Daily

Analysis of the day’s most important stories at the intersection of cyber and financial risk with implications for companies (Organizations), policy and macro-economic challenges (Economics)

Daily |

Organizations: Report makes the case that when it comes to the financial impact of ransomware, remediation is critical

Rubrik, a leading data center backup and recovery provider, recently released a report analyzing the best approaches to managing the financial cost of ransomware. It contends that one reason the financial cost of operational disruptions is so high is because most of the focus and resources are placed on prevention rather than recovery. The report claims that a ‘belt and braces’ approach—one that ensures back-ups cannot also be easily compromised when core IT infrastructure is impacted—helps limit data loss and operational damage. Yet in 23% of cases, backup data was affected prior to the ransomware attack being identified. 30% of those who had experienced a ransomware attack said that it took days to recover.

Read full article
Daily |

Organizations: Boohoo highlights shortcomings with ESG products reliance on self-reported data

UK fast fashion retailer Boohoo saw its share price fall by 1/3 following allegations that workers in its UK supply chain were being paid 3.50 GBP per hour. The Financial Times notes that 20 ‘sustainable funds’ hold Boohoo shares, and that it was recently the largest holding in the Aberdeen Standard Investment employment opportunities fund, ‘which invests in companies with good employment opportunities and practices’.

Read full article
Daily |

Organizations: Levi’s is accelerating digital transformation in face of declining revenues

Following a reported 62% drop in revenue in Q2, Levi’s is outlining the steps it is taking to accelerate its own digital transformation amid COVID‑19. Steps include investing in online sales growth and direct-to-consumer sales in addition to scaling down physical store growth from the planned 100 this year to 70. CEO Chip Bergh’s comments during the company’s recent earnings call captured this strategy well.

Read full article
Daily |

Economics: Security deserves more focus within dual-track approach to digital transformation

92% of business leaders say digital transformation requires a dual-track approach, according to a report released Wednesday from Harvard Business Review Analytical Services and Quick Base. The primary goals of digital transformation include 1. Increased productivity/efficiency, 2. Enhancing customer satisfaction, 3. Increased revenues/profitability

Read full article
Daily |

Organizations: Garmin confirms that a ransomware attack was responsible for service disruption

Garmin confirmed yesterday that a cyberattack that caused widespread disruptions over the past 5 days across its IT network — to website functions, customer support, company communications and customer facing applications — was a ransomware attack. Services are starting to be restored, but questions remain about the extent of the penetration into Garmin’s network, and how the attack was resolved. Garmin is due to report 2Q20 earnings tomorrow (Wednesday, July 29).

Read full article
Daily |

Policy: Despite progress of GDPR, digital transformation still lacks a regulatory pillar

Now into the third year of GDPR, questions are being asked about what change it has brought about. This article notes there have been around 340 GDPR fines totaling approximately $180 million over the last two years. However, two of the largest fines amounting to a combined $350 million are still to be confirmed in the coming weeks — British Airways ($229mn) and Marriott ($123mn).

Read full article
Daily |

Organizations: Role of the psychology of human error in cyber breaches suggests more tailored approach to training required

The ‘Psychology of Human Error’ report by Tessian aims to help companies better train employees to prevent mistakes from happening before they turn into breaches.

Read full article
Daily |

Organizations: As retail bankruptcies continue, a look at how well or poorly companies are executing digital transformation strategies can tell investors who might be next

In the words of one commentator, COVID‑19 has been the final blow for several retailers that were considered ‘the walking wounded’ prior to the pandemic. The two dozen Chapter 11 filings this year have exceeded 2019’s total and show no signs of slowing down as the disruption and uncertainty continues into the second half of the year.

Read full article
Daily |

Organizations: IBM Cloud revenues surge 30% amidst overall company revenue decline of 5.4% in 2Q20

IBM 2Q 2020 earnings are a tale of two business models. Revenue from its cloud-related businesses surged 30% to $6.3b, while overall group revenue declined 5.4% to $18.12b. 2Q net income was $1.36b. Services and Consulting businesses were weak spots as client companies look for cost savings and postpone spending in the wake of COVID‑19, with CFO Kavanaugh noting that “many clients continued to delay projects, defer purchases, and favor opex over capex spending.”

Read full article
Daily |

Organizations: 2-Star Twitter was on downward slide in Cyberhedge ratings in the months prior to the breach

Coverage of last week’s Twitter hack has now shifted towards longstanding security concerns, including internal controls and employee access issues. The company is now under scrutiny from several directions, including the FTC, Congress and the FBI.

Read full article
Daily |

Economics: SEC issues warning on increasing ransomware threat to financial services firms

The SEC’s Office of Compliance Inspections and Examinations (OCIE) warned of a recent increase in the sophistication of ransomware targeting financial service providers. The OCIE issued guidance on tactics and techniques organizations can use to guard against these attacks, broken down into six key areas: Incident response and resiliency policies, procedures and plans, Operational resiliency, Awareness and training programs, Vulnerability scanning and patch management, Access management, Perimeter Security.

Read full article
Daily |

Organizations: Operational disruption risks on the rise for industrial companies, putting a further premium on strong cyber governance

The Honeywell USB Threat Report 2020 called attention to the rising threat facing industrial control systems (operational technology) amid the continued digitization of industrial processes. According to the report, “as the second most prevalent attack vector into industrial control and automation systems, USB devices continue to play an important role in these types of targeted attacks.”

Read full article
Daily |

Organizations: IBM reports that companies still poorly prepared to respond to cyber breaches despite increased awareness of risks

IBM and Ponemon Institute’s fifth annual Cyber Resilient Organization Report surveyed more than 3,400 IT and security professionals globally and found that companies’ ability to contain cyber attacks has declined by 13% over the past several years, due to deficiencies in planning and preparing breach ‘playbooks’, as well as having IT security systems that are too complex.

Read full article
Daily |

Organizations: Latest Citrix patches another reminder of operational risks facing companies today

Citrix has issued patches for 11 CVE-listed security vulnerabilities in its various networking products. This is the third in a series of ‘must patch’ vulnerabilities in recent months for Citrix, and it comes on the heels of a public breach the company announced in March of 2019.

Read full article
Daily |

Organizations: Most ESG Indices outperforming non-ESG peers in 2020

The Financial Times reports that over the first 4 months of 2020, the S&P 500 ESG Index outperformed the normal index by 0.6%, and the MSCI Emerging Markets ESG Index and Asia-focused Asia ESG leaders index outperformed their parent indices by 0.5% and 3.83% respectively. Blackrock also reports outperformance by most ESG indices globally over their non-ESG peers.

Read full article
Daily |

Organizations: Lack of ransomware disclosures by companies is only part of the problem

Many companies that experience ransomware attacks do not disclose details of the breach to affected parties. IT media company Bleeping Computer reports being contacted by employees of companies that experience a breach seeking information about the event as C-suites keep tight lipped.

Read full article
Daily |

Organizations: DXC Technology breach the latest example of how cyber governance of a service provider can create financial risks for clients

DXC Technology, an already struggling IT services provider, was hit by a ransomware attack that has paralyzed part of its business. According to the company, the part of its business impacted was Xchanging, “primarily an insurance managed services business that operates on a standalone basis.” As of July 5th, DXC indicated it was confident the damage was confined to this part of the business.

Read full article
Daily |

Organizations: Three years after the NotPetya attacks, many companies still unprepared to respond to a ransomware attack

Research by data recovery specialist Ontrack of 484 organizations reveals that 39% either do not have a ransomware strategy, or are unaware if they have one, and 29% report they would not be able to access any working backups after an attack.

Read full article
Daily |

Organizations: Palo Alto vulnerability highlights importance of technology management

US Cyber Command is warning companies to immediately implement a critical patch for a potentially devastating security vulnerability in a number of Palo Alto Network products. Affected products include its firewall and VPN application, in wider use since the onset of work from home in March. According to the alert, the vulnerability is related to the company’s Security Assertion Markup Language. If exploited under certain conditions, it could allow a hacker access to a corporate network with administrator-level access without requiring the administrator’s login information.

Read full article
Daily |

Organizations: Thales survey finds company Boards much more willing to invest in IT security, but insecure access to IT networks still a big problem

The Thales 2020 Access Management Index Survey of 300 IT security professionals in the US and Brazil found a huge shift in how ‘easy’ or ‘difficult’ it is for IT departments to sell company Boards on the need for increased IT security resources. In last year’s survey, 44% reported that this was an ‘easy’ sell, while 33% reported it was ‘difficult’. This year, 65% report that it is an ‘easy’ sell, while only 16% report that it is ‘difficult’. 20% report that it is ‘Neither easy nor difficult’.

Read full article
Daily |

Economy: Swiss Re calls for more transparency on cyber risk

Swiss Re, the world’s second largest reinsurer, has called for companies to release ‘cyber resilience’ reports, saying there needs to be more transparency into how prepared they are to defend against attacks. The company indicates that in the wake of COVID‑19, there will be greater pressure on companies to demonstrate how resilient they are in the face of increasing risks.

Read full article
Daily |

Organizations: IBM survey of remote workers shows companies slow to respond to new challenges

IBM Security Work from Home survey of more than 2,000 newly remote work employees in the US reveals unpreparedness for remote work, and also provides a picture of companies slow to implement new training in response to this increased threat environment.

Read full article
Daily |

Policy: Two years on, GDPR shortcomings are apparent but strong regulation is still needed

GDPR, billed as landmark regulation two years ago when it was first passed, has placed an undue burden on small and medium-sized businesses, while some rules have proven difficult to implement according to an official report released today. Although there were nearly 800 administrative fines imposed between May 2018 and November 2019, the only significant fine levied against a large technology company (and by far the largest) was the €50m fine against Google in France in 2019.

Read full article
Daily |

Organizations: Hiscox Cyber Readiness report reveals companies increasing cyber spend in response to increasing threats

Insurer Hiscox’s Cyber Readiness Report 2020 surveyed 5,569 cyber security professionals from the US, UK, Belgium, France, Germany, the Netherlands, Spain and Ireland.

Read full article
Daily |

Organizations: Cognizant hit by attack that raises future risks both for itself and its clients

Cognizant, one of the world’s largest IT outsourcing companies, disclosed this spring that cybercriminals “exfiltrated” data related to employees’ corporate credit cards among other personal data including Social Security numbers, tax IDs, financial account information, and driver’s license and passport details.

Read full article
Daily |

Policy: Solarium Commission correct to draw parallels between the pandemic and significant cyber attack

The US Cyber Solarium Commission’s recently released white paper, Cybersecurity Lessons from the Pandemic draws parallels between the disruptions of the pandemic and the disruptions the US would experience during a significant cyber attack.

Read full article
Daily |

Organizations: Accelerated by COVID‑19, L’Oreal’s digital shift helped stem sales losses and positions company well for future if it can effectively secure online assets

L’Oreal, the largest cosmetics company in the world, has seen a huge increase in digital engagement and online sales during the COVID-19 shutdowns, and expects these trends to stick and even increase in the coming years. Echoing other companies that have seen a similar acceleration due to the pandemic on their digital initiatives, Chief Digital Officer Lubomira Rochet remarked: “In ecommerce, we achieved in eight weeks what it would have otherwise taken us three years to do.”

Read full article
Daily |

Organizations: Ransomware attack on Lion shows how technology governance matters more today than ever for every company, even a brewer

Australia and New Zealand’s largest drinks manufacturer, Lion, was hit by a ransomware attack on June 9th. As of Monday June 15th, systems were still ‘partially down’. Per Lion: “Our investigations have shown that a partial IT system outage at Lion is a result of a ransomware attack. In response, we immediately shut down key systems as a precaution. We have made good progress, however there is still some way to go before we can resume our normal manufacturing operations and customer service.”

Read full article
Daily |

Organizations: Zara owner Inditex to close 1,200 stores as part of its digital transformation strategy

Zara owner Inditex reported that it will permanently close 16% of its global outlets (1,200 stores) by the end of 2021 and shift towards a strategy more focused on online sales. This trend of increasing online sales was already growing pre-COVID‑19, but has accelerated due to the pandemic. Inditex’ online sales increased 95% in April, and the company estimates that online sales will account for more than 25% of total sales by 2022, up from 14% in 2019. Inditex will spend 1b euros on digital investments over the next three years to support its online sales efforts. Most of the store closures will take place in Europe and Asia.

Read full article
Daily |

Organizations: Ransomware hits cyber governance underperformer Honda at an already difficult time

A ransomware attack disrupted Honda’s global operations on Monday, and is suspected to have penetrated the company’s corporate network. This comes at a time when Honda was just getting operations back to fuller capacity after the Covid-19 driven complete suspension at major facilities, and while it is struggling with a drop in auto and motorcycle sales in every major market. Honda staff were advised not to access their work computers on Monday, and to take paid leave on Tuesday if possible.

Read full article
Daily |

Organizations: Survey: 94 percent of corporate IT teams are confident of their ability to secure their remote workforce, despite poor cyber hygiene by employees

An April survey commissioned by CyberArk of 3,000 remote office workers and IT professionals in the United States, UK, France and Germany found that 77 percent of remote employees are using unmanaged, insecure devices to access corporate systems, and 29 percent are letting other household members use their corporate devices for personal activities such as gaming, shopping and schoolwork. 40 percent of IT teams have not increased security protocols despite the massive transition to remote work, but despite this 94 percent of these IT teams are confident that they can secure their new remote workforce.

Read full article
Daily |

Policy: “Now is the time to expedite digital transformation”—ECB President Lagarde

ECB President Christine Lagarde’s comments to the Committee on Economic and Monetary Affairs of the European Parliament positioned digital transformation as an important priority for Europe’s economic recovery effort. Lagarde: “Another key dimension is the digital transformation. Here, the recent lockdowns have accelerated the adoption of digital technologies on a broader basis. Now is the time to expedite the digital transformation on a more permanent basis and bring the EU to the frontier of the digital economy.”

Read full article
Daily |

Organizations: Manufacturers digitizing at a faster pace as Kaspersky warns of targeted attacks on industrial systems

Industrial companies are greatly increasing their use of data management tools both as a response to Covid-19 workforce reduction issues, and due to the productivity improvements good data monitoring, analysis and control can provide. Annual spending on these tools is forecast to increase from $5b/year today to $20b/year by 2026. Meanwhile, Kaspersky detailed a series of attacks in Japan, Italy, Germany and the UK which targeted suppliers of equipment and software for industrial companies.

Read full article
Daily |

Policy: EU overhauling data and cyber rules

The EU is planning to unveil the Digital Services Act at the end of the year, a major piece of legislation to overhaul rules surrounding data and digital services. The EU has invited interested parties to submit comments by September 8, and the European Commission is targeting a December deadline for the draft law.

Read full article
Daily |

Organizations: Norges breach

The Norwegian Investment Fund, the world’s largest sovereign with over $1 trillion in assets, was the victim of a months-long cyber breach that resulted in a reported $10mn in losses. According to Norges, the breach was the result of a business email compromise.

Read full article
Daily |

Policy, Organizations: SEC Chairman Jay Clayton warns of risks of improper use of ‘imprecise’ ESG ratings

Chairman Clayton warned that combining environmental, social and governance metrics into a single ESG rating is an imprecise way of rating companies, and that asset managers should think carefully about how they use these metrics. There are 307 ‘Sustainable funds’ in the US with $119.3 billion assets under management as of the end of March 2020.

Read full article
Daily |

Organizations: Macy’s $1.1 billion bond sale a reminder of financial constraints

Macy’s announced a $1.1 billion bond sale to help shore-up the struggling retailers balance sheet as it navigates the COVID‑19 shutdown. The fresh injection of capital is needed to pay down short term debt maturing in January 2021 and fund operations in the immediate term.

Read full article
Daily |

Organizations: HTZ the latest example of the COVID‑19 acceleration of outperformers and underperformers. One difference maker? Digital technology.

Data from 30m McAfee MVISION Cloud users worldwide between January and April 2020 show external attacks by hackers on companies’ cloud-based systems have increased 630 percent following the mass migration to work from home. Overall enterprise use of cloud services has increased by 50 percent over the same time period. Use of Cisco Webex has increased 600 percent, Zoom by 350 percent, Microsoft Teams by 300 percent and Slack by 200 percent. Attacks by ‘insider threat’ categories (i. e. employees working from home) have remained the same, indicating that employees do not ‘attempt to steal more data because they are working from home’.

Read full article
Daily |

Organizations: HTZ the latest example of the COVID‑19 acceleration of outperformers and underperformers. One difference maker? Digital technology.

A WSJ article chronicled how HTZ was struggling long before COVID‑19, including reference to its belated digital shift relative to peers and repeated missteps with regard to its digital strategy. This reportedly included adverse impacts on fleet management while it cycled through four CEOs in less than 10 years.

Read full article
Daily |

Organizations: Survey quantifies willingness of customers to move their business following ransomware attacks

A survey of 2,000 consumers in North America, UK, France and Germany reported that 37 percent will switch to a competitor company if systems are not back online within 24 hours of a ransomware attack operational disruption, and 66 percent will turn to a competitor if systems are not restored within 3 days. 59 percent would ‘likely avoid doing business with an organization that had experienced a cyberattack in the past year’, and more than 80 percent reported sharing their negative ransomware-related experience with family, friends and colleagues.

Read full article
Daily |

Organizations: EasyJet breach a one-off or evidence of a larger problem? The answer will tell investors how well or poorly the carrier is positioned to weather the COVID‑19 crisis

British low-cost carrier EasyJet (EZJ) disclosed a customer data breach that the company says impacted 9 million customers. A majority of the data stolen was reportedly email and physical addresses, but a smaller percentage of customers reportedly had credit card details stolen. EZJ first became aware of the breach in January.

Read full article
Daily |

Organizations, Policy: UK survey reports 51 percent of companies spend at least 40 percent of their IT security budget on compliance

Companies are struggling with increasing compliance burdens that are taking up significant portions of corporate IT budgets and time. 51 percent of respondents report that compliance requirements take up 20,000 hours of resources annually. In addition, 58 percent of companies report that compliance requirements are a barrier to entering new markets. 70 percent say they must manage at least five different compliance projects at any given time, while 7 percent work on 50 or more projects at any given time.

Read full article
Daily |

Economics: The failures of J. Crew and Neiman Marcus highlight the importance of applying a Cy-Fi lens in today’s market

A NYT Times story explains how the fall of two retail giants—J. Crew and Neiman Marcus stemmed not only from the pandemic but also from the involvement of private equity firms and the financial over-engineering they deployed. The longstanding weaknesses of some traditional bricks and mortar retailers which include belated or poorly executed digital strategies are also directly related to an inability to make big investments due to being overleveraged. These weaknesses were further exposed by the pandemic, resulting in the recent bankruptcy filings.

Read full article
Daily |

Organizations: Vulnerability in Cloud server infrastructure software SaltStack infects servers, leaving them vulnerable to breach

Vulnerabilities in SaltStack software were used as a vector to infect cloud servers with malware or other exploits, with over 6,000 master servers reportedly infected and directly exposed to the internet according to the company, allowing them to be breached. The vulnerabilities were discovered about two weeks ago, and several networks have already reported that they have been breached and had cryptocurrency mining malware deployed onto their servers. More damaging attacks such as data theft and ransomware are possible. A patch is now available for the vulnerability.

Read full article
Daily |

Organizations: Pitney Bowes latest ransomware breach further evidence of persistently poor cyber governance

Pitney Bowes Inc. (PBI) experienced a second ransomware attack in seven months on May 4th. The ransomware gang Maze claimed to have breached and encrypted the company’s network. The incident was confirmed by PBI in a statement: “Recently, we detected a security incident related to a ransomware attack. We are investigating the scope of the attack, specifically the type of data that had been accessed, which appears to be limited.” PBI is working with its security partner IBM Iris to complete forensic analysis on the attack.

Read full article
Daily |

Economics: Some companies slow spend on digital transformation but larger trend is still clear

Citing a recent report by market research firm Canalys, the WSJ depicts a mixed picture on market-wide digital transformation prospects. Though Microsoft’s year-on-year enterprise cloud growth grabbed headlines, also included in results was the company’s admission that multi-year licensing deals were slow to complete in the final weeks of the quarter —just as the COVID‑19-induced slowdown was taking hold. Some analysts see a positive long-term trend towards digital being brought forward by the pandemic. Others see a slowdown in IT spend and longer-term licensing commitments and investment in cloud initiatives like further AI adoption in the short term as companies scramble to cut costs.

Read full article
Daily |

Organizations: Survey reveals significant deterioration in corporate cyber governance amidst transition to COVID‑19 remote work

A survey by Barracuda of over 1,000 business decision makers in the UK, US, France and Germany reveals significant cyber security deterioration from the recent sudden shift to remote working. 51 percent have seen an increase in email fishing attacks, 51 percent say their workforce is not proficient or properly trained in the cyber risks associated with remote working, 46 percent are not confident that their web applications are secure, 50 percent allow employees to use personal email addresses and personal devices to conduct company work, 49 percent fully expect to see a data breach or cybersecurity incident in the next month due to remote working. Despite this clear increase in the threat surface, 40 percent of the companies have cut their cybersecurity budgets as part of COVID‑19 cost saving measures.

Read full article
Daily |

Organizations: French flooring company Tarkett reports cyber breach

Tarkett reports that a cyber attack ‘has affected part of its operations since April 29 despite the IT security measures implemented by the group’, and that it has shut down its IT systems and implemented ‘necessary preventive measures to protect its operations as well as the data of its employees, customers and partners.’

Read full article
Daily |

Economics: Virus-related impacts testing cyber insurance market: Fitch

Fitch expects COVID‑19 related economic impacts to test the growing cyber insurance market due to risks around cloud-related breaches and other operational disruptions that could result in capital constraints and impact ratings.

Read full article
Daily |

Economics: “Two years’ worth of digital transformation in two months”

“We’ve seen two years’ worth of digital transformation in two months. From remote teamwork and learning, to sales and customer service, to critical cloud infrastructure and security—we are working alongside customers every day to help them adapt and stay open for business in a world of remote everything,” said Satya Nadella, chief executive officer of Microsoft on the announcement of strong Q3 results today.

Read full article
Daily |

Organizations: Less than four months after cyber breach, Travelex puts itself up for sale

Travelex announced that it is seeking offers and that interested parties should contact PricewaterhouseCoopers. Travelex’s business was severely impacted by its December 2019 cyber breach, which put the company in a very difficult financial position even before COVID‑19 disruptions hit.

Read full article
Daily |

Economics: Heightened cyber risks intensify longstanding challenge for M&A, especially among companies that do a poor job managing technology

A WSJ report outlined how increased cyber risks amid COVID‑19 are posing increased challenges for M&A transactions globally.

Read full article
Daily |

Organizations: Underprepared employees increase cyber risk, and are one reason some companies are less resilient in face of COVID‑19 disruptions

A survey of 2,000 remote workers in the UK reveals that two-thirds have not received cybersecurity training over the past year, and 61 percent said they were using personal devices to work remotely instead of corporate-issued devices. Despite these shortcomings, 77 percent reported that they are not worried about security while working from home.

Read full article
Daily |

Organizations: Corporate and internal IT networks primary source of breaches

A recently published Trustwave report looking at cybercrime globally found that far and away the most common environment breached is corporate and internal IT networks (54%), followed by ecommerce (22%) and the cloud (20%). In the thousands of incidents studied, the report found that 50% of breaches across all environments stemmed from phishing and social engineering.

Read full article
Daily |

Organizations: Unicredit—a persistent underperformer on cyber governance—suffers another breach

Data stolen from Italy’s Unicredit allegedly came via a cyber breach into a company contracted by Unicredit to provide HR services. The data went on sale April 19, and reportedly includes employee names, email addresses, phone numbers and encrypted passwords. Telecom Italia unit Telsy reported that “the database appears to be genuine and the potential result of a SQL injection attack”.

Read full article
Daily |

Organizations: Ransomware attack on Cognizant adds further strain to corporate networks that depend on this service provider to function

Leading managed IT service provider Cognizant announced a Maze ransomware attack on Friday. Per Cognizant: “Cognizant can confirm that a security incident involving our internal systems, and causing service disruptions for some of our clients, is the result of a Maze ransomware attack. Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident. Cognizant has also engaged with the appropriate law enforcement authorities.”

Read full article
Daily |

Policy: Cyberspace Solarium Commission report recommendations could have implications for corporate cyber risk disclosure

Zurich Insurance outlined how companies can defend against ransomware at a time when cyber vulnerabilities have increased amidst the COVID‑19-induced shift to remote work. The approach leverages the NIST framework, widely seen as the global standard for improving cyber defense.

Read full article
Daily |

Economics: Exponential rise in ransomware attacks is not just a cyber risk, it’s also a primary financial risk

Zurich Insurance outlined how companies can defend against ransomware at a time when cyber vulnerabilities have increased amidst the COVID‑19-induced shift to remote work. The approach leverages the NIST framework, widely seen as the global standard for improving cyber defense.

Read full article
Daily |

Organizations: World’s second largest container shipping company MSC suffers a network outage, possibly due to a cyber attack

MSC reported Friday that a network outage is affecting systems at its Geneva headquarters, and that a cyber attack might be responsible. As of Tuesday 16:00 GMT, the MSC website is still down and the company has released very little new information. General operations appear not to be widely impacted yet, but precedent shows that an operational disruption can be extremely value destructive to a company like MSC.

Read full article
Daily |

Economics: Advent of 5G makes digital technology even more integral to success or failure of business

According to a Wall Street Journal piece, 5G will transform supply chains, in part by cutting waste, better predicting consumer demand, and being able to adjust to market and operational shifts in real time. The gamechanger between 4G and 5G lies in the number of devices that can live on a single connection. By some estimates, 5G is 10 times faster than 4G. This enables more data to be analyzed more quickly and in much greater detail than was possible before.

Read full article
Daily |

Policy: US Department of Justice calls for mandatory data breach reporting

At a hearing on March 4 before the U. S. Senate Judiciary Committee, Department of Justice (DoJ) Deputy Assistant Attorney General for National Asset Protection in the National Security Division Adam Hickey called upon Congress to enact legislation that would create a uniform nationwide data breach disclosure law and include a requirement that companies report breaches not just to customers but also to law enforcement.

Read full article
Daily |

Organizations: Absence of ceasefire by ransomware hackers towards the healthcare industry means providers still need to maintain focus on cyber to reduce risk of additional shocks

Ransomware attacks on the healthcare industry continue at the same frequency as before COVID‑19, despite recent promises by some hacker groups to avoid targeting the industry during the current crisis.

Read full article
Daily |

Organizations: Corporate bond downgrades increase financial constraints on companies needing to improve cyber governance

A Wall Street Journal article outlined the accelerated pace of corporate bond downgrades amidst the COVID‑19 pandemic and economic crisis. It has been the swiftest pace of downgrades on record over the last two weeks. Ford was the latest big name to be downgraded to junk, while approximately $90bn of debt was downgraded in March, and some estimate the number to reach $200bn this year.

Read full article
Daily |

Economics: 135m records maintained by cloud backup provider SOS Online Backup exposed

VPN Mentor’s research team discovered a breached database at Cloud backup provider SOS Online Backup that contained more than 135m records. While this information apparently did not fall into malevolent hands, the incident highlights cybersecurity risks posed by the use of third-party service providers.

Read full article
Daily |

Organizations: Benefits of company digital tools like Zoom come with cyber and financial risks

As Zoom’s popularity has exponentially increased in recent weeks due to the mass migration to remote work, reports on security flaws continue to trickle out. Former NSA hacker Patrick Wardle shared with TechCruch two new security flaws that can be exploited to grant hackers physical control of a victim’s computer. Malicious code can be injected into a computer via a Zoom installer to gain root access—the highest level of user privileges.

Read full article
Daily |

Economics: Enterprise VPN and RDP use soars as COVID‑19‑driven remote work increases breach risks

Enterprise use of VPNs has increased by 33 percent, and use of Remote Desktop Protocols (RDP) has increased by about 40 percent over the past month as companies respond to COVID‑19 by having employees work from home. These systems increase the risk of a breach of company IT systems as they are inherently less protected than onsite systems and as employees use external access systems that they are less familiar with.

Read full article
Daily |

Organizations: Macy’s e-commerce business has gone from rare nice growth story to a lifeline for a company fighting to survive in face of COVID‑19

Macy’s announced it is furloughing a majority of its 130,000 staff globally in the midst of the COVID‑19 crisis that has ground brick-and-mortar retail to a halt. Staff that remain will maintain e-commerce, distribution, and call centers operations.

Read full article
Daily |

Economics: Report: Ransomware attacks increasing and increasingly paired with data breaches

Specialty insurer Beazley reports that ransomware attacks are rapidly increasing and that the dollar value of individual ransom demands is also increasing. Beazley’s analysis and key findings are in line with Cyberhedge findings that most breaches are relatively unsophisticated and the result of poor cyber governance and hygiene by employees. Strengthening employee training is both relatively low-cost and the most effective step that most companies can take to improve their cybersecurity. Beazley also highlights two additional key Cyberhedge findings: 1. that vendors are increasingly becoming a breach vector into companies and 2. that the dramatic increase in COVID‑19‑related remote access into company IT networks has increased companies’ cyber threat surfaces.

Read full article
Daily |

Organizations: Chinese group APT 41 seen to be exploiting Citrix and Cisco

Cybersecurity company FireEye outlined successful attacks by a Chinese group called APT 41 against Citrix and Cisco equipment in the first two months of 2020, targeting more than 75 FireEye customers, including manufacturers, media companies, and healthcare organizations. It appears that APT 41 accelerated efforts by exploiting software vulnerabilities in both companies, issues both Citrix and Cisco indicated they fixed.

Read full article
Daily |

Organizations: GE employee data leaked in a breach of service provider Canon

GE disclosed that personal information for a number of current and former employees was exposed in a security breach that took place between February 3-14 at Canon Business Process Services, one of its service providers. While the breach did not occur in GE’s systems, according to the legal filing, the case highlights a common supply chain risk: cyber governance extends beyond company networks and includes regimes of counterparties.

Read full article
Daily |

Economics: Most critical cyber insurance issue is not growth of ransomware

A recent article in the Financial Times highlighted the continued emergence of ransomware and the targeting of large financial institutions, an issue illustrated by the devastating attack on Travelex and the growth of cyber insurance as a mitigation measure for companies. Large insurers point to the significant increase in the sums attackers are demanding and disputing the claim that having cyber insurance to cover such incidents makes companies more of a target.

Read full article
Daily |

Economics: Companies face increased IT threats from targeted COVID‑19‑themed phishing attacks

The unprecedented challenges posed by the COVID‑19 outbreak extend to securing companies’ IT networks, and this event may be the biggest cybersecurity threat ever. Threat surfaces are also increasing dramatically as large numbers of workers are forced to work from home, often with systems and procedures that are different from those they are trained on and familiar with in their workplace.

Read full article
Daily |

Economics: New EY Board Survey: Technology a business priority, though security still an afterthought for many

A new EY Board Survey has identified “technology disruption” as the number one strategic opportunity for organizations. The survey reveals that 48 percent of boards believe data breaches and cyber attacks will “more than moderately” impact the business in the next 12 months. However, only 36 percent of respondents in the survey indicated cybersecurity is a priority in the planning phase of any new business initiative.

Read full article
Daily |

Economics: Surge in Ransomware-as-a-Service attacks in healthcare sector partly byproduct of choices made in C-suite

A recent study claims that ransomware attacks have increased 350 percent in the past year. This mirrors other reports, including one by Blackberry Cylance, outlining a similar upsurge in such attacks against the healthcare sector across the U. S. and Europe. In December 2019, Cylance disclosed findings related to Zeppelin Ransomware-as-a-Service (RaaS), which targeted IT vendors and healthcare providers.

Read full article
Daily |

Organizations: For Informa, a company hampered by coronavirus, improved cyber governance can help better guard against another downside risk

UK-based Informa (INF), the world’s largest events and exhibitions business, reported generally positive FY19 results in terms of revenue, earnings, and growth, including what Informa leadership describes as a “secure balance sheet”. But, more important is the storm brought about by coronavirus that is facing the events-focused business and the impact this may have on the company’s already-poor cyber governance. In its earnings call, the company described strong headwinds from coronavirus and possible uncertainties around the larger disruption over the course of 2020. Indeed, INF has already taken a £450mn revenue hit as a result of postponing and cancelling 100 events.

Read full article
Daily |

Organizations: Walgreens breach stemmed from digital push

Walgreens notified customers last month of a personal data breach that occurred in January stemming from its mobile app. The company indicated that it took steps to remedy the problem once discovered, but that health information for a “small percentage of the total users who were affected” was leaked.

Read full article
Daily |

Organizations: Role of digital puts J. Crew breach into financial focus

In a mandatory filing with the California attorney general this week, J. Crew Group, Inc. disclosed a breach of customer accounts dating back to April 2019.

Read full article
Daily |

Economics: Deloitte study on smart factories—concerns about merging of OT and IT clearer. But understanding of resulting financial risk? Less so

Key findings from a study on smart factories by Deloitte and the Manufacturers Alliance for Productivity and Innovation (MAPI) include: 25 percent of manufacturers surveyed have not performed a cyber risk assessment in the past year, meaning these manufacturers likely do not have visibility into the impact of a cyber-related operational disruption; 48 percent of manufacturers surveyed identified operational risks, which include cybersecurity, as the greatest danger to smart factory initiatives; 40 percent of manufacturers surveyed indicated that their operations were affected by a cyber incident in the past 12 months; Management of information technology (IT) is often out of sync with operational technology (OT) management, creating additional vulnerabilities many companies are unaware of; OT is typically managed by engineering, automation, and operations rather than IT; There is generally no single team responsible for all OT systems and underlying security; Traditional application of security controls, such as patching or vulnerability scanning, needs to be adapted to new environment.

Read full article
Daily |

Organizations: Fortune 500 parts supplier breached

Visser Precision, a parts supplier to automotive, defense, and aeronautics companies, reported a data theft incident, according to a Tech Crunch article.

Read full article
Daily |

Organizations: ISS reports ransomware attack, incurs losses from business disruption

ISS World, a Danish workplace experience and facility management company, was hit by a malware attack on February 17, 2020. As a precautionary measure, they immediately disabled access to shared IT services across company sites and countries.

Read full article
Daily |

Organizations: Macy’s results point to further financial constraints that weigh on cyber governance

Macy’s Inc.’s (M’s) Q4 and FY19 results marked a continued slide for the brick-and-mortar retailer amidst an attempted turnaround.

Read full article
Daily |

Organizations: Disappointing Hertz results viewed through Cyber-Financial (CyFi) lens

Hertz (HTZ) announced Q419 and FY19 results on February 24, reporting quarterly sales of $2.326 billion, which missed the analyst consensus estimate of $2.34 billion. The company ended the fourth quarter with cash and cash equivalents of $865 million, compared to $1.13 billion at the end of 2018. Total debt as of year-end amounted to $17.09 billion, compared to $16.32 billion as of Dec 31, 2018. As of February 25, the stock was down approximately 15 percent post-earnings.

Read full article
Daily |

Company: Citrix breach demonstrates that security and transparency still matter

Citrix—one of the world’s largest networking and remote access technology companies—announced malicious hackers inside its networks for five months between 2018 and 2019. This comes almost a year after the breach of its network was announced following an FBI alert.

Read full article
Daily |

Company: MGM customer data breach should be warning sign to management

The personal details of more than 10.6 million MGM Resorts International (MGM) guests were published on a hacking forum last week.

Read full article
Daily |

Organizations: U. S. Navy’s much-needed modernization plan also increases vulnerabilities

This month, the Department of the Navy (DON) released a report, Information Superiority Vision, that outlines an acceleration of the military branch’s digital transformation. The report highlights the need for a comprehensive overhaul of the department’s systems and cyber posture to better defend against attacks.

Read full article
Daily |

Economy: Healthcare sector’s poor cyber governance performance continues—and business strategy helps explain why

More than 41.4 million patient records were compromised by 572 healthcare data breaches in 2019, according to a study of data provided by the U. S. Department of Health and Human Services, the media, or other sources. This excludes two breaches of IT vendors servicing dental offices across the country in August and December 2019.

Read full article
Daily |

Organizations, Economics: Digitization of energy sector brings both benefits and risks

Two stories point to the upside and downside of digital transformation in the energy sector. On the negative side, this week, the U. S. Government Cybersecurity and Infrastructure Security Agency (CISA) issued an alert about its response to a cyberattack affecting control and communication assets on the operational technology (OT) network of a natural gas compression facility. According to the alert, “Impacted assets were no longer able to read and aggregate real-time operational data reported from low-level OT devices, resulting in a partial Loss of View for human operators.” The victim’s emergency response plan did not specifically consider cyberattacks, and the decision was made to implement a deliberate and controlled shutdown to operations that lasted two days, resulting in a loss of revenue and productivity, after which normal operations resumed.

Read full article
Daily |

Organizations: Poor cyber governance was warning of Macy’s downgrade

On Tuesday, S&P lowered its rating for Macy’s from BBB- to BB+—one notch below investment grade—saying it viewed the company’s turnaround plan as necessary, but also a sign that the department-store chain’s “competitive advantage has diminished more than we expected.”

Read full article
Daily |

Organizations: Digital transformation comes to the farmland

In October 2019, Bayer’s digital agriculture division, The Climate Corporation (Climate Corp), announced a partnership between its FieldView™ digital farming platform and Tillable, a self-described first-of-its-kind digital marketplace connecting farmers and landowners. According to Tillable, it was “created to help landowners receive fair rent and get the insights they need about their farm’s performance, while also helping great farmers build their reputations and expand operations.”

Read full article
Daily |

Economics: CISO Strain: The human embodiment of the cyber challenge

UK-based cyber company Nominet released its CISO Stress Report, attempting to shed light on the burden carried by the person responsible for protecting corporate networks in 2020. The U. S./UK study serves as a follow-on to Nominet’s first couple of reports looking at the role of the CISO, including one on the perspectives of boards. Some well-known facts are confirmed, as well as important current data points on CISO-C-suite dynamics: 88% of CISOs remain moderately or tremendously stressed, 90% of CISOs said they’d take a pay cut if it improved their work-life balance. Most CISOs still lack strong support from rest of C-suite.

Read full article
Daily |

Policy: New privacy bill demonstrates need for better data governance

U. S. Senator Kirsten Gillibrand (D-NY) introduced legislation to create a Data Protection Agency to, in her words, “bring the protection of your privacy and freedom into the digital age.

Read full article
Daily |

Organizations: 440 million records sounds significant, but Estée Lauder breach unlikely to cause material financial impact

$76-billion-dollar retail giant Estée Lauder (EL) suffered a breach of a reported 440 million records, including customer data. The breach resulted from a non-password-protected cloud server. Importantly, it does not appear that any payment information was part of the breach.

Read full article
Daily |

Economics: Mismanaged technology largest contributor to breaches globally in 2019

According to IBM, cybercrime continues to grow at a significant pace year-over-year (4x increase in 2019 vs. 2018) despite increasing resources and attention placed on security by companies and governments.

Read full article
Daily |

Economics: Lagarde: Cyber could create a financial crisis

European Central Bank (ECB) President Christine Lagarde, citing a report by the European Systemic Risk Board (ESRB), outlined how a successful attack on a major financial institution could quickly create financial instability.

Read full article
Daily |

Economics: New ransomware targets critical infrastructure

Security researchers at Dragos and Sentinel One believe they have identified a new strain of ransomware designed specifically for industrial control systems (ICS)—systems most commonly associated with being at the core of utility infrastructure. ICS environments are also among the highest-value targets for cybercriminals and nation-state hackers.

Read full article
Daily |

Company: Cisco survey: CISOs trying to reduce network complexity

A key finding from Cisco’s recently released CISO survey indicated that reducing network complexity is a top priority. CISOs are electing to embark on vendor consolidation, with 86 percent now using 20 vendors or less.

Read full article
Daily |

Economics: Survey: 160,000 Data Breach Notifications Since GDPR

More than 160,000 data breach notifications have been reported across the EU since the GDPR came into force on 25 May 2018, according to a DLA Piper survey. The fines, however, have not proven to have a material impact on large companies as some predicted when the law was enacted.

Read full article
Daily |

Economics: The rise of ransomware puts business disruption risk in focus

As of Q319, leading experts like McAfee observed over 100% growth in ransomware attacks globally. FireEye recently identified how threat actors are collaborating in efforts to launch ransomware attacks, a trend that will grow in 2020.

Read full article
Daily |

Organizations: Salesforce, Hanna Andersson suit reminder of third-party risk in digital transformation era

Salesforce. com, Inc. and children’s clothing company Hanna Andersson are facing a federal court lawsuit that is among the first to cite the new California Consumer Data Privacy Act that went into effect in January.

Read full article
Daily |

Policy: Macy’s, Inc.’s New, Three-Year Polaris Strategy Latest Effort to Stay Competitive in Age of Digital Commerce

In its preliminary 4Q and full-year 2019 sales results this week, Macy’s (M) announced the closure of 125 stores—about 20% of its physical footprint—over the next three years, as well as 2,000 job cuts. These moves come as the retailer continues to grapple with the rising dominance of e-commerce and shifting preferences of shoppers.

Read full article
Daily |

Policy: Department of Defense leads the way with new cyber transparency metrics

The Pentagon has finalized the long-anticipated cybersecurity standards contractors will have to follow before winning contracts from the Department of Defense (DoD), a new process called the Cybersecurity Maturity Model Certification (CMMC) 1.0, according to Fifth Domain.

Read full article
Daily |

Organizations: Disclosure of reported safety shortcomings at Southwest a reminder of what has helped make aviation sector safer and more prosperous

An FAA inspector general report outlined how Southwest Airlines failed to prioritize safety, and the Federal Aviation Administration (FAA) did not properly conduct oversight of the airline. The criticizes the agency’s oversight of the carrier as lax, ineffective, and inconsistent, according to a WSJ article.

Read full article
Daily |

Organizations: Cyber governance a key factor in Boeing’s first annual loss in over 20 years

Boeing (BA) reported its first annual loss since 1997 as 737 MAX costs approach $19 billion. However, shareholder value losses have been far greater, losing about 25% of value since the March 2019 Ethiopian Airlines crash. The company is now in the midst of complicated and potentially costly compensation talks with airline customers like American Airlines. These customers have felt the direct effects of the MAX grounding and believe that BA, not their shareholders, should be on the hook for the crisis.

Read full article
Daily |

Policy: Data systems are critical to the functioning of markets and cybersecurity: SEC

On January 27, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) issued examination observations. The document outlines a series of approaches taken by market participants in areas including governance and risk management, access rights and controls, data loss prevention, resiliency, vendor management, and training and awareness.

Read full article
Daily |

Organizations: Target strategy illustrative of rapid digital shift in retail

A WSJ profile of Target CIO Michael McNamara outlined the retail giant’s shift in IT strategy following the damaging 2014 data breach—from outsourcing functions like software development to hiring more in-house technologists, or what the industry refers to as “in-sourcing.”

Read full article
Daily |

Economics: Citrix breach illustrates common weakness in the digital infrastructure of companies

Citrix—one of the world’s largest networking and remote access technology companies—announced patches for a known vulnerability more than one month after it was announced. It is a $15BN company that more than 400,000 companies, including many of the Fortune 500, rely upon to keep their data safe and networks secure.

Read full article
Daily |

Economics: A missing piece of the cyber picture: Economic incentives to be good at it

In the lead-up to its Annual Meeting a World Economic Forum (WEF) note outlines in some detail the steps that boards and C-suites should take to better tackle cybersecurity risk—a top-five risk in its 2020 Global Risks Report. The report poses the question, beyond the rising damage caused by cyber breaches, what incentives for investment and improved approaches exist? Though an increasing number of market players such as insurers and ratings firms are getting in the fray, “coherence, however, is still missing,” according to WEF.

Read full article
Close

Instantly download research in our library and be the first to get access to new content

Denis Bolshakov

Log out

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website