The RE: View April 21-May 7, 2014

May 12, 2014 7:00am

The RE: View is a bimonthly look back at the headlines that caught the attention of our RE: Cyber contributors that senior executives and Board members should consider when assessing and managing cyber risk.

May 7, 2014

10 talking points about cybersecurity and your business, The Guardian

The number one takeaway from a recent cybersecurity conference: size doesn’t matter; you’re never too small to be attacked.  Another key point:  cybersecurity is not just a technology issue; culture and education are keys to cybersecurity.  Read the full article for additional cybersecurity tips.

 May 7, 2014

Firms have wasted millions on faulty IT security awareness programs, says ISF:  New training programs should focus on reducing risk rather than checking boxes, FierceITSecurity

Companies need to move away from programs designed to "check the box" for security compliance to programs focusing on risk and which behaviors can reduce that risk.


 May 6, 2014

Target CEO Ouster Shows New Board Focus on Cyber Attacks, Bloomberg

CEOs beware: data breaches can now cost you your job.  The removal of Target CEO Gregg Steinhafel shows Boards are willing to hold executives accountable for data breaches.  A lesson learned:  develop a strategy to deal with a breach before it happens.

 May 2, 2014

Why Ignoring the NIST Framework Could Cost You, Huffington Post

The NIST Cybersecurity Framework was developed to enhance cybersecurity without enacting binding regulatory requirements.  However, negligence lawsuits could use the Framework to shape reasonable standards of cybersecurity.

April 29, 2014

Consumers Ditch Their Breached Retailers, Banks and Doctors:  New survey shows how data breaches do affect some consumers' buying decisions, InformationWeek, DarkReading

Data breaches can affect your bottom line.  A Javelin Strategy & Research survey shows that one-third of consumers stop shopping at retailers that have been breached and nearly one-third leave their healthcare providers after a breach.

 April 24, 2014

AIG cyber insurance covers bodily harm, CNNMoney

Consider cybersecurity insurance as part of your risk mitigation strategy.  Cyber insurance products continue to evolve as evidenced by AIG’s recent expansion of its cyber insurance to cover property and bodily damage.

April 21, 2014

SEC seeks data on cyber security policies at Wall Street firms, Computerworld

The SEC is planning to review the cyber polices of broker-dealers and investment advisors to determine whether they are prepared for potential cyber threats.  Investment advisors, small or large, need to make sure your tools policies regarding governance, risk identification and assessment, network and data security controls, remote access and third party cyber risks are up to snuff.