Do CISOs Have Personal Liability For Breaches

The Critical Intersection Newsletter

Author

Mark Lynd
May 09, 2023

You have a lot going on, so join the thousands of other leaders and let me do the work and provide you with curated cybersecurity content. It would be my honor to do so.

NOTES: If you want to ensure you get this newsletter every week, please add my "from" address to your contact list. If you would like to Unsubscribe scroll to the bottom and select "unsubscribe". Thank you.

In this week's edition:

  • New Book By Mark #1 for Teens & Young Adults

  • Cyber Stats

  • Early Warning - 5 Most Common Types of Insider Threats

  • Cyber Quote - National Cyber Security Alliance

  • Free Cybersecurity Resources - eBooks, tools, apps & services

  • Trending Story - CISOs Worried About Personal Liability For Breaches

  • Cybersecurity News Highlights

  • Cyber Alarm - More Companies with Cyber Insurance Are Hit by Ransomware Than Those Without

  • Social Posts of the Week

Cyber Bits & Bytes

  • ChatGPT: You’re not ready for the new wave of cyberattacks as reported in Biometricupdate.com. Unfortunately, obvious benefits aside, ChatGPT is also serving as a powerful weapon for easily creating malicious content at a greater scale, taking cybercrime to a whole new level. To be sure, researchers have found cases of cybercriminals overriding ChatGPT’s anti-abuse restrictions to generate or review malicious code.

  • Boards Are Having the Wrong Conversations About Cybersecurity- Article from Harvard Business Review.

  • Merck entitled to $1.4B in cyberattack case after court rejects insurers' 'warlike action' claim - Article from Fierce Pharma. Merck may finally be entitled to a hefty insurance payout from the high-profile NotPetya cyberattack— if an appeals court ruling stands. A New Jersey appellate court on Monday ruled that a group of insurers can’t use war as an argument to deny Merck coverage from the notorious cyberattack that afflicted the company and others back in 2017.

  • Thank you to all of you in this community for buying my book designed to help teens. It is truly appreciated. Now available on Amazon in both Paperback and eBook.

Cyber Stats

Here are some interesting cybersecurity statistics:

  • The average cost of a malware attack on a company is $2.6 million

  • In the US, cybercrime costs approximately $100 billion every year

  • In the US, a data breach costs an average of $9.44M

  • 95% of cyberattacks are due to human error

  • Cybercrime cost people in the United States an est. $6.9 billion in 2021.

  • Globally, an estimated 30,000 websites are hacked each day

  • Only 5% of company folders and files are properly protected

  • The average cost of a malware attack on a company is $2.6 million

  • In the US alone, cybercrime costs approximately $100 billion every year

  • Sources: Fortinet.com, Getastra.com, cybertalk.org, norton.com, forbes.com,techjury.net, and csoonline.com

Early Warning - 5 Most Common Types of Insider Threats

According to a report by Security Intelligence, there are five types of insider threats:

  1. Nonresponders

  2. Inadvertent Insiders

  3. Insider Collusion

  4. Persistent Malicious Insiders

  5. Disgruntled Employees

Another report by Securonix  states that in the US, the most common type of insider threat:

  1. Data exfiltration (62%).

  2. Privilege misuse (19%)

  3. Data aggregation/snooping (9.5%)

  4. Infrastructure sabotage (5.1%)

  5. Circumvention of IT controls (3.8%)

Cyber Quote

Free Resources

Trending Story

CISOs Worried About Personal Liability For Breaches

Many want insurance to cover any financial impact

www.infosecurity-magazine.com/news/cisos-worried-personal-liability

Other Bytes

FBI seizes 13 more domains linked to DDoS-for-hire services

The U.S. Justice Department announced today the seizure of 13 more domains linked to DDoS-for-hire platforms, also known as 'booter' or 'stressor' services.

www.bleepingcomputer.com/news/security/fbi-seizes-13-more-domains-linked-to-ddos-for-hire-services

Dallas Police Department Compromised in Ransomware Attack

The attack took down essential services, including some 911 dispatch systems

www.infosecurity-magazine.com/news/dallas-police-compromised

Cyber Alarm

More Companies with Cyber Insurance Are Hit by Ransomware Than Those Without

In an interesting twist, new data hints that organizations with cyber insurance may be relying on it too much, instead of shoring up security to ensure attacks never succeed.

Cyber insurance should be seen as an absolute last resort and shouldn’t be seen as a sure thing (in terms of a claim payout). But according to Barracuda’s 2023 Ransomware Insights report, this may not be the attitude organizations are taking, using the rate of successful ransomware attacks as the measure:

  • 73% of organizations reported at least one successful ransomware attack in the past 12 months

  • 77% of organizations with cyber insurance were hit by at least one successful ransomware attack

  • 65% of organizations without cyber insurance were hit by at least one successful ransomware attack

This strange data point may indicate that there is too much reliance on a cyber insurance policy; that is, organizations think, “eh, the insurance policy will cover an attack” and proper cybersecurity precautions aren’t put in place.

This Cyber Alarm is an excerpt of a very informative article by Stu Sjouwerman and is provided by our sponsors: Netsync & KnowBe4

Cybersecurity Social

Just a couple of interesting social posts

The Critical Intersection Newsletter