Cyber security: Insurance, Metaverse, Fines, and Data Governance

In the wake of increasing ransomware attacks and expensive collateral damage, buying cyber insurance to protect against these risks and losses would seem like a no-brainer. But like everything else, it's just a little more complicated than that.

As the threat landscape has grown more complex and challenging, so has the cyber insurance market, reports Richard Pallardy for InformationWeek. Denials are common and litigation is increasing. As budgets are tighter, you may be wondering if cyber insurance is really worth the cost.

Organizations should take a look at what exactly the insurer is offering in addition to limited coverage in the event of an attack. It could be expert advice, penetration testing, or other services that make the price of that expensive insurance more worthwhile.

Carriers have become a bit more savvy when it comes to cyber risk and loss management, fueled by an almost seemingly endless portfolio of claims underwritten over the last few years -- many of which have involved significant dollar payouts. As such, you can expect carriers to demand considerably more information about your company’s cyber programs; particularly to those areas that have proven to contribute most significantly to recent large-scale breach events, such as multi-factor authentication, end-point security, and privileged access management.

-Kevin Novak

managing director Breakwater Solutions

Cyber threats are also now looming in the metaverse and CISOs and CIOs should now start developing security strategies to address them. Virtual storefronts and anonymity could create fertile virtual ground for new kinds of identity theft, fraud, and other threats. However, many of the threats are likely to be against individuals rather than the enterprises themselves. As such, IT executives may want to focus their efforts on creating safe metaverse environments for customers.

Failure to protect consumer data can be expensive. The New York Attorney General's Office fined fashion retailer Zoetop $1.9 million for its failure to protect consumer data and properly disclose the scope of a 2018 data breach. Enforcement activity of consumer data breaches had been relatively limited until a few years ago, but that's changing. Experts recommend proper notification of authorities and individuals, which can demonstrate the organization's commitment to data privacy and transparency.

Proper data management and governance is certainly an important step in protecting data privacy. If you are looking for some best practices when it comes to your data management and governance, InformationWeek has collected several here.

Meanwhile, Europe is facing an energy crisis as the electricity being generated is not enough to meet demand. The crisis is expected to hurt IT organizations in Europe, with those in Germany impacted first due to their reliance on Russian energy, says ISG (Information Services Group)'s Steve Hall. Even though they are unlikely to experience actual supply issues, UK and Nordic countries are likely to experience significant price increases which will make life harder for enterprises with internal, inefficient data centers.

European enterprises may make a bigger push to cloud providers such as Amazon Web Services (AWS), Microsoft Azure Cloud, Google Cloud, Alibaba Cloud, IBM Cloud, and Oracle Cloud in the months ahead as a result, according to Hall.