Tag Archive for Business

| August 4, 2012
Comments Off on ISS Room View

ISS Room View

ISS Room ViewThis NASA compilation video shows the view from the International Space Station (ISS) as it flies over the Earth at night. Watch the video which Tested found and you’ll see cities, aurorae, lightning, and occasionally even the thin edge of the atmosphere itself.

 

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| July 19, 2012
Comments Off on Cyber Insurance

Cyber Insurance

Cyber InsuranceJohn Moccia with Innovation Guard wrote a good primer on what happens when a firm needs to buy cyber insurance in a thread at Internet Evolution. The author writes that loss control/security precautions are built into the process of acquiring cyber insurance. There are firms like NetDiligence that partner with insurers. Apparently, when you buy a cyber insurance policy, the coverage is contingent upon a successful security audit performed by NetDiligence (penetration testing, ethical hack, etc).

Cyber InsuranceThe article goes on to state that when a company outsources their technologies, such as with a co-hosting facility where their actual servers reside, the insurer will seek information on the Colo firm’s security protocols, protection, and redundancy. In the end, those companies with better procedures/protections in place will get better rates…..those with worse or no security will get higher rates – or not be afforded coverage at all.

There are first and third-party implications to Cyber insurance according to Mr. Moccia.

The first party = your losses…such as the cost to notify the thousands or tens of thousands of people whose info has been compromised.

Third-Party = losses of others where they would seek restitution from you. A class action claim for failure to secure confidential data – defense costs, settlements, etc.

This whole area is still evolving. Some insurers offer just third-party, others offer both. They have different approaches to the way they offer the coverage’s, too. For example, while one insurer may offer you up to $250K for breach notification costs, another provides coverage for up to 2 million affected people with no specific dollar amount.

Coverage can be incorporated on some insurer’s policies to address the acts of “rogue” employees/insiders.

Read the fine printThe author points out that the insurance industry is a very old industry. It is also one that is slow to change its ways of doing business. Insurers package their policies the way they want to sell them, as opposed to the way people/businesses want to buy them. For example, the types of claims that we are discussing here are relevant and likely for any kind of company today. General Liability claims are very uncommon and unlikely (at least for vanilla office-based companies, like Tech businesses and professional service companies)…and traditional business interruption coverage doesn’t address these cyber issues. Yet, these coverage’s are part of the standard policy that all businesses carry. In order to get the total protection that a business needs, it has to buy several policies, usually from multiple insurers. The first progressive insurer that is willing to incorporate coverage for these modern exposures (even if they just dip their toe in the water… offer $10K or some other nominal amount!), as part of what is their standard commercial policy, will have a huge advantage on the rest of the market.

rb-

I am sure that many SMB organizations have holes in their coverage when it comes to their cyber insurance. I really doubt that they can pass the security audit. Many of the organizations I deal with have very low-security postures. Conversations about password policies, document retention, and user account life-cycle are a big deal, even when my counterpart has come from industry to industry to education.

Related articles

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| July 10, 2012
One comment

Patent Trolls Cost the US $29 Billion

Patent Trolls Cost the US $29 BillionThe United States patent system is costing the industry more than $29 billion a year in unnecessary legal fees. A Boston University study crunched the numbers and worked out that the legal action conducted by “patent trolls” cost U.S. companies an estimated $29 billion during 2011.

United States Patent and Trademark Office (USPTO) logoFortune defines patent trolls as entities that own the intellectual rights to innovations without innovating anything themselves, so-called “non-practicing entities.” They buy patents to sue infringers. According to the study, last year, 1,150 companies defended themselves against 5,842 patent troll lawsuits. Nearly half of those companies made less than $100 million during the year, which showed the authors that patent trolls aren’t just a problem for large firms, but rather a problem for smaller firms who have less money to invest in their own research.

The result is that the companies lost $29 billion in direct costs – legal and licensing fees. The study did not estimate indirect losses for defendants in things like delays in new products, loss of market share, or the need to change products.

Study authors James Bessen and Michael Meurer also found that the patent troll costs have escalated since 2005 when the study found a total of 1,401 claims were $6.6 billion in direct costs. The authors say increasing patent litigation in the U.S. is a significant tax on investment in innovation. To put the figure into perspective the total U.S. spending on research and development is $249 billion in 2009 but it is still a big tax.

Bessen and Meurer said it was rubbish that asserting patents played a socially valuable role in enabling small inventors to realize greater profits from their ideas. The report said that the costs of defending such legal action meant these organizations had less money to invest in their own research. The report claims that patent lawsuits were a social loss and not a transfer of wealth as the trolls claim.

rb-

I have followed patent trolls for a while here, here, and here.

The ineptitude of Washington to do anything right enables patent trolls. The report concludes “The rapid growth and high cost of NPE litigation …  should set off an alarm warning [to] policymakers that the patent system still needs significant reform to make it a truly effective”

Most reasonable people should agree with the study’s recommendation to increase transparency in the patent system and that the courts should rigorously supervise patent damages awards to make sure that damages are proportional to the value of the patented technology.

Related articles
  • Patent Absurdity: Trolling the Courts for Profits (aleksandreia.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| July 7, 2012
Comments Off on One Heck of a Commute

One Heck of a Commute

One Heck of a CommuteI drive about 55 minutes to get to work most days, now, maybe I won’t complain as much about my commute after seeing what these guys do to get to work. This seven-minute clip follows two radio transmission tower workers as they scale a 1,768 foot guided tower to work on the mast.

To put this height into perspective, this tower is almost twice the height of the Eiffel Tower in Paris. In the video, filmed using a helmet cam, and you can see these guys free-climb without safety harnesses in some sections of the tower.

Do Not Try This At Home!

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , ,
| June 14, 2012
2 comments

Got Cyber Insurance?

Got Cyber Insurance?Network World says that standard business insurance does not cover data breaches or almost any other loss involving data. Standard insurance covers tangible losses and damage. Data isn’t tangible. This is causing many firms to investigate cyber insurance.

data is not tangibleThe decision that data is not tangible goes back to a 2000 ruling by a U.S. District Court. The ruling arose from an Arizona case, American Guarantee & Liability Insurance Co. vs. Ingram Micro Inc.. In that case, the court said that a computer outage caused by a power problem constituted physical damage within the meaning of the policy Ingram Micro (IM) had purchased from American Guarantee.

After that, the insurance firms changed their policies to state that data is not considered tangible property,” Kevin Kalinich, national managing director for network risk at insurance vendor Aon Risk Solutions told Network World. The upshot is that an enterprise needs special cyber insurance to cover data-related issues. The problem is that the field is new and there is no such thing as standard coverage with a standard price.

Buyers push back

major source of push-back by potential buyersThe resulting complexity is a major source of push-back by potential buyers. According to Larry Ponemon, chairman of the Ponemon Institute, a research organization focused on information security and protection, “The policies have limitations and constraints similar to home policies with act-of-God provisions, and that has created a lot of uncertainty about what is covered, and what the risks are,” Mr. Ponemon told Network World. “Those who are nevertheless purchasing cyber insurance are typically very selective about what coverage they want,” he adds.

Cyber insurance coverages available

Data breach coverageData breach coverage: This pays for expenses that result from a data breach. Covered expenses typically include notification of the victims, setting up a call center. They also cover credit monitoring, and credit restoration services for the victims, and other crisis management services. Ken Goldstein, vice president at insurer Chubb Group told Network World. “You might want to hire forensic experts, independent attorneys for guidance concerning the multiple state (data breach notification) laws, and public relations experts,” he says.

Regulatory civil action coverage: Pays in cases where the insured is facing fines from a state attorney general after a data breach. It also covers fines from the federal government after a violation of the Health Insurance Portability and Accountability Act (HIPAA) or similar regulations. Some policies only cover the cost of defending against the action. While others may pay the fine as well, says Steven Haase, head of INSUREtrust, an Atlanta-based specialty insurance provider.

Cyber extortion coverageCyber extortion coverage: For cases where a hacker steals data from the policyholder and then tries to sell it back, or someone plants a logic bomb in the policy holder’s system and demands payment to disable it. Among other things, the policy should cover the cost of a negotiator, and the cost of offering a reward leading to the arrest of the perpetrator, Goldstein says.

Virus liability: Pays in cases where the policyholder is sued by someone who claims to have gotten a virus from the policy holder’s system.

Content liability: Covers lawsuits filed by people angered over something posted on the Web site of the policyholder. Such coverage should also cover copyright claims and domain name disputes, Haase says.

Loss coverages

Lost income coverage: Replaces revenue lost while the policy holder’s computer system or Web site is down. But Kalinich notes that insurers often apply minimum downtimes of 12 or 24 hours, or require proof of actual losses. “They’ll say that, after all, the customers who did not get through (during the outage) could have come back later,” he says.

Loss of data coverageLoss of data coverage: Pays for the cost of replacing the policy holder’s data in case of loss. “Backup policies are not always effective, and accidents and sabotage happen,” Haase says.

Errors and omissions coverage: Otherwise known as O&M policies, this type of coverage predates cyber insurance, but is increasingly added to cyber policies to cover alleged failures by the policy holder’s software, Haase says.

rb-

Seems that interest is growing in cyber insurance. I wrote about cyber insurance here.

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
« Older Entries   Recent Entries »