True Analytics™ - Energy Savings, Comfort, and Operational Efficiency
The Business Side of Cyber Security (Continued)
The value of
taking additional measures
to increase the cyber security posture of your control systems, far
outweighs the risk of not making them secure.
Vice President, Marketing
Cyber security has a technology side and a business side. From a business perspective, the negative consequences that cyber incidents can cause are disruptive and potentially catastrophic. The value of taking additional measures to increase the cyber security posture of your control systems, far outweighs the risk of not making them secure.
Here are a few interesting items in the news of late related to the business side of cyber security.
The New York State Department of Financial Services (DFS) announced it will propose new cybersecurity regulations for financial institutions. The exact details of the regulations are being hashed but include a number of areas in which the DFS intends to act: Cyber Security Policies and Procedures, Third-Party Service Provider and Management, Multi-Factor Authentication, Appointment of Chief Information Security Officers, Application Security, Cyber Security Personnel and Intelligence, Annual Auditing, and Procedures for Noticing Cyber Security Incidents.
As noted, one of the new regulations focuses third party providers and suppliers and the requirement to implement policies and procedures to ensure the security of sensitive data or systems that are accessible to, or held by, third party providers. New regulations could mandate firms to “perform cyber security audits” of their third-party vendors or require third-party vendors to make “representations and warranties” about the state of their information security.
Now Affect Credit Ratings
Moody’s Investors Service announced that as cyber risks become more pervasive, it will take a higher priority within their analysis and that the credit implications associated with cyber defense, detection, prevention and response will start to take a higher priority within its credit assessments and analysis.
Well even after two years since the Target cyber issue, they remain in the news. Target has to pay nearly $40 Million to settle with banks and credit unions who brought class action claims against the retailer for alleged losses the financial institutions suffered as a result of Target’s 2013 data breach. This most recent settlement comes on the heels of a $67 million settlement with Visa, and a $10 million settlement with consumers, both earlier this year. The most recent settlement brings Target’s total costs to a staggering $290 million (and it is far from over). This on top of lawsuits that are still pending, as well as regulatory enforcement and investigation actions by the FTC and various state attorneys general.
Insurance companies are cracking down on insurance
because of cyber security. They are beginning to evaluate and rate
company cyber health and insure (or not) and charge accordingly. As
such, insurance is becoming more sophisticated as the companies
offering coverage begin to demand companies they insure meet specific
cyber security requirements to be eligible for coverage; begin to
determine premiums and policy coverage based on the implementation of
those requirements or flat out choose not to offer coverage as the risk
is too great due to ineffective cyber security practices and cyber
When it comes to cyber security, the business side is equally as important as the technology side. The operational, financial and reputational impacts to a business are tremendous.
Additional cyber security articles by Marc are linked
[Click Banner To Learn More]
[Home Page] [The Automator] [About] [Subscribe ] [Contact Us]