New FTC Actions, Allianz Global Cyber Report and Schools Scoring Low For Cyber Readiness: November Cyber News Bytes

FTC Takes Rare Action

The Federal Trade Commission (FTC) plans to take a rare legal step against Drizly CEO James Cory Rellas. The FTC is seeking individual sanctions against Rellas for his role in a data breach that impacted his company. This step represents a rare example of a regulatory body pursuing individual liability stemming from alleged data privacy abuse.

As noted in an article from Advisen, the FTC and its chair Lina Kahn aim to send a clear message: protecting Americans’ data is not discretionary.  The article adds that the FTC’s data security enforcement is limited due to the lack of federal privacy law and thus is unable to bring fines for first-time offenses.  We should closely watch for similar actions and guidance, as the FTC looks to reinvigorate its data security enforcement efforts.

Allianz Global Cyber Report

Allianz Global’s recently released cyber report supports what many of us already know and continue to read from similar reports throughout the industry; ransomware remains a top cyber risk for organizations globally. 

Allianz presents increasing trends across its portfolio, which appear to be consistent with findings across the insurance community. Allianz Global Head of Cyber Scott Sayce’s comments about gaining better insights into prospective insureds exemplifies the changes that we’ve seen in the cyber underwriting process over the last two years.  He adds that Allianz has seen good progress in cybersecurity controls and notes that organizations with sound cyber hygiene are better equipped to prevent and ultimately deal with an incident. 

Scott closes by referencing the risk mitigation value that these cybersecurity controls can provide but does not address the additional positive impact that such controls will have on cyber insurance policy.  Awareness of the cybersecurity controls that are required by cyber underwriting will allow organizations to be more informed and strategic cybersecurity decisions. 

Unison Risk Advisors’ Cyber RiskScript is an extremely helpful resource that is worth revisiting in light of these trends. We are closely monitoring the changes within the cyber market and continue to refine our approach to keep our clients informed and prepared. View the document and reach out to an RCM&D advisor today to learn more.

Schools Becoming Common Cyber Target

In today’s fertile cyberattack landscape, schools are becoming increasingly more frequent ransomware targets due to vulnerabilities related to security systems, limited budgets and unapproved apps without firewalls.

The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on the topic. In the new advisory, schools are required to meet a minimum recommended score to identify their ability to protect, detect, respond and recover from cybersecurity threats. The minimum score is a 5, however, K-12 school districts are currently scoring an average of 3.8, the lowest among 19 peer local government groups. A new article from JDSupra identifies the top five security concerns currently facing schools and presents the resources available to assure the required controls are in place.

Cybercriminals Often Return after Ransomware Payments

Hiscox’s newest Cyber Readiness Report has found that more than one-third of companies that suffer a ransomware attack are targeted a second time. Along with this alarming statistic, a high percentage of businesses that suffer an attack also did not recover their data when the ransom was paid, and for many, their data was leaked.   

An article expanding on these findings outlines the most prevalent causes of system infiltration in conjunction with a ransomware attack.  As we are constantly reminded, it continues to be critical for businesses to implement strong security control measures to protect their business from cyberattacks.    

hbspt.forms.create({ region: “na1”, portalId: “5702639”, formId: “1576c62c-f31f-43ce-94f7-9eac30b710d0” });