reading Cyber Insurance: What do Cyber Insurance Policies Cover and Cost?

Following high-profile data breaches, including North Korea’s virtual invasion of Sony Pictures, President Obama declared a national emergency related to malicious cyber-attacks from abroad. In an executive order signed April 1, 2015, Obama created expansive sanctions designed to curb, as he put it, this “unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.”

The order gives the U.S. Treasury Department discretion to freeze assets of foreign persons or entities who engage in “or
Continue Reading The Enemy Abroad: President declares cyber-espionage a national emergency; creates U.S. power to sanction

*This is the first post in a five-part series on cyber insurance, culminating in a webinar entitled “Insurance Coverage for Privacy and Data Breaches: Hot Topics and Critical Issues” on Wednesday, April 22, 2015, at 12:00-1:00 p.m. Eastern. 

One of the most common questions we hear from CEOs, CFOs and Directors of businesses and public and private institutions is “Do I really need cyber insurance?”  Our answer is always an emphatic “Yes,” whether it is a
Continue Reading Cyber Insurance: Do I Really Need It?