Page 3 - UZAZOO.BH964

P. 3

Network Security and Privacy

Shifting Legal and Regulatory Landscape

“ We ignore the risks that are hardest governance, boards of directors must maintain a reasonable level
of oversight since latency, jurisdiction, privacy, data and security
8
to measure, even when they pose the obligations can remain the legal burden of the board’s entity—
even though caused by a third-party outsourced service provider
greatest threats to our well-being” 1 or anonymous hacker.

Paying attention to cyber risks is good business. Responsible
Successful businesses increasingly use technology to increase corporate leaders will focus on, and devote resources to, effective
sales, maximize efficiency and reduce expenses. Evolving programs to manage information security matters. They will
technologies such as cloud computing, social media, mobile mitigate their risk by engaging experts to place specialized cyber
devices and big data analytics have helped entities achieve profits insurance coverage, with language tailored to address their
and lift the U.S. stock markets to record heights in the first half specific needs and exposures.
of 2013. However, these same businesses face an increasingly
diverse and sophisticated array of threats to the security of their
information management systems. Cyber theft, fraud, sabotage, New Technologies and Emerging Threats
2
espionage, and hacking (including from governments ) are more Corporate leaders continuously seek new technological tools
frequent in the social media age and the associated costs with to make their organizations more automated, responsive, and
information security breaches are increasing for entities in every profitable. Technological developments in recent years, such
industry sector—from Retail, Financial Institutions, Healthcare, as increased reliance on cloud computing, mobile devices, and
Hospitality, Media, Communications, Technology, Consulting and social networking, have contributed to the dramatic increase in
3
Professional Services to Manufacturing and Transportation . The security risks. Such developments necessitate that each entity
legal exposure, reputational harm and business interruptions that develop consistent corporate policies and contractual allocation
may result can wreak havoc on a company’s bottom line. of liability guidelines as primary risk mitigation measures to the
extent possible.
The digital revolution raises new cyber risk concerns that can
significantly affect an entity’s financial statements . Because
4
corporate directors and officers have a fiduciary duty to protect Mobile Devices, Cloud Computing,
their company’s assets—including digital assets themselves as Big Data and Social Media
well as the stock prices that may be affected should a breach Among the technological advances that have contributed to the
occur—they have a legal obligation to focus on IT security and risk increased security risks are the countless types of personal tools—
5
mitigation matters . Corporate counsel, therefore, are becoming USB/thumbdrives, smartphones, tablets, and other devices—that
more focused on how to advise their clients’ boards on matters your clients’ employees use in connection with their work. These
6
relating to data security and other IT-related risks . The next wave tools were initially developed and enjoyed widespread use before
of shareholder class action litigation is predicted to be against employers focused on the security implications that accompany
boards of directors that have not satisfied their duty of care to them. Often, the devices are purchased by the employees
7
manage such exposures . As a matter of judicious corporate themselves, used for both personal and work-related matters, and

1 Nate Silver, “The Signal And The Noise: Why So Many Predictions Fail – But Some Don’t,” 2012
2 The United States Federal Bureau of Investigation and the U.S. National Security Agency are reportedly tapping directly into servers at major Internet companies to keep
track of the communications and interactions of known and suspected foreign terrorists. http://www.washingtonpost.com/investigations/us-intelligence-mining-data-
from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html and http://www.guardian.co.uk/world/2013/
jun/06/nsa-phone-records-verizon-court-order.
3 Breaches spanned multiple countries across a wide variety of industries (March 2013) (http://www2.trustwave.com/rs/trustwave/images/Trustwave_GSR_
ExecutiveSummary_4page_Final_Digital.pdf)
4 KPMG Data Loss Barometer 2012 (January 2013) (http://www.kpmg.com/EE/et/IssuesAndInsights/ArticlesPublications/Documents/Data-Loss-Barometer.pdf)
5 Carnegie Mellon University, Governance of Enterprise Security: Cylab 2012 Report: How Boards & Senior Executives Are Managing Cyber Risks, J. Westby, Author, May 16,
2012. http://www.rsa.com/innovation/docs/CMU-GOVERNANCE-RPT-2012-FINAL.pdf
6 Law in the Boardroom: Corporate Board Member/FTI Consulting May 2013 Survey: http://www.fticonsulting.com/global2/media/collateral/united-states/law-in-the-
boardroom.pdf. Only a third of corporate general counsel surveyed reported that they felt “very confident” in their clients’ ability to respond to a security breach.
7 P. Bessette, M. Biles and T. Highful, King & Spalding LLP, “The Next Big Thing In Securities Litigation,” Law360 New York, Feb. 26, 2013: http://www.kslaw.com/
imageserver/KSPublic/library/publication/2013articles/2-13Law360BessetteBilesHighful.pdf
8 Steps the C-Suite and Board Can Take to Guard Against Cyber threats: http://deloitte.wsj.com/riskandcompliance/2013/05/07/steps-the-c-suite-and-board-can-take-to-
guard-against-cyber-threats/

Aon Risk Solutions | Cyber Insurance 3

1 2 3 4 5 6 7 8