COMPLY’s Post

Great article for brokers trying to explain why better cyber coverage and higher limits are a smart move. Begs the question, why don’t all organizations take the most basic steps to improve their own cybersecurity (software updates, training, external scanning, etc.) and look into their vendors’ cybersecurity posture? [Forgive me as I repeat myself 😩]

📣 Rather than being an exercise in hanging CrowdStrike over the coals, the #US Congressional hearing may stand to produce legislation that makes #cyber safer. 👉 There is a precedent for such legislation occurring out of high-level #incidents, READ to find out what the #cybersphere could be in for.

Just read this article by the Wall Street Journal on how US companies are struggling with stricter reporting requirements after having experiencing with cyberattacks. Do you wonder how your company can streamline your cybersecurity and compliance process amidst varying state and federal regulations?

The stakes will become even higher when new U.S. Securities and Exchange Commission rules take effect in mid-December that demand prompt disclosure of material cyberattacks and annual reports about cyber risks and vulnerabilities. Tired of “generic” disclosures and “gamesmanship” from public companies more concerned with protecting their reputations than their shareholders and customers, the SEC says it’s time to get tough.

It’s been three months since the Securities and Exchange Commission’s cyber disclosure rules took effect and rather than creating a deluge of incident revelations, only a trickle has emerged. Companies have submitted 12 initial Form 8-K, Item 1.05 filings, the form the SEC began requiring businesses to file for material cybersecurity incidents on Dec. 18. Each of these filings mention an “incident,” and all but two said the activity or access was “unauthorized.” While the language businesses use in Item 1.05 filings are ultimately crafted to notify regulators and investors of potential risks, these words also signal how a company detects, mitigates, contains and recovers from cyberattack

The article in today’s Australian Financial Review highlights some key issues around board-level responsibility for cybersecurity. It’s worrying, but not surprising, that many directors still don’t fully understand their obligations and often wait until after a breach to take action. While I’m undecided on the effectiveness of fines, the message is clear: cybersecurity must be a priority for governance, not just an IT concern. With cyberattacks happening every six minutes in Australia, it’s concerning to see some boards haven’t run basic cyber simulations or decided how to handle ransom demands. It’s not a question of if a breach will happen, but when. Directors need to act now or face serious legal and reputational risks. There’s a general trend towards more proactive cybersecurity measures, but I’d like to see more of this mindset in the small enterprise space. These businesses face the same risks but often lack the resources to recover effectively after an attack. Cybersecurity preparedness is essential for all businesses—waiting until after the breach is simply not an option anymore.

MSN reports: A data breach may have exposed billions of personal information records, lawsuit claims: Billions of records containing personal information of U.S. residents may have been exposed after a background check company fell victim to a breach, a new lawsuit alleges. The complaint, filed in Florida, argues NPD 'scrapes the [personal information] of potentially billions of individuals from non-public sources' and does so without the consent of those individuals." Events like this should make you want to improve your cybersecurity practices. Join us on Aug. 29 to learn the best ways to protect your clients' info and your own: https://lnkd.in/gMZhDpgd Article: https://lnkd.in/gnNaWmes

Even the big guys can get compliance reporting wrong. “Every second counts and four days can be an eternity” when reporting cyber intrusions, according to the SEC.

 In today’s increased compliance enforcement environment, a cyber attack response plan is critical to safeguard your company.

 Compliance is at the core of everything we do at Braided. We can make sure you are prepared with the controls, process, and training to meet and exceed regulatory standards.

 Contact us today to get started. 
#compliance #SEC

The Onda+ policy can support your clients by providing financial support for restoration efforts in case of a cyber-attack, including repairing or replacing bricked hardware or systems. This ensures that they can recover swiftly from the attack without bearing the full burden of the associated costs.     Moreover, our policy offers peace of mind with coverage for potential business interruption, loss of revenue, and even potential legal liabilities resulting from cyber attacks.   Learn more: https://lnkd.in/eD8yxmaw #CyberInsuranceSimplified #Bricking #InsurancePolicy #UKMGA #BusinessInterruption #CyberLiabilityInsurance #BrokerSupport

Would your company survive a $25M cyber loss? At a briefing on Friday, Feb. 2, 2024, Hong Kong police revealed that a recent cyber incident involving deepfake technology resulted in a finance professional at a multinational firm being manipulated into wiring more than $25 million in company funds to fraudsters. This article provides more details on the incident and offers tips for businesses to prevent future deepfake-related losses.