Payment card theft continues to plague retailers

03 May 2017

JLT Specialty has published the latest edition of their monthly cyber newsletter, Cyber Decoder. This issue contains the following articles:

Payment card theft continues to plague retailers:

Statistics show that breaches worldwide in the retail sector continue to increase year on year. The theft of payment card details, in particular, remains a persistent threat. In February, US restaurant chain Arby's found malware on its point of sale systems that would have allowed an intruder to access data from payment cards; it has since been hit by a number of lawsuits. This article talks about the need to improve cyber security in the retail sector, particularly for payment card data, and the importance of cyber insurance in a world where cyber attacks occur even when the latest cyber security is in place.

Proposed bill sparks debate on retaliatory hacking:

In the US, the Representative for Georgia Tom Graves has proposed a discussion draft bill – the Active Cyber Defense Certainty Act – which would amend a section (1030) of the country's Computer Fraud and Abuse Act that prohibits unauthorised access of computers. The bill aims to give organisations greater power to engage in active cyber defence measures when under attack and would also exempt them from prosecution for taking cyber defence measures. This article contains information about the proposed bill, an unintended consequence of retaliatory hacking and alternative approaches to hacking that may be better for companies.

CEO email fraud on the rise:

Business email compromise (BEC) or CEO email fraud is one of the fastest growing forms of cyber fraud. Recent analysis of US and European organisations by cyber security firm Proofpoint shows that BEC attacks increased by 45% in the last three months of 2016, and some 75% of its customers were affected by at least one attempted business email compromise attack. According to the FBI, there has been a 1.300% increase in identified exposed losses from BEC since the beginning of 2015. This article contains pertinent information about BEC. It also explains why risk managers should be vigilant and understand if and how their cover will respond to a BEC attack.

Cyber insurance penetration grows among SMEs:

According to a recent report from research and consulting firm Global Data, cyber insurance penetration within the SME sector is now at 14%, from just 2.1% in 2014. Despite this, according to Hiscox, smaller firms are less likely to adopt key cyber security initiatives than larger ones. This short article details the vulnerability of UK SMEs to cyber threat and how cyber insurance tailored to their needs can assist them.

No let-up from GDPR compliance:

This short article details surprising results from a survey of IT decision makers of UK companies by Crown Records Management and clarifies that despite the UK's decision to leave the EU, UK firms would need to be prepared for GDPR's implementation in May 2018.

Can you afford not to have cyber security on your risk management agenda:

66% of UK SMEs were victims of cyber attack last year (a rise of 33% from 2015), and it is predicted that this number will further increase in 2017. In this article, Aaron Yates of Berea Group, a member of JLT’s Cyber Risk Consortium, discusses why UK SMEs should include cyber security as a part of their risk management strategy.

This issue of the newsletter contains information about the difference between three types of hackers – black hat, white hat and grey hat.

The newsletter also includes details of a vulnerability in all current versions of Microsoft Windows and the action that system owners should take to mitigate the risks due to this.

To read any specific article, please click on its title. You can also download the full newsletter the JLT Specialty website