April 3, 2016 – Winquest Cybersecurity President & CEO, John Leitch, testified on cybersecurity at the National Association of Insurance Commissioners (NAIC) Spring Meeting in New Orleans. The purpose of Leitch’s testimony was to supplement Winquest’s written comments to the NAIC’s Draft Cybersecurity Model Law. The Model Law is being drafted by NAIC’s Cybersecurity Task Force composed of State Insurance Commissioners with the goal of providing cybersecurity regulations for the insurance industry.
Leitch’s testimony included; a short discussion of Winquest capabilities and experience (at the committee’s request), a request for clear and unambiguous definitions in the Model Law, support for using the NIST Cybersecurity Framework as one, of many, established cybersecurity standards and suggestions to help determine the adequacy of Third Party Service Provider’s cybersecurity programs.
Leitch’s testimony may also lead to NAIC using Winquest as a resource for further cybersecurity research.
The costs of a data breach add up quickly. A report published by First Data, a major credit card processing company, drives home the cold hard reality of the direct costs of a cyber attack and the potentially devastating effects beyond actual expenses. Their report focuses on compromised customer credit card data as opposed to other forms of cyber attacks. Here is their outline of direct and indirect costs:
- A mandatory forensic examination
- Notification of customers
- Credit monitoring for affected customers
- PCI compliance fines
- Liability for fraud charges
- Card replacement costs
- Upgrade or replacement of POS system
- Reassessment for PCI compliance
- Damage to your brand and business reputation
- Bad press
- Loss of credit payment privileges
- Your time
Click to ready their full report.
The Chairman for the House Committee on Small Business, Steve Chabot (R-OH), opened a recent hearing with the startling fact that over 71% of cyber attacks occur at businesses with fewer than 100 employees. He went on to say, “The American government, American businesses, and Americans themselves are attacked over the Internet on a daily basis. Sometimes they know, sometimes they don’t. These attacks come from criminal syndicates, ‘hacktivists,’ and foreign nations. They’re after intellectual property, bank accounts, Social Security numbers, and anything else that can be used for financial gain or a competitive edge.”
The Committee also heard from Todd McCracken, President of the National Small Business Association, who discussed the fact that small companies currently have fewer resources to address cyber attacks. “Many small companies are not in a position to have a dedicated IT department, and many either outsource IT functions or assign such duties to an employee with other responsibilities—often the owner him/herself. In fact, the number of business owners who personally handle IT support appears to be on the rise,” McCracken said.
This testimony was presented April 22, 2015 as part of the committee’s consideration of H.R. 1560, the Protecting Cyber Networks Act, and H.R. 1731, the National Cybersecurity Protection Advancement Act. Click here for more information.