November 01
One thing a risk manager with cyber in their captive can’t ignore: supplier risk.
Supply chain as an attack vector is a well-established priority for corporate security teams. It has been on the radar of C-suites as far back as the 2013 Target breach that resulted in the theft of over 70 million customer records. That breach was attributed to a vulnerability hackers exploited in the computer systems of Fazio Mechanical Services, an HVAC contractor Target used, which was using a free antimalware service that had limited security protocols in place. The event cost Target was somewhere between $300-$400 million (even with a reported $90 million insurance recovery).
October 30
Surge in data-theft incidents highlights dynamic nature of the threat
Data privacy breaches represent the largest shift in criminal behavior over the past year. It’s indicative of the human behavioral nature of cyber risk: as controls are put in place to protect one area, attackers find avenues for monetary gain in another. Understanding this can help risk and security teams avoid becoming the next Cencora or ADT.
October 16
As attacker strategies and tactics evolve, risk officers with enterprise risk management mandates should as well
The number of cyber attacks continue to soar. CISOs and Risk Officers should focus more closely on understanding the intensity of the peril, not just measuring defensive posture, in order to make better risk-informed decisions. Cyber is fundamentally a human behavioral risk that requires a forward-looking approach that can adjust for realtime changes an organization’s risk intensity.
October 08
When looking at what makes cyber risk ‘dynamic’, the need for a different approach is clear
Trillions of dollars spent every year on digital transformation has resulted in large corporate IT networks becoming ever more complex. Meanwhile, attackers in pursuit of financial gain are constantly evolving tactics, techniques, and procedures to get around security controls to gain access to these networks and steal data. Cyber is a human behavioral risk and as a result, it’s dynamic. Controls that worked on attackers yesterday may not work today. Despite increased risks, digital transformation will remain a business imperative. But companies are losing visibility of their own IT environments and conventional approaches to managing the risk are proving insufficient.
September 24
Cyber coverage gap won’t be fixed with more of the same
In last week’s CyFi™ note, we covered an overlooked issue in cyber: economic losses. What’s the point in taking stock of these events and the actual and potential losses? It’s important to understand the nature of this gap to then focus on creating better solutions to address it. This is a central topic in the forthcoming October edition of our monthly research note, The Intangibles.
September 10
One overlooked issue in cyber: growing economic losses
Two recent business interruption (BI) breaches involving US-listed Microchip Technology and US oil and gas services firm Halliburton are not generating the same headlines as the CrowdStrike-related disruptions or even the large-scale breach involving Change Healthcare. But BI incidents like this are causing economic losses for shareholders, and it’s becoming so common that the press barely picks up on it.
August 21
Focus on insured loss from CrowdStrike outage overlooks one key issue
Though the response and resilience of the cyber market is important, what is more critical is how risk teams proactively deploy resources to avoid large BI losses in future.
August 09
Similarities between property and cyber markets present an opportunity
At first glance, the property and cyber markets don’t have much in common, with the property’s scale of losses in the last year of $123 million far exceeding those of cyber. But there are some parallels that can help risk officers present a cohesive risk management strategy to the C-suite and board across both risks with the common objectives of more efficient risk financing and avoiding losses.
August 06
Need to look beyond security controls to avoid large costly breaches
Security controls alone, even when well managed, are not enough to protect a company from cyber criminals. Seeing the threat from the cyber attacker’s point of view is key to bolstering risk prevention efforts before the large breach. It’s no different than how we approach sports matches.
July 29
Slowing US cyber insurance market prompts need to further invest in risk prevention
In 2023, direct written premium in the US rose by only 0.1% according to recent numbers reported by AM Best. Intangic explores how a deceleration in the speed of cyber market expansion points to the need for a new approach.
featured in
