Showing posts from November, 2015

Cyber insurance turns-out from unknown to mandatory in few month

The 3 major reasons to consider a cyber insurance in 2016 include:

First, an efficient way to transfer the financial impact of the cyber residual risk to a 3rd partySecond, regulators are now starting requesting it for most of the businessesThird because it is the easiest way to transfer external risk link from one 3rd party to another 3rd party It sounds nice and easy. Think encore !
Even if the financial liability is covered by a cyber policy, the responsibilities remains owned by the organization. Regulators and US courts are now seeking to assess the companies effort to prevent any breaches. The cyber capabilities developed by the company to protect the confidential data are analyzed as well as the root cause of the breach. Therefor the companies responsibilities is engaged.
Ownership of cyber resilience is not a geeky lingo anymore since it became a serious concern for the seniors management.
Cyber insurance will require to review the cyber exposure by going beyond the data owned but …

FTC empowered by US court of appeal to regulate cybersecurity

USA reinforce the corporate responsibilities for protecting confidential data. All the public administrations are moving together in 2015. The White House (eg NIST CS), the Financial institution regulators (eg FFIEC) and last September the FTC.

FTC has been empowered by the United States Court of Appeals. 

It append in FTC v. Wyndham Worldwide Corp. The precedent created then give the authority to the FTC to regulate the cybersecurity maturity of businesses under the existing laws.
This is a new step on controlling the companies practices to protect confidential information.
FTC is now part of the group of "official" organ to regulate cybersecurity.
Interesting to notice that it was a court decisions.
Lets think encore...