Tag: "cyber"

Who are the top Cyber Insurance Companies?

Cyber Insurance needs to provide not only financial indemnity, but also some type of Incident Management Team.This normally includes IT Specialists, Lawyers, Ransom Negotiators etc.

Finding the right Cyber Insurance Company can be tricky, and expensive if you get it wrong.

Cyber Insurance is a relatively new form of insurance, and until quite recently was thought of as being quite specialised.

What this means in practice is that there are fewer insurance companies or providers who offer it, compared with other types of business insurance, and those who do offer it tend to vary quite considerably in terms of coverage and cost.

This is likely to change in the next few years as the need for some type of cyber insurance becomes more mainstream.

The risk of cyber crime has grown massively in the last couple of years, and the changes in technology in relation to smart homes, autos, travel etc means cyber security will need to become a feature of everyone’s life, at home, work and play.

Cyber insurance will have to follow this, either as a stand alone policy, as at the moment, or incorporated into other insurance policies.

Cyber Insurance Companies

It is worth just distinguishing between insurance companies, brokers and agents.

An insurance company, sometimes called a carrier or provider, does the actual insuring of the cyber security risk. It assess the level of risk, decides what level of cover it is willing to provide, and decides how much it wants to charge the business by way of an insurance premium.

This process is known as insurance underwriting. Insurance companies can be based in any country, but often operate on a worldwide basis, or in certain geographical areas.

Lloyd’s of London is fairly unique in the sense that it is not simply one insurance company, but operates effectively as an umbrella organisation for a number of different insurance companies, who trade under the Lloyd’s name, and will normally insure things on a worldwide basis, either under their own name, or the Lloyd’s name.

An insurance broker is an independent agent, who acts on behalf of their client, and approaches several different insurance companies to determine best conditions and price for their clients needs.

This means they need to really understand their clients company and business, as well as the cyber insurance market. They receive a commission from the insurance comapany by way of payment, but legally are always the agent of the insured, not the insurance company.

An insurance agent can be a slightly confusing term. It normally refers to an individual or organisation who acts as an agent of a specific insurance company, sells their products only and receives a commission as a result.

They will always be an agent of the company, not the insured. An insurance agent may also be involved with or representing another institution such as a bank or financial institution.

If they are offering advice on cyber insurance, or any type of insurance, they should always declare if they are an agent of a particular company, or independent. Most do, but not all. It is always worth checking.

Cyber insurance hasn’t made it to cost comparison sites yet, and with the variations in cover and cost, it is well worth considering going to an insurance broker with knowledge and experience of the market.

Cyber Insurance Hiscox

Hiscox have quickly established themselves as one of the leading cyber insurance providers.

For a long time, they have been regarded as one of the foremost insurance underwriters for small businesses, specialising in professional liability insurance, errors and omissions policies, business owners insurance and workers comp.

The move into cyber liability insurance was a fairly natural and obvious one.

Hiscox Cyber Insurance policies  will not only offer financial indemnity like any traditional insurance policy, they also deal with the management of the incident or data breach, through what is known as an incident management team.

This will normally consist of a number of negotiators who can deal with any type of cyber crime such as ransom ware, as well as companies who deal with reputational damage, and IT specialists who can restore the integrity of any hacked system.

A cyber insurance policy should also have some provision for loss of income or business interruption in the event that the cyber attack or data breach renders the normal day-to-day workings of the business untenable for any period of time.

Hiscox have also focused on producing a number of risk prevention models, training models and practical tools for risk management for a wide range of companies and organisations.

Cyber Insurance AIG

AIG are another leading insurer who have built up  a specialism in Cyber Insurance, with three specific policies they underwrite, known as

CyberEdge,

CyberEdge Plus and

CyberEdge PC.

These insuarnce policies cover the financial cost associated with data breach, as well as cyber extortion, restoring an IT system or network, business interruption etc.

AIG also invest heavily in cyber security advice and cyber crime prevention through training and risk managemnt services, both online and face to face.

Cyber Insurance Chubb

Chubb are one of the largest insurance companies in the world, and trade for a strongly in North America.

On their website, they claim to be the world’s largest publicly traded PMC insurance company, and the largest commercial insurer in the US.

Whilst this gives them an undoubted presence and strength in North America, it also means they have the resources to be a major force in cyber insurance worldwide.

Chubb have four major cyber insurance policies

Cyber Enterprise Risk Management

Digitech Enterprise Risk Management

Forefront 3.0 – Cyber Security

Integrity+

These policies have a wide range of different components, which range from standard cyber protection, to extensive loss mitigation and incident response services, privacy notification and crisis management expenses.

A good cyber insurance policy will include basic financial indemnity, but also a wide range of support services to both manage the immediate crisis, and to deal with the resulting fallout.

This applies both in terms of notification to individuals about a potential data breach and its consequences, through to advising and informing any relevant regulatory bodies of the same relevant breach.

Cyber Insurance Companies and Lloyd’s

Lloyd’s is the oldest and most established insurance market in the world, and justifiably has a reputation for both tradition and innovation in insurance related products.

As a market covering a number of different companies, as of 2018 it has approximately 77 cyber risk insurers under one roof, as it were, who can both initiate and cover all types of cyber risk insurance.

Many of the specialist underwriters at Lloyd’s view cyber liability insurance in the same way as they do another specialist type of insurance, kidnap and ransom insurance.

They view cyber liability as being not simply about financial indemnity, but about managing the incident itself in the quickest and most effective way possible. Most Lloyd’s policies will  have provision for and cover the following areas

Breach Response

Liability

Regulatory

Extortion

Business Interruption

Reputational Harm

PCI DSS Assessment and Fines

Perhaps the main advantage that Lloyd’s has over most other traditional insurance companies is twofold.

It has a reputation, normally justified, for producing types of insurance policies that are both relatively fair, cost wise, and are highly innovative in terms of the level of cover they provide.

They also have a reputation for swift and effective claims management handling.

With cyber liability insurance the speed and effectiveness of dealing with the management of the data breach is often as or even more important as dealing with any long-term financial or reputational damage.

Cyber Insurance Allianz

As well as providing insurance cover, Allianz  have a number of what they refer to as risk engineers, who specialise in IT security, and who have their own specialism in evaluating a company’s level of IT security and maturity generally.

They seem to take the approach that they would like to work with companies of all sizes in developing and safeguarding their IT infrastructure, and developing ways of pioneering safe practice.

They refer to this practice as IT maturity. Against this background they then develop any type of cyber insurance that may be needed.

Allianz have two types of relevant insurance policies

Allianz Cyber Protect

Allianz Reputation Protect

The Cyber Protect policy is the one mentioned above, whereas the reputation protect policy covers the potential risk of reputational damage caused by a number of incidents, some of which could be related to a data breach, and others related to other types of risks depending on the nature of the business.

These can include health and safety incidents or accidents, various types of product liability related claims, business interruption and legal and regulatory investigations.

It seems likely that Allianz separate out these two types of policies because they believe that the reputational damage cover needed that can occur from a number of incidents can be as valuable as simply having that level of cover within a cyber liability insurance policy.

For some people this may be more relevant than others.

Cyber Insurance Aviva

Although Aviva  is a fairly well-established name in the insurance market, it is a relatively new player in the cyber insurance market.

This isn’t necessarily a positive or negative thing, and it’s cyber insurance cover has three main elements, cover for a data breach response, computer cover, and third-party liability.

It is unclear at the moment what level of risk management incident management help it provides when compared with other major players, such as Hiscox and Chubb,  but this may suit some people who simply want a more standard type of insurance policy.

Cyber Insurance QBE

QBE  is often thought  of as an insurance company that is strongest in Asia, Australia and New Zealand. It does in fact have a very strong worldwide presence, and in relation to cyber insurance it does lay very heavy emphasis on what it terms providing crisis support.

Their panel of experts include companies such as Experian and Norton Rose, and they seem genuinely thorough in terms of their approach to helping to manage risk.

They also have a number of very well thought through and concise articles on their website that deal with current data protection legislation and implications for individuals and small businesses.

Whilst it may not always be strictly relevant, the more an insurance company relly understands the nature of cyber security, and puts in place protective tools and training for companies of all sizes to help them prevent cybercrime, it is not only good PR for the insurance company, but also helps mitigate and reduce risk, and should result in lower premiums and better levels of crisis management as well.

One other advantage of being a global company, is that QBE can provide policies in different languages, and for companies of all sizes who operate in different geographical areas, they say they are able to provide global cyber programs,  which may be valuable for companies who operate in different countries.

Cyber Insurance Marsh

Marsh is essentially the trading name of Marsh and  McLennan, one of the world’s oldest and largest insurance brokers. Whilst the size of a company like this may sometimes seem slightly more of a disadvantage than an advantage, in relation to cyber insurance it is probably an advantage.

Sometimes really big companies become quite institutional, and lose their sense of being able to innovate and deal effectively with new and cutting-edge needs and technologies.

With regard to cyber insurance, the history that Marsh has in terms of providing insurance for a wide range of different businesses and industries probably gives it the edge over most other brokers in terms of understanding the needs of businesses generally.

It is this understanding of how an industry or business works that allows it to model the risk to the business in terms of cyber liability, and make recommendations accordingly.

Any insurance broker is only as good as its knowledge and understanding of the industry that it is arranging insurance for, as well as its knowledge of the insurance market it is working in.

Cyber Insurance Symantec

Symantec is a name more commonly associated with cyber security, being one of the most well established players in anti-virus and malware software.

In the last couple of years it has taken the initiative to team up with a number of insurers to help provide them with the knowledge and experience of what developing cyber risks are, and what needs to be done both to mitigate risk and develop insurance solutions relevant to meeting those risks.

There is no doubt in the value of a company like Symantic using its vast experience to help insurers really understand the nature of cybercrime and how it is developing in ways that insurers would not be able to do themselves.

In some ways this may be more helpful to insurance brokers rather than insurance underwriters, as a large part of the work that a good insurance broker will do will be to help model risk, and advise companies at what level of risk they can self insure, and where they need some type of cyber liability insurance policy to cover risks they cannot manage.

Cyber Insurance Aon

Aon describes itself as a leading global professional services firm providing a broad range of risk retirement and health solutions.

Goes on to talk about 50,000 colleagues in 120 countries empowering results for clients etc. For people who like jargon this is fine, but is alos unfortunate because it could put people off looking at them as a prospective broker.

In fact they have a significant place in providing cyber insurance advice and experience, and have a wide range of products and services which could be extremely useful to a wide range of businesses. It may not help their credibility by advertising in their products section that they provide bedbug insurance (which may well be useful for some people) alongside cyber insurance.

In February 2018 Aon teamed up with Cisco, Apple and Allianz to provide what they term a new cyber risk management solution, bringing together the various strengths of the four companies involved.

Partnerships like this could well be a significant move forward in terms of providing solutions that integrate technology, insurance and risk management.

In addition, Aon have their own cyber diagnostic tool online that allows companies to fill out a questionnaire online which will allow Aon to provide a detailed report back to the company analysing their potential to cyber risk and cybercrime liability.

Cyber Insurance PWC

PWC, long thought of as one of the world’s leading accountancy firms, also have a strong reputation as a leading firm of business consultants. With regard to many areas of business, this often puts them in a unique position to help advise a wide range of organisations, and this is certainly true of cyber insurance.

Their consultancy experience allows them focus on managing cyber risk, with a special emphasis both on the business and technical side. They have a defined approach to what they refer to as cyber resiliency, which allows them to advise on risk management, best use of technology and operations and incident response.

Their work is often thought of as purely preventative, which is not necessarily a bad thing, but should also be thought of as part of helping a business or organisation of any size or type build and develop a culture where there is an understanding of and respect for the need for cyber governance at all levels of the operation.

Cyber Insurance Nationwide

Nationwide describes itself as a mutual insurance company, although there is a disclaimer on its website that not all companies  associated with it are mutual, so it is difficult to be clear whether or not it is a mutual company in the traditional sense of how they are understood to operate.

This can be important to some people, as mutual insurance companies are thought of much in the same way as credit unions, and many people respect this type of mutual benefit.

Notwithstanding that, Nationwide together with Hartford Steam Boiler, offer three fairly standard cyber insurance policies, that cover data compromise protection, identity recovery protection and Cyber one protection, which focuses on protecting against damage caused by malware or viruses. There is also some general advice about securing your business against risks from data breaches, denial of service etc.

Although Nationwide are a well-respected company, it is not clear from their website exactly how much experience they really have in this type of insurance, and whether or not they should be considered a serious player at the moment.

Cyber Insurance Munich Re

Munich Re are one of the oldest insurance companies around, and have a strong and valued reputation for all types of insurance.

With regard to cyber insurance, they offer an insurance policy called cyber one protection, designed by Hartford Steam Boiler. It is not clear whether or not this is the same insurance policy issued by Nationwide as above.

The cover offered seems fairly solid, by way of coping with data recovery for both electronic and non-electronic information, restoring the integrity of the system that has been breached, helping with any loss of business or business interruption as the result of the cybercrime, and helping with reputation damage limitation.

There is also some coverage for third-party liability and potential damages resulting from that.

Cyber Insurance Willis

According to claims data released by Willis Towers Watson, approximately 2/3 of all side of breaches caused by employee negligence or wilful action. This is quite a powerful statistic, and unsurprisingly goes to the heart of the approach by Willis to dealing with the whole issue of cyber risk.

Willis, traditionally known by the name of Willis Faber, are one of the world’s oldest and leading insurance brokers.

Their approach to cyber insurance has a threefold basis, that of assessment, protection and recovery, with a heavy emphasis on developing in-house  strategies that involve both technology and people, as well as developing a strong ethos of cyber governance throughout the organisation.

Their approach to dealing with cyber insurance seems to embrace best practice as ready outlined above.

In addition, they do lay heavy emphasis on providing what they refer to as deep forensic analysis of any data breach or cyber crime, to make sure it is understood how and why it happened and quickly putting in place any preventative measures necessary to make sure it doesn’t happen again.

Cyber Insurance Zurich

Zurich it is often thought of as a fairly traditional type of insurance company, and what it offers by way of cyber insurance is a fairly standard type of policy compared with most of the other ones around at the moment.

It does have a number of risk engineering tools and services which can be helpful, and also the fact that it is a global  underwriting company with a number of offices and agencies around the world can add an element of attraction for some people.

Cyber Insurance Travelers

Travelers is a well respected and well established insurance company, and seems to be making a fairly intense effort to establish itself as a serious player in the cyber insurance market.

It has a number of tools and resources to help individuals and companies manage cyber risk for any breach, and to deal with the fallout of any situation post-breach.

It has teamed up with Symantec  to help companies assess levels of risk, and put in place procedures and policies and training which can help manage the risk and reduce it as far as possible.

It also has a number of specific policies for different types of organisations and businesses. It has a policy called Cyber Risk for a range of different industries and businesses, and a policy called Cyber First for technology companies and public organisations.

It also has a policy Cyber First Essentials for small businesses and SMEs.

Travelers has a range of cyber security coaching and support services available to help organisations and businesses plan and deal with any breach. They have what they refer to as a Breach Coach, a Symantec Cyber Security Coach and an HIPAA Coach.

Travelers also has an e-risk hub which brings together a range of its policies, wordings and benefits. There is also a cyber academy, which has a range of videos and training tools which give people easy to understand information about the ongoing types of cybercrime and cyber risk, and how best to reduce and manage them.

Tata AIG

There is a fair amount of talk that tech companies in India do not take cyber security and insurance seriously as they should, given the size and growth of India as a major player in both providing and servicing so much of the world’s technology industry.

Whether that is true or not, Tata AIG  have structured what looks to be one of the most comprehensive cyber insurance policies around, and has very clear and detailed information about data liability covers, in terms of loss of personal information, loss of corporate information and outsourcing, as well as network security.

It also provides extensive cover for reputation and response costs in relation to forensics services needed to restore integrity of the system and the company, repairing and restoring the company’s reputation, notification of a data breach to individuals that information has been stolen and reporting to regulatory bodies where appropriate and necessary.

Their policy also provides some help with credit monitoring and provides optional extensions for multimedia liability, cyber privacy extortion and network interruption.

Tata AIG also have a range of directors and officers liability, professional indemnity, errors and omissions insurance policies, and as part of that also have a crime and fidelity insurance policy. This policy addresses the unpleasant issue of senior and trusted staff stealing from, or in some way allowing criminal activities to happen within a company.

No one likes to think that this is  likely, but as the claims report from Willis shows, approximately 2/3 of all cyber security crime arise from staff negligence and malfeasance. Intentionally or not, the need to have some level of security regarding activity inactivity by senior staff and often those below them is fairly evident, however unpleasant that maybe.

Cyber Insurance JLT

JLT ( Jardine Lloyd Thompson )  are perhaps not as well main at some of the major insurance brokers, and would perhaps be regarded as a specialist London Market insurance broker.

Whilst they are certainly specialists in the London market, they also operate worldwide, and have an outstanding reputation in all areas of insurance they provide advice on, with cyber insurance being one of their specialities.

They provide extensive levels of advice and guidance to companies on how best to manage cyber risk, especially to companies who are new to the idea that their business may need help.

They have a unique data organiser tool which helps businesses assess risk and provide details of the company’s cyber risk exposure.

They also advise companies where cyber insurance excludes certain types of risks such as patient, software and copyright infringement, failure to take required security measures and certain employment-related claims.

Cyber Insurance Hartford

Hartford  is a well established and a well-respected insurance company, and certainly provides cover for cyber insurance.

It seems to have a slightly more distant approach than some other insurance companies, in that it has cyber liability insurance and data breach insurance, coverage of which can be added to existing business owners insurance policies and general liability insurance policies already underwritten by the Hartford.

It also has its own cyber choice first response which is designed to develop a cyber incident response plan, advise on cyber security and provide a coordinated defence to any cyber attack, and help deal with the consequences of any incident that might happen.

Cyber Insurance Arthur J Gallagher

Arthur J Gallaher have a well-deserved reputation as a broking firm of high integrity, which whilst you would hope most insurance brokers do have, can make a real difference when dealing with a significant amount of cyber liability risk, which often involves dealing with areas of certain businesses where trust is significantly lacking.

As a company, they have significant experience in cyber insurance, and are well able to structure individual programmes and policies to the nature of a particular business organisation.

They also have a significant knowledge center available to clients, which can provide background information and detailed reports about the current nature of cybercrime, what are the most likely cyber risks, and the best way to provide varying levels of protection within a company or business

 

 

Cyber Security Basics

Many people think that cyber security only applies to big companies and governments, and that it should like to be dealt with by the IT guys.

Anyone who owns a computer, who works with a computer or who has a smart phone needs to be aware of some pretty basic rules about cyber security, both for their own sake and for anyone they work with or for.

Cyber security is about understanding the risk of cyber crime, and doing whatever you can to minimise the risk, and then when necessary insure against what ever potential risk is left.

Cyber Crime

The nature of cyber crime is a rapidly evolving one, and can cover a wide area. At one level it is about criminals trying to obtain money or other benefits either by installing some type of ransom ware on a computer or a system, and demanding payment for releasing encrypted files, or by some other type of blackmail.

On the other hand cybercrime can be about online bullying, where there may be no financial element involved, but where the emotional and personal distress can often be enormous.

Cyber crime can also  be connected to malicious software, known as malware, and viruses, which do not have any specific financial target, but which are designed to disrupt and in some cases destroy data or computer systems on a particular network.

Prevention

The old adage that prevention is better than cure  is an absolute truism when talking about cyber security. Perhaps the number one priority for all types of cyber security is to make sure that all your data is always backed up, ideally more than once, to different locations.

Backups can either be by way of  cloud computing, memory sticks or to another network, but they are crucial to restore the integrity of the system in the event of any cyber attack. Nowadays it is dead easy to automate backups and so there is no excuse really not to do it.

The same goes for making sure that your computer operating system is up-to-date, and any applications or software that you use is running the latest version.

Also that any browser you use is up to date as well. If you are running it as part of a network, then it is also important that all firewalls and anti-virus and anti-malware software is in place and up-to-date.

Cyber Security basics are in many ways common sense.

A lot of the incidents that relate to cyber security happen because very basic rules are just not always followed. Simple things like not opening email attachments unless you know who they are from is a classic example.

Much of the damage done to computer systems and networks is done from some things like opening attachments that shouldn’t be opened, letting viruses and malware into the system, not changing passwords regularly enough and an increasing problem, is people using their own mobile devices at work on a company network.

Mobile Cyber Security

Smart phones seemed to have escaped the focus of cyber security, which has largely been on desktop computers and networks.

However the risk to smart phones is certainly ever present, and is likely to increase it to me as smart phones become much more of a digital hub for people’s lives, both in their own home, in their car and at work as well.

The same principles apply to mobile cyber security as to the desktop and network security.

Make sure the operating system is up-to-date, make sure the browser is up-to-date, and do not open email attachments unless you are certainly know who they are from.

Also with smart phones it is really important to be sure that the Wi-Fi network your are using is secure, especially if you are using the phone for things like online banking.

Some public Wi-Fi networks  are notoriously unsafe, and should be used with great caution.

Smart Home – Internet of Things

The relentless drive of the Internet of things has received a major boost in recent years with Amazon, Google and Apple all producing their own smart home hubs.

These are designed to control all the wirelessly connected devices in the home, of which there are an increasing number. The idea of a smart home has been around for some time, and is gradually becoming a reality whether people like it or not.

An increasing number of devices and products, from washing machines to refrigerators to televisions have wireless internet capability, and can talk to other devices electronically as well as connect to the Internet.

There are huge cyber security risks involved in this, as many devices either do not have proper security safeguards built in, or are out of date by the time they arrive in the home.

The issue of cyber security in the home, especially in the Smart home, is rapidly becoming an issue.

The most important things to do to check that any devices that to have wireless capability had the latest software and security updates from the manufacturer installed, that your home Wi-Fi network is secure, and check online with any product you buy to see if there are any problems regarding security that other people may be reporting.

Cyber Security Governance

The idea of some type of governnance is largely a corporate one, but the principle applies to anyone who runs any type of business or organisation of any size, and can also be adapted very easily to anyone’s home or domestic environment.

The principle of cyber security governance is that a business or organisation of any size has a dedicated risk management plan and system for making sure that cyber security is as strong as it can possibly be within the organisation.

This in part is about policies and procedures, but is also about systems and people as well.

Firstly it is important to have one person at board level or equivalent  whose sole responsibility or whose major responsibility is cyber security. They must be accountable to the organisation, and have the authority to make decisions and spend money when necessary.

The structure should be similar to that of many companies who have a risk management system in place.

The individual concerned needs to develop policies and procedures for making sure that the integrity of the network system is always as secure as it can be, whether it is done in-house or by way of outside contractors, and that people who work within the business or organisation are also fully aware of cyber security risks, and what can be done to minimise these risks.

This can involve training, as well as online monitoring of activity that may be deemed inappropriate in a workplace, and making sure some type of cyber insurance policy is in place that ideally includes an incident management team which can oversee the practical resolution of any data breach or cybercrime, and the restoration of the integrity of any compromised computer or IT system.

 

 

 

Identity Theft – What Is It?

Someone who is a victim of identity theft is someone who has had their identity stolen in some way, and the criminal has used that identity to fraudulently obtain some type of benefit, such as a bank loan, credit card or other financial gain in the name of the person whose identity they have stolen.

Identity theft is widespread, although the scale of it is difficult to assess financially as a lot of banks and financial institutions do not like to advertise the fact that they had been misled and had money stolen from them.

The risks of identity theft are well  known, and there is a lots of good advice available about how to try and prevent identity theft, and there is some insurance protection available in the event that someone’s identity has been stolen, although the help that is offered is in reality fairly minimal.

Risk of Identity Theft

The crime of identity theft  occurs when a criminal is able to obtain unique information about an individual, and then use that information to clone their identity. This cloned identity then becomes liable for a wide range of financial fraud, perpetrated by the criminal in the name of the individual’s identity that has been stolen.

In order to steal an identity, it is generally accepted that there are a number of specific pieces of information that someone needs.

These normally relate to areas of information that are unique to that individual, and cannot apply to anyone else, such as their date of birth, their social security number or national insurance number, passport etc.

In reality, a criminal will try and obtain as much information about that individual as possible, in order to build up a picture that can be used to effectively represent them in a fraudulent manner.

Preventing Identity Theft

There is no sure way to prevent identity theft, but there are certain things you can do to make it more difficult.

Perhaps the most important is to make sure that all information that is unique to you as an individual regarding tax and social security, pension benefits, medical benefits etc is sent to you by regular post rather than email.

This may seem fairly basic but the is in truth probably the most practical way of preventing unique information falling into the hands of criminal.

The other things that you can do are to monitor things such as bank accounts, credit cards etc, to see any unusual activity.

This can also apply to any strange letters or visits or phone calls  that might seem to imply unusual activity regarding your finances.

Any warning sign that your credit is being altered in some way that seems to you unlikely should alert you to the possibility of some type of identity theft or identity theft tampering.

Dealing With Identity Theft

If you discover that your identity has been stolen, there are a number of steps that you should immediately following. Firstly is to notify your bank or credit card company you believe your identity has been stolen, and ask for their assistance in helping to resolve it.

Make sure that they are willing to work with you to sort out the issue without penalising you by way of freezing  your account or anything similar.

Make sure you register the identity theft online, there is normally a government backed websites available, that is either a government site or a law enforcement site that allows you to lock the fact that you have had your identity stolen, and should be able to provide some assistance in terms of helping to recover it.

If your stolen identity has been used to fraudulently obtain a loan or a credit card, make sure you collect all the information you can about it before it is completely disabled and shut down to  help track and trace the initial fraud.

Identity Theft Insurance

Some type of identity theft insurance is normally offered  by way of a rider or endorsement to a home or homeowners or renters insurance policy. The cover it gives normally focuses on some type of financial assistance for help with attorney/lawyers fees, assistance with credit monitoring, acting as a liaison with banks, insurance companies to try and resolve ongoing fraud issues etc.

Whilst this help can be of some value, the real help that is needed with virtually types of identity fraud is unravelling fraud that has taken place, and getting banks and financial institutions to believe that it has actually happened in the first place.

There is a lot of anecdotal evidence that implies that banks tend to want the individual to prove their identity has been stolen to an exacting degree before they are willing to consider the possibility that fraud has taken place.

Proving identity theft  has taken place can be quite difficult, especially where it is the sort of crime where you are up against a number of institutions that initially may well not believe you at all. This is an area where some type of identity theft insurance would be really invaluable, but unfortunately most current insurance policies do not really provide much value in this area.

Identity Theft and Cyber Insurance

Whilst the scale of identity theft is hard to assess, what is fairly clear is that the growth of cybercrime and cyber security means that the amount of identity theft and fraud is bound to increase fairly substantially over the next few years.

It is becoming easier and easier to know more and more about people, whether they want you to or not.

Some of this is around information gathered from social networks, and what people post online about themselves, privately and professionally. The growth of the Internet of things, and of big data, means that the amount of information available are people, with or without their knowledge, is going to explode into a level that is almost incomprehensible at todays levels of knowledge.

Sometimes this information is gathered through hacking into corporations websites where personal data such as credit card etc has been stolen.

Current cyber insurance policies are mainly aimed at businesses and organisations, and the insurance companies that offer best practice seem to include some type of incident management team, that includes lawyers, IT specialists, reputational management specialists etc.

The insurance policy is designed for a team to come in and take over the running of dealing with the cyber attack, both negotiating a successful outcome and restoring integrity of the system as well.

It is likely that as the rate of identity theft grows, insurance companies will need to provide some type of incident management team for individuals as well, either as part of an existing insurance policy, or as an add-on to some type of specialist cyber insurance policy.

The Internet of Things – What is it?

The Internet of things is a collective term for all the various devices, products and wearables that can connect to each other, and to the Internet as well.

Whilst the idea of devices talking to each other, electronically, has been around for some time, the reason the Internet of Things has become a huge concept in more recent times is because of the sheer volume of devices and products that can access the Internet.

Various experts predict growth in the market of the Internet of things to be so huge over  the next 5/10 years that it is almost impossible to put it into any sort of context.

What is undoubtedly true is that there is a relentless drive by manufacturers of every single product to make sure that they are able to connect their device wirelessly to the Internet.

This has huge  implications, not only for the nature of society and how it will change, but for people’s privacy, the control of the information that pertains to their life and their security and well-being.

Moral questions aside, perhaps the most potent issue is that of cyber security and cyber insurance.

Given that in a  few years time virtually everything we own, drive and wear is likely to be connected to the internet wether we like it is or not, the potential risks in terms of some type of cyber attack are enormous, and there are significant implications for people’s safety, both physically and emotionally and financially.

How these risks are managed and understood, both by way of minimising them and insuring against them is a major challenge that has yet to be clearly addressed.

Internet of Things and Smart Homes.

When people think of the internet of things they normally think of smart homes and smart home devices. This is largely because most examples of the Internet of things have tended to paint a picture of how wireless devices will make people’s lives easier by automating normal everyday functions, whether it be driving home from work, fixing the evening meal, automating lights and music in the home, controlling heating levels etc.

Whether normal people actually find the idea of this attractive or not is debatable, but what is clear that virtually all current devices and products that are now being built and produced for the home will contain internet capability.

This is true whether it be a smart television, a baby alarm, a refrigerator or a washing machine. What is also likely is that these devices will be switched on by default, and it is not clear yet whether there will be any capability for turning them off so you are not wirelessly collected.

There is also a fair amount of anecdotal evidence that a lot of major companies are pushing out products that have internet capability with a speed that is more about getting to market quickly and riding on the wave of popularity that the internet of things seems to be generating, than it is about really understanding the security  implications of what they are doing.

What’s this means is that there may be many products that are reaching market that has not been fully tested or manufactured with security in mind, and may need continual software updates or patches to make sure they are secure.

The risk of a cyber attack in a smart home mirrors many of the current risks that a business or organisation will face in its current day-to-day operations.

The dangers inherent in smart hones are not so much that someone’s refrigerator is at risk of attack, but that someone can access a person’s home network through one of these devices, such as a baby alarm or a washing machine, and through that gain access to the  individual or families private data.

Wearables

When people talk about the Internet of things they are also talking about wearables. These can currently only be best thought of as smart watches and fit bit devices. The last couple of years show that  major tech companies have been experimenting with different types of wearables, such as glasses, watches and even tattoos as a way of connecting people to the Internet by things that are a part of their body or apparel.

What is really important to realise here is the principle. That tech companies wants to find at least one wearable that people feel comfortable having on them at all times that can access the internet.

Obviously from a tech company’s point of view it is preferable to have more than one, but one will do. For this reason major tech companies will happily experiment with different types of wearables until they find one that really hits the market.

The implications for wearables are pretty much the same as for those of a smart home.

The fact that an individual will have something connected to their body that is internet accessible means that they are much more at risk of a cyber attack, with all the security implications already mentioned.

Wearables are not simply about phones and glasses.

There is a lot of anecdotal evidence that manufacturers of clothes, shoes, shirts etc are looking at ways of inserting internet access and internet products, probably by way of some type of barcode, that would give them information about individual and their shopping habits.

There is also anecdotal evidence of manufacturers of  pillows and bed clothing doing the same thing, again under the pretext of collecting information about how an individual sleeps and  various sleep patterns.

Often, once people understand the implications of how their life will be fully monitored 24 seven via access to the Internet, there is some shift towards a fight against it in terms of privacy and control of their data.

Whilst both these areas are hugely important, they sometimes skew perhaps an even greater need for the understanding of cyber security and cyber insurance to minimise and manage these risks with some degree of safety.

Internet of Things and Autos

In the space of only a few years, most manufacturers of cars and trucks are talking about and developing autonomous vehicles.. No one really seems to be asking the question why, there is a general assumption, often untested, that it is about safety, and that somehow self driving cars and trucks are safer than those with a human behind the wheel.

It is worth going back to the original Google car that was the first self driving vehicle.

That had nothing to do with safety at all. Google’s first car, that resembled more of the old bubble car, was designed with one particular aim in mind. It saw the commuter market, particularly in the West Coast, where people would sit in their cars in gridlocked traffic for approximately fours a day, two hours each way, doing nothing other than look at the scenery around them.

Google saw these cars as opportunities to provide consumers with content that could carry advertising. This meant that if the car could drive itself, the individual could spend time either watching content or playing with content, having a screen in the middle of the car and not having  to worry about where it was going.

As manufacturers jumped on the bandwagon of this, the narrative slightly changed and people started talking about safety.

Quite where it will end up is unclear, but what is clear is that  the trend in most modern cars is to turn them more into infotainment centers than vehicles than can be driven on highways and byways.

The rise in the use of technology in cars, both inside the engine and inside the vehicle itself, is enormous.

What this also means is that the security implications are huge as well.

There seem to be too likely scenarios that are likely to develop in the future. One is the rise of  autonomous cars that drive themselves with no human involvement  at all, the other scenario is where technology is used to automate a number of functions within the vehicle, largely around safety, but with a human driver still in  overall control of the vehicle.

Both scenarios are likely to coexist for a significant period of time, and both have fairly obvious cyber security implications.

The most common threat that is talked about is where someone manages to take control of the vehicle remotely by way of hacking into the cars various systems, and this is obviously a very real threat.

The other major threat, less often talked about, is where someone manages to access the cars computing system through the individuals smart phone, which will largely be used to control most of the on-board Internet access.

Once someone has managed to hack into a smart phone, then it’s open season for all the information contained therein, whether it relates to banking details, credit cards, passwords etc.

It is not clear yet how auto insurance or car insurance will manage and insure these risks.

One reason for this is simply that at the moment it is very difficult to quantify these risks, let alone assess who is responsible for them, and what can be done to minimise them. One thing is likely, which is that the risk of a cyber attack will undoubtedly increase the cost of an individual’s car insurance, whether it is an autonomous vehicle or not.

Agriculture and Energy Management

There are many areas in business and commerce where the internet of things can undoubtedly speed up production and efficiency, logistics and inventory control. There is likely to be a significant cost in terms of human labour, but history seems to suggest that companies don’t worry about this too much.

Two areas that are worth looking at briefly are those of agriculture and energy management. Agriculture especially because it relates to the food that we would eat, and the internet of things could dramatically alter the nature of farming and farming techniques.

Energy management is the other area, which has a direct link to smart homes and the use of energy in businesses and factories. One of the great selling points of the internet of things  is that it can make people’s homes more energy efficient, thus saving them money and conserving energy and fuel at the same time.

Energy management is already a crucial issue in society, even if not all politicians are open to doing what needs doing to effect climate change.

The internet of things has the potential  to manage all types of energy industries and infrastructures with a much greater degree of efficiency and safety. This also means that there is much greater scope for a cyber attack, either around the issue of nuclear plants or oil and gas installations etc.

Again the issue from a cyber security and insurance point of view is assessing the level of risk, understanding how best to minimise that risk, and arranging some type of cyber insurance that can effectively deal with the implications and reality of any type of cyber attack or disruption.

Smart Cities

There is also a lot of talk of smart cities. This is where cities use the collective data generated by all the internet of things within a city or town, generated by cars, sensors, Wi-Fi networks, peoples wearable’s etc as a way of planning urban development  in a more efficient and productive manner.

Again the security implications are significant, as more and more people generate more and more information and data, that is collected and analysed, then there is obviously a greater risk of that data being accessed and stolen, with real implications in terms of cyber security and identity theft.

What is Cyber Insurance and What does it Cover?

Cyber Insurance is a dedicated insurance policy, that provides both financial cover and practical help to anyone who has been victim of a cyber crime. At the moment, this type of policy is mainly aimed purely at businesses and organisations, of all sizes, any of whom could be vulnerable to a cyber attack or a data breach.

This is likely to change significantly in the near future as more and more areas of people’s individual lives are becoming vulnerable to Cyber attacks, such as their cars and their homes,  and the whole nature of cyber insurance will have to evolve to deal with these threats.

This is likely to mean that either people’s home insurance or their car insurance will have to start covering the risks of a cyber attack, or cyber insurance policies will have to evolve themselves to cover these areas.

Cyber Insurance and Indemnity

Insurance companies talk about indemnity, which is an important concept to understand. It means that the insurance policy is designed to put the insured in the same position as they were before the loss happened.

With regard to cyber insurance this means that not only is there financial protection included as part of the insurance policy, but the insurance policy  should also cover practical areas of help, such as lawyers, I.T. technicians etc. Some cyber insurance policies do include these extra areas of help, and some don’t.

Deciding what type of cyber insurance policy to buy is often determined by how much additional help is available, in the policy, in the event of a data breach, and quite often the cost will reflect this.

Cyber Crime

Cyber crime is considered one of the, if not the fastest growing area of criminal activity, and is widely evolving and quickly changing. This makes keeping up with an understanding of current threats more difficult, but there are a number of specific areas that need to be understood.

Cyber crime normally refers to a situation where information or data has been stolen from an individual or an organisation, normally known as a data breach, and there is either some financial loss as a result, some reputational damage, or something such as a ransom demand to release a computer or network that has been encrypted by a third party hacker.

Cyber Insurance Policy Cover

These are the basics of what good cyber insurance policy can offer,  although as said above, policy cover will differ significantly between insurance companies.

Incident Management Team

This is a general term for a team of specialists who can effectively take over and oversee the management of any claim as soon as there is a known reporting of a cyber crime. This can include the paying of any ransom demand,  and the restoration of any I.T. systems that have been breached as a result.

This support team  should be able to investigate the data breach, find out how it happened, restore any computer systems to full integrity, notify any clients or customers that the data breach has happened and it’s implications, and notify any relevant regulatory or statutory bodies that need to be told.

The incident management team should also include a legal team, a company that can offer access to a credit monitoring system to help with the risk of identity theft, a PR company who can help with reputational damage, and a specialist who can negotiate in the event of a kidnapping demand for a time of information or ransomware.

The Cyber Insurance Policy  will also need to have a significant financial indemnity cover, which may be needed to pay any ransom demand, loss of income  or business interruption, any type of cyber extortion or criminal activity. and any costs needed to repair the infrastructure of the computer or network system involved.

Who is at Risk ?

People often tend to associate cybercrime with big companies such as Facebook or Sony, or with governments, as data breaches that affect them tend to be the ones that get the most publicity.

In fact anyone who owns a computer that is linked to a network of any type is potentially at risk.

This applies to people who have a computer connected to the internet in their own home, as well as any computer they may use at work, it also applies to any smartphone that they may have, and quite soon will apply to the car they drive and the washing machine and refrigerator in their home as well.

Whilst it is difficult to predict trends in this area,  there is quite a lot of anecdotal evidence that cyber criminals are increasingly targeting normal everyday people for relatively small amounts of money, through various types of ransomware and threats, as well as big companies and corporations.

It is very easy to scare people into giving away small amounts of money, relatively, and in some ways this can be much more cost effective from the criminals point of view. From the point of view of the person who has experienced the crime, they are like his feel as violated as if they had either been physically attacked or their home had been broken into.

The Internet of Things

There is often reference nowadays to the internet of things, normally in the context of how it is going to change everyone’s life within the next 5 years.

What it is really referring to is that virtually every device that is not being produced is being given a wireless capability so that it can connect to the internet, as well as connecting to other devices in the home or office.

This means that anything from a refrigerator or an oven, through to a baby alarm or your car can connect to the internet and speak to other devices. There is a huge area of debate about the implications of this regarding privacy and other things,  although what is absolutely clear is that it is going to present a huge potential risk of cybercrime.

Companies love the idea of be able to connect their devices or products to the internet and other devices, and the rush to do so and get them to market often means that the security capabilities are not as carefully thought through as they should be, and that software updates are not issued or installed automatically as they should be either.

Some people like the idea of a smart home or office, other people find the idea pretty horrible. Either way in the next few years virtually everything that every individual owns or uses is likely to have the capability of connecting to the internet wirelessly.

This has huge security implications,  and is an iisue the insurance industry has not fully caught up with them. This means that most people standard home or auto insurance policy is vague about its cover in this area, and people could be left in limbo as to whether or not they are covered for any data breach that happens in their own home.

Identity Theft

The risk of identity theft has been around for some time, but with the growth of cyber crime and the amount of personal information that is shared online and through smartphones means that the risk of identity theft is probably now greater than ever.

From an insurance point of view, some home insurance policies do already provide some degree of cover for identity theft, either as part of the policy or add an additional section that can be bought at  extra cost.

The problem with the existing level of cover is that all it really does is help provide access to additional levels of credit checks and a few other useful but not really that important areas of restitution.

What most identity theft insurance protection does not do is actually help the person recover any loss that may have been incurred as a result of their identity having been stolen.

What tends to happen is that a person will have their identity stolen, and then the criminal will use that  person’s identity to obtain bank loans or credit cards or other financial benefits in that person’s name, and then run.

When  the original person discovers that their identity has been stolen and fraudulently used,  the anecdotal evidence is that most banks and other institutions are relatively unsympathetic, and the onus is on the individual to prove that they did not take out the loan or credit card etc.

This  is where an insurance policy could probably help,  but at the moment there seems to be little by way of practical benefit that most policies offer. This  may well need to change with the growth of cybercrime and cyber insurance.

Cyber Bullying

It  is worth flagging up cyber bullying as being a major element of cyber crime,  although it is not often thought of as such because the bullying tends to be emotional rather than financial.

The consequences of cyber bullying can be devastating for individuals and families, and whilst there may not be an awful lot that an insurance policy can do, the overall approach to cyber security can have a hugely beneficial effect in terms of minimising the effect of bullying, and taking steps to deal with its perpetrators.

Liability Insurance

Many  companies and organisations believe that they already have enough  cyber security insurance under different levels of liability insurance that they have already taken out. These types of insurance policies can include product liability insurance, errors and omissions insurance  or simply a public liability insurance policy.

In truth, they are unlikely to have sufficient cover, and any cover they do have is likely to be financial only, and not include any incident management team as specified above.

One of the problems is that there a lot of companies and organisations who do not have a sufficient cyber governance program, and therefore do not take cyber security as seriously as perhaps they should.

Cyber Governance

This is the name given to any structure within a company or organisation, which should represent best practice for establishing policies and procedures that both minimise the risk of, and deal with any data breach  that may occur within the company.

It can be thought of as similar to a risk management structure,  and depending upon the size and structure of the business, should have a dedicated board member partner who has specific responsibility all aspects of cyber security.

This position does not have to be a person  who has a lot of technical knowledge of computers,  but needs to be someone who can implement a policy which includes both technical and non-technical assessments of cyber security risks and how best to deal with them.

What is the Internet of Things?

The Internet of Things is a collective term for hundreds of devices that can connect to the internet wirelessly, and possibly connect to each other as well.

Some of the most common questions asked are :

What is the Internet of Things?

What are Internet of Things Devices?

How Does the Internet of Things Work?

How do IoT Devices Communicate with Each Other?

What is a Smart Device?

Whilst wireless devices are not new, what is new is the growth, and anticipated growth, in such devices, which is massive and set to explode in the next five or ten years. Many of these devices, which cover all areas of modern life, are being rushed to market, often with inherent security weakness’s as a result.

The Internet of Things is perhaps best understood by the following scenario.

Driving home from work, your car automatically detects that you are approaching home. Your car automatically opens your garage doors, turns on the lighting in your home, turns on the central heating in your home, switches your oven on, starts playing your favourite music that it has taken from your playlists on your smartphone.

As you get into your garage, you see the groceries that have been automatically delivered to your home. This was done buy your refrigerator realising that it had run low on a number of items and had contacted your local grocery store.

The grocery store had updated your normal inventory, automatically debited the money from your bank account and delivered your groceries. To some people, this scenario sounds like a dream, to others like a nightmare.

In any event, the Internet of Things refers to a world Web watch everything is connected wirelessly, with a huge range of privacy and cyber security implications involved. To people who think the above scenario is a kind of fairytale, the reality is that it is happening at the moment.

It is being driven by the major tech companies in the same way that cell phones and smart phones were being driven by phone companies a few years ago.

The range of Internet connected devices and wearables and products is growing at a huge rate, and it is only a matter of time before the Internet of Things, a wirelessly connected world, becomes more of a reality.

INTERNET of THINGS – SMART HOME

The smart home has become the focus of where the Internet of things is seen as developing, see Amazon’s Echo, but is closely followed by the healthcare industry where wireless connection of devices is already gathering significant momentum. Other areas of industry and finance and commerce are moving forward a pace as well.

The issues concerning cyber security are enormous, and the need for some type of cyber insurance staggering. If everything that you own, buy or wear can be connected wirelessly to the Internet, then it can also be theoretically hacked, or have some other way of some type of malware installed in the system.

This means potentially an individuals home is at risk, their car is at risk, their body is at risk if they have something like a pacemaker fitted, their pet is at risk if it is microchiped, as well as all their day-to-day activities being at risk such as banking, shopping etc, especially if being done on a smart phone or mobile device.

The other way that the Internet of things impacts hugely on cyber security is simply that any employee or volunteer will be taking their connected life with them into their place of employment or work, meaning that anything on or about them that is wirelessly connected will then feed into the IT infrastructure of their place of work.

This means that any organisation or businesses IT systems and networks can immediately be exposed to a wide range of wearables and devices that the IT system administrators have no real control over.

This of itself poses significant risks in terms of a data breach, in addition to the unpredictability of whatever wearable or device an individual may unwittingly bring into their place of employment or work.

 

What is an Effective Cyber Security Policy?

Cyber security means different things to different people, and this can be one of the problems in creating a relatively good cyber security protection system within any organisation or business.

Some of the most common questions asked are :

What is  a Cyber Security attack?

What is a Security Network?

What is a Cyber Security Policy?

What is Cyber Crime?

What is  a Cyber Security Engineer?

In a number of organisations, staff employed or think of cyber security as being the realm of the IT guys. To them it means the risks of a network being hacked by someone and stealing data, and it’s down to the IT systems professionals to protect the network through firewalls etc.

Whilst this is certainly a large part of cyber security, the danger in this understanding is that it leaves out the day-to-day activities of people employed within the organisation. These account for the bulk of the activity through networks, and it is day-to-day activity that in many ways poses a much greater risk for many organisations.

This is not so much an issue around complacency, as around getting staff or people working/volunteering in any organisation or business to appreciate the real risks posed by doing any activities online, on any device, at any location.

Any organisation or business will be acutely aware how internet access has changed profoundly over last few years, not only in terms of broadband speeds, but in terms of how people access the internet through smartphones, tablets etc. There is also the strong drive/push by many organisations and government agencies to push people to use the Internet to do their daily chores.

CYBER SECURITY – INTERNET USAGE

It is worth recapping the various areas that people use the Internet for. People employed in any organisation or business likely to use the internet at that place the employment not only for company business, but also for their own day-to-day activities.

This invariably puts the company or organisation at risk of a data breach, and it is important to understand the dangers of this happening.

CYBER SECURITY – EMAIL

Email – email is still used by most people as a primary means of communication, both to work colleagues and to friends/family.

Whilst a company/organisation should have its own anti-virus and anti-malware software installed, there still a danger through unsolicited emails of introducing malware into the network. It is estimated that between 85 and 90% of all email sent is spam.

Surprisingly many people do click on spam links, partly because a huge amount of spam is directed at pharmacy medications and Viagra, which can sometimes be made to look convincingly professional.

The risks of clicking on any type of spam email, or opening any attachment from an unknown source or that it will introduce some type of malware into the organisation’s IT system, with potentially highly damaging effects.

CYBER SECURITY – BANKING and FINANCE

Banking and finance – most of the major banks are increasingly persuading/forcing customers to do their banking online, which again raises real security issues, often through email.

Many of the scams people fall for stem from emails sent to them that purportedly come from their bank, or from their credit card company or organisation such as PayPal.

These scam emails will contain links within them encouraging individual to click on the link and either enter a password or confirm some other details. This type of scam invariably leads to disclosure of critical private information from individual, which usually results in monetary loss and/or the risk of identity theft.

CYBER SECURITY – SOCIAL NETWORKING PROFILES

The other huge area of potential risk is through social networking. People quite happily post a huge amount of private information on social network sites such as Facebook/Twitter/Google + etc, which presents a potential minefield in terms of privacy and identity theft.

The danger is that enough information could be gathered about an employee through that social networking profiles to allow hackers/criminals to gain access to a company’s network through posing as an individual connected to that organisation.

The other main areas of Internet usage tend to relate to areas such as online shopping, online gaming and gambling, downloading and distributing videos and file sharing. Whilst internet usage itself is not primarily dangerous, the issue within an organisation/business is that of cyber security.

All the above activities when carried out within an organisation or business environment can potentially expose the security of the network through unintentional personal carelessness.

The main way to protect the organisation/business against risks outlined above is really through education, and having policies and procedures in place which help staff and volunteers to remember the potential dangers that daily online activities can expose them to.

CYBER SECURITY – PASSWORDS

Changing passwords is a classic example. Every cyber security guide there is encourages people to change their password regularly, but most people don’t. If they do, they change it to something memorable so they don’t forget it.

Changing an attitude or culture within any organisation is difficult, but an area of website security it can be increasingly dangerous or financially damaging not to.

CYBER SECURITY – INTERNET of THINGS

The other huge area of cyber security which is likely to become dominant in the next couple of years is what is referred to as the Internet of Things.

This refers to the ever increasing installation of wireless capable activity into and onto such everything that people own, eat, where, buy or in some other way have about them on their person or in their person in daily life.

The intent is to make people and their daily activities always connected to the Internet. This may take some time to achieve, but is being driven by all the major tech companies and all the major manufacturers.

This means in simple language that everything from clothes to watches, spectacles, shoes, refrigerators, ovens, speakers, televisions, cars, pacemakers, public transportation etc are becoming, or soon will be, wirelessly connected. To some people, this scenario is a dream, to others it is a nightmare.

However it is likely to become a reality of some description within the next few years. It is largely been driven by the belief that the more people are connected wirelessly to their lives, the more goods and services can be sold to them, and the more profitable large manufacturers and tech companies can come.

Whatever the ideological bent about the Internet of Things, perhaps the major issue is cyber security.

If peoples lives are literally connected with the world online, it will expose then and their possessions to extensive cyber security risks, both in terms of hacking and other risks as outlined above, and will require extensive rethinhing about different types of insurance and risk management.

What does Big Data and Predictive Analysis Really Mean ?

One of the problems with understanding Big Data, is that the term itself means different things to different people !

Some of the most common questions asked are :

 – What is Big Data all about?

 – What is the Big Data Market?

 – Why is it important to use Data?

 – What is Strong Data?

 – What si Big Data Used For

There are however two main areas of the term that most people recognise, and in reality cover the present reality. It is important to realize that we are really only just at the beginning of what Big Data means, what the implications are and its relationship to Artificial Intelligence.

The two main areas referred to above are the amount of information posted by and about people online, and the amount of information made available by governments, business’s etc. The scale of the amount of information that is posted online is almost too big to quantify.

What is important to realize is that this type of information, i.e. blog posts, social media posts, videos etc don’t fit into the traditional format of a database, and as such cannot be analysed in the same way. In relation to Big data, this mean new ways have to be found to both store and analyse this information.

In terms of governmental information, Big data is at its simplest just that. Huge amounts of data/information that are produced by governments, businesses and other organisations, some of which is made public, some of which is kept private.

The issues around big data are complex and varied. The primary concerns have to be those of privacy and cyber insurance/cyber security.

The sheer volume of big data, however you may come to define that term, means that a significant number of different people and different networks will be involved in processing and using the information. The privacy issues of big data are significant.

However much the information is anonamized, the implications regarding the data being hacked and personal information on individuals being gathered is significant. Identity theft is a significant cyber insurance and cyber security issue, yet one that remains under the radar for many people.

In most instances, cyber security has at its core the issue of a data breach occurring, and the implications thereof. Given the sheer fact that big data implies a huge increase in the volume of data being processed, both structured and unstructured data, the number of servers and networks involved also going to be significantly increased.

The logic therefore dictates that the risk of cyber security threats that would apply to one network within a company or organisation will be multiplied many times over.

Big Data – Government

Most governments in the West actively encourage the release of big data relating to many areas of government and life generally. This in part is because governments believe it shows an openness in their storage of information, which may be true or not, and because it allows an unprecedented level of predictive analysis of trends and behaviour in society generally.

The US government website has huge amounts of big data available relating to a wide range of areas, listed below.

Agriculture

Climate

Consumer

Ecosystems

Education

Energy

Finance

Health

Local Government

Manufacturing

Maritime

Oceans

Public Safety

Science and research

BIG DATA and BUSINESS

Whether or not many businesses want to get involved with big data, often they do not really have a choice.  It is more an issue of how they analyse and use the data that is flowing through them, both to enhance their business and also to promote their industry.

The issue is really about how to make sense of the huge volumes of data in ways that benefit their company as opposed to being overwhelmed by it.

Predictive Analysis

Predictive analysis is the phrase that has given to the manipulation of data into formats and charts that make sense of the information in a way that is useful. Predictive analysis of the data as to add value to any organisation, government or business.

It has to help them understand potential future trends, both in their underlying business as well as consumer or citizen habits. Predictive Analysis will to a large extent also show likely developments in individuals lifestyles and behaviours, as part of a wider pattern.

Such analysis will inevitably mean more information being gathered from consumers/ordinary people in order that predictive analysis have some meaning. This inevitably raises even more privacy concerns and cyber security threats and need for cyber insurance planning.

BIG DATA and ARTIFICIAL INTELLIGENCE

The whole area of artificial intelligence is relatively new, but one being heavily invested in by the major tech companies. The aim behind a lot of artificial intelligence research is to allow it to automatically analyse and manipulate the data by itself, without the need for human intervention.

The growth of artificial intelligence and robotics is one that will profound effect on the issue of big data and how it is used. The cyber security implications need to be part of any process of form regarding the storage, usage and predictive analysis of the data by whoever is storing it.

BIG DATA and HADOOP

Hadoop is an open source structure that can be used to store and manipulate sets of big data. Hadoop acts as a system that allows it to monitor clusters of computers to allocate types and amounts of different  jinformation in the most efficient manner possible.

Why your Robotic Hoover may not be as innocent as it looks

Your Roomba may be vacuuming up more than you think.

High-end models of Roomba, iRobot’s robotic vacuum, collect data as they clean, identifying the locations of your walls and furniture. This helps them avoid crashing into your couch, but it also creates a map of your home that iRobot is considering selling to Amazon, Apple or Google.

Colin Angle, chief executive of iRobot, told Reuters that a deal could come in the next two years, though iRobot said in a statement on Tuesday: “We have not formed any plans to sell data.” (Reuters later corrected its article to say that Mr. Angle was hoping to share the maps free with customer consent, not sell them.)

full story

Big Data Goes Back to Earth

Government is developing a ‘big data’ system to incorporate new areas of agriculture policy concerns and initiatives. Additionally, government is taking measures to manage the relationships between climate, soil type and farm management systems, including irrigation.

Mr George Oduro, the Deputy Minister of Food and Agriculture, said this at a workshop for stakeholders aimed at enhancing the validation process. The framework, he said, would help know the number of farmers and their engagement in the different crop, fisheries and livestock productions.

full story

Top Careers in Big Data

Our friends over at Simplilearn provided us the infographic below which explores the top 12 interesting careers in big data. Big data is no longer a buzzword for our future capabilities, but is already being used by businesses in a range of industries.

From data driven strategies to decision making, the true worth of big data has been realized, and has led to opening up of amazing career choices. Power to the data!

full story

Italy[s largest bank hacked

Data about loan accounts belonging to 400,000 customers of Italy’s largest bank has been put at risk by two security breaches.

Unicredit said that personal data and account numbers could have been stolen.

But it added that the accounts’ passwords had not been compromised, so the hackers could not have carried out unauthorised transactions.

It represents the biggest cyber-incident of its kind reported by an Italian bank to date.

full story

What are Smart Home Systems?

Smart home systems refer to a variety of different and overlapping electrical and wireless systems that will enable a smart home or a smart house to function as a combined whole unit.

Central to understanding the nature of the systems is an understanding of the basis of what a smart home is and the various technologies that underpin it. The idea of a smart home has been around for a long time, in fact in many ways it is one of the oldest science fiction dreams that is on the verge of becoming a reality.

The typical scenario that shows the potential of a smart home normally involves someone driving home from work in their smart car. As they approach their home, their smart car communicates with their garage, and their garage doors open automatically as they arrive.

In addition, as they arrive home, their smart car will connect with their home, their lights will automatically come on within the home, their heating will come on and so will their appropriate kitchen devices, such as their oven waiting to pre-cook their dinner.

A further scenario includes their groceries being delivered at the exact moment they arrive home.

Smart home systems

This has happened because that smart refrigerator has realised that they are running low on certain items, has automatically contacted their local grocery store who have assembled the items and delivered them automatically to their home.

The grocery store new when to deliver them by accessing the drivers online calendar and working out the exact point when they would be home.

In addition the grocery store would automatically charge the amount of the groceries to the drivers credit card, which they have on account, and the amount on the credit card would be automatically debited from the drivers bank account through an online banking facility.

A few years ago, this scenario or these scenarios would have seemed far-fetched. Today they are the verge of becoming a reality for anyone who wants them. Quite literally billions of devices are being fitted with sensors that will allow them to connect to each other wirelessly over the internet, a scenario commonly referred to as the internet of things.

Smart home systems tend to be the various types of systems that would be used within a smart home such as an alarm system, a security system, a lighting control system, an audio system, a technology system and perhaps even a complete smart phone system.

In addition that will need to be a smart home management system both to coordinate all these activities, and to be able to manage them in the event of any one of them not working.  At the moment it is anticipated that the systems are will be controlled through an app or apps through someone’s smart phone, but this could well change in the future.

The push by the big tech companies to move to voice recognition technology seems to imply that this is their preferred mode of co-ordinating the mechanics of a smart home. What is perhaps being overlooked is the cyber security implications and risks inherent within any such system.

What is a Smart Home Security System?

Most people would probably give slightly different answer to the question of what is a home security system, let alone a smart home security system.

Any security system in a home is often thought of largely as an alarm system, possibly coupled nowadays with various types of CCTV cameras and other types of technology that can alert and detect intruders.

A home security system certainly can be that, but can also be a lot more.

The traditional method of securing a home has always been locks and mortar.

As time has gone on, technology has allowed more and more sophisticated devices to let people believe that home is safer.

A smart home, both now and in the future, is one where essentially all the systems and devices in the home can connect or talk to each other wirelessly, and can be centrally controlled either through a smart phone app or some type of voice recognition system.

Inevitably a smart home security system will consist of a combination of locks on windows and doors that can be controlled wirelessly, as well as a combination of burglar alarms, CCTV cameras and various other security devices.

Smart home security system

The proponents of a smart home security system will argue that the combination of all these factors, and the fact that they can be coordinated and controlled through a central wireless system makes the whole process of safeguarding and securing a home much easier.

That can certainly be debated, but to an extent misses the point.

While there certainly may be some advantages from a convenience view point of the ability to co-ordinate various connected devices, it does also leave someone’s home much more vulnerable to the possibility of being hacked.

The idea of cyber security and internet safety is one that most people are probably aware of, even if it is only the notion of computer viruses and computer malware.

Most people who have a PC or tablet in their home are likely to have some type of antivirus software installed, may or may not have a firewall activated and most likely don’t take the risk of being hacked to seriously.

The scenario changes significantly in the event of a smart home existing, and a smart home security system being the main or only line of defence against any intruder or unwelcome visitor.

There are already many anecdotal instances of baby monitor alarms being hacked by individuals who then use that device to say things and shout things that will upset or disturb the baby or child near the device.

Whilst these reports are certainly disturbing in themselves, they should also be disturbing to the manufacturers of these devices.

The vulnerability of these devices lies not only in the devices themselves, but in the continual upgrades they will need over their lifetime in order to keep them secure.

Cyber Security and the Networked World

Many people view the growing nature of the internet of things in one of two ways.

They either see it as a world where literally every person, place and thing can literally talk to each other through sensors and wireless connectivity, and see this as a massive boon for mankind.

Other people see this same world as being quite horrific, and bringing up huge issues in terms of privacy and security, and do not believe it will ever really happen.

The internet of things essentially refers to a process where pretty much every device that we use at home and at work, everything we wear, everything we use will in some way be connected to each other wirelessly.

This process allows manufacturers and governments to collect huge amounts of information about people in a way that has never been foreseen or planned for.

This information is now being collectively referred to as big data, and there is a huge industry trying to work out how this information can be used, largely for the benefit of manufacturers and supposedly for the benefit of government planning in transport and urban development.

The reality is that all major manufacturers of virtually every product on the planet are now either putting sensors into their devices, or planning how to, in order to enable the internet of things to happen.

Whilst there are certainly technical difficulties to overcome, a whole range of what are being referred to as internet of things platforms are being developed, which will in the end enable a seamless integration of these devices.

People may doubt that this will happen, will happen quickly or at all. Sadly this is wishful thinking for a number of reasons.

Cyber Security – networked world

The main reason is that the main beneficiary of the internet of things well in fact be a vast range of businesses and corporations who stand both to slash costs hugely and increase profits significantly at the same time.

That of itself will drive the Internet of things.

This to an extent is already happening in supermarkets, And is a really good example of how this process will work.

All products in supermarkets have a barcode, at the checkout this barcode is swiped against a screen and is added to the shoppers bill.

At the same time, the barcode feeds into the inventory system of the supermarket and sets in motion a process right back to the distribution center, and ultimately the production process itself.

In addition, supermarkets are now widely installing self-service checkouts that means the individual customer has to swipe the products themselves, thus reducing the need for staff even more.

Whilst there are huge social and libertarian issues involved in all this, the issue of privacy and cyber security is huge, and is likely in many ways to get overlooked in the rush for profit and cost-cutting.

The amount of personal information being processed by all manufacturers of these devices and products is colossal, and all potentially at risk of being hacked or compromised in some type of data breach.

This could lead to a massive erosion of trust in a number of systems currently used, and could lead to significant growth of identity fraud and theft for a whole range of individuals.

What is the nature of Cyber Crime?

The nature of cyber crime is so widespread that in some ways it is difficult to be really specific about it.

Any type of cybercrime will inevitably start with some type of data breach, which can either be digital or paper, and will most likely involve some type of theft of information from a business/organisation or individual.

The nature of cyber crime will to an extent depend upon both the individual committing the crime and the nature and type and scope of information that is stolen.

Often times simply the revealing of such information can have a devastating effect either on the individual or business, or in some cases political parties or the  reputations of a whole range of individuals or businesses.

In other cases cyber crime can quite literally be the  theft of money or various types of financial products.

This can be quite wide-ranging in terms of  credit card information, loan or mortgage applications, credit score reports or much more complex financial products used by banks and trading companies.

CYBER CRIME

Cyber crime when committed against individuals through hacking a wireless network could invoice to be a breach of their privacy.

This is not to diminish the impact, but in the same way that if your house is burgled a big part of the damage is the sense of violation that an individual will feel aside from what is actually taken, a cybercrime where an individual has their privacy violated can equally be extremely upsetting.

Other examples of cybercrime can relate to a whole range of business or industrial activity.

The most obvious errors perhaps like to think that any business or company wants to keep  relatively private or secret, which could range from financial information, through to product design, through to bad news the company doesn’t want announced, through to theft of intellectual property etc

Cyber crime  can often also have a really ugly face when it is used to blackmail individuals or companies.

This is sometimes done through what is known as ransom ware  where information is stolen from a company, and a ransom demand in terms of money is issued for its return.

Sometimes the criminal  will essentially freeze the businesses entire IT systems and the mound a ransom for unfreezing them.

CYBER THREATS and CYBER SECURITY

People often think of cyber threats as relating to government department or agency’s, or to political parties or to big corporations or businesses.

Whilst that in part is obviously true, the nature of cyber threats has grown hugely over the last few years, and most experts agree there will be a massive growth in the risk of cyber threats both to individuals and every type of business or organisation in the near future.

It is important to understand both the nature of cyber threats, and where they come from.

Whilst it is certainly true that the focus of my cyber threats relates to businesses and organisations, the growth of the Internet of things also means that in the next few years individuals own personal lives increasingly come under  threat of a cyber attack or a hack.

Focusing on cyber threats relating to a business organisation, the real risk for many people are a company’s information or knowledge database.

The information that any company or business has either about itself, its customers,  its supply chain, its competitors or its future plans can be of value to other people.

CYBER THREATS

The nature of theft of information often doesn’t register with people because it doesn’t seem as horrific as say a violent crime that is physical in nature might do.

Cyber threats that relate to theft of any type of information from a company can often result in various types of cybercrime that can have devastating effects both on the business or organisation, and on any individual connected with it, either as an employee or a customer.

Information stolen from any company can be used either to defraud the company begin the process of perpetrating identity theft on individuals whose information has been stolen.

Depending upon the industry, financial information system can literally be a financial crime.

Other types of cyber threat often relate to some type of kidnapping and ransom demand.

This is where a cyber criminal essentially steals information from a  company and demands a ransom for its return,often known nowadays as some type of ransom ware.

The other type of cyber threat that is very real for a  lots of businesses is where someone manages to pack and individuals computer or the complete system and essentially freeze the entire network. They then demand a ransom payment to freeze the system and restore it back to some level of  normality or integrity

What is the Best Computer Security

cyber insurance    cyber insurance    cyber insurance    cyber insurance

When people talk about computer security nowadays, they are inevitably referring to cyber security or the real threats that relate to any type of computer wherever it is used.

Most people still think of computers as being essentially desktop computers, although that is and what has been something of a myth.

Today’s smart phones are very much powerful computers in their own right, although people still think of them as phones.

In a way a microwave is a computer, but people do not think of it as being particularly vulnerable to any type of cyber security.

What is important to realise perhaps is that the growth of the Internet of things is going to rapidly change everything that individuals and businesses have and do in their day-to-day work and personal lives.

This means that in fact, an individual’s microwave although refrigerator will become hackable as they will be wirelessly connected to the Internet, and thereby potentially open to some type of Data breach.

People may laugh at the idea of a refrigerator being hackable, as it doesn’t seem any particularly apparent risk involved therein.

COMPUTER SECURITY

What is really important that people realise that the nature of the Internet of things and of a smart home, along with smart phones, smart cars, online banking etc all adds up to a huge number of different layers of overlapping technologies that are all potentially at risk of some type of cyber attack.

It is key to understanding the risks involved, to understand that the term computer has changed and will change hugely over the next few years. Thinking of a baby monitor as a computer is perhaps a heart leap some people.

There have been recent reports of  baby monitors being hacked by individuals, who then talk through the baby monitors at the baby, which is overseeing a hugely distressing and concerning  environment both for the baby and for the family concerned.

Computer security is still very much about things like firewalls and security of systems, along with common sense precautions around opening email attachments, or downloading and installing dodgy software.

However, it has become much more than that, and the speed with which the Internet of things is set to overtake society in the next five years means that the nature of computer security will change drastically, and really needs a complete rethink in terms of individuals attitudes.

WHAT IS A CYBER SECURITY FRAMEWORK?

Having a cyber security framework is often referred to as some type of cyber governance, and in many ways its value lies in the fact that there is some type of framework at all.

It is rather like the old saying that it is better to have a plan than  no plan at all, although having a bad plan might counter that argument.

The value of a cyber security framework is having a structure that addresses the fundamental issues relating to cyber crime and cyber security, and the need some type of cyber insurance either self managed through an insurance company.

The value of a framework of any type is that it is essentially a structure, should have a number of components which mean that the structure itself addresses the problems in an institutional way rather than simply relying on luck or judgement, or more normally one or two employees who are really up to speed with what needs doing.

CYBER SECURITY FRAMEWORK

The chief component perhaps of a cyber security framework is to have it recognised as being at the core of any individual or businesses corporate framework.

This means that it should be instigated at the most senior level of board or management structures, and the cyber security framework should involve some level everyone at the most senior level.

This obviously depends upon the size and nature of the business or organisation.

What is also crucial is to have a lead member of the business, ideally at board level or equivalent, who has social stability for the cyber security framework, both in terms of making sure that such a framework exists, and implementing processes to make sure it is effective.

That simply is about accountability and designated responsibility, which in a way is very different to any other aspect of any business or organisation.

What is different perhaps is a many people don’t take sides security as seriously as  they should, and as such to allocate that level of possibility or accountability to it.

Having a lead individual who can oversee a cyber security framework gives them the duty to put a structure in place that can both identify the risks to the individual or organisation, and do whatever they can to minimise or suppress those risks.

Such a cyber security framework or structure essentially involves two main elements, those of systems and staff.

The nature of both will vary considerably depending upon the size and nature of the business or organisation involved, but what is important is the sentence for as at the top of the framework.

That individuals are given specific tasks or responsibilities specific to cyber security, and there’s a level of accountability does not punitive in relation to their roles.

Having a framework that is flexible in terms of accountability and responsibility is crucial so that it doesn’t become institutionalised in its own right.

At the same time the nature of site security means having to trust a significant number of individuals to do their job properly, and needs to be clear guidance and direction as to how that can be done.

 

WHAT IS BEST CYBER SECURITY COURSE ?

Looking for a cyber security course tends to throw up to slight the extreme and different ends of the spectrum.

The majority of cyber security courses or offered as MA’s  or MSc’s and are by their very nature by the additional two or an extension of some type of message of science degree.

They tend to deal with very technical areas of cyber security, and obviously geared to a very specific type of analyst or individual seeking a career in cyber security.

The other type of cyber security course tends to be offered to people at school, or people apparently school to give them some type of basics about how the Internet and mobile networking effectively works, and what risks and challenges inherent within the system.

Both these areas of cyber security courses  have their place, but it does leave a huge gap between for anyone who is interested in what the real risks of cyber security are, and what an individual or business can do to protect themselves against such risks.

CYBER SECURITY COURSE

A lot of the challenge for anyone involved in the cyber security world is to make it really relevant to individuals and businesses of all sizes before it is too late and data breaches or identity theft become a more common part of everyday life.

The growth of the Internet of things is set to explode in the next few years, and risks in terms of wireless networking and the potential for being hacked will become a real part of every individual’s day-to-day life.

The other challenge concerning the cyber security world is to make people aware of the real risks involved, without making people think it is simply some part of an operation fear type of movement, either by government or interested companies, because the nature of cybercrime and cyber security is by it’s very nature fairly invisible.

Part of the way forward is undoubtedly to education, and to having various types of cyber security courses that are available in the workplace and online for individuals to have a look at. It is likely, that the majority of people will only take cyber security and the threat of cyber crime  more literally when the consequence of it have become more widespread, and more people have become affected.

Education can change that, and needs to be done quickly as the growth of the Internet and the scale of the cyber threats relate to it increases at speeds that people simply do not relate to on a day-to-day basis.