Connect with us

Business

Will cyberattacks be uninsurable in 2023? Three steps that financial organisations can follow now

Source: Finance Derivative

By James Blake, Field CISO of EMEA, Cohesity

The growing number of cyber attacks and subsequent damage has led to an increasing demand for cyber insurance. Swiss Re Insurance expects total premiums paid to more than double from $10 billion from 2020 to $23 billion by 2025. But this is being questioned by both insurance companies and by customers: is insurance effective, is it feasible, what does it cover and what does it enable?  The CEO of Zurich Insurance, Mario Greco,  said in an interview with the Financial Times recently that cyberattacks will soon become “uninsurable”. Indeed, insurance and prevention have both proved ineffective in stopping cyberattacks like ransomware or in enabling organisations to recover afterwards. Instead organisations must shift their focus onto recovery, What can companies do to meet this challenge? James Blake, Field CISO of EMEA at data management and security provider Cohesity, has three recommendations.

More than 400 million US dollars – that’s how much damage the data leak at Capital One caused in 2019. And the number of such attacks, which have catastrophic consequences for the companies affected, has continued to increase since then. According to Check Point, in the third quarter of 2022 alone, global attacks increased significantly by 28% compared to the same quarter of the previous year.

Where cyber risk used to be limited to areas such as data breaches and third-party liability, ransomware attacks have shifted the damage to core business and accountability. Cyber insurers had to react to the increased risk and have adjusted their offers, as an analysis by Swiss Re Insurance shows. According to PWC, from the insurer perspective, the fast-increasing frequency of ransomware attacks (and the growing associated impacts and ransom demands) and business interruption claims has resulted in cyber becoming a less profitable area of insurance in recent times. The situation has stabilised over the past year as customers have had to pay higher premiums and meet stricter terms and conditions. Swiss Re Insurance expects total premiums paid to more than double from $10 billion to $23 billion by 2025.

More expensive and more difficult to qualify

This is bad news for the financial industry, as insurers are becoming stricter and asking for higher premiums. Cohesity’s legal experts looked at the leading ransomware insurance policies on the market at the end of 2022 and found that ultimately, such guarantees are little more than thinly veiled limitations of liability that benefit the providers – not the customers.

However, there are some measures that companies can use to protect themselves effectively in this new market situation:

  1. The 3-2-1 strategy remains current: keep an isolated copy of the data

In some cases, organisations are required to quarantine an offsite copy of their production records as part of a 3-2-1 strategy to qualify for cyber insurance.

To do this, they can use a SaaS service which keeps an encrypted copy of the production data in the cloud, isolated by a virtual air gap. The data stored there is monitored with multi-layered security functions and machine learning, and anomalies are reported immediately.

  1. Tear down silos and merge data with zero-trust in mind

In general, financial organisations should consolidate all their distributed data on a scalable data management platform and ensure they can backup their data across all their infrastructure and assets. Furthermore, the data must be protected in a zero trust model, where the data is encrypted during transfer and on this storage, access is strictly regulated with rules and multi-factor authentication. In addition, all data stored in it can be managed according to compliance requirements and, thanks to immutable storage, is better protected against ransomware.

  1. Improve collaboration between IT and SecOps teams for cyber resiliency

In addition to these technical measures, financial organisations should optimise the collaboration between their IT and security teams and adopt a data-centric focus on cyber resilience. For too long, many security teams have focused primarily on preventing cyberattacks while IT teams have focused on protecting data including backup and recovery.

A comprehensive data security strategy must unite these two worlds and IT and SecOps teams must work together before the attack takes place. Both teams should be guided by the NIST framework. This holistic approach defines five core disciplines: Identify, Protect, Detect, Respond and Recover.

If a financial company can demonstrate such a mature data security strategy, this will not only have a positive effect on insurance cover, but will generally reduce the risk of incidents and possible consequential damage through failure or data loss.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Driving business success in today’s data-driven world through data governance

Source: Finance derivative

Andrew Abraham, Global Managing Director, Data Quality, Experian

It’s a well-known fact that we are living through a period of digital transformation, where new technology is revolutionising how we live, learn, and work. However, what this has also led to is a significant increase in data. This data holds immense value, yet many businesses across all sectors struggle to manage it effectively. They often face challenges such as fragmented data silos or lack the expertise and resources to leverage their datasets to the fullest.

As a result, data governance has become an essential topic for executives and industry leaders. In a data-driven world, its importance cannot be overstated. Combine that with governments and regulatory bodies rightly stepping up oversight of the digital world to protect citizens’ private and personal data. This has resulted in businesses also having to comply e with several statutes more accurately and frequently.

We recently conducted some research to gauge businesses’ attitudes toward data governance in today’s economy. The findings are not surprising: 83% of those surveyed acknowledged that data governance should no longer be an afterthought and could give them a strategic advantage. This is especially true for gaining a competitive edge, improving service delivery, and ensuring robust compliance and security measures.

However, the research also showed that businesses face inherent obstacles, including difficulties in integration and scalability and poor data quality, when it comes to managing data effectively and responsibly throughout its lifecycle.

So, what are the three fundamental steps to ensure effective data governance?

Regularly reviewing Data Governance approaches and policies

Understanding your whole data estate, having clarity about who owns the data, and implementing rules to govern its use means being able to assess whether you can operate efficiently and identify where to drive operational improvements. To do that effectively, you need the right data governance framework. Implementing a robust data governance framework will allow businesses to ensure their data is fit for purpose, improves accuracy, and mitigates the detrimental impact of data silos.

The research also found that data governance approaches are typically reviewed annually (46%), with another 47% reviewing it more frequently. Whilst the specific timeframe differs for each business, they should review policies more frequently than annually. Interestingly, 6% of companies surveyed in our research have it under continual review.

Assembling the right team

A strong team is crucial for effective cross-departmental data governance.  

The research identified that almost three-quarters of organisations, particularly in the healthcare industry, are managing data governance in-house. Nearly half of the businesses surveyed had already established dedicated data governance teams to oversee daily operations and mitigate potential security risks.

This strategic investment highlights the proactive approach to enhancing data practices to achieve a competitive edge and improve their financial performance. The emphasis on organisational focus highlights the pivotal role of dedicated teams in upholding data integrity and compliance standards.

Choose data governance investments wisely

With AI changing how businesses are run and being seen as a critical differentiator, nearly three-quarters of our research said data governance is the cornerstone to better AI. Why? Effective data governance is essential for optimising AI capabilities, improving data quality, automated access control, metadata management, data security, and integration.

In addition, almost every business surveyed said it will invest in its data governance approaches in the next two years. This includes investing in high-quality technologies and tools and improving data literacy and skills internally.  

Regarding automation, the research showed that under half currently use automated tools or technologies for data governance; 48% are exploring options, and 15% said they have no plans.

This shows us a clear appetite for data governance investment, particularly in automated tools and new technologies. These investments also reflect a proactive stance in adapting to technological changes and ensuring robust data management practices that support innovation and sustainable growth.

Looking ahead

Ultimately, the research showed that 86% of businesses recognised the growing importance of data governance over the next five years. This indicates that effective data governance will only increase its importance in navigating digital transformation and regulatory demands.

This means businesses must address challenges like integrating governance into operations, improving data quality, ensuring scalability, and keeping pace with evolving technology to mitigate risks such as compliance failures, security breaches, and data integrity issues.

Embracing automation will also streamline data governance processes, allowing organisations to enhance compliance, strengthen security measures, and boost operational efficiency. By investing strategically in these areas, businesses can gain a competitive advantage, thrive in a data-driven landscape, and effectively manage emerging risks.

Continue Reading

Auto

The Benefits of EV Salary Sacrifice: A Guide for Employers and Employees

As the UK government continues to push for greener initiatives, electric cars have become increasingly popular. The main attraction for both employers and employees is the EV salary sacrifice scheme.

By participating in an EV salary sacrifice scheme, both employers and employees can enjoy cost savings and contribute to environmental sustainability along the way! This article will delve into the specifics of how these schemes operate, the financial advantages they offer, and the broader positive impacts on sustainability.

We will provide a comprehensive overview of the mechanics behind EV salary sacrifice schemes and discuss the various ways in which they benefit both employees and employers, ultimately supporting the transition to a greener future in the UK.

What is an EV Salary Sacrifice Scheme?

An EV salary sacrifice scheme is a flexible financial arrangement that permits employees to lease an EV through their employer. The key feature of this scheme is that the leasing cost is deducted directly from the employee’s gross salary before tax and National Insurance contributions are applied. By reducing the taxable income, employees can benefit from substantial savings on both tax and National Insurance payments. This arrangement not only makes EVs more affordable for employees but also aligns with governmental incentives to reduce carbon emissions.

For employers, implementing an EV salary sacrifice scheme can lead to cost efficiencies as well. The reduction in National Insurance contributions on the employee’s reduced gross salary can offset some of the costs associated with administering the scheme. Additionally, such programmes can enhance the overall benefits package offered by the employer, making the company more attractive to prospective and current employees.

Benefits for Employees

1. Tax and National Insurance Savings

By opting for an EV salary sacrifice scheme, employees can benefit from reduced tax and National Insurance contributions. Since the lease payments are made from the gross salary, the taxable income decreases, resulting in substantial savings.

2. Access to Premium EVs

Leading salary sacrifice car schemes often provide access to high-end electric vehicles that might be otherwise unaffordable. Employees can enjoy the latest EV models with advanced features, contributing to a more enjoyable and environmentally friendly driving experience.

3. Lower Running Costs

Electric vehicles typically have lower running costs compared to traditional petrol or diesel cars. With savings on fuel, reduced maintenance costs, and exemptions from certain charges (such as London’s Congestion Charge), employees can enjoy significant long-term financial benefits.

4. Environmental Impact

Driving an electric vehicle reduces the carbon footprint and supports the UK’s goal of achieving net-zero emissions by 2050. Employees can take pride in contributing to a cleaner environment.

Benefits for Employers

1. Attract and Retain Talent

Offering an EV salary sacrifice scheme can enhance an employer’s benefits package, making it more attractive to potential recruits. It also helps in retaining current employees by providing them with valuable and cost-effective benefits.

2. Cost Neutrality

For employers, EV salary sacrifice schemes are often cost-neutral. The savings on National Insurance contributions can offset the administrative costs of running the scheme, making it an economically viable option.

3. Corporate Social Responsibility (CSR)

Implementing an EV salary sacrifice scheme demonstrates a commitment to sustainability and corporate social responsibility. This can improve the company’s public image and align with broader environmental goals.

4. Employee Well-being

Providing employees with a cost-effective means to drive electric vehicles can contribute to their overall well-being. With lower running costs and the convenience of driving a new EV, employees may experience reduced financial stress and increased job satisfaction.

How to Implement an EV Salary Sacrifice Scheme

1. Assess Feasibility

Evaluate whether an EV salary sacrifice scheme is feasible for your organisation. Consider the number of interested employees, potential cost savings, and administrative requirements.

2. Choose a Provider

Select a reputable provider that offers a range of electric vehicles and comprehensive support services. Ensure they can handle the administrative tasks and provide a seamless experience for both the employer and employees.

3. Communicate the Benefits

Educate your employees about the advantages of the scheme. Highlight the financial savings, environmental impact, and access to premium EV models. Provide clear guidance on how they can participate in the programme.

4. Monitor and Review

Regularly review the scheme’s performance to ensure it continues to meet the needs of your employees and the organisation. Gather feedback and make adjustments as necessary to enhance the programme’s effectiveness.

Conclusion

The EV salary sacrifice scheme offers a win-win situation for both employers and employees in the UK. With significant financial savings, access to premium vehicles, and a positive environmental impact, it’s an attractive option for forward-thinking organisations. By implementing such a scheme, employers can demonstrate their commitment to sustainability and employee well-being, while employees can enjoy the benefits of driving an electric vehicle at a reduced cost.

Adopting an EV salary sacrifice scheme is a step towards a greener, more sustainable future for everyone.

Continue Reading

Business

Machine Learning Interpretability for Enhanced Cyber-Threat Attribution

Source: Finance Derivative

By: Dr. Farshad Badie,  Dean of the Faculty of Computer Science and Informatics, Berlin School of Business and Innovation

This editorial explores the crucial role of machine learning (ML) in cyber-threat attribution (CTA) and emphasises the importance of interpretable models for effective attribution.

The Challenge of Cyber-Threat Attribution

Identifying the source of cyberattacks is a complex task due to the tactics employed by threat actors, including:

  • Routing attacks through proxies: Attackers hide their identities by using intermediary servers.
  • Planting false flags: Misleading information is used to divert investigators towards the wrong culprit.
  • Adapting tactics: Threat actors constantly modify their methods to evade detection.

These challenges necessitate accurate and actionable attribution for:

  • Enhanced cybersecurity defences: Understanding attacker strategies enables proactive defence mechanisms.
  • Effective incident response: Swift attribution facilitates containment, damage minimisation, and speedy recovery.
  • Establishing accountability: Identifying attackers deters malicious activities and upholds international norms.

Machine Learning to the Rescue

Traditional machine learning models have laid the foundation, but the evolving cyber threat landscape demands more sophisticated approaches. Deep learning and artificial neural networks hold promise for uncovering hidden patterns and anomalies. However, a key consideration is interpretability.

The Power of Interpretability

Effective attribution requires models that not only deliver precise results but also make them understandable to cybersecurity experts. Interpretability ensures:

  • Transparency: Attribution decisions are not shrouded in complexity but are clear and actionable.
  • Actionable intelligence: Experts can not only detect threats but also understand the “why” behind them.
  • Improved defences: Insights gained from interpretable models inform future defence strategies.

Finding the Right Balance

The ideal model balances accuracy and interpretability. A highly accurate but opaque model hinders understanding, while a readily interpretable but less accurate model provides limited value. Selecting the appropriate model depends on the specific needs of each attribution case.

Interpretability Techniques

Several techniques enhance the interpretability of ML models for cyber-threat attribution:

  • Feature Importance Analysis: Identifies the input data aspects most influential in the model’s decisions, allowing experts to prioritise investigations.
  • Local Interpretability: Explains the model’s predictions for individual instances, revealing why a specific attribution was made.
  • Rule-based Models: Provide clear guidelines for determining the source of cyber threats, promoting transparency and easy understanding.

Challenges and the Path Forward

The lack of transparency in complex ML models hinders their practical application. Explainable AI, a field dedicated to making models more transparent, holds the key to fostering trust and collaboration between human and machine learning. Researchers are continuously refining interpretability techniques, with the ultimate goal being a balance between model power and decision-making transparency.

Continue Reading

Copyright © 2021 Futures Parity.