Tag Archives: Tech

Nasdaq Security Breach Highlights Cyber Threat

The company that owns the Nasdaq Stock Market over the weekend confirmed that its computer network had been hacked, according to a report in today’s Wall Street Journal.

An application called Directors Desk that allows corporate board members to share confidential documents was targeted. Nasdaq OMX issued a statement on the breach here.

According to the WSJ, the security issues with Nasdaq have triggered broader concerns:

People familiar with the Nasdaq case say that while the specifics of that hacking aren’t particularly egregious in a world where corporate networks are attacked daily, the case has raised alarms in the government because of the potential implications of compromising Nasdaq, which runs one of the world’s most-important exchanges.†

The incident highlights the fact that  network security  breaches remain a top threat facing businesses.

In its recently published Global Risks Report 2011, the World Economic Forum (WEF) identified cyber-security as one of the top five risks to watch.

The WEF warned that the complexity of cyber security issues is still not well understood and its risks could be underestimated:

Cyber security encompasses online data and information security and critical information infrastructure breakdown, and ranges from petty online theft by disenfranchised youths to government-led provocations with potentially catastrophic consequences.†

All of this reminds us of the potentially enormous liability facing businesses when a data breach occurs. Specialized cyber risk insurance coverage is a key purchase to help businesses manage this risk.

Cyberbullying: Prevention and Response

The problem of school bullying was the subject of a recent post  here at Terms + Conditions. In it we noted that with increased access to and use of technology, cyberbullying is a growing concern.

An article in the New York Times over the weekend reports that as bullies go digital, parents are struggling to know the best way to respond. As the NYT states:

It is difficult enough to support one’s child through a siege of schoolyard bullying. But the lawlessness of the Internet, its potential for casual, breathtaking cruelty, and its capacity to cloak a bully’s identity all present slippery new challenges to this transitional generation of analog parents.†

According to the NYT, it’s not just about parents being technologically a step behind or failing to acknowledge the issue. Many struggle with how to supervise their children’s’ Internet activities, and how to proceed in the event their child is the victim of an attack.

Part of the problem is also that schools may be reluctant to get involved when the behavior occurs off-campus, and going the law enforcement route may involve a protracted process.

What about the legal environment? According to the Cyberbullying Research Center, at last count 44 states had laws regarding bullying, and 30 of those included some mention of electronic forms of harassment. Almost all of these laws direct school districts to have a bullying and harassment policy, though few delineate the actual content of such policies.

The Center advises educators, parents and law enforcement officers to carefully review and understand the statutes in their own state to understand the formal legal implications of participating in cyberbullying.

Check out  the Center’s  fact sheet on cyberbullying: identification, prevention and response.

Cyber Risks Increase During Holiday Shopping Weekend

Holiday shopping season is almost upon us. A week from today is Cyber Monday which along with Black Friday — the day after Thanksgiving, are the most popular days to shop for the holidays.

Shopping online may be easier than braving the crowds of the mall, but it’s important to make sure that convenience doesn’t come at the price of your identity.

An annual survey by internet security firm Webroot  of more than 2,660 individuals in the U.S., UK and Australia, found that some of consumers’ online habits – including using search engines and public WiFi for online gift buying – may put them at risk.

It also found that one in seven respondents has already become a victim of credit, debit or PayPal account fraud this year.

In addition, 57 percent received phishing emails from bogus sources claiming to be a legitimate company – a risk that increases around Black Friday and Cyber Monday.

Fortunately some online shoppers appear to be growing more vigilant.

A separate poll by the National Cyber Security Alliance (NCSA) found that the majority of Americans (64 percent) report they have not made an online purchase from a specific website because of security concerns.

When asked to explain why they did not make that purchase, 60 percent said it was because they were not sure if the site was secure, 51.4 percent were worried about providing information requested, and 48.4 percent felt a website more requested more information than was necessary for the transaction.

What about insurance? The good news is that identity theft may be covered by insurance. Some homeowners and auto policies include identity theft protection and resolution services at no additional cost.

Check out I.I.I. facts and stats on identity theft  and tips for avoiding  identity theft.

Fortune 500 And Insurers Increase Use Of Twitter

Insurance companies in the Fortune 500 have increased their use of Twitter dramatically, according to an annual study from the Center for Marketing Research at the University of Massachusetts Dartmouth.

Insurance companies are also most likely to be on Facebook, it found.

The study revealed that the number of insurance companies in the F500 with active Twitter accounts increased to 20 in 2010, up from 13 in 2009.

Overall, some 60 percent of F500 companies now have an active Twitter account, compared with 35 percent in 2009.

Size appears to influence the decision to adopt Twitter. Half of the Twitter accounts belong to the companies in the Fortune 200, while 33 percent come from those ranked in the bottom 200.

Interestingly, the F500 demonstrate a real willingness to interact on Twitter. Some 35 percent of companies consistently responded with @replies or retweets within 72 hours, many more often.

The study also found that just over half (56 percent) of the F500 are now on Facebook. Insurance companies rank first among industry sectors with 28 having a Facebook presence.

However, the use of blogs in the F500 appears to be leveling off, as 23 percent of F500 companies have a public-facing corporate blog with a post in the past 12 months – an increase of just 1 percent on 2009.

Indeed, the number of insurers in the F500 blogging dropped to three in 2010, compared to 5 in 2009.

The study concludes:

This clearly demonstrates the growing importance of social media in the business world. These large and leading companies drive the American economy and to a large extent the world economy. Their willingness to interact more transparently via these new technologies with their stakeholders is clear.†

For its part, the I.I.I. now has seven Twitter feeds (@iiiorg @Bob_Hartwig @JeanneSalvatore @LWorters @III_Research @IIIindustryblog @InsuringFLA) with a collective following of over 3,000 users and a Facebook page with over 300 “likes†.

Data Breaches Costing Healthcare Industry Billions

AÂ  list of data breaches maintained by the Privacy Rights Clearinghouse includes a variety of breaches at healthcare facilities, where personal information such as medical records or prescription drug information was compromised.

Now a study from the Ponemon Institute finds that data breaches of patient information cost healthcare organizations nearly $6 billion annually, and that many breaches go undetected.

Hat tip to the Wall Street Journal Health blog for highlighting the study.

According to its findings, the impact of a data breach over a two-year period is around $2 million per organization and the lifetime value of a lost patient is $107,580.

The average organization had 2.4 data breach incidents over the past two years. Major factors causing data breaches are unintentional employee action, lost or stolen computing devices and third-party error.

Given the rising exposure, you’d think hospitals and other healthcare facilities would be taking steps to protect patient data. Not so.

The research shows that protecting patient data is a low priority for hospitals and that organizations have little confidence in their ability to secure patient records.

Some 58 percent of organizations have little or no confidence in their ability to appropriately secure patient records, while 70 percent of hospitals said that protecting patient data is not a priority.

This is despite the fact that the HITECH Act, enacted in 2009, widened the scope of privacy and security protections under HIPAA to provide stronger safeguards for patient data. This includes notification to patients when their information is breached.

Unfortunately, the majority (71 percent) of respondents do not believe the HITECH Act regulations have significantly changed the management practices of patient records.

Rick Kam, president and co-founder of ID Experts (sponsors of the study) says:

We talk with healthcare compliance people dealing with data breach risks every day and they just can’t get their arms around the problem of data exposure. Unfortunately, in healthcare organizations, patient revenue trumps risk management.†

Check out I.I.I. info on ID theft.

Small Companies Ignore Data Breach Potential

Most small private companies ignore the risk of data breach, despite serious concerns over the financial consequences of a breach, according to a just-released survey from Chubb.

Some 92 percent of executives surveyed did not believe it likely that they would endure an electronic breach of confidential customer information that would require them to comply with costly notification laws in more than 40 states.

What’s more, most (67 percent) of the companies in Chubb’s survey do not have an incident response plan for an electronic security breach.

Yet a breach of electronically-stored private customer data was seen as the third most financially damaging event a company could experience, according to the survey.

The findings come as a list compiled by the Privacy Rights Clearinghouse shows that more than 500 million sensitive records, such as personal medical records, credit card  and social security numbers,  Ã‚  have been compromised due to data breaches  in the U.S. since 2005. And the Clearinghouse says this is only a fraction of the total number of breaches.

Ahead of data breaches, an employment practices lawsuit followed by employee theft were the most financially damaging events a company could experience, according to Chubb’s survey.

Nearly one in five (16 percent) of those surveyed expect an EPL charge would be lodged against their firm in the next 12 months.

Meanwhile, 54 percent expect their employees would steal company funds, equipment, inventory or merchandise in the next year. Just 30 percent of companies have experienced such thefts in the past five years.

The Chubb Private Company Risk Survey interviewed decision makers at 451 U.S. for-profit companies, more than 90 percent of which had annual revenues of less than $25 million.

Check out I.I.I. information on identity theft  and the I.I.I. small businessowners’ guide to insurance.

A View To Building Better

The grand opening of the Institute for Business & Home Safety (IBHS) Research Center yesterday demonstrates insurers’ ongoing commitment to reduce and prevent damages and losses caused by natural disasters.

This unique, state-of-the-art, multi-risk applied research and training facility on a 90-acre parcel of land in Chester County, South Carolina, will significantly advance building science by enabling researchers to more fully and accurately evaluate various residential and commercial construction materials and systems.

At yesterday’s opening USA Today reports  that researchers used more than 100 giant fans to create hurricane-force winds in an experiment that  destroyed a home built with conventional construction materials and standards within minutes, but left a home  built with fortified materials standing at its side.

Check out this IBHS video on YouTube to see the results for yourself:

Data Theft Tops Physical Loss At Companies

Theft of information and electronic data at global companies has risen in the past year and overtaken physical theft for the first time as the most widespread fraud, according to the latest edition of the Kroll Annual Global Fraud Report.

The study reveals that data theft was reported by 27.3 percent of companies over the past year, up from 18 percent in 2009. In contrast, reported incidences of theft of physical assets or stock declined slightly from 28 percent in 2009, to 27.2 percent in 2010.

Information-based industries reported the highest incidence of theft of information and electronic data in the past year. Financial services (42 percent in 2010 vs. 24 percent in 2009) and professional services (40 percent in 2010 vs. 27 percent in 2009) are most vulnerable to data theft.

As for the cost of fraud, Kroll says the total amount lost by businesses to fraud in the past year went from $1.4 million to $1.7 million per $1 billion of sales – an increase of more than 20 percent.

Kroll also observed that the speed of technological developments poses new challenges in the fight against fraud.

Nearly one-third of companies (28 percent) reported information infrastructure complexity as the single most important factor in raising exposure to fraud. However, despite the increased risk, only 48 percent of companies are planning to spend more on information security in the next 12 months, down from 51 percent last year.

The findings are the result of a study commissioned by Kroll with the Economist Intelligence Unit or more than 800 senior executives worldwide.

The  Financial Times has more on this story.

Check out I.I.I. information on identity theft insurance.

YouTube and Insurance

As many of you know, our mission at the Insurance Information Institute (I.I.I.) is to improve public understanding of insurance – what it does and how it works.

We’re constantly looking at new ways to demystify what can be a complex topic to a broad range of constituents. Social media tools can help us in that effort.

In addition to our two blogs (Terms + Conditions and Straight Talk), I.I.I. has a Facebook page and a YouTube channel, as well as numerous Twitter feeds  (@iiiorg @Bob_Hartwig @JeanneSalvatore @LWorters @III_Research).

But this week the actuarial profession took us to a new level by showing how a catchy theme song and YouTube can work to powerful effect.

As of this morning, there have been more than 3,200 views of the What is An Actuary Song below.

(Hat tip to @reinsurancegirl for spreading the news via @Actpub)

Just imagine what “An insurer is your hero† theme tune could do to show the important role the insurance industry plays in taking risk.


The Dangers of Searching Online

And now for some celebrity news.

Cameron Diaz, Julia Roberts and Jessica Biel are the riskiest celebrities to search for on the Internet.

Yes – this trio of American actresses top the list of most dangerous celebrities in cyberspace, according to Internet security company McAfee.

Meanwhile, politicians like U.S. president Barack Obama and, dare we mention her name  in the same sentence, Sarah Palin are among the safest.

McAfee research found that searching for the latest Cameron Diaz pictures and downloads yields a 10 percent chance of landing on a website that’s tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware.

Clicking on these risky sites and downloading files like photos, videos or screensavers exposes surfers or consumers to the risk of downloading the viruses and malware designed to steal their personal information, the study revealed.

McAfee noted that while consumers are getting smarter about searching online, cybercriminals are getting sneakier in their techniques. Dave Marcus, security researcher for McAfee Labs, says:

Now they’re hiding malicious content in ‘tiny’ places like shortened URLs that can spread virally in social networking sites and Twitter, instead of on websites and downloads.†

In case you were wondering, three of Victoria’s Secret top models are among the top 10 this year. Searching for downloads of Gisele BÃ ¼ndchen (#4), Adriana Lima (#6), and Heidi Klum (#9) can result in landing on a high percentage of risky sites.

Leading men Brad Pitt (#5) and Tom Cruise (#8) also made the top 10.

Check out I.I.I. information on identity theft.