As PSA’s cybersecurity specialist Mike Volk is responsible for helping clients make informed decisions about cyber insurance and develop strategies to reduce cyber risk. For the past six years he has helped individuals and organizations navigate the complex cybersecurity landscape.
Cyber threats aren’t going away or becoming any easier to address. According to a recent study conducted by Hiscox Insurance in the past year, 72 percent of large companies in the U.S. have reported at least one attack. Sixty-eight percent of smaller U.S. companies during this same period reported at least one attack.
Leaders are increasingly acknowledging that investing in cybersecurity is a smart business decision. They are making cyber risk management an enterprise priority and dedicating time and resources to understand their risk. For these leaders, the goal is resiliency – the ability to withstand and quickly bounce back from an incident without severe business interruption or reputational damage. Cyber-resilient organizations know what assets and systems they are protecting and focus their efforts on likely threats. At the core of cyber risk resiliency and incident response is understanding and managing the legal, regulatory and contractual requirements regarding data privacy and security. Unfortunately, instead of laying the groundwork for a robust cybersecurity capability, these factors can become yet another roadblock for many organizations. Continue Reading
Businesses tend to focus most on purchasing the latest technology to protect against cyber threats without fully understanding their organizational exposures. While technology is critical, it should only be a part of a holistic cyber resiliency strategy. A good place to begin for many leaders is to establish a fundamental understanding of cyber risk, how it impacts their organization, and seek cybersecurity strategies that address the people, process and technology exposures. Armed with this knowledge, leaders should embrace their role as a cybersecurity champion for the organization. Continue Reading
Effective cyber risk management involves every part of an organization. Cybersecurity policies guide employee behavior and shape culture. Cybersecurity training helps employees — from IT staff to administrative professionals to C-suite executives — understand and protect the organization from cyber threats. Technology helps enforce policies and provides essential defense and detection capabilities. But the success of any initiative on this scale — one that impacts the entire organization —will succeed or fail based on the vision and engagement of executive leadership. Continue Reading
In a recent blog post, we shared two prevalent cyber risks that your organization should be aware of — phishing and malware. Of course, those aren’t the only two threats you face when using technology or handling electronic data. This blog post provides an overview of two additional cyber threats to help you build a foundational awareness of some of the most common threats and make informed decisions about operating securely in today’s interconnected environment. Continue Reading
Keeping up with the ever-changing cyber threat landscape is essential for making smart decisions about cyber risk management. For many leaders, combing through the constant stream of information can be challenging and time consuming. A good approach to sort through the intimidating amount of information is to set a simple, achievable goal of dedicating time each week to read notable cybersecurity headlines. The goal is not to become a cybersecurity expert, but to build a general knowledge base and awareness of current issues that can inform decisions and help determine the cybersecurity strategy for the organization. Continue Reading
Did you know? To date, in 2017 there have been 133 reported data breaches in the healthcare industry – on average 17,849 records breached per incident. The Ponemon Institute estimates the cost per lost or stolen healthcare record to be about $400. This does not include fines and penalties, which can further increase the cost. Do the math, healthcare breaches are expensive. Continue Reading
You’ve probably read about major cybersecurity failures of large organizations, such as Yahoo, Sony, LinkedIn, Target, the Democratic National Committee, and the list goes on. While they’re not always in the headlines, evidence shows that small and medium-sized organizations are increasingly becoming the targets of cyber criminals and malicious actors. According to the most recent Internet Security Threat Report that was published in 2016 by Symantec, 65 percent of all spear-phishing attacks target small and medium-sized organizations. Continue Reading
Businesses have to use technology to compete and by doing so they are exposed to new risks related to data and network security. Yet options to do anything meaningful to protect data and networks can be confusing, limited or simply inadequate. Further complicating the issue is that society and laws are struggling to catch up with technology so it is difficult to fully understand cyber risks and the financial consequences of doing business in the cyber age. This reality can make it difficult for leadership teams in organizations to determine the best way to approach cybersecurity. Continue Reading
