New Chubb InFocus Report Outlines Latest Cyber Risks

Note the inclusion of both a major privacy issue and an emerging cybersecurity threat in this report. Many organisations treat Privacy and Security as separate issues with data governance (think CDO, DPO…) and infosec (CISO) being handled in different reporting lines. Time for a governance rethink?…:

WHITEHOUSE STATION, N.J. , Aug. 27, 2019 /CNW/ — Chubb’s latest Cyber InFocus Report, “Know the Latest Trends in Cyber Risks,” outlines the newest cyber exposures that all institutions should have on their radar.

The first of these new risks surrounds a recent surge in Biometrics Information Privacy Act (BIPA) lawsuits, which has created a growing need for organizations to better understand current and emerging privacy laws. BIPA regulates the collection, use, storage, safeguarding, retention, and destruction of biometric identifiers—such as retina or iris scans and fingerprints—and biometric information that companies collect on their employees and customers. Biometric data regulation varies at the state level and has been a focus of U.S. federal and international legislators and regulators, so it is imperative that companies understand the legal requirements of each state and of the countries in which they conduct business.

The second cyber risk comes from the emergence of a newly detected ransomware variant—iEncrypt. It is characterized by mid-six to seven figure ransom demands and is spread through existing malware, such as Dridex or Emotet. With this growing threat in mind, malware detection and regular backups of main systems are increasingly important to protect against company data being held hostage. This type of event can cause severe business interruption.While cyber risks exist for all businesses, the vast amount of financial transactions and corresponding monetary opportunities for cyber criminals make financial institutions a prime target for bad actors. In fact, proprietary claims data from the Chubb Cyber IndexSM shows that the median cost of a cyber incident has doubled for financial institutions in the past three years.


Original article here