If you’re in business today, no matter what your “core” product or service is, you are almost certainly a software company. It is nearly impossible to run a business without it. That means you should know about the Building Security In Maturity Model—better, and more conveniently, known as the BSIMM.
For the first time ever, Cyber incidents ranks as the most important business risk globally in the ninth Allianz Risk Barometer 2020, relegating perennial top peril Business interruption (BI) to second place.
While organizations of all sizes have benefited from the efficiencies and conveniences of taking their business digital, it’s not without risks. Cybersecurity in today’s hyperconnected world is a necessity for large, medium and small businesses alike. Smaller businesses may be more prone to cyberattacks as they typically have fewer resources dedicated to cybersecurity.
In a prior article, we analyzed Articles 1 through 4 of the California Attorney General’s proposed California Consumer Privacy Act (“CCPA”) regulations. This article discusses Article 5 (Special Rules Regarding Minors) and Article 6 (Non-Discrimination). The CCPA went into effect on January 1, 2020, which means that businesses should, at a minimum, be updating their online privacy policies and accepting and responding to consumer requests.
Late last year, it was announced that the major aluminum manufacturing firm, Norsk Hydro AS, received a $3.6 million cyberinsurance payout – the first around highly publicized, extensive cyber breach of March 2019. The large ransomware attack struck the company’s U.S. facilities – before spreading throughout the company, resulting in millions of dollars lost – destabilizing Norsk Hydro’s operations until the summer months. The payout covered merely six percent of the multi-million-dollar costs created by the incident and its aftermath.
Apparently, we are getting in our own way when it comes to advancing cybersecurity. According to a leading 2018 study by the Ponemon Institute LLC (sponsored by IBM), the three primary causes of data breaches were malicious or criminal attack, system glitch and human error. While the study reports that the length of time to identify and contain, and the cost, were lower for data breaches caused by human error as opposed to the other categories, it is an issue that nearly 27 percent of data breaches are caused by human error.