Making a point: Aon says airlines, retailers need to criminal proof loyalty points

By David Paddon

THE CANADIAN PRESS

TORONTO _ A new report on cybersecurity trends says several industries will be on the defensive as criminals increasingly target gift cards, loyalty points and other non-cash transactions.

The 2018 Aon cybersecurity report said that airline, retailer and hospitality sectors will be under pressure to adopt more innovative ways to protect themselves and customers from points theft.

The theft of loyalty points creates a dilemma because it’s not yet clear how they’re covered by business insurance policies, Aon Canada’s Brian Rosenbaum said Tuesday.

“The question is: Who are they stealing from? And what are they stealing?” Rosenbaum said.

If the theft is considered a loss of something owned by the points provider, it might be covered by a fairly standard commercial crime policy.

However, if the theft is considered the loss of confidential information entrusted to the company by customers or business partners, it might be covered by a cybersecurity policy _ a newer but increasingly common insurance.

“And maybe it’s neither, depending on how the policies are worded,” Rosenbaum said.

The multinational advisory firm said in its 2018 cybersecurity report that many industries _ including those with points programs _ will be expected to prove they’ve taken every reasonable precaution to address the risk of breaches.

In Canada, that’s a very elusive standard because it’s not yet clear what needs to be done.

“Do you have to have IT continually patching your system? Do you have to have monitoring and auditing in a very significant way? … Do we need to have a bug bounty program?”

So-called bug bounties  a way to reward ethical hackers who find bugs so they can be exterminated have been used to good effect by tech companies.

Aon’s global report predicts that airlines, retailers and hospitality companies will also add bug bounties to their arsenal of cyber defences following the lead of tech companies and financial services providers.

Rosenbaum said Canadian companies have begun making inquiries but he doesn’t think bug bounties will become common in this country yet and for good reason:  “I think there’s bugs in the bug bounty program.”

One impediment, Rosenbaum said, is that many companies don’t want to publicize their vulnerabilities but one of the motivations for ethical hackers is getting recognition for their accomplishment.

“My sense of it is that there has to be a better understanding of what the individuals get and the companies have to be clear about what they’re prepared to give … in order for these to be viable working relationships.”

Wawanesa Launches Personal Cyber Protection Portfolio in Canada

The Wawanesa Mutual Insurance Company (Wawanesa), one of the largest Canadian property and casualty insurers, is launching a new portfolio of innovative cyber protection insurance products for Canadian homeowners and home-based businesses.

Effective January 1, 2018Wawanesa will be one of the first major insurance companies in Canada to offer a personal cyber product on a mass market basis. The cyber protection portfolio, currently unmatched in its comprehensiveness goes beyond any insurance offered today to meet individual consumers’ evolving needs and preferences.  It includes protection for:

  • Cyber-attack: recovery of data and restoration of systems that have been lost or damaged;
  • Cyber extortion: payments and assistance in responding to demands to damage, disable, deny access to or disseminate content from devices, systems or data;
  • Online fraud: coverage for scams that result in a direct financial loss to the policyholder and;
  • Data breach: payment for services if third-party private person data entrusted to a household resident is breached.

“We’re committed to being an industry leader – and innovator – in providing coverages that help Canadians protect themselves and their digital connections,” said Keith HartryWawanesa’s Chief Operating Officer. “As the world becomes more interconnected and criminals become both more invasive and sophisticated, we’re ready to safe-guard anyone who operates a connected home device, stores information electronically and accesses data online.”

Modern life is full of cyber risks and many homeowners or home-based business owners don’t realize this until it’s too late.

According to Statistics Canada, cyber-crime grew by 30% in 2016. The cost to the Canadian economy is estimated between $3 billion and $5 billion a year.

“Cyber-crime is not only increasing, it’s getting much harder to stop,” added Hartry. “And Canadians are looking for solutions that protect them and ultimately provide peace of mind.  And that’s what our portfolio is built to do.”

For information about the new cyber protection visit https://www.wawanesa.com/personalcyber/.

About The Wawanesa Mutual Insurance Company
Wawanesa Mutual Insurance is one of the largest property and casualty insurers in Canada with $3 billion in annual revenues and assets of more than $9 billion. Wawanesa Mutual, founded in 1896 with executive offices in Winnipeg, is the parent company of Wawanesa General, which offers property and casualty insurance in California and Oregon, and Wawanesa Life, which distributes life insurance products and services throughout Canada. With over 3,000 employees, Wawanesa proudly serves over two million policyholders through nine regional offices and 41 service offices in Canadaand the United States.  Wawanesa actively gives back to organizations that strengthen communities where it operates, donating well above internationally recognized benchmarks for excellence in corporate philanthropy.

SOURCE The Wawanesa Mutual Insurance Company

Crawford & Company (Canada) Inc. Grows Cyber Practice in Canada

Press Release:

TORONTO (November 27, 2017) – Crawford & Company (Canada) Inc. today announced that it has grown its global cyber practice with the addition of Neal Jardine, cyber practice leader, Canada. With the ever increasing risk of cyber-attacks and data breaches worldwide, and as part of a larger global cyber practice, Crawford & Company’s® established and effective cyber program is comprised of more than 100 accredited incident managers and adjusters throughout the world. As the sole cyber loss management partner for a number of international insurer clients and corporations, Crawford is a leading cyber claim management expert for the marketplace.

As a seasoned senior general adjuster with Crawford’s Global Technical Services (GTS®) division, Neal Jardine has more than a decade of experience, both domestically and internationally, adjusting property and casualty claims, including cyber losses. Leveraging his experience as a professional loss adjuster and academic credentials in computer science, Jardine possesses a unique set of skills and knowledge to effectively mitigate cyber losses. His technical understanding of network architecture, data management systems and their supporting technologies enables him to identify risks and best respond to client needs following a cyber incident.

“We are fortunate to be able to leverage Crawford’s global cyber team to bring to the Canadian market proven best practices in our cyber incident response model,” said Paul Hancock, vice president, Global Technical Services (GTS®), Canada. “Neal is well placed to develop our Canadian practice and access the technical resources of the delivery model.”

More details of Crawford’s global cyber risk program are available on the company’s website. For more information, contact Neal Jardine, Senior General Adjuster / Cyber Practice Leader Tel: 416.957.5040 Email: Neal.Jardine@crawco.ca For media inquiries, please contact: Gary Gardner, Senior Vice President Global Client Development Tel: 416.957.5019 Email: Gary.Gardner@crawco.ca About Crawford® Based in Atlanta,

Crawford & Company (NYSE: CRD‐A and CRD‐B) is the world’s largest publicly listed independent provider of claims management solutions to insurance companies and self‐insured entities with an expansive global network serving clients in more than 70 countries. The Company’s two classes of stock are substantially identical, except with respect to voting rights and the Company’s ability to pay greater cash dividends on the nonvoting Class A Common Stock (CRD-A) than on the voting Class B Common Stock (CRD-B), subject to certain limitations. In addition, with respect to mergers or similar transactions, holders of CRD-A must receive the same type and amount of consideration as holders of CRD-B, unless different consideration is approved by the holders of 75% of CRD-A, voting as a class.

More information is available at www.crawfordandcompany.com.

Beazley Canada strengthens its cyber risk team

Specialist insurer Beazley has appointed Miki Ho as cyber risk underwriter. Based in the company’s Toronto office, Mr Ho’s focus will be on developing Beazley’s portfolio of cyber liability and technology risks for large enterprises in Canada.

Mr Ho joins Beazley from Allianz where he was a senior underwriter for cyber and professional liability risks, following previous underwriting and broking roles with a portfolio of clients in the financial institutions sector.

Paul Bantick, Beazley’s Technology, Media & Business focus group leader says: “We are excited by the opportunities we see to support Canadian businesses against the risks of cyber liability and data breach. With the cyber and technology risk landscapes changing rapidly and the number of data breaches unabated, the demand for cyber insurance products is growing strongly. With Miki having joined our team, we are well placed to take advance of this growing demand and the opportunities that exist in the Canadian market.”

Phil Baker, head of Beazley Canada, adds: “Beazley is a market-leading provider of cyber liability, technology errors & omissions, and miscellaneous professional liability coverage, with a global team structured to deliver local solutions. Miki will play a pivotal role in delivering those local solutions to brokers and clients in Canada.”

Note to editors:

Beazley plc is the parent company of specialist insurance businesses with operations in Europe, the US, Canada, Latin AmericaAsia and Australia. Beazley manages six Lloyd’s syndicates and, in 2016, underwrote gross premiums worldwide of $2,195.6 million. All Lloyd’s syndicates are rated A by A.M. Best.

Beazley’s underwriters in the United States focus on writing a range of specialist insurance products. In the admitted market, coverage is provided by Beazley Insurance Company, Inc., an A.M. Best A rated carrier licensed in all 50 states. In the surplus lines market, coverage is provided by the Beazley syndicates at Lloyd’s.

Beazley is a market leader in many of its chosen lines, which include professional indemnity, property, marine, reinsurance, accident and life, and political risks and contingency business.

For more information please go to: www.beazley.com

SOURCE Beazley

Know the Odds: The Cost of a Data Breach in 2017

Source: Security Intelligence: Larry Ponemon & Wendi Whitmore

We’ve all heard that when it comes to experiencing a data breach, the question is not if it will happen, but when. You may be wondering about the actual odds of it happening to your organization.

Think about it this way: The chances of being struck by lightning this year are 1 in 960,000. When it comes to experiencing a data breach, according to the Ponemon Institute’s “2017 Cost of Data Breach Study: Global Overview,” the odds are as high as 1 in 4. Therefore, organizations must understand the probability of being attacked, how it affects them and, even more importantly, which factors can reduce or increase the impact and cost of a data breach.

Rapid Response Drives Down the Cost of a Data Breach

Sponsored by IBM Security and independently conducted by the Ponemon Institute, the 12th annual “Cost of Data Breach Study” is out. The findings revealed that the average total cost of a data breach is $3.62 million in 2017, a decrease of 10 percent over last year. Additionally, the global average cost per record for this year’s report is $141, which represents a decrease of 11.4 percent over last year.

Despite the reduction in cost, the average size of a data breach increased by 1.8 percent to 24,089 records. The influencers that impact the cost of a data breach are driven by the country and the IT initiatives underway.

The good news is that organizations can take measures to minimize cost and impact. The 2017 “Cost of Data Breach Study” found that having access to an internal or outsourced incident response team has been the top cost-reducing factor for three years running. An incident response team typically accelerates the time frame in which security events can be contained, which is a significant factor in reducing the overall cost of a breach.

The IBM X-Force Incident Response and Intelligence Services (IRIS) team specializes in providing incident response planning, program development, remediation and threat intelligence to clients in over 133 countries. The team has experience responding to and helping to contain many of the largest data breaches in the world.

Five Steps to Accelerate Your Incident Response

Listed below are five additional tips to help accelerate your organization’s response to a breach.

  1. Speed to respond is critical. The more quickly you can identify what’s happened, what the attacker has access to, and how to contain and remove that access, the more successful you will be.
  2. Set up retainers in advance. In the event of a breach, an experienced team of incident response experts can help you quickly identify and contain the attack, and minimize costly delays.
  3. Access the data needed to answer investigative questions. Be prepared to provide responders with logs and tools to help them understand what happened. For example, what did the attackers access and what did they copy or remove from your environment?
  4. Mitigate the attacker’s access quickly. Plan with the IT staff in advance to understand how to be effective and efficient in a crisis. Consider the following:
    1. How to execute an enterprisewide password reset quickly;
    2. How to reset your service accounts; and
    3. How many of your service accounts have domain administrator credentials.
  1. Establish an internal communications plan. If you have to shut down parts of your environment or reset thousands of users’ passwords, your employees will have a lot of questions. This speculation can have critical ramifications, so it’s important to document a plan to ensure that your employees understand what they can and cannot share publicly.
Insurance a second line of defence against cyberattack losses

Insurance a second line of defence against cyberattack losses

DAVID ISRAELSON | The Globe and Mail

Even if small or medium-sized businesses do everything to protect themselves against hackers, they may want to consider a second line of defence – cyberliability insurance.

It’s relatively new, but it’s a growing area for insurance companies. And with the advent of worldwide threats such as the recent WannaCry ransomware virus, it is suddenly a more urgent consideration than ever.

“We haven’t had a lot of requests so far, but it’s a huge field,” says Mark Lipman, president of Consolidated Insurance Brokers Ltd. in Toronto.

By the end of last year, the worldwide market for cyberinsurance was about $3-billion (U.S.), according to a report from Allied Market Research of Portland.

The market is expected to grow year over year by 28 per cent and reach $14-billion in gross premiums by 2022, Allied’s report says.

Mr. Lipman says that, to date, the SMBs his brokerage deals with tend to add on a small amount of cyber-related coverage to their standard commercial policies.

“It’s usually around $25,000 in coverage – which costs an extra $100 on a $1,000 commercial policy,” he says.

Mr. Lipman adds that his firm recommends that SMBs boost their coverage, because of the ever-growing risk of cyberattacks. “We put it [a recommendation] in all the letters we send, either to take coverage or to increase it.”

While this may sound like a self-serving sales pitch by insurers, trends and statistics suggest that the threat of attacks on SMBs is not only real, but also growing fast.

“Cybersecurity insurance is becoming a must-have for most businesses. There is simply no way for an organization to be completely protected from a breach,” say Rohit Sethi, chief security officer for Security Compass, a Toronto-headquartered firm that provides tech-based protection for corporate data.

“This is especially true for SMBs who rarely have security teams on staff and can scarcely afford many leading-edge security solutions. Insurance helps mitigate the financial impact to any company, but every business should treat it as an additional safeguard,” he says.

Small businesses appear to be growing targets for phishers, spear-phishers and cyber-ransomers. A report by security firm Symantec noted in 2014 that attackers targeted small businesses 34 per cent of the time – an increase from 11 per cent just three years before.

Lawyer Lisa Lifshitz, a partner at Toronto firm Torkin Manes LLP, says it has been estimated that criminals launch 3.5 new digital threats against SMBs every second.

Writing in Canadian Lawyer magazine, she said that, “29 per cent of all small businesses have experienced a computer-based attack that affected their reputations, involved the theft of business information, resulted in the loss of customers or experienced network and data centre downtime.”

While any SMB can be a cybercriminal’s target and suffer damage, the risk goes up if the business’s data is ultrasensitive. Since 2014, LawPro, the mandatory insurance program covering Ontario-based lawyers, includes coverage for up to $250,000 for cybercrime.

This coverage is “modest” for firms whose data can easily be compromised in, say, a $1-million residential real-estate deal. “We say modest because, like the fraud risks the profession has faced over the years, there is no way to predict the total possible exposure,” LawPro says.

Lawyers (and others) should always look to what’s covered and what’s not covered in their cyberpolicies, says Addison Cameron-Huff, a Toronto-based tech lawyer. “The interesting part of every policy is the exclusions,” he says.

Indeed, LawPro cautions its lawyer policy holders to “remember that any losses from cybercrime that are not connected with the provision of legal services will not be covered … [such as] damage to equipment or software, business interruption and reputational harm.”

Lawyers, and any other SMBs, can buy coverage that either pays out more or includes more possible types of losses. But it’s buyer beware, Ms. Lifshitz warns.

“Every insurance company deals with coverage differently. There are always going to be carve-outs” for situations that insurers won’t cover, she says.

Speaking in an interview, Ms. Lifshitz adds that insurance companies will do their own due diligence of SMBs before offering coverage. It’s the equivalent of having an inspector come to your house to see whether you have railings and fire alarms before you get home coverage.

If a smaller entity hasn’t taken the steps to become cyberinsurance ready, they’re not going to get coverage, she says.

The Insurance Bureau of Canada has published a checklist for businesses looking for cyberinsurance. These businesses should ask themselves:

– How many records with personal information does your company keep?

– How much sensitive commercial information do you keep?

– What security do you have in place that might reduce your insurance premium?

– Do you need to encrypt all your laptops, phones and tablets?

– Do any third parties you deal with have unencrypted media?

– Would you be able to make a claim on the policy you choose even if you haven’t discovered a breach for several months or years?

Page 1 of 3123

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from ILSTV

You have Successfully Subscribed!

Pin It on Pinterest