Week 1:
Market perspective
- Recommendations (of Larcker, Reiss & Tayan – 2017)
1. Integrate cybersecurity in the company’s risk framework (customer AND corporate
data)
2. Monitor if management and employees take cybersecurity seriously
3. Develop a data breach action plan (incl. board responsibilities)
i. GDPR gives rules to have this
4. Monitor data classification and security policies (incl. director communications,
documents, and conversations).
i. Classification: good way to secure
5. Terminate or reduce/restructure reward of board members and management in case
of cyber impact
i. Focusses only on negative & you not in control, you can always be a victim
6. Increase board cyber savviness (educate & recruit)
Cybersecurity
- Cybersecurity = the protection of cyber systems against cyber threats.
- Cyber threat = a threat that exploits a cyberspace.
o
- Cost benefit analysis
o
- Framework
- Should do: look at several aspects
- All 4 to balance
, - Spooks: governments using tools to protect national interest – including the risk of ending up
in the hands of crooks
- Crooks: botnet herders, malware writers, spam senders, bulk account compromise, targeted
attackers and cash out operators.
- Geeks: experts and researchers that report vulnerabilities – in order to enable fixing the
vulnerability.
- The swamp: focus on person rather than on property, e.g., hacktivism and hate campaigns
- Risk Management – ISO/IEC 27000:2018 – is a protocol for cyber protection. It is updated in
2022, in adaption to new risks. Some new controls were added, there are four theme clauses:
o Organizational
o People
o Physical
o Technology
Cyber Insurance
- Yes/No
o Allows organizations to transfer some of the financial risks associated with cyber
incidents to an insurer
o The financial losses might cost associated with remediation, investigators and crisis
communication
o Most cyber insurance companies are typically insurance companies offering a
broader range of insurance services.
- Trends
o Currently insurers reduce coverage in combination with increasing premiums
o Stop covering the costs of ransom payments
o Increasing minimum cyber security maturity levels (beyond having in place
reasonable security measures?)
o Educate insured organisations
- Going forward cyber-insurance providers will thrive by succeeding in:
o Rewarding security,
o generating knowledge and,
o punishing insecurity while,
o partnering with technology providers how have a deep access to policyholders’ IT
architecture.
Willingness to pay ransom
▪ It is not always legal to pay…
- Not surprisingly: “strong relationship between WTP and concern for data breach, with those
who were concerned about data breach being more willing to pay the ransom”
- 3 basic categories of attitude to paying the ransom:
o Those who would object on principle to giving money to a criminal (28% of
respondents) and those who did not value their files (25%) showed lowest WTP
o Those who would not trust the criminal (20%) or hope to recover their files through
an expert (18%) showed significantly higher WTP
o Those who would pay if the price were right (1%) had highest WTP
- Ransomware – six dilemma’s
1. Are you technically prepared (e.g., back-ups and zero trust approach)?
2. Do you have access to threat intelligence (e.g., open source decryption keys –
researchers and culprit intelligence – researchers & law enforcement authorities)?
3. Do you have a cyber insurance. And what does it really cover?
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper IMTIL23. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €5,57. Je zit daarna nergens aan vast.