28 August 2019News

Companies must familiarise themselves with US privacy laws: Chubb

Companies should improve their knowledge of current and emerging US privacy laws to better manage risks thrown up by surging Biometrics Information Privacy Act (BIPA) lawsuits, Chubb has warned in its latest Cyber InFocus report.

Titled Know The Latest Trends In Cyber Risk, the report warned that variations in state regulations around biometric data is making compliance a challenge. “It is imperative that companies understand the legal requirements of each state and of the countries in which they conduct business,” the report said.

US federal and international legislators and regulators are increasingly focused on the issue, it added.

Chubb also highlighted risks around a newly detected ransomware variant called iEncrypt that is characterised by mid-six to seven figure ransom demands. iEncrypt is spread through existing malware, such as Dridex or Emotet, and Chubb advised companies - especially financial companies - to ensure they conduct regular malware detection and data backups.

“Proprietary claims data from the Chubb Cyber Index shows that the median cost of a cyber incident has doubled for financial institutions in the past three years,” the report said.

It found that hacking and human error accounted for 21 percent of cyber attacks hitting the financial industry each so far in 2019, with phishing and other forms of social engineering the third biggest source of risk, at 18 percent.

"In general, financial institutions are at the cutting edge in terms of cyber security software and processes," said Anthony Dolce, vice president of Chubb cyber claims. "However, every day we see situations where one stray click on a well-targeted phishing email can result in losses of millions of dollars."

Chubb's Cyber InFocus report was first launched in early 2018 and provides insights into the effects of cyber risks and trends on specific industries or business segments each quarter, based on third-party research and proprietary claims data.