Share on FacebookShare on Twitter
Trent Steele's Windows Power Newsletter
Welcome
Technology News
New Software
Search Engine Spy
Recommendations
Bonus Item Article
February 6th 2012 www.software-street.com
 
Your Bookmarks YourBookmarks
Software Street
Best-selling software tools
www.software-street.com
Privacy Central
Software recommendations
www.privacy-central.com
Search Street
The Google alternative
www.search-street.com
Software Giveaway
Claim $4000 in software
software-giveaway.com
 
Win Yourself an iPod!!
 
Friend: Grab A Cyberumbrella!

Good morning!

Trent Steele here with the latest edition of the Windows Power User newsletter!

Is cybercrime raining down on you?

Cyberattacks are increasing at an alarming rate.

For large companies, it's costing them millions.

As if that wasn't bad enough, insurance companies are starting to panic.

For some of them, the risks are getting too great.

So is there a way to stay safe -- without going bankrupt?

Find out whether or not it's time to get yourself protection in the form of a "cyberumbrella" in this week's bonus article below.

Enjoy your week --

Trent Steele

Trent Steele, Site Manager.
http://www.software-street.com


 
Back to top
Tech News Friend's Tech News...
  Apple overturns Motorola's ban

  
FBI probes Anonymous phone hack

  
BT vow fibre optic 'game changer'

  
Hackers fool bank security system

  
Megaupload bail appeal rejected
 
Back to top
Soeftware Downloads Brand New Software Downloads...
  Save2pc Pro - Video file downloader

  
nfsAxe Windows NFS Client and NFS Server

  
WinaXe Windows X Server

  
WinaXe Plus SSH X-Server for Windows

  
AceaXe Plus Windows XServer
 
Back to top
Search Term Search Term of the Day...
Did you know the number one search term yesterday was...

Facebook

Click HERE to search this term at Search-Street.com >>
 
Back to top
Recommendations Friend's Recommendations...
Every week, we recommend a series of exciting new hardware and software tools that we think you'll find interesting. Here's what we have for you this time...
 
Don't Panic!
Hit The Panic Button!
Let Panic Button Pro take all the trouble out of hiding your screen, folders and private files from prying eyes!
 www.panicbuttonpro.com
 
Total Anonymity Online!
Anonymeister Secure Browsing!
Enjoy 100% secure browsing with the amazing Anonymeister! Hides your IP address and clears surfing traces ? for TOTAL PRIVACY!
www.anonymeister.com
 
Internet History Cleaner!
Internet History Cleaner!
Keep your PC clean and protected! Erase your browsing history and keep attackers at bay. Free Home Keylogger included!!
www.internethistorycleaner.ws
 
Change your MAC address!
Change MAC Address!
Change your MAC address in just two clicks! Enjoy better WiFi privacy, freer gaming, and get authenticated by your ISP!
 www.changemacaddress.net
 
Give Your PC A Tune-Up!
The Ultimate Registry Cleaner!
Sluggish computer getting you down? The Ultimate Registry Cleaner will make your PC as good as new again - in just 10 minutes!
 www.ultimateregistrycleaner.com
 
Keep Files Private!
Photo Vault Pro: Total Protection!
Hide ALL your personal files inside a "Virtual Vault" - with the world's most powerful file security tool!
www.photovaultpro.com
 
Dynamic IP Notifier!
The All New Dynamic IP Notifier!
Let your PC notify you whenever your IP addresses change! Keep track of your IP addresses automatically!
www.dynamicipnotifier.com
 
Rip That Music!
Rip That Music!
Automatically convert YouTube videos to MP3 music files! Fast, easy way to download ALL your favorite tunes!
 www.ripthatmusic.com
 
 
Back to top
Do You Need A Cyberumbrella?

If your company were hit with a cyberattack today, would it be able to foot the bill?

The entire bill, including costs from regulatory fines, potential lawsuits, damage to your organizations' brand, and hardware and software repair, recovery and protection?

It's a question worth careful consideration, given that the price of cyberattacks is rising at an alarming rate. The second annual Cost of Cyber Crime study, released last August by the Ponemon Institute, reported that the median annualized cost of cybercrime for a company is $5.9 million -- a 56% increase from the 2010 median figure.

A growing number of insurance companies are offering policies that provide protection in the event of data breaches and other malicious hacks. But they're having some difficulty making many sales -- in part because the cost of premiums can be staggering.

Lawyers and information security leaders say many executives mistakenly believe that standard corporate insurance policies or general liability policies cover losses related to hacking, or that their cyberpolicies, if they have them, will cover all costs related to a breach. Most of the time, they won't.

A February 2011 paper by Forrester Research analyst Khalid Kark indicates that many companies are still trying to understand the basics of these policies, which are offered by such carriers as ACE USA, Chubb, The Hartford and St. Paul Travelers Cos. The most common questions revolve around what types of polices are out there, what they cover, how to select the right policy and whether such insurance is even needed.

IT leaders are particularly likely to get confused, because tech execs have not traditionally made decisions about corporate insurance. Likewise, the risk management and legal teams that typically do make insurance decisions have not customarily sought out their IT counterparts for advice.

Yet, IT's input is crucial when it comes to deciding whether to purchase cyberinsurance and determining what coverage to buy, security experts say.

"The IT people and the risk people desperately need to get together to talk about risk in terms of information technology and the likelihood and outcomes of a breach," says Don Fergus, an IT risk consultant and 2012 chairman of the IT Security Council for the security professionals organization ASIS International.

What's Covered, What's Not
Some companies purchase standard insurance policies and think they're fully protected, not realizing that the policy might cover physical property but not intangibles. For example, a property insurance policy would cover the cost of a server smashed up by a disgruntled employee, but it wouldn't cover the company's liability for failing to perform a service for a client as a result of the server downtime.

Liability insurance generally offers protection from lawsuits or claims, but Fergus points out that general liability, errors and omissions, and directors and officers liability insurance policies will not cover claims arising from electronic data loss or lack of access to that data.

Ken Goldstein, vice president of Chubb Group of Insurance Cos. in Warren, N.J., explains that cyberinsurance falls into two general buckets. The first bucket covers costs associated with third-party liabilities -- that is, claims from other organizations. And the second covers first-party expenses and losses -- that is, damage to your own organization. Additionally, policies are available that cover other costs, such as third-party notification and PR expenses.

Of course, companies can purchase policies to address both first and third parties, so they're covered for a range of scenarios -- from the cost of notifying customers whose data was breached, to the cost of hiring a forensic IT team, to even the cost of extortion and ransom demands, Goldstein says.

IT Pros as Insurance Experts?
Companies considering a policy need to determine exactly what coverage they need and whether it makes sense to pay the premiums associated with that coverage, says Eric J. Sinrod, a San Francisco-based partner at national law firm Duane Morris.

That's where IT comes in. An organization's risk management and legal folks understand the language of insurance riders and exclusions, but no one is better equipped to understand and articulate an organization's information security system than the people who run it.

"The CIO is on the front lines in dealing with information systems and should know about actual and potential problems," says Sinrod.

Insurance companies will want to know what security exists at a company before they write any policy, and they might even require a third-party audit to verify what's in place, says Mark Lobel, a principal and security benchmarking expert at PricewaterhouseCoopers. Therefore, companies must ensure they follow the best information security practices for their industries, he says.

IT leaders should then determine potential threats, the likelihood that they will occur, and how such threats will impact the organization if they do happen.

"You can't insure [correctly] if you don't understand the risks," Lobel explains.

Not all companies -- or all IT departments -- are comfortable with this level of self-scrutiny, points out ASIS International's Fergus. "There is a head-in-the-sand kind of view," he says. "IT people may know they're vulnerable, but they don't want to write it down."

Sticker Shock
Even companies that have done their due diligence can be in for a jolt, Fergus says.

"They go out to the [insurance] carriers, and they get sticker shock."

That's because cyberliability insurance can cost $7,000 to $40,000 per million dollars of loss. And with losses possibly totaling in the tens -- or even hundreds -- of millions, a policy that covers such costs can carry a staggering price tag.

Deciding how much coverage to buy can be tricky. Too little, and you don't cover your exposure. Too much, and you face the prospect of sky-high premiums. In Towers Watson's 2011 Risk and Finance Manager Survey, 61% of the responding companies that were carrying network liability policies said that they had bought $10 million to $49.9 million in coverage limits; only 8% had purchased policies with $50 million or more in coverage limits.

Some companies take a look at the cost of coverage and balk. Others worry about payouts, particularly in light of a few high-profile cases in which the insurer and the organization filing a claim wound up in court. Sony and the University of Utah were among the organizations involved in such cases.

Hord Tipton, executive director of the nonprofit International Information Systems Security Certification Consortium, says his organization doesn't carry cyberinsurance. Companies that do, he contends, may become lax. He warns:

"A company should not let complacency set in just because they are insured."

More important, Tipton maintains, insurance couldn't help his organization recover the most valuable asset it could lose in a breach: its reputation.

Chubb's Goldstein counters that logic, saying companies might find that they can survive the hit to their reputation only to realize that the costs of repairing other damage will do them in. As he points out:

"You'd hate to assume you'd be out of business because of reputational damage, only to find what sunk you wasn't the reputation but the cost of the liability."

Mary K. Pratt is a Computerworld contributing writer in Waltham, Mass.
 
Back to top
WCCL Network
© WCCL 2012. All rights reserved. Privacy Policy

[Unsubsribe instructions would go here]