Blog



How E.U. Directive 2024/1760 Affects Your Cyber Risk
Profile

Hierarchical Considerations in Cyber Risk Assessments

https://www.degruyter.com/document/doi/10.1515/9783111289069-002/html

Crowdstrike – a Lesson to All?

https://news.sky.com/story/global-it-outage-should-be-a-wake-up-call-for-governments-industry-and-individuals-13181244

“What has Texas and judgment preservation insurance got to do with my AI, quantum & cyber risk management programs?”

https://lexmachina.com/blog/patent-case-filings-increase-in-the-eastern-district-of-texas-western-district-of-texas-still-popular/

Mitigation Through Risk Transfer – Still Valid as an Option?

  • Many US states have now made payments for ransomware attacks illegal;
  1. The Merck settlement took over 5 years & with war exclusion clauses in place, eliminating cover for state-sponsored attack impacts, what other considerations are required?
  • Those States that have public laws against ransomware payments have a lower incidence that others;
  • Entities stating they have substantially increased ITSEC spend have been targeted less than those who do not make such public statements;
  • Cyber re/insurance premiums increased 50-70% over the past 12 months;
  • Attachment points are high & most cover is EoL or with low limits (the Yahoo hack of 2016 cost over $175 million; higher levels are needed).
  • ILW/ILS major announcement deals numbered 4 in 2023 – those pushing for ART via financial instruments are within the financial markets, or VC-funded CRQ entities desperate to find a pathway out from a high burn rate;
  • AI/post-quantum cryptographic vulnerabilities mean zero data & no experience in what will occur when mal actors leverage these areas & risk carriers have no idea what individual, aggregated or sectoral impacts they will undoubtedly have.

https://www.reinsurancene.ws/merck-reaches-settlement-with-insurers-over-1-4bn-notpetya-cyber-attack/

Vendor Risks Are Higher With AI Trends

https://www.reuters.com/legal/litigation/cloudera-hit-with-240-mln-patent-verdict-over-cloud-storage-technology-2023-10-13/

Is Cyber an Insurable Risk?

Quantum Cryptographic Compromise – What Next?

  • Cyber security
  • GRC
  • ERM
  • ESG
  • Legal
  • Anti-trust

https://www.reuters.com/technology/microsoft-adds-ai-button-keyboards-call-up-chatbot-2024-01-04/

Quantum Cryptographic Compromise – What Next?

https://csrc.nist.gov/news/2023/three-draft-fips-for-post-quantum-cryptography

There are an increasing number of standards for IT security. Do you need them for GDPR proof of compliance?

The Challenge

Dynamic environments create risks of uncertainty in delivery of products & services. How can you meet the challenge?

The Challenge

The Solution

The Challenge

The Solution

The Challenge

The Solution

Having a GDPR program does not mean it will become embedded successfully within an organization

Companies globally are facing increasing business challenges posed by emerging data protection laws

The Challenge

The Solution

The Regulations that May Affect Your Business

Potentially catastrophic financial penalties for regulatory breach? – I’m insured right??

The Challenge

The Solution

Business continuity management now became more critical – insurers fail to pay out to policyholders.

Ever Given Vessel Grounding in Suez Canal – A lesson of potential future cyber marine impacts

The Lesson for Cyber Impacts

What the Darkside Hacks Tell Us About Future Attack Trends

Operational Resilience Versus Business Continuity

What Is Operational Resilience?

Top 10 Benefits of Building Operational Resilience

  • Capital allocation efficiency: addressing risk in a proactive manner rather than high cost remedial autopsy risk management;
  • Stakeholder assurance: corporate value effects  e.g. governance, environment, equality;
  • Higher resilience results in more agile organization to compete in dynamic operating environments;
  • Creates greater organizational resiliency and fit of operations to corporate strategy;
  • Greater accountability for new and emerging technologies in an era of accelerated innovation and digital attacks;
  • Increasing regulatory scrutiny and volume of laws across sectors.
  • Environmental catastrophes and climate change induced major events are increasing in frequency;
  • Reliance upon third parties within the supply chain for products and services requires additional focus and assessment;
  • Probability of reputational damage and brand value reduction in a social media driven world;

Cyber Lessons from the Ukraine War

WHY THE E&Y BREAK-UP SHOULD MATTER TO CYBER RISK MANAGEMENT TEAMS

Top 10 impacts of auditor failure to sign off/receive qualified statements on corporate accounts:

  1. Reputational damage – brand valuation
  2. Shareholder doubt
  3. Target for activist investors
  4. Market signalling
  5. Perception of risk for capital raises
  6. Unwanted predatory interest from potential acquirers
  7. Regulatory oversight increase
  8. Higher fines for non-compliance
  9. Lower employee confidence in management – loss of skilled/knowledge workers
  10. Higher future audit costs from greater levels of scrutiny

Key Factors in Audit Concerns:

  • Historical record of quality of a company’s controls & prior audit records
  • Prevailing economic conditions & extent of competition
  • Changes to accounting systems
  • Operational changes
  • Personnel churn rate
  • Transaction volumes/capacity/load/sensitivity/automation/value
  • Regulatory environment

…..And the Break-Up?

The Data & Cyber Security Regulations That Now Apply to All Business

Standard contractual clauses:

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en

E.U. NIS2:

https://www.europarl.europa.eu/thinktank/en/document.html?reference=EPRS_BRI%282021%29689333

ePrivacy2:

https://data.consilium.europa.eu/doc/document/ST-6087-2021-INIT/en/pdf