MDR’s Impact on Cyber Insurance Claim Values
A study commissioned by Sophos quantifies the impact of various cybersecurity controls on cyber insurance claim values. Organizations using Managed Detection and Response (MDR) services have significantly lower claim values, averaging $75,000 compared to $3 million for those relying solely on endpoint protection. MDR users also experience more predictable claims and faster recovery times from cyberattacks, highlighting the effectiveness of MDR services in mitigating the impact of cyber incidents. This research provides valuable insights for organizations and insurers to optimize cybersecurity investments and reduce financial losses from cyberattacks.
Cyber Resilience in Manufacturing
Cyberattacks pose a substantial threat to the manufacturing industry, impacting intellectual property and production lines. Shifting from traditional cybersecurity to cyber resilience is crucial, focusing on detection, containment, continuity and recovery. This highlights the critical need to secure supply chain vulnerabilities, minimize the financial repercussions of downtime, and capitalize on the strategic benefits of building resilience for regulatory adherence and market differentiation.
Record-High Ransomware Activity in Late 2024
The fourth quarter of 2024 saw the highest level of ransomware activity recorded to date, with 1,663 known victims posted on leak sites, marking a significant 32% increase from the third quarter. This data, reported by Travelers and based on intelligence research, highlights the growing threat and impact of ransomware attacks on businesses. It underscores the importance of robust cybersecurity measures to mitigate these risks.
Caremark Claims and Board Oversight of Cybersecurity
Kevin LaCroix, Attorney and Executive Vice President of RT ProExec, examines the potential for Caremark claims regarding breach of oversight duty in cybersecurity and data privacy. Companies facing mission-critical cybersecurity risks should have enhanced Caremark duties, including oversight of cybersecurity effectiveness and disclosures. Delaware law imposes specific duties on directors to establish reporting systems for compliance deficiencies and overseeing cybersecurity risks, particularly for companies where weak cybersecurity could significantly harm large institutions. This aims to ensure board awareness of compliance issues and detected misconduct, ultimately benefiting the company and society.
