Tag: cyber risk

Insights from the Cyber Risk Summit Beverly Hills – October 2023 Authored by Ryan Coyne I recently participated in a panel with industry experts, delving into third-party cyber risks. The panel shed light on best practices, challenges, and strategies to mitigate the impact of third-party incidents. Panel Participants: Stu Panensky (Moderator) – FisherBroyles, LLP Ryan Coyne – Experian Tom Egglestone – Resilience Mark Grazman – Fenix24  Matthew Saidel – FTI Consulting Agenda: Incident Best Practices: Collaboration & Coordination on IR Action Items Upstream Risk of Third Parties: Vendors, Suppliers & Business Partners Downstream Risk in the Policyholder Supply Chain The Cyber Risk Summit held in Beverly Hills provided valuable insights into the risks of engaging unsecured third parties. Key Takeaways Understanding the Significance Tom emphasized the longstanding nature of cyber risk exposure tied to third-party relationships. The increasing reliance on external vendors in a tech-enabled world has heightened this risk, especially with the surge in outsourcing and software adoption. Tom highlighted that, even in 2019, Gartner research indicated that 60% of surveyed companies worked with over 1000 third parties in their supply chain, setting the stage for the escalated risk environment post-pandemic. Crisis Communications in Third-Party Incidents Matt shared insights into the challenges faced when third-party incidents unfold. The necessity of involving crisis communications consultants early in the process, especially for upstream and downstream, was stressed. Preserving the right to operate and maintaining client trust amid incidents were key points Matt made.Hands-On Restoration PerspectiveMark, providing a hands-on restoration perspective, discussed the rarity of involvement at the inception of an event. His emphasis on locking down infrastructure, understanding the threat actor’s persistency, and encouraging robust backup strategies showcased the intricacies involved in restoration efforts.“Restoration efforts often kick in when patient zero is unidentified. Locking down the infrastructure and focusing on repairing affected elements are essential” – Mark Grazman, Fenix24 Notification Strategies and Legal Implications Representing Experian, I shared my perspective on notification complexities that the average consumer may not be aware of, such as notifying everyone upfront versus opt-in processes. The legal implications of notifying on behalf of others and coordinating with multiple parties. The nuanced approach to call center communication and the crucial factor of making details clear in notification letters in minimizing confusion for recipients.I want to emphasize a point I made earlier in the panel on the downstream impact of notification strategies and the need to customize communication for recipients.“For these incidents, it’s most important to minimize complexity on the notification side and minimize confusion for the recipient of your notification letter.” – Ryan Coyne, Experian Insights from an Insurance Claims Handler Tom, as an insurance claims handler, underscored the importance of understanding vendor contracts, particularly clauses related to defense and indemnity. He highlighted the need for transparency in the vendor’s incident response process, especially when the insured isn’t in control, adding a layer of complexity to communication and expectation setting. Crafting a Seamless Notification Process: Public-Private Partnerships Stu Panensky, Moderator: Public-private partnerships emerged as a recurring theme during the panel discussions. The need for collaboration between law enforcement, insurance companies, and businesses became evident. Stu emphasized the role of public-private partnerships in influencing better outcomes and impacting data protection, regulation, and litigation. The insights from the 2023 Beverly Hills Cyber Risk Summit underline the interconnected nature of cyber risks and the critical importance of proactive measures. Stakeholders are urged to adopt a collaborative approach, navigate legal complexities, and stay vigilant in the face of evolving challenges. I welcome you to watch the full discussion on-demand. Watch the panel session on-demand now

2023-2024 Experian Data Breach Response Guide Learn how you can boost your preparedness against cyberattacks—download the new guide now. As the proliferation of connected devices and third-party integrations accelerate, organizations are becoming more exposed to risk. Your attack surface is expanding, and it’s a hacker’s dream. But their dream is your nightmare. While there will always be at least one monster hiding under the bed, being prepared and having a plan can help you sleep easier and soften the blow when an attack does happen. How likely is your organization to be the victim of an attack? As pointed out in the 9th Annual Experian Data Breach Response Guide, “Cyber attacks happen once every 39 seconds.[1]  There’s no time to rest, and no time to let your guard down. It’s just a matter of time before your data becomes a target, whether it is a direct hit to your organization or through a third-party supply chain attack (one of the latest trends hackers are using to gain access to huge amounts of data in just one sweep). You never know when your day will come, so being prepared now is the only way. 15% fewer incidents occur on average for customers with a plan.[2] Having fewer incidents helps keep your data safer and your bottom line healthier as the cost of a data breach continues to break records year after year. Learn How You Can Be Prepared Our 2023-2024 Data Breach Response Guide has been updated with the latest predictions, trends, and expert advice based on real-world experience. This is the ninth year I’ve rolled out this guide, and it gets better every year, with deeper insights into the state of cyber threats across industries and current best practices, and step-by-step guidance for creating, testing and implementing a plan for your business. Highlights include: Third-party breaches are rising — A partner breach make up 62% of system intrusions.[3] Healthcare and financial services have the highest volume of breaches, representing over half the share of breaches serviced by Experian in 2022.[4] How having a response plan can save your business—90% of consumers are more forgiving of companies that had a response plan before a breach.[5] How Experian Data Breach Solutions can help your organization respond quickly to and minimize the impact of a data breach Ready to Get Started? A data breach preparedness plan is never a one-and-done deal. It needs to evolve along with the cyber threats it is meant to conquer. Experian is a partner you can trust. We continue to expand our product offerings, keep our eyes and ears on the lookout for rising threats and trends, and use our years of experience to support our partners when they need us most. Download the latest edition of the Experian® Data Breach Guide [1] Zippia, 30 Crucial Cybersecurity Statistics [2023]: Data, Trends and More. [2] Experian Data June 2023 [3] Resmo, Third-Party Data Breach Statistics. [4] Experian Data June 2023 [5] Experian Data Breach Consumer Survey.

The Threat “With criminals, there’s no such thing as a border anymore. They don’t care where you are, who you are; if there’s money to take from you, they will take it.” That’s what U.S. Secret Service Agent Eric Adams had to say when asked about cybersecurity threats during the “Global Cyber Threatscape & the Role of Law Enforcement” panel I moderated at the latest NetDiligence CyberRisk Summit event. It’s clear to law enforcement that cybercriminals are hyper-connecting, deep information sharing, and crossing virtual borders—becoming more brazen (and clever) by the breach—leaving businesses, insurers, organizations, regulators, and consumers in the cross hairs of compromise, compliance, and recoupment. “We work with law enforcement; we work with insurance companies. We’re collecting data and trying to solve those problems because we understood that if you don’t cooperate before the incident, you don’t work together [at all].” – Michael Bruemmer, Experian During the “Beyond the Arrest: Law Enforcement Roundtable,” Adams and three other cross-border experts, Brian Abellera, Jason Conboy, and Matt Robinson, gave in-depth accounts of “cross-border incident response and the role of U.S. cyber law enforcement and oversees intelligence.” “We’re seeing smaller and medium-sized businesses [being targeted by ransomware]. We are really struggling to keep up with the information flow.” – Matt Robinson, RCMP I frequently talk about how quickly the threats are evolving and how Every Minute Counts in data breach response. The panel echoed this sentiment tenfold, covering five key topics, including “Unique Characteristics of U.S.-Canada Cyber” and “Public-Private International Cooperation.” The Evidence Board “We have to be nimble like the cybercriminals; putting in cyber liaisons internationally.” – Jason Conboy, U.S. Department of Homeland Security Investigations From stem swapping, ransomware revictimization, and romance schemes, the experts discussed how cross-border threats are infiltrating every square inch of the data security landscape. They also focused on the critical role of education, tabletop exercises, and timely incident reporting while zeroing in on how public-private partnerships can influence better outcomes and impact data protection, regulation, and litigation. Watch the full NetDiligence Cyber Risk Summit session on-demand