Resource Search

After a very difficult 2020, rapid vaccine development has sparked optimism among the public and in the business community. But there’s a long road ahead while infections remain high. During this transition period—when vaccines are becoming more widely available, but before the country achieves herd immunity— businesses should consider and anticipate a few things, including that certain individuals may not comply with COVID policies.

When a ransomware attack happens, it forces many organizations to make a difficult choice—pay the ransom or experience prolonged business or data loss. But there is also another complication for organizations to consider—the government regulators warning companies that payments made to ransomware attackers may constitute violations of U.S. sanctions. Further complicating matters is the move by many organizations to cloud storage. When moving data to the cloud, an organization still retains liability for that data in the eyes of the law.

On August 24, 2022, the California Attorney announced a settlement with Sephora, Inc. that included a fine of $1.2 million for alleged violations of the California Consumer Privacy Act (CCPA). The settlement is important because it makes clear that the use of analytics, advertising cookies, and other automatic data collection technologies are a "sale" under the CCPA. Businesses that are subject to the CCPA (and the upcoming CPRA) should immediately review their CCPA compliance to minimize being a potential target of further enforcement actions.

Ransomware is one of several common cybersecurity risks companies face today. In addition to being a victim of a cyber attack, these companies may become the target of lawsuits alleging a variety of harms, including failure to deliver contractual promises and negligent cybersecurity practices. By being prepared and employing practical strategies, companies can safeguard against a ransomware attack and mitigate other cybersecurity risks.

It is important for families to develop a comprehensive risk management strategy as they navigate the blessings and burdens, as well as the choices and challenges, that come with significant wealth. This piece focuses on the potential insurance risks and costs associated with life's milestones and possessions.

While China has denied engaging in espionage efforts as outlined in the joint warning from the U.S. and British law enforcement agencies, it is crucial for businesses to defend against the threat and the cybersecurity attacks that can come at any time from any nation state threat actors. Businesses of all kinds should consider immediate and ongoing actions to protect their intellectual property and critical infrastructure activities, beginning with reviewing patching policies and procedures.

Diving deep into the metrics from more than 1,270 data security incidents, this one-of-a-kind report features actionable insights and checklists to help companies improve their data security measures and operational resilience. Key findings reveal ransomware remains front and center; companies are becoming more resilient after making investments in security enhancements; a change in the risk landscape with the use of cloud assets; and e-crime continuing with a surge in wire fraud.

Corporate insiders pose a unique threat as they are given privileged access to the company’s assets and are trusted to use that access responsibly and ethically. However, this can go awry in several ways, from unintentional, negligent acts to intentional, malicious acts. To help prevent, detect, and respond to that threat, it’s important to address the three key risks when evaluating your Insider Threat Program.

Facing more frequent and intense cyber threats, it’s vital that businesses are prepared for the attacks. In this episode of Marsh’s Risk in Context podcast, learn how organizations can build effective cyber incident and ransomware management plans and the actions they can take before, during, and after an attack. An important piece of your plan should include having a go-to list of reliable resources—such as law firms, forensics firms, and various extortion service providers—to act on your behalf in the event of a cyber incident.

When COVID hit, many business owners faced the dire realization that the insurance they paid so much for did not cover the business interruption resulting from the pandemic exposures. To help guard against that type of unexpected disruption in the future, many business owners have set up captives—a lucrative alternative risk financing structure—to navigate the risk and insurance challenges they face.