Learn from insurance: cyber bore

PurposeThe purpose of this paper is to look at how cyber insurance markets might work with the backing of government reinsurance.Design/methodology/approachThe paper is based on interviews and workshops on cyber security, cyber terrorism and cyber crime.FindingsThe paper links a successful 1990s' approach to property terrorism risk to helping address cyber risk.Originality/valueOf note, the author suggests that cyber risk is under control when organisations at risk can purchase normal insurances.

Download Full-text

Obtaining reasonable assurance on cyber resilience

Managerial Auditing Journal ◽

10.1108/maj-11-2017-1690 ◽

2019 ◽

Vol ahead-of-print (ahead-of-print) ◽

Cited By ~ 2

Author(s):

Filip Caron

Keyword(s):

Risk Management ◽

Real World ◽

Cyber Security ◽

Design Methodology ◽

Content Type ◽

Security Controls ◽

Conceptual Designs ◽

Testing Techniques ◽

Traditional Process ◽

Cyber Risk

PurposeThe purpose of this paper is to highlight the potential of cyber-testing techniques in assessing the effectiveness of cyber-security controls and obtaining audit evidence.Design/methodology/approachThe paper starts with an identification of the applicable cyber-testing techniques and evaluates their applicability to generally accepted assurance schemes and cyber-security guidelines.FindingsCyber-testing techniques are providing insight in the effectiveness of the actual implementation of cyber-security controls, which may significantly deviate from the conceptual designs of these controls. Furthermore, cyber-testing techniques could provide concise input for cyber-risk management and improvement recommendations.Originality/valueThe presented cyber-testing techniques could complement traditional process-oriented assurance techniques with specialized technical analyses of real-world implementations that focus on the adversaries’ viewpoint.

Download Full-text

Building a new resilience

Journal of Business Strategy ◽

10.1108/jbs-01-2021-0002 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Peter Buell Hirsch

Keyword(s):

Cyber Security ◽

Design Methodology ◽

Business Leaders ◽

Human Potential ◽

Global Business ◽

Content Type ◽

Business System ◽

New Business ◽

Practical Implications

Purpose The purpose of the viewpoint is to examine the various ways in which the pandemic has exposed structural vulnerabilities in global business infrastructures that have long existed and been long ignored. It urges business leaders not to return to a “new normal” but make fundamental changes to ensure that their businesses are truly resilient and can withstand future threats more effectively. Design/methodology/approach The viewpoint looks at the various kinds of vulnerability to which businesses are exposed – such as supply chain, human capital, cyber security and climate change – and proposes ways to ensure that businesses, as well as shareholders and government entities work together to build true resilience. Findings At its core, the viewpoint exposes the various ways in which businesses have turned a blind eye to vulnerabilities that have always lurked just below the surface and suggests. The argument is that to secure the long-term future of our global business system, we can no longer remain oblivious to fundamental weaknesses in our infrastructures. Research limitations/implications The viewpoint looks selectively at the available data and is, therefore, by definition, subjective and non-comprehensive. Practical implications If businesses and shareholders truly take the recommendations of this viewpoint to heart, we can build a more resilient future through long-term investments in risk management infrastructures of all kinds that will secure a more prosperous and stable future. Social implications Developing a more resilient and stable global business infrastructure will help reduce the business volatility deriving from last minute responses to predictable threats. This will, in turn, help provide more stable, fulfilling employment, especially in developing countries that will act as a fly wheel for the secure development of human potential around the world. Originality/value While there has been much speculation of what the “new business normal” will look like once the pandemic has been conquered, this is, the author believes, the first piece to look concretely on how we can not only “build back better” but build back more soundly for the long term.

Download Full-text

Analysing IoT Cyber Risk for Estimating IoT Cyber Insurance

10.20944/preprints201903.0110.v1 ◽

2019 ◽

Author(s):

Petar Radanliev ◽

Rafael Mantilla Montalvo ◽

Razvan Nicolescu ◽

Michael Huth ◽

Stacy Cannady ◽

...

Keyword(s):

Impact Assessment ◽

Cyber Security ◽

Industry 4.0 ◽

Assessment Model ◽

Theory Approach ◽

Academic Literature ◽

Cyber Insurance ◽

Cyber Risk ◽

Quantitative Impact ◽

Grounded Theory Approach

This paper is focused on mapping the current evolution of Internet of Things (IoT) and its associated cyber risks for the Industry 4.0 (I4.0) sector. We report the results of a qualitative empirical study that correlates academic literature with 14 - I4.0 frameworks and initiatives. We apply the grounded theory approach to synthesise the findings from our literature review, to compare the cyber security frameworks and cyber security quantitative impact assessment models, with the world leading I4.0 technological trends. From the findings, we build a new impact assessment model of IoT cyber risk in Industry 4.0. We therefore advance the efforts of integrating standards and governance into Industry 4.0 and offer a better understanding of economics impact assessment models for I4.0.

Download Full-text

Food behaviours of Italian consumers at risk of poverty

British Food Journal ◽

10.1108/bfj-12-2014-0417 ◽

2015 ◽

Vol 117 (11) ◽

pp. 2831-2848 ◽

Cited By ~ 8

Author(s):

Arianna Ruggeri ◽

Anne Arvola ◽

Antonella Samoggia ◽

Vaiva Hendrixson

Keyword(s):

At Risk ◽

Design Methodology ◽

Economic Status ◽

Inverse Document Frequency ◽

Content Type ◽

Semantic Categories ◽

Female Consumers ◽

Document Frequency ◽

Consumer Segment ◽

Quantitative Analyses

Purpose – At a European level, Italy experiences one of the highest percentages of population at risk of poverty (AROP). However, studies on this consumer segment are scarce. The purpose of this paper is to investigate the food behaviours of Italian female consumers, distinguishing similarities and differences due to age and level of income. Design/methodology/approach – The investigation adopted an inductive approach in order to analyse and confirm the determinants of food behaviours. Data were collected through four focus groups. Data elaboration included content analyses with term frequency – inverse document frequency index and multidimensional scaling technique. Findings – The food behaviours of Italian female consumers are based on a common set of semantic categories and theoretical dimensions that are coherent with those applied by previous studies. The age of consumers impacts the relevance attributed to the categories and income contributes to the explanation of the conceptual relations among the categories that determine food behaviours. The approach to food of younger and mature consumers AROP is strongly driven by constraints such as price and time. The study did not confirm a link between a poor health attitude and low socio-economic status. Research limitations/implications – The outcomes achieved can be strengthened by quantitative analyses to characterise the relations occurring among the factors and dimensions that influence the food behaviours of consumers AROP. Originality/value – The study increases knowledge about Italian female consumers and provides an initial contribution to the analysis of the food behaviour of the population AROP.

Download Full-text

Knowledge of the good Samaritan drug overdose act and possession of a naloxone kit among people recently released from prison

International Journal of Prisoner Health ◽

10.1108/ijph-04-2021-0033 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Katherine E. McLeod ◽

Jessica Xavier ◽

Ali Okhowat ◽

Sierra Williams ◽

Mo Korchinski ◽

...

Keyword(s):

At Risk ◽

Mobile Phone ◽

Drug Overdose ◽

Design Methodology ◽

Discharge Planning ◽

Correctional Facilities ◽

Mentoring Program ◽

Content Type ◽

Good Samaritan ◽

Standard Component

Purpose This study aims to describe knowledge of Canada’s Good Samaritan Drug Overdose Act (GSDOA) and take home naloxone (THN) training and kit possession among people being released from provincial correctional facilities in British Columbia. Design/methodology/approach The authors conducted surveys with clients of the Unlocking the Gates Peer Health Mentoring program on their release. The authors compared the characteristics of people who had and had not heard of the GSDOA and who were in possession of a THN kit. Findings In this study, 71% people had heard of the GSDOA, and 55.6% were in possession of a THN kit. This study found that 99% of people who had heard of the GSDOA indicated that they would call 911 if they saw an overdose. Among people who perceived themselves to be at risk of overdose, 28.3% did not have a THN kit. Only half (52%) of participants had a mobile phone, but 100% of those with a phone said they would call 911 if they witnessed an overdose. Originality/value The authors found that people with knowledge of the GSDOA were likely to report that they would call 911 for help with an overdose. Education about the GSDOA should be a standard component of naloxone training in correctional facilities. More than one in four people at risk of overdose were released without a naloxone kit, highlighting opportunities for training and distribution. Access to a cellphone is important in enabling calls to 911 and should be included in discharge planning.

Download Full-text

Cyber risk management in SMEs: insights from industry surveys

The Journal of Risk Finance ◽

10.1108/jrf-02-2020-0024 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Felicitas Hoppe ◽

Nadine Gatzert ◽

Petra Gruner

Keyword(s):

Risk Management ◽

Cyber Security ◽

Future Research ◽

Management Process ◽

Content Type ◽

Security Culture ◽

Current State ◽

Enterprise Risk ◽

Risk Management Process ◽

Cyber Risk

PurposeThis article aims to gain insights on the current state of small- and medium-sized enterprises’ (SMEs’) cyber risk management process and to derive future research directions.Design/methodology/approachThis is done by collecting market insights from 37 recent industry surveys and structuring them based on the steps of the risk management process. From this analysis, major challenges are derived and future fields of research identified.FindingsThe results indicate that deficiencies in risk culture as well as the strained market for IT experts are the major obstacles with respect to the implementation of cyber risk management in SMEs, and that these challenges are similar across countries. The findings suggest that especially the relationship between cyber security culture and cyber risk management should be investigated further, and that a stronger link between the research streams on enterprise risk management and cyber risk management would be desirable.Originality/valueThis paper contributes to the literature by providing a systematic overview on the current state of SMEs' cyber risk management from a market perspective. The findings provide support for the existing academic literature by emphasizing the central role of cyber security culture (perception, knowledge, attitude) for a successful cyber risk management, which however should be addressed in more depth in future (empirical) research.

Download Full-text

Cyber Insurance as a Way of Cyber Risks Management

Safety in Technosphere ◽

10.12737/article_5d8b1f1205ad35.02378913 ◽

2019 ◽

Vol 7 (5) ◽

pp. 35-42

Author(s):

Александр Суворов ◽

Aleksandr Suvorov ◽

Мария Матанцева ◽

Mariya Matanceva ◽

Евгения Плотникова ◽

...

Keyword(s):

Cyber Security ◽

Insurance Industry ◽

Security Level ◽

Controversial Issues ◽

It Infrastructure ◽

Software Products ◽

Cyber Insurance ◽

Risk Insurance ◽

Commercial Organization ◽

Cyber Risk

A review of the cyber insurance domain has been carried out with a description of classical terms from the insurance industry. Have been considered two the most comprehensive today definitions of cyber risk in authors’ opinion. A diagram of processes for cyber risk management using insurance has been presented, and the place of cyber-risk among other company’s risks has been demonstrated, i. e. the context of cyber risk among the risks of any commercial organization has been shown. A typical cyber insurance process has been described, and a scheme of cyber insurance processes has been developed. A brief description of problem areas and controversial issues in cyber insurance, with which cyber-risk insurance practices may face, has been presented, as well as a table showing at which stage of cyber-insurance the specific problems may arise. Has been provided the basic economic utility function, which formalizes decision making for agents with a different attitude to risk. Standards in cyber security, and various software products that can be used as a tool for assessing the security level of an enterprise’s IT infrastructure have been presented, and it has been demonstrated how these products can help in cyber risk assessment. Different methods used at each stage of cyber insurance have been shown.

Download Full-text

A security education Q&A

Information Management & Computer Security ◽

10.1108/imcs-01-2014-0006 ◽

2014 ◽

Vol 22 (2) ◽

pp. 130-133 ◽

Cited By ~ 8

Author(s):

Eugene Kaspersky ◽

Steven Furnell

Keyword(s):

Cyber Security ◽

Design Methodology ◽

End Users ◽

Content Type ◽

Conference Series ◽

Security Education ◽

Question And Answer ◽

Clear Insight ◽

Academic Qualifications ◽

Insight Into

Purpose – The purpose of this paper is to highlight the importance of cyber security education as a means of enabling skilled professionals and ensuring adequate awareness amongst end users. Design/methodology/approach – The discussion examines the contribution made by the Kaspersky Academy student conference series, and then proceeds to consider some related questions posed to Eugene Kaspersky as the founder of the programme. Findings – The question and answer segment of the discussion identifies the ways in which academic qualifications and professional certifications can align to support a rounded security education for those aiming to become practitioners. Originality/value – The discussion provides a clear insight into the importance of security education and how it is being actively supported by one of the leading companies in the industry.

Download Full-text

Commentary on “An audit of an Intensive Interaction service”

Tizard Learning Disability Review ◽

10.1108/tldr-04-2015-0018 ◽

2015 ◽

Vol 20 (3) ◽

pp. 117-120

Author(s):

Peter Baker

Keyword(s):

At Risk ◽

Intellectual Disabilities ◽

Design Methodology ◽

Service Innovation ◽

Multiple Disabilities ◽

Research Experience ◽

Content Type ◽

Service Models ◽

People With Intellectual Disabilities

Purpose – The purpose of this paper is to provide a commentary on “An audit of an Intensive Interaction service”. Design/methodology/approach – Drawing on the literature regarding other related person-centred approaches and clinical and research experience, an argument is made that people with profound intellectual and multiple disabilities are particularly at risk when service innovation does not account for their unique needs. Findings – Practice and service models need to specifically account for the needs of people with profound intellectual and multiple disabilities. Originality/value – The commentary draws attention to the importance of implementation and seeks to draw lessons from well established, service wide approaches for people with intellectual disabilities.

Download Full-text

Cybersecurity as a global concern in need of global solutions: an overview of financial regulatory developments in 2015

Journal of Investment Compliance ◽

10.1108/joic-01-2016-0003 ◽

2016 ◽

Vol 17 (1) ◽

pp. 101-111 ◽

Cited By ~ 2

Author(s):

V. Gerard Comizio ◽

Behnam Dayanim ◽

Laura Bain

Keyword(s):

Financial Institutions ◽

Cyber Security ◽

Assessment Tool ◽

The United States ◽

Regulatory Compliance ◽

The European Union ◽

Content Type ◽

Cyber Threats ◽

Cyber Risk ◽

Financial Regulatory

Purpose To provide financial institutions an overview of the developments in cybersecurity regulation of financial institutions during 2015 by the United States, the United Kingdom, and the European Union, as well as guidance for developing effective cyber-risk management programs in light of evolving cyber-threats and cyber-regulatory expectations. Design/methodology/approach Reviews US, UK and EU regulatory developments in the cybersecurity area and provides several best practice tips financial institutions should consider and implement to improve their cybersecurity compliance programs. Findings While cyber-threats and financial regulators’ expectations for cyber-security are constantly evolving, recent guidance and enforcement efforts by the US, UK and EU illustrate the need for financial institutions to develop effective cybersecurity programs that address current regulatory compliance requirements and prepare for emergency cyber responses. Practical implications Financial institutions should utilize the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool to assess their cyber-risk profile and cyber-preparedness. Originality/value Practical guidance from experienced financial regulatory and privacy lawyers that provides a survey of the current regulatory environment and recommendations for cyber-security compliance.

Download Full-text