@Risk

Focused on supplier risk issues for business leaders

Corporate Boards Still Not Paying Attention to Cyber Risk

March 05, 2012 | No Comments →

News last week that a NASA computer stolen in March 2011 contained unencrypted codes used to command and control the International Space Station has put the spotlight, once again, on the issue of cyber security.

Are C-suite execs paying attention?

Unfortunately, new research suggests they’re not.

The advanced findings from the latest 2012 Carnegie Mellon CyLab Governance survey of how corporate boards and executives are managing cyber risks reveal that the issue is still not getting adequate attention at the top.

Sponsored by RSA, The Security Division of EMC, the survey results show that even though there are some improvements in key “regular” board governance practices formation of board Risk Committees and cross-organizational teams within certain organizations, significant areas of concern remain. For instance:

  • Oversight is lacking. Boards and senior management are not engaging in key oversight activities, such as setting top-level policies and reviews of privacy and security budgets to help protect against breaches and mitigate financial losses.
  • Most boards aren’t taking responsibility. Less than one-third of the respondents indicate their boards and senior executives are undertaking basic responsibilities for cyber governance.
  • Lack of personnel is a concern. Nearly half of the respondents indicated that their companies do not have full-time personnel in key privacy and security roles.
  • Insurance coverage needs updating. More than half (58 percent) of the respondents said their boards are not reviewing their companies’ insurance coverage for cyber-related risks.

What can you do to help remedy the situation at your company?  RSA suggests you: (more…)

European Insurers Face Challenges to Solvency II Compliance

January 20, 2012 | No Comments →

European insurers are racing to meet Solvency II requirements by the January 1, 2014 deadline, and many are facing a stiff head wind, particularly with respect to their reliance on third parties for data, the sophisticated risk modeling requirements and the difficulties associated with obtaining sufficiently detailed fund data.

More specifically, a new study by BNP Paribas Securities Services and InteDelta found that insurers are facing key challenges around: (more…)

Who Has Access to Your Sensitive and Confidential Workplace Data?

December 21, 2011 | No Comments →

Last month, I reported that many companies are struggling to keep pace with the compliance and risk policies necessary for effective social media governance.

Now, HP has released new global research indicating that organizations also face increased threats from an even more fundamental policy and procedures issue: poor control and oversight of sensitive and confidential workplace data.

According to the new study conducted by the Ponemon Institute, many companies say they have well-defined policies for individuals with privileged access rights to specific IT systems. However, almost 40 percent were unsure about enterprise-wide visibility into specific rights, or whether those with privileged access rights met compliance policies.

The survey, which focused on more than 5,000 IT operations and security managers across the US, the UK, Australia, Brazil, France, Germany, Hong Kong, India, Italy, Japan, Korea, Singapore and Spain, also found that: (more…)

Less Than 40 Percent of Employees Take IT Security Seriously

December 05, 2011 | No Comments →

How careful are employees when it comes to IT security?

Apparently, most aren’t careful, at all. What’s more, most aren’t really concerned whether or not IT policies are followed.

Take a look at these survey results. IT security expert Avira polled nearly 1,000 of its users in September and found that:

  • Only 38.95 percent of those participating in the study said they adhere to security policies designed to protect their company.
  • About the same amount (35.42 percent) admitted there are security policies in place at their business, but that they didn’t feel that anyone really cared whether those policies were followed or not.
  • The remaining 25.63 percent said they see security as a system administrator’s responsibility and not an employee concern. (more…)

Social Media Growth Outpaces Development of Risk, Compliance Policies

November 30, 2011 | No Comments →

Over the past few years, social media has evolved into an essential component of the marketing toolbox.

But, most companies have failed to keep pace with the necessary compliance and risk policies and procedures.

A recent study conducted by Grant Thornton LLP and Financial Executives Research Foundation illustrates the problem. The survey responses from 141 senior financial executives from public and private companies showed that: (more…)