When seeking cyber insurance or other types of insurance policies that provide organizations with coverage for certain data security incidents, it's critical to carefully consider the "war exclusions" contained in those policies, says insurance attorney Peter Halprin.
As the cyberthreat landscape grows exponentially more complicated, the insurance industry is trying to keep pace. Yet, many organizations still lack cybersecurity insurance. Lynn Peachey, director of business development at Arete Incident Response, breaks down the basics of these insurance policies.
Colonial Pipeline Co. CEO Joseph Blount returned to Capitol Hill on Wednesday to answer additional questions about his company's response to the ransomware attack that affected the firm's operations for nearly a week, as well as his decision to pay the attackers.
The latest edition of the ISMG Security Report features an analysis of the city of Tulsa's decision to refuse to pay a ransom following an attack. Also featured: Johnson & Johnson's CISO on shifting priorities; mitigating quantum computing risks.
"They’re playing games," is how one security expert describes Conti ransomware-wielding attackers' "gift" of a decryptor to Ireland's crypto-locked health service, while still demanding a ransom to not leak stolen health data. The same could be said of the DarkSide gang's promised retirement.
It's a young practice but, globally, cyber insurance is starting to exert its influence with some of the largest enterprises - and in some of the most notable cyberattacks. John Pescatore of SANS Institute discusses questions that cybersecurity leaders need to ask before acquiring new policies.
Are insurers getting cold feet over covering losses to ransomware? With claims due to ransomware skyrocketing, some insurers have reportedly been revising offerings to make it tougher for companies to claim for some types of cybercrime, including extortion.
One day, you may drive your Tesla Cybertruck on Cyber Monday to your cybersecurity job, backed by a cyber insurance policy as you safeguard cyberspace against the threat of cyberwar. Or cyber whatever, since we've obviously entered the era of "maximum cyber." But what does cyber even mean?
In mulling whether to designate the U.S. electoral system as critical infrastructure, the question arises whether those additional safeguards should focus solely on the voting process itself or be extended to other components, such as political parties.
The Justice Department's appeal of a court order that the government can't compel Apple to unlock an iPhone used by an accused drug dealer is significant because it sets in motion a process that could lead to a Supreme Court ruling on whether mobile device makers must give law enforcement an encryption backdoor.
Laws rarely, if ever, keep up with technology, but even if they could, the consequences could prove more harmful than the benefits. That was evident at a House hearing that addressed default encryption of mobile devices.
Convenience is nice, but don't equate making work easier with productivity - especially to the tune of $28 billion a year for the U.S. federal government, which a just-released survey contends.
The answer seems obvious, especially in the context of IT security and information risk. Yet, is it, especially when developing codes and standards, as well as funding research and development initiatives that involve taxpayer money?
A key aim of the Next Generation Cyber Initiative has been to expand the FBI's ability to quickly define 'the attribution piece' of a cyberattack to help determine an appropriate response, the FBI's Richard McFeely says.
It's been six years since the Department of Veterans Affairs experienced a huge breach. What breach-prevention steps has the VA taken since then, and what's left to be done?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.