Study 9: Ecommerce, International Shipping, and Cyber Security Flashcards
Payment Application Data Security Standard (PA-DSS)
- The global security standard for secure payment application software
- Requirements put forth by PA-DSS help vendors develop software that does not store prohibited data, such as full magnetic strip data, card verification values, or personal identification number (PIN) data
Cyber Risk
Any kind of damage, disruption, or financial loss experienced by a company as a result of a failure in its computer systems
First-party coverage is available for the following costs related to a breach:
- Investigation of the breach
- Repair of digital records/assets
- Legal advice on notification and regulatory obligations
- Lost revenue
- Extra expenses, such as hiring a PR firm to deal with public backlash over the breach and damage to the company’s reputation
Privacy Breach/Network Security Breach
The unauthorized collection, disclosure, use, access, destruction, or modification of personal information
Third-party coverage is available for the following costs related to a breach:
- Financial damage to third parties (customers)
- Legal costs to defend against third-party claims
- Settlements, damages, and judgements
- Regulatory fines and penalties, including fines issued by payment card companies (Visa or Mastercard)
- Expenses incurred in responding to regulatory inquiries
Marine Insurance
A form of insurance that covers loss or damage to ships, cargo, and terminals, as well as any goods or cargo in transit, and the liability arising out of the use, ownership, or operation of any of the foregoing.
Includes two general classes of risk: ocean marine and inland marine
Inland Marine Insurance
Coverage for moveable property in transit, excluding ocean crossings; includes bridges and tunnels, because they are implements of transportation
Applies to shipments by truck
Ocean Cargo Insurance (aka Ocean Marine Insurance)
Insurance of ships and their cargoes and the various interests connected therewith
Applies to shipments transported by cargo ship
3 General Categories of Cyber Risk
- Deliberate and unauthorized breaches of security to access information systems for the purposes of destruction, espionage, extortion, or embarrassment of an organization, such as ransomware to lock businesses out of their system until they pay a ransom; malware, including viruses, worms, or spyware; and other online phishing scams
- Unintentional or accidental security breaches, such as losing a memory stick or a laptop or falling victim to social engineering attacks
- Operational IT risks, such as failing to install firewalls, keep security software up to date, or select passwords that are unique and difficult to decode
Threat actors might target a company for 3 main reasons
- Corporate espionage (stealing trade secrets, possibly to sell to a competitor)
- To steal private data (which could include credit card numbers, personal data on employees or customers)
- To steal money (through extortion or directly from the company’s accounts)
Most common cyber risks companies are exposed to
- hacking
- ransomware
- malware
- insider threats
- DoS attacks
- phishing
First Party Cyber Exposures
- Event expenses
- Extortion expenses
- Restoration expenses
- Regulatory expenses
- Business interruption
Third Party Cyber Exposures
- Privacy Breach
- Internet Media Liability
- Network Security Liability
- Technology E&O
Basics of a Cyber Policy
- They are claims-made policies
- There is a duty to defend
- There needs to be a retroactive date
Retroactive date
Refers to the date before which there is no coverage for claims.
A provision in some liability policies written on a claims-made basis that prohibits claims for incidents that happened prior to the stated date
