Many companies do not have an action plan for what to do when they have a breach of their network. Time is of the essence to discover both the severity of the breach and how to mitigate its impact.
Some simple yet essential steps:
1. Create an action and reporting plan to refer to when an incident or breach is suspected.
2. Designate a team of individuals - not limited to just the IT Department - who will have set roles when a breach or incident is suspected.
3. Designate an ultimate decision maker - and his/her - back up who will lead the response.
4. Understand the state and federal notification requirements.
5. Ensure you discuss with your insurance broker the correct coverage’s and limits needed to respond to cyber liability or data privacy situations.
Its amazing how many companies feel that they do not need Cyber Liability-Data Privacy coverage; “IT says we are fine”………If it can happen to Sony or CIT it can happen to you!
Reading through the lines.....A laymans blog for employees in finance, treasury, risk management and legal to navigate and understand insurance news, rulings, settlements and adjudications.
Tuesday, July 17, 2012
Monday, July 2, 2012
Securing the Supply Chain in the Era of Earthquakes
Much of the world remains uninsured and underinsured against earthquakes, even in locations known for their high seismic risk.
In the aftermath of the Japanese earthquake and tsunami and the New Zealand earthquake, more and more companies are looking at insurance protection that approaches risk more holistically and more intelligently.
Not only Earthquake insurance, which pays the policyholder in the event of damage to the property caused by earthquake, many companies after closer examination of their global supply chains are investing more in Contingent Business Interruption (CBI) coverage. These policies protect a company against lost profits if there is an interruption of business at the premises of a customer or supplier.
Many companies have maintained a “trust-but-don’t verify” approach to their suppliers risk management protocols while others simply contact each supplier and ask if they have a business continuity plan, BUT rarely get into the details of that plan.
A study by ChainLink Research found that nearly 80 percent of companies do not manage risk beyond their first tier of suppliers. Without a detailed understanding of supply chain contingency plans, companies put themselves at risk. As an example, a key supplier in an earthquake zone may have a contingency plan to shift manufacturing to another facility if disaster hits. The question that needs to be asked is whether the supplier’s IT system has been coded so that shortly after the disaster event, your suppliers distribution system is able to correctly reroute shipments to your alternative locations.
(All credits to Joe Mullich, WSJ)
Subscribe to:
Posts (Atom)