A new study from IBM Security and the Ponemon Institute has measured exactly how much businesses can save by quickly responding to cyber attacks and data breaches. The average cost of a data breach in the United States is $7.35 million, but businesses that were able to contain a data breach within 30 days were able to lower that figure by an average of $1 million.
Here are some additional findings from the study:
• Incident response teams, data encryption procedures and employee training programs were the most effective ways to lower the costs of a data breach.
• Businesses should evaluate the security of third-party providers to protect their customers’ data.
Filed under: Cyber Liability
— Jillian Bender-Cormier @ 6:06 pm August 25, 2017
The National Highway Traffic Safety Administration (NHTSA) has announced that the results of new safety tests have prompted the recall of an additional 2.7 million vehicles in relation to defects in air bag inflators manufactured by Takata Corporation. The agency said that the most recent recall applies to driver-side air bags built from 2005-2012 that are included in certain vehicle models manufactured by the Nissan, Mazda and Ford motor companies.
Defects in air bag inflators manufactured by Takata have been linked to 17 deaths and over 180 injuries worldwide, and the total number of recalled vehicles as a result of these issues is now over 100 million. Takata recently pleaded guilty to a felony charge as part of a $1 billion agreement with the Justice Department that also includes financial compensation for automakers and victims of the malfunctions. The company also filed for bankruptcy as a result of the ongoing recalls, but stated that it was prepared to continue shipping replacement parts for affected vehicles.
To learn more about recalls related to Takata’s air bag inflators, visit the NHTSA’s website.
A simulation conducted by Lloyd’s of London, an international insurance service provider, found that a major cyber attack could cause over $53 billion in damages worldwide. This figure dwarfs the estimated $8 billion in damages caused by the recent WannaCry cyber attack in May. Additionally, Lloyd’s of London estimates that over 80 percent of the costs caused by a major cyber attack may not be covered by insurance, as businesses often don’t carry enough cyber insurance to cover such an attack.
In the scenario simulated by Lloyd’s of London, hackers inserted malicious code into the products of a cloud service provider, which then unknowingly forwarded the code to the provider’s clients. When the cyber attack was triggered a year later, businesses, such as financial service companies and health care providers, experienced extended business interruptions.
Lloyd’s of London stated that the total economic impact of such an attack would depend on the organizations involved and the length of the cyber attack. And, although such an attack may seem unlikely, cyber attacks of all types have been escalating for years. In fact, the Department of Homeland Security and the FBI issued a joint warning in June to expect more cyber attacks aimed at financial organizations, critical infrastructure and energy suppliers.
Filed under: Cyber Liability
— Jillian Bender-Cormier @ 5:53 pm August 9, 2017
In 2016, OSHA issued a final rule that requires certain employers to submit data from their injury and illness records electronically so it can be posted on the agency’s website. Although the rule initially required affected employers to submit this data by July 1, 2017, OSHA recently proposed a new deadline of Dec. 1, 2017.
The proposed deadline is the result of a delay to the Injury Tracking Application (ITA), the online tool that OSHA will use to collect data. The ITA will be ready to receive electronic reports on Aug. 1, 2017, and employers will be able use it to submit data in one of three ways:
1. Enter data into the tool manually.
2. Upload a basic comma separated value (CSV) file for one or more establishments.
3. Transmit data from automated recordkeeping systems using an application programming interface.
OSHA also stated that it intends to issue a separate proposal to reconsider, revise or remove other provisions of the electronic reporting rule at a later date, but did not give further details. Because the electronic reporting rule has not been revoked, employers affected by the rule should continue to record and report workplace injuries as required by law.
For more information on OSHA’s electronic reporting rule or other upcoming standards, call us at (916) 380-5300.
Filed under: OSHA
— Jillian Bender-Cormier @ 5:45 pm August 2, 2017