1-888-643-2217 Email ABEX
Keeping you updated

Cyber Lessons from the Ashley Madison Affair

A new Netflix series has revived one of the most controversial cyber attacks in history, serving as a stark reminder of the data privacy issues faced by consumer technology companies—the Ashley Madison data breach.

It’s hard to convince people to hand over their personal data without assurances it will be kept safe; something the founders of infamous dating website Ashely Madison were well aware of.

A website for infidelity and married dating, Ashley Madison promised anonymity and privacy for its millions of users, billing itself as ‘100% discreet’. To access its services users handed over personal information including their names and email addresses, their privacy concerns no doubt eased by the dating website’s message of discretion and security. Except in the world of cyber, every business is at risk—particularly those that hold extremely sensitive, personal information.

In 2015 the worst happened; hackers under the name Impact Team infiltrated Ashley Madison’s systems and threatened to release details of its entire user base to the public. In what can be described as a moral attack, Impact Team demanded the owners of Ashley Madison and its companion site to take both websites offline. The owners refused to comply, and the hackers made good on their threat by publishing the stolen data online.

Navigating the fallout: An alarm call for all tech companies
Almost a decade on, the impact of this data breach is more relevant than ever. As portrayed in the popular Netflix docuseries, the hack disrupted the lives of many of its victims, leading to resignations, divorces and, tragically, suicides.

While names and email addresses are not typically classified as highly sensitive, the nature of the website in question placed greater weight behind the need for privacy. Even users who took precautionary measures when signing up to Ashley Madison, such as using fake names and phone numbers, found themselves exposed as Impact Team published credit card details—with other users able to be identified through data such as their height, weight or personal preferences on the site.

It didn’t take long for cybercriminals belonging to other threat groups to take advantage. Sextortion refers to a highly personalized extortion scam, where the threat actor emails individuals their data from a data breach and claims to possess personal videos or photos which they will distribute unless a ransom is paid. The Ashley Madison breach was the perfect breeding ground for this type of attack, with many of its victims being targeted even 5 years after the breach—not only resulting in the stress of managing a ransom demand, but resurfacing the scandal as a whole.

This entire episode raises critical questions for all types of business—not least tech companies storing user data. Do you manage, store and use data? Are you following the privacy laws? Can you do more to keep data safe?

Cyber security: Why it should be top of the agenda
Unfortunately where user data is concerned it’s easy to run into trouble. Earlier this year company review site Glassdoor was found to have attached real names to profiles without the user’s consent. Again, names are not considered sensitive data. But the context of the website makes this data more sensitive, as users may fear retaliation from an employer should they be identified. While Glassdoor claimed that users can choose to remain anonymous, since the website now requires and stores the names of all users, a data breach could see them being linked to their reviews.

This data risk is everywhere. Grindr, a dating website for the gay, bi, trans and queer community, allows the option for users to share their HIV status with other users. While this is a fundamental step in creating a safe community, it’s not information the that user would necessarily share beyond that context. Grindr are currently facing litigation from hundreds of users alleging the company shared their private information, including their HIV status, with third parties without consent.

Like Ashley Madison, all platform and tech providers that hold personal or sensitive information on clients come with significant cyber risk. These companies need to be incredibly mindful of how they collect, store and use information, following data privacy laws and giving customers confidence that data privacy is a priority.

Mitigating cyber risk: Steps for today’s tech companies
Who can say how many companies that store data know how to protect that data. What’s certain is that cybercriminals are becoming increasingly cunning in their tactics, able to steal vast volumes of data at rapid speed and at big consequences. Ashley Madison faced no financial ransom given the moral motive, yet the majority of data breaches do culminate in a hefty demand. This alone can be a huge burden for any business working alone to bear, and when you consider the additional costs that come with a cyber incident—remediation and recovery, restoring data, legal fees, reputational harm, business interruption and so on—it’s no surprise that for some businesses there’s no coming back.

Data breaches are of course just one type of cyber incident. High-profile cases like the Ashley Madison hack demonstrate this risk, however it’s vital that businesses understand the full picture of cyber risk—with ransomware, social engineering and theft of funds attacks growing in frequency and severity—and take steps to protect themselves and their customers.

That’s why comprehensive cyber cover is a vital part of risk management for all technology companies. If you’re responsible for large amounts of data, including third-party data, cyber insurance can offer robust network and privacy liability protection, also providing cover for a wide variety of cybercrime events. More than that, the best policies also come with cyber security and incident response services that can stop cyber incidents from happening in the first place.

Source: www.cfcunderwriting.com

Why Demand is on the Rise for IP Insurance

Intellectual property (IP) assets are now a cornerstone of the business world, making IP insurance more important than ever before. From the current state of the IP market to how IP insurance as a product is evolving, here are five top reasons behind the surge in demand.

The value of intangible assets increased by 8% in 2023 to $61.9 trillion, as inventors and creators worldwide seek exclusive rights to reap the benefits of their works. But there are two sides to this story. While intellectual property (IP) is playing an increasing role in the business world, businesses are becoming more vulnerable to new and evolving risks.

Step forwards IP insurance. Now seen as a vital part of risk management, many are turning to IP insurance for the protection—and confidence—to navigate this ever-changing landscape. Read on for five top reasons why the time is now for IP insurance.

  1. IP assets are vital to modern businessBe it patents, trademarks, copyrights or trade secrets, IP is now a significant asset for many businesses. Start-ups and SMEs in particular use IP as a foothold to gain market share and stave off competition, leading to heavy investment in both developing and protecting IP assets.

    As the value of these assets continues to grow, so do the risks. From infringement claims to challenges of ownership, businesses need confidence that their ideas will be protected effectively and fairly. Just as you wouldn’t leave physical assets with high value uninsured, intangible assets need protection too.

  2. IP disputes are everywhereMarkets are becoming more competitive and global, driving the number of IP disputes. Today, businesses can face all sorts of challenges from patent trolls and aggressive competitors to complex legal landscapes, raising the possibility of litigation action—both for businesses defending their IP and those facing an infringement claim.

    IP insurance provides a financial safety net in the event of a dispute. By covering legal expenses and potential damages, businesses can help mitigate the risks of costly litigation, empowering them to operate with confidence.

  3. Awareness for IP risks is growingConsidering IP’s growing role as a business asset and the IP disputes making headlines, it’s no surprise businesses and investors are becoming more aware of the risks associated with IP—including the financial implications of infringement claims and lawsuits.

    Nobody wants to think about making or facing a claim. But businesses simply can’t afford to leave their IP unprotected. This need is driving demand for insurance products that specifically address risks and provide protection against unforeseen legal expenses.

  4. IP markets are expandingIn this globalized world of multinational corporations, there’s a growing need to manage and protect IP assets in multiple jurisdictions, each potentially with its own set of rules and ways of doing things.

    This creates a more complex and costly endeavor compared to portfolios relating to a single legal system, raising the need for specialist support. As such, demand is growing for insurance products that cover different regions and legal systems.

  5. Insurance is evolving to keep paceThe IP landscape is changing fast, surfacing new risks for businesses everywhere. It’s vital that IP insurance matches this pace of change, by evolving to offer the broader cover that businesses need.

    CFC has designed a comprehensive IP insurance product that covers defense (incoming claims) and pursuit (outgoing claims). It features IP right protection coverages including invalidation, opposition and title rights, and ensures businesses have full protection right to the end by covering loss of IP rights and loss of future profits.

There’s never been a better time for IP insurance

The rise of IP insurance is not down to one factor alone. It’s more a response to converging trends, designed ultimately to empower businesses to protect their intangible assets the same way they do their physical ones. Only with comprehensive protection from a proactive insurance provider can businesses get the peace of mind to continue investing in IP creation, to not just survive but thrive in this ever-changing world.

Source: www.cfcunderwriting.com

Debunking Management Liability Insurance Myths

Management liability insurance is built to benefit all businesses, yet common myths can make them turn a blind eye. Here are the top five myths, debunked by CFC experts.

“I don’t need management liability insurance because…”

Every time we come across this statement, we find it’s more the result of misinformation around management liability (ML) insurance as a product, rather than a genuine lack of need.

That’s because ML is designed to close a key protection gap for today’s modern businesses: protecting the management of the company, employees and sometimes the entity itself from any allegation for potential wrongdoing which needs to be investigated or defended. As a modular insurance product, it covers directors and officers liability (D&O) including full entity cover, employment practices liability (EPL), fiduciary liability and crime, and also includes CFC’s innovative new executive coverages tailored specifically for senior executive officers including executive reputation protection, executive cyber and executive kidnap and ransom.

To help you convey the full value of ML, CFC asked their experts to state their top myths and reveal how you can respond to them effectively.

1. ‘We’re not big enough…’
Company size is no indication of whether a business will experience an ML claim or not. All it takes is for an allegation of wrongdoing to be made against any director or officer in the course of their management duties, which may need to be investigated or defended—even if the case doesn’t reach court.

Investigating and defending allegation can not only be costly, but the director or officer in question may need to foot the bill themselves if the company is unable or unwilling to assist, or if D&O cover is not in place to protect them.

2. ‘We outsource our HR…’
Some companies choose to outsource their HR departments to a third party, at a lower cost than building a department in house. However, while the third party can establish policies, support recruitment, help with employee relations and so on, it cannot absolve the company from liability for employment-related issues.

In fact, as the third party is not fully immersed in the company’s culture, they are unlikely to recognize issues as they develop. And when the problem is eventually found, it may be too late to resolve. Here, EPL insurance is key in giving support in what could amount to very significant defense and potential settlement costs.

3. ‘We’re a family-run business…’
It’s tempting to think that as a family-run business, there is little chance of any allegations of wrongdoing being made against anyone. However, CFC’s claims data shows this is not the case. In fact, some of their most contentious claims stem from family-run businesses, be it a husband and wife-led business or one that has been passed down through the generations.

It’s possible for family members to pull in different directions, and since the claims that result are often emotive, they can take more time than usual to resolve—and as a result, cost more money. Therefore it’s vital to get the right cover in place, giving the business confidence of financial stability if this type of event does arise.

4. ‘We’re a private company…’
A common belief is that if a business is private, then its liability is limited. However, this applies more to shareholders, who are protected to the extent of their investments, than directors and officers whose liability remains unlimited.

If the company is experiencing an allegation of wrongdoing, does not have D&O insurance in place, and is unable or unwilling to protect them, the directors and officers will have no choice but to support their own defense.

5. ‘It’s too expensive…’
The majority of small to mid-market companies do not require a bespoke product. ML insurance can be fairly standardized, therefore coming at an inexpensive price.

If a company is publicly traded operating in multiple territories, then it stands to reason that its D&O requirements will be more bespoke, influencing the price of the product the company needs. Using the CFC Connect platform, you can now get a bindable ML quote with just a website, revenues and headcount.

Getting started with management liability insurance
Today’s directors and officers are under more scrutiny than ever, as the companies they work for face an increasingly complex landscape of risk. Taking out ML insurance is the best way of transferring away risk, empowering individuals and entities to focus on what matters: their business.

Source: www.cfcunderwriting.com

Five Reasons to Buy Cyber

Making the case for cyber insurance can be tough even if it’s clear that nearly all companies would benefit from it. So to help your conversations, CFC has put together the top five reasons to buy cyber.

Here are the top five reasons every business should have a cyber insurance policy.

Cyber security and incident response services come free
Cyber insurance doesn’t just cover financial loss when an incident occurs. A good policy offers proactive protection to stop attacks from happening in the first place, and reactive support to respond efficiently and effectively when they do occur.

From the moment a CFC cyber policy is bound, their global team of cyber experts works around the clock to detect and alert customers to cyber threats targeting their business. If they discover a cyber security issue, their team notifies the impacted business through their app, Response, and takes steps to remediate the threat before it escalates.

The value these services offer to small businesses in particular might just be the greatest benefit a cyber policy can provide.

Cybercrime is growing rapidly
Our increasing reliance on technology and the internet is exposing any business that uses a computer to a world cybercriminals—who work around the clock to identify vulnerabilities and launch attacks. You’ve likely heard of ransomware, but social engineering scams are also on the rise, leading to significant losses for companies of all types.

At the forefront of protecting against this new wave of crime, cybercrime provides invaluable cover for a wide range of electronic perils, from wire transfer fraud to ransomware.

System downtime is missed by standard business interruption insurance
When computer systems are brought down, a traditional business interruption policy is unlikely to respond. Considering how almost all businesses rely on technology to some extent, this can result in significant financial loss the business has to bear alone.

Cyber insurance can provide cover for loss of income and extra expenses associated with a cyber event, including legal fees, the cost of remediating the incident, the hiring of expert teams, reputational harm and so on.

Your data is not covered
Data is one of today’s most important business assets, often worth many times more than the equipment it’s stored upon. Yet business owners are often unaware that a standard property policy would not respond if data is damaged, lost or destroyed.

Taking out a cyber policy is a great way to get comprehensive cover for data restoration and even re-creation in the event of a loss.

Complying with breach notification laws cost time and money
Breach notification laws are now commonplace across many territories, and require businesses that fail to protect personal data to notify affected individuals or risk hefty fines and penalties. Australia’s Notifiable Data Breaches Act, Canada’s Digital Privacy Act, Europe’s General Data Protection Regulation, and numerous US state laws make it a legal obligation to notify, and there is also a growing trend towards voluntary notification in order to protect your brand and reputation.

Cyber policies can provide cover for the costs associated with providing a breach notice even if it’s not legally required, and can also cover associated regulatory fines and penalties.

Source: www.cfcunderwriting.com

Technology, Media and IP trends for 2024

In such a fast-changing world of technology innovation, writers’ strikes and intellectual property (IP) clashes, it can be difficult to see what’s coming next. To help you prepare, CFC sat down with their technology, media and IP experts.

Here are the top five trends they say are shaping 2024 and beyond.

Stabilization for the digital assets sector
In recent years, the digital assets sector has experienced fads from the sudden rise and fall of NFTs to the collapse of cryptocurrency exchange FTX. This has created intense cynicism, consumer interest and scams across the market.

In 2024, we expect this trend to die down, as regulators increasingly focus on digital assets, tightening the market and encouraging greater consumer protection. For example, the UK’s FCA is adopting new, stringent rules in marketing crypto assets, motivating businesses to increasingly integrate new technologies into their ways of working—as well as develop technology themselves.

Increased IP litigation in relation to AI training models
Advancements in AI will continue to pose challenges for IP ownership. With today’s AI models collecting billions of data points from across the internet—often with little regard for permissions—there remains more questions than answers when it comes to how IP law will apply to questions of IP ownership. We can usually expect the unexpected when applying established law to modern technology not envisaged at the time the law was developed.

Additionally, it’s still unclear who owns the rights to AI-generated works. Multiple parties have a legitimate claim, and companies in the creative industries are specifically urging their legal teams to chase down instances where their IP is being infringed by AI models. In 2023, claims in this space came thick and fast—from Getty Images claiming millions of its images were copied from its data base without permission to a group of US authors suing Open AI—and we expect that trend to strengthen in 2024.

An influx of content following the end of the Hollywood strikes
Numerous TV shows and film productions ground to a halt due to the 2023 writers’ strike, with the increasing use of AI a key topic of contention. Expect this to have a series of knock-on effects for actors, production companies and adjacent sub-sectors, as AI innovations continue to displace roles on the one hand, and create valuable efficiencies on the other.

With the end of the writer’s strike we can expect an influx of those working in the creative sector such as writers, videographers, film and tv producers to recommence trading. We’re likely to see post-production bottlenecks as companies race to get productions slated, as the industry attempts to right itself after what has been an uncertain period.

Accelerated demand for brand licensing deals
The global brand licensing market is projected to expand from $276 billion in 2021 to over $422 billion in 2031, driven by the need for brand awareness in the digital age, with products and brands often sold on multiple social platforms. We’ll increasingly see companies set up license deals to monopolize their brand, enabling them to enter new territories and create new revenue streams with minimal investment.

As much as brand licensing is a business opportunity, it comes with risk. Using licensed IP beyond the scope of the license agreement can run a risk for both the licensee as well as the licensor which may have conflicting license agreements in place.

Augmented reality to enhance experiences
Despite heavy investment from developers, AR still isn’t widely accepted by the gaming community, with most preferring keyboards and controllers. So why is Tim Cook in Vanity Fair, modelling the latest Apple Vision Pro, and why are companies like Ray Ban pushing their latest sunglasses integrated with AR?

While the global AR gaming market is expected to reach $38 billion by 2027, AR outside of this is expected to hit $60 billion by the end of 2024. Increasingly, we’ll see it transform everyday tasks from buying clothes online to servicing vehicles. What’s certain is that continuous investment in both the hardware and software surrounding this sector will both improve AR technology while making it more affordable.

Getting cover for emerging exposures
The technology, media and IP landscape is changing fast, giving rise to new and evolving exposures that businesses need to address. By looking ahead at what’s next, CFC helps you navigate this complex space with confidence.

Source: www.cfcunderwriting.com



Receive notifications of new posts automatically.


Like us on Facebook

Connect with us on LinkedIn