The Impact of GDPR Regulations on Cyber Security Effectiveness Whilst Working Remotely

AbstractCyber Operational Risk: Cyber risk is routinely cited as one of the most important sources of operational risks facing organisations today, in various publications and surveys. Further, in recent years, cyber risk has entered the public conscience through highly publicised events involving affected UK organisations such as TalkTalk, Morrisons and the NHS. Regulators and legislators are increasing their focus on this topic, with General Data Protection Regulation (“GDPR”) a notable example of this. Risk actuaries and other risk management professionals at insurance companies therefore need to have a robust assessment of the potential losses stemming from cyber risk that their organisations may face. They should be able to do this as part of an overall risk management framework and be able to demonstrate this to stakeholders such as regulators and shareholders. Given that cyber risks are still very much new territory for insurers and there is no commonly accepted practice, this paper describes a proposed framework in which to perform such an assessment. As part of this, we leverage two existing frameworks – the Chief Risk Officer (“CRO”) Forum cyber incident taxonomy, and the National Institute of Standards and Technology (“NIST”) framework – to describe the taxonomy of a cyber incident, and the relevant cyber security and risk mitigation items for the incident in question, respectively.Summary of Results: Three detailed scenarios have been investigated by the working party:∙Employee leaks data at a general (non-life) insurer: Internal attack through social engineering, causing large compensation costs and regulatory fines, driving a 1 in 200 loss of £210.5m (c. 2% of annual revenue).∙Cyber extortion at a life insurer: External attack through social engineering, causing large business interruption and reputational damage, driving a 1 in 200 loss of £179.5m (c. 6% of annual revenue).∙Motor insurer telematics device hack: External attack through software vulnerabilities, causing large remediation / device replacement costs, driving a 1 in 200 loss of £70.0m (c. 18% of annual revenue).Limitations: The following sets out key limitations of the work set out in this paper:∙While the presented scenarios are deemed material at this point in time, the threat landscape moves fast and could render specific narratives and calibrations obsolete within a short-time frame.∙There is a lack of historical data to base certain scenarios on and therefore a high level of subjectivity is used to calibrate them.∙No attempt has been made to make an allowance for seasonality of renewals (a cyber event coinciding with peak renewal season could exacerbate cost impacts)∙No consideration has been given to the impact of the event on the share price of the company.∙Correlation with other risk types has not been explicitly considered.Conclusions: Cyber risk is a very real threat and should not be ignored or treated lightly in operational risk frameworks, as it has the potential to threaten the ongoing viability of an organisation. Risk managers and capital actuaries should be aware of the various sources of cyber risk and the potential impacts to ensure that the business is sufficiently prepared for such an event. When it comes to quantifying the impact of cyber risk on the operations of an insurer there are significant challenges. Not least that the threat landscape is ever changing and there is a lack of historical experience to base assumptions off. Given this uncertainty, this paper sets out a framework upon which readers can bring consistency to the way scenarios are developed over time. It provides a common taxonomy to ensure that key aspects of cyber risk are considered and sets out examples of how to implement the framework. It is critical that insurers endeavour to understand cyber risk better and look to refine assumptions over time as new information is received. In addition to ensuring that sufficient capital is being held for key operational risks, the investment in understanding cyber risk now will help to educate senior management and could have benefits through influencing internal cyber security capabilities.

Download Full-text

Fuzzy-Based Symmetrical Multi-Criteria Decision-Making Procedure for Evaluating the Impact of Harmful Factors of Healthcare Information Security

Symmetry ◽

10.3390/sym12040664 ◽

2020 ◽

Vol 12 (4) ◽

pp. 664 ◽

Cited By ~ 4

Author(s):

Rajeev Kumar ◽

Abhishek Kumar Pandey ◽

Abdullah Baz ◽

Hosam Alhakami ◽

Wajdi Alhakami ◽

...

Keyword(s):

Decision Making ◽

Information Security ◽

Information Management ◽

Cyber Security ◽

Cyber Attacks ◽

Multi Criteria Decision Making ◽

Local Hospital ◽

Healthcare Information ◽

Security Breaches ◽

The Impact

Growing concern about healthcare information security in the wake of alarmingly rising cyber-attacks is being given symmetrical priority by current researchers and cyber security experts. Intruders are penetrating symmetrical mechanisms of healthcare information security continuously. In the same league, the paper presents an overview on the current situation of healthcare information and presents a layered model of healthcare information management in organizations. The paper also evaluates the various factors that have a key contribution in healthcare information security breaches through a hybrid fuzzy-based symmetrical methodology of AHP-TOPSIS. Furthermore, for assessing the effect of the calculated results, the authors have tested the results on local hospital software of Varanasi. Tested results of the factors are validated through the comparison and sensitivity analysis in this study. Tabulated results of the proposed study propose a symmetrical mechanism as the most conversant technique which can be employed by the experts and researchers for preparing security guidelines and strategies.

Download Full-text

Influence of Cyber Security on Social Networks

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.g4863.059720 ◽

2020 ◽

Vol 9 (7) ◽

pp. 43-46

Keyword(s):

Social Networks ◽

Family Relationships ◽

Cyber Security ◽

Text Messaging ◽

Marketing Research ◽

Physical World ◽

Vital Role ◽

Customer Relationship ◽

New Business ◽

The Impact

In the 21st century, Media technology plays a vital role in every individual’s life. The world of electronic media, found an exponential growth. Presently the media world is filled with gadgets includes TV, mobile phones, emails, egames, interactive internet games, virtual reality games, iPods, instant messenger, esports, social networks etc.. This makes the physical world smaller in today’s days and helps in effective communication ranging from text messaging, multimedia message, video conferencing, virtual meetings and so on. As of today, social networks including Facebook, Twitter, Wordpress, Whatsapp, LinkedIn, Blogger, Google, Pinterest, and Wikipedia etc. has become the most powerful sources for sharing information and news updates. In addition, the cost of smartphones and internet data are reducing which makes easy penetration of this technology among people. Apart from the entertainment, the social networks created new business opportunities, sales promotions, marketing research, and customer relationship development etc. In this paper, the impact of social networks in family relationships is presented.

Download Full-text

Legal procuring of international information/cyber security of the digital economy: economic and legal aspects

E-Management ◽

10.26425/2658-3445-2018-2-61-66 ◽

2019 ◽

pp. 61-66

Author(s):

L. O. Gontar’

Keyword(s):

European Union ◽

Cyber Security ◽

Law And Economics ◽

Integrated Approach ◽

Legal Regulation ◽

Legal Aspects ◽

Digital Economy ◽

Substantial Part ◽

The European Union ◽

The Impact

The article considers a problem of the definition of the digital economy, as well as presents a new theme on the legal procuring of international cyber security. The above mentioned new direction serves as an indicator of possible interdisciplinary research in the field of law and economics in the sphere of digital processes. As a justification the acts of the European Union have been adduced and their characteristic features, which consist in consideration of a substantial part of digital economy (economic party) have been allocated. This integration association has a unique structure and history, but the process of regulating the digital economy in the European Union began not so long ago. The European Union is one of the few integration associations that has started to work on improving the mechanisms of legal regulation of the digital market. This circumstance certainly affects the development of an integrated approach to the understanding of the digital economy, as well as further actualizes the issue of considering the legal procuring of international cyber security of this phenomenon. Legal procuring of security is a new direction in the international legal field, which will allow to consider the legal aspects in demand in the digital economy. The challenges in relation to international cyber security and the impact of the conceptual apparatus on the issues of the legal procuring of the security of the digital economy have been considered. It is important to note that the article suggests possible solutions to the problem posed. At the end of the article three proposals for improving approaches to the security of the digital economy have been elaborated. In terms of their qualitative characteristics, the proposals, undoubtedly, relate to legal and technical aspects, but also solutions regarding the conceptual component of the legal procuring of the security have been presented.

Download Full-text