Week 1:
Market perspective
- Recommendations (of Larcker, Reiss & Tayan – 2017)
1. Integrate cybersecurity in the company’s risk framework (customer AND corporate
data)
2. Monitor if management and employees take cybersecurity seriously
3. Develop a data breach action plan (incl. board responsibilities)
i. GDPR gives rules to have this
4. Monitor data classification and security policies (incl. director communications,
documents, and conversations).
i. Classification: good way to secure
5. Terminate or reduce/restructure reward of board members and management in case
of cyber impact
i. Focusses only on negative & you not in control, you can always be a victim
6. Increase board cyber savviness (educate & recruit)
Cybersecurity
- Cybersecurity = the protection of cyber systems against cyber threats.
- Cyber threat = a threat that exploits a cyberspace.
o
- Cost benefit analysis
o
- Framework
- Should do: look at several aspects
- All 4 to balance
, - Spooks: governments using tools to protect national interest – including the risk of ending up
in the hands of crooks
- Crooks: botnet herders, malware writers, spam senders, bulk account compromise, targeted
attackers and cash out operators.
- Geeks: experts and researchers that report vulnerabilities – in order to enable fixing the
vulnerability.
- The swamp: focus on person rather than on property, e.g., hacktivism and hate campaigns
- Risk Management – ISO/IEC 27000:2018 – is a protocol for cyber protection. It is updated in
2022, in adaption to new risks. Some new controls were added, there are four theme clauses:
o Organizational
o People
o Physical
o Technology
Cyber Insurance
- Yes/No
o Allows organizations to transfer some of the financial risks associated with cyber
incidents to an insurer
o The financial losses might cost associated with remediation, investigators and crisis
communication
o Most cyber insurance companies are typically insurance companies offering a
broader range of insurance services.
- Trends
o Currently insurers reduce coverage in combination with increasing premiums
o Stop covering the costs of ransom payments
o Increasing minimum cyber security maturity levels (beyond having in place
reasonable security measures?)
o Educate insured organisations
- Going forward cyber-insurance providers will thrive by succeeding in:
o Rewarding security,
o generating knowledge and,
o punishing insecurity while,
o partnering with technology providers how have a deep access to policyholders’ IT
architecture.
Willingness to pay ransom
▪ It is not always legal to pay…
- Not surprisingly: “strong relationship between WTP and concern for data breach, with those
who were concerned about data breach being more willing to pay the ransom”
- 3 basic categories of attitude to paying the ransom:
o Those who would object on principle to giving money to a criminal (28% of
respondents) and those who did not value their files (25%) showed lowest WTP
o Those who would not trust the criminal (20%) or hope to recover their files through
an expert (18%) showed significantly higher WTP
o Those who would pay if the price were right (1%) had highest WTP
- Ransomware – six dilemma’s
1. Are you technically prepared (e.g., back-ups and zero trust approach)?
2. Do you have access to threat intelligence (e.g., open source decryption keys –
researchers and culprit intelligence – researchers & law enforcement authorities)?
3. Do you have a cyber insurance. And what does it really cover?
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller IMTIL23. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $5.98. You're not tied to anything after your purchase.