The HKSTP SPARK seminar named “Cyber
Security Threat Update” was organized by SPARK on 31 Aug 2018. SPARK is a dynamic community in the heart of
Science Park. Today’s seminar invited
experts from MARSH to discuss the cyber risks, trends and impact, as well as,
ways to protect organization. Ms.
Naureen Rasul (Cyber Leader, Asia, MARSH) was the first speaker. She briefed the cyber risks based on MMC
Cyber Handbook (2018) that hackers were 80% more likely to attack organization
in Asia but 78% of internet users in Asia had not received any education on cybersecurity.
Then Ms. Naureen Rasul introduced
top 5 risks most likely increase in Asia.
Based on Marsh/Microsoft Global
Cyber Risk Perception Survey in 2017, Financial (31%) was the top targeted
industry.
In Fintech, top six security
threats were Ransonware, Malicious emails, Phishing emails, IoT, Password
hygiene and Software vulnerabilities.
Then Ms. Rasul briefed GDPR impact in Hong Kong.
Finally, she mentioned some best
practices for handling cyber risk included four basic components of risk
management that were Avoidance, Mitigation, Transfer and Acceptance.
The second speaker was Ms. Sharon
Kerr (FINPRO Leader, Asia, MARSH) and she shared insurance solution. She introduced simplified data breach
timeline such as Discovery, First Responses, External Issues and Long-term
Consequences.
She briefed the stand-alone cyber
policy included first party costs and other expense, as well as, third party liability
and defense costs.
There were four types of
insurance policies that were Crime, Professional Indemnity, Directors and
Officers, and Cyber.
Finally, she mentioned risk
transfer options in Property, Cyber and Casualty.
Lastly, Ms. Naureen Rasul
introduced their Cyber Assessment and Analytics service that included Cyber
Threat Environment Assessment and Cybersecurity Program Maturity Assessment.
At the end, she shared what
underwriter looking for items to us.
Q&A session
Participants interested on
service charge and benefit. Ms. Rasul
said it based on what kind of service your organization needs and it should be
small amount on company’s IT budget. I
asked about Professional Indemnity Insurance coverage such as GDPR. She said it could cover but depended on
different country regulation.
Reference:
HKSTP - http://www.hkstp.org
SPARK - https://spark.hkstp.org/
沒有留言:
發佈留言