SINET的动态

This is going to be a great discussion! How many times have we run into "well, we gotta try to get this through through the board", knowing that they don't have the awareness or concern that they should? This webinar will help created an informed board and should lead to some great conversations for people looking to enhance organizational resilience.

For those of you that are interested, some of my thoughts on fraud and scam management practices and some of the more recent solutions/innovations that we have been working on. Happy Friday!

?? Clorox Faces Steep Cyber-Attack Costs ?? Clorox have recently disclosed significant financial impacts due to cyber incidents, with combined costs reaching $49 million. ? The cleaning product giant Clorox experienced major operational disruptions due to a cyber incident discovered on August 14, last year, leading to a forced revert to manual ordering and processing. Although not explicitly confirmed as ransomware, the nature of the response suggests it. Costs incurred due to this incident have reached $49 million over six months, primarily covering third-party consulting, IT recovery, forensic expertise, and additional operational costs due to business disruptions. ?? These filings underscore the severe financial implications of cyber incidents on corporations, including direct recovery costs, operational disruptions, and potential long-term impacts on cash flow and net income. #CyberSecurity #Ransomware #BusinessImpact #Clorox #CyberAttackCosts #InfoSec #cyberthreatintelligence

We're thrilled to announce the release of our latest report,?Rethinking Risk: Inside Class Actions. This comprehensive survey dives deep into the dynamic class action landscape in Australia, offering strategic insights to help businesses navigate and mitigate risk. We uncover the top concerns keeping corporate Australia up at night - from cyber security and financial loss to the broad spectrum of social and governance risks. This is a must-read for any organisation navigating the evolving landscape in Australia. Read our report:?https://lnkd.in/gge2XgRS Jason Betts, Melissa Gladstone, Vanessa Leyshon, Brock Elder-Gunthorpe, Natasha R. #ClassActions #Risk #Auslaw #Cyber #ESG

Check out our latest insights on class action risk in Australia - particularly interesting in light of the latest Privacy Act reforms announced in Parliament just yesterday.

What’s keeping Corporate Australia up at night? Our latest findings reveal that about 30% of corporates aren't currently undertaking a specific assessment of class action risk to their business. For the majority, class action risk is only considered as part of general risk assessments or alongside subject domain risks like cyber or ESG.

Fantastic read highlighting the #Top10 #issues for GCs -- including the #problem with #paying #ransoms, namely an #increasing wave of #scrutiny by #insurancecarriers, #stakeholders, and #regulators. "Internal and external stakeholders, including boards of directors, insurance carriers, and regulators, are increasingly scrutinizing ransom payments. As a result, senior management should be prepared to justify any ransom payment both to internal and external stakeholders. During an incident, boards will often be asked to approve a ransom payment, which would be predicated on the board’s relative level of comfort with management’s considerations and rationale for payment. Insurance carriers may also question the value proposition if payment is made solely for data suppression (e.g., payment so that data will not be leaked) in contrast to payment for the decryptor tool. Furthermore, certain regulators have added additional reporting requirements specifically related to ransom/extortion payments. The New York Department of Financial Services (NYDFS) amended its Cybersecurity Regulation (23 NYCRR Part 500) and, as of December 1, 2023, each covered entity is required to report any extortion payment to the NYDFS within 24 hours of the payment, and within 30 days of the extortion payment, provide “a written description of the reasons payment was necessary, a description of alternatives to payment considered, all diligence performed to find alternatives to payment and all diligence performed to ensure compliance with applicable rules and regulations including those of the Office of Foreign Assets Control.” Similarly, the federal Cyber Incident Reporting and Critical Infrastructure Act directs the Cybersecurity and Infrastructure Security Agency to develop a proposed rule on reporting cyber incidents, including requiring covered entities to report ransom payments within 24 hours. The proposed rule is expected by March 2024, and a final rule by September 2025."

In Marsh's latest instalment of the "A CISO's guide to cyber risk" article series, Will Vernon, ACII explores key considerations for CISOs in companies that want to improve their insurability. By improving their insurability — that is, their suitability for insurance coverage — companies can usually achieve wider coverage and better terms and conditions. Read more here: https://bit.ly/4bEevCm

Our market-leading class actions team has been at it again with this latest report, Rethinking Risk: Inside Class Actions. A must-read.

Thank you, Clearwater and Steve Cagle, MBA, HCISPP, CHISL, for this important post. As you stated, Steve, no organization can be risk-free. BUT, in our current environment, all organizations MUST BE RISK-LITERATE and RISK AWARE. Sadly, most are neither. As we know, that's why 90% of healthcare organizations subjected to OCR investigations involving ePHI fail to produce comprehensive, enterprise wide, OCR-Quality Risk Analyses. The risk analysis requirement, part of the HIPAA Security Rule, was published in the Federal Register in February 2003! C’mon healthcare C-suites and board directors! #riskmanagement #enterprisecyberriskmanagement #cyberriskmanagement #cyberriskilliteracy #cyberopportunitymanagement #cybersecurityvalue #boardcyberoversight #boardofdirectors