Latest news with #cyberrisk
Forbes
a day ago
- Business
- Forbes
The Cyber Risk SMBs Can't Afford To Ignore
AI-driven threats are rewriting the rulebook. Here's the new cybersecurity playbook every small business must adopt before it's too late June just marked National Cybersecurity Education Month, an effort to raise awareness and expand the cybersecurity workforce. While public understanding is growing, so is the scale and sophistication of attacks. In the age of AI, threats no longer target only governments and large organizations. Cyberattacks now strike in unexpected places, putting individuals, SMBs, and entire systems at risk. Awareness alone isn't enough. Are we prepared? A recent conference held at Nasdaq by the Digital Evolution Institute explored the digital fabric comprising AI, data, and cybersecurity, and put a fascinating spotlight on the growing and unexpected risks and consequences. Byron Loflin, Nasdaq Board Excellence Center at the conference Digital Evolution Institute founder Julia Valentine stressed throughout the conference the shift from cyber crises as technical incidents to business and leadership-level challenges, and explained why being proactive in cyber crisis preparedness is no longer a luxury but a must-have. Cyber risk is a business risk Valentine, Presidential Lifetime Achievement Award recipient, entrepreneur, and a long time investor, is also the founder of AlphaMille, a global technology consulting firm specializing in digital and physical security, stressed at the conference that 'Companies cannot look to the government to protect them from cyberattacks in the AI era. Digital exposure should be treated as any other initiative that creates revenue, reduces cost, and mitigates risk,' she said, offering a familiar example from 2021, when R.R. Donnelley & Sons (RRD), a global provider of business communication and marketing services, which went through a ransomware attack that exposed sensitive client data. In 2024, the SEC reached a $2.125 million settlement with RRD for violating the internal controls and disclosure controls provisions of federal securities laws. As part of remediation, RRD revised incident response policies and procedures, adopted new cybersecurity technology and controls, updated employee training, and increased cybersecurity personnel headcount - all basic cybersecurity measures that shareholders increasingly expect to be put in place as a normal course of business. 'The 'R.R. Donnelley' case was a wake-up call,' Valentine now says. 'Despite being a data-intensive company, they missed key warning signs. This cost them millions and damaged client trust. Overlooking cybersecurity doesn't just increase risk; it sets a company up for sudden and devastating failure.' Presidential Lifetime Achievement Award recipient, entrepreneur, and a long time investor, Julia ... More Valentine at the conference. While awareness is supposedly on the rise, cybercrime losses have been steadily increasing, and projections indicate a continued upward trend. Globally, cybercrime costs are projected to reach $10.5 trillion annually by 2025, according to Cybersecurity Ventures. The annual cost of cybercrime in the U.S. alone is estimated to be around $639 billion in 2025. According to Valentine, three things need to happen to change the trend: 'Cybersecurity needs to be elevated to the board level. The board needs to calibrate the right amount of information it needs for effective oversight, and the company needs to right-size its cybersecurity defenses.' During the conference, broad discussions by key industry leaders explored this shift in priorities from multiple angles. 'As fiduciaries, we are now responsible for the resilience of our organizations, not just our balance sheets.' From a management and board perspective, it was made clear that the change starts there: 'Cybersecurity must be viewed not as an IT expense, but as a strategic differentiator. Boards need fluency in incident response, third-party risk, threat intelligence, and yes, a solid recovery plan. Because a breach today is no longer just a technical failure, it's a governance failure.' SMBs Are Losing the Battle to Cybercrime In today's digital economy, small and midsize businesses (SMBs) are no longer flying under the radar of cybercriminals. In fact, they've become prime targets. According to recent industry reports, nearly 60% of SMBs experience a cyberattack each year. 'Many SMBs operate under the dangerous assumption that they're too small or insignificant to attract cybercriminals,' she says. 'In reality, attackers often see SMBs as low-hanging fruit, companies with valuable data but weaker defenses. Whether it's financial records, employee data, or client information, your business is a digital goldmine to hackers.' Many small businesses are at serious risk without realizing it. Common signs include not using multi-factor authentication, not knowing what systems or tools are in use, and ignoring alerts or phishing emails. Relying on basic IT support, skipping regular backups, running outdated software, and lacking a clear response plan all leave the door open to attacks. Even being denied cyber insurance can be a red flag. So beyond misconceptions, what's actually preventing SMBs from getting the protection they need? Valentine outlines five practical barriers that prevent SMBs from getting the cybersecurity protection they need: Cyber protection is not out of reach. SMBs need focused, outsourced, and staged solutions, not bloated enterprise packages. "SMBs must treat cybersecurity like a business imperative." With the different views discussed at the conference, a new 'playbook' was created with the critical steps each business, big and small, must take. Valentine is now outlining The New Cybersecurity Playbook for SMBs: 7 Essential Steps: 'Cybersecurity is a boardroom concern and a business imperative,' she concludes. 'A modern, tested cyber playbook is the best line of defense.'
Yahoo
24-06-2025
- Business
- Yahoo
Coalition Re Introduces the Helios Platform for Cedants to Access Real-Time Cyber Risk Insights
SAN FRANCISCO, June 24, 2025--(BUSINESS WIRE)--Coalition, the world's first Active Insurance provider designed to help prevent digital risk before it strikes, today introduced Coalition Re's Helios platform, a new tool that enables cedants of Coalition Re to view real-time cyber risk exposures in their portfolios and manage them more effectively with actionable insights. Existing Coalition Re cedants can access the platform at no additional cost now, and all new cedants will be able to access the platform starting on July 1, 2025. "Real-time data insights are crucial to managing a portfolio of cyber risks," said Shawn Ram, Coalition's Chief Revenue Officer. "With Coalition Re's interactive Helios platform, we are setting the standard for data collection and information processing as the cyber market matures. The new Helios platform enables cedants to gain visibility into their own systemic risk, aggregation, and catastrophe load, as well as gather meaningful context around why these risks matter and what to do about them." With Coalition Re's Helios platform, information previously provided to cedants only via a summary document is now always accessible via a self-service tool. The user-friendly Helios platform leverages Coalition's proprietary, internet-wide data collection capabilities, exclusive modeling, and advanced analytics to empower cedants to make strategic portfolio risk management decisions. Cedants can review information about portfolio catastrophe risk exposures and loss trends, enabling them to quantify and strategically manage cyber risk concentrations caused by commonly used technologies and vendors across segments. The Helios platform also facilitates better decision-making with customized reports and aggregated views of cedants' portfolios, allowing them to optimize underwriting and risk management strategies. "The reinsurance industry must play a more proactive role in risk mitigation," added Ram. "While capital is important, tools that provide real-time data can help insurers manage portfolio risk more effectively by identifying systemic vulnerabilities and trends before losses occur." Coalition Re provides capacity for non-proportional cyber reinsurance treaties, as well as a white-labeled cyber insurance product with up to 100% quota share support for cedants seeking to offer cyber insurance as an endorsement to an existing insurance product offering. Both are available globally and supported by a robust panel of capacity providers led by Aspen. To learn more about Coalition Re, visit: About Coalition Coalition is the world's first Active Insurance provider designed to help prevent digital risk before it strikes. By combining comprehensive insurance coverage with cybersecurity tools and services, Coalition helps businesses manage and mitigate potential cyberattacks. Leveraging its relationships with leading global insurers and capacity providers, including Coalition Insurance Company, Coalition offers Active Insurance products to businesses in the United States, the United Kingdom, Canada, Australia, Germany, Denmark, and Sweden. Policyholders can receive automated cyber alerts and access expert advice, as well as global third-party risk management tools through Coalition's cyber risk management platform, Coalition Control®. Coalition Insurance Solutions, Inc., an affiliate of Coalition, Inc. and a leading cyberinsurance insurance provider in the United States, is a licensed insurance producer and surplus lines broker (Cal. license #0L76155), acting on behalf of a number of unaffiliated insurance companies, and on an admitted basis through Coalition Insurance Company ("CIC"), a licensed insurance underwriter (NAIC #29530). Reinsurance products are written or provided by Coalition Reinsurance Services, LLC ("Coalition Re"), a licensed reinsurer intermediary (Lic. #1011787) and resident producer (Lic. #1003226), domiciled in Provo, Utah (USA), acting on behalf of a number of unaffiliated licensed insurance companies. Products may not be available in all countries and jurisdictions, and coverage is subject to underwriting requirements and actual policy language. See licenses and disclaimers for further information. Coalition is the marketing name for the global operations of affiliates of Coalition, Inc. Copyright © 2025. All rights reserved. Coalition and the Coalition logo are trademarks of Coalition, Inc. View source version on Contacts Marisa GravesCommunications at Coalitionpress@ Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Forbes
18-06-2025
- Business
- Forbes
Multiplayer AI: The New Operating Model For Identity Security
Dr. John Pritchard is the Chief Product Officer at Radiant Logic, responsible for the company's global product vision. AI-powered deepfakes and credential attacks are rewriting the rules of cyber risk, with identity-related breaches now costing organizations an average of $4.45 million per incident and accounting for over 70% of successful attacks on enterprise infrastructure and supply chains. Despite record investments in detection and response, breaches keep making headlines. Why? I call this the identity security paradox: More technology doesn't equal protection, especially if tools—and the people and AI agents using them—don't work together. Identity is the primary attack surface in the enterprise. Most organizations built their identity security stack on a traditional combination of IAM, IGA and PAM, but the rapid proliferation of cloud apps, machine identities and AI agents outpace these traditional controls. The result? Siloed data, unmanaged privileged accounts and hidden nonhuman identities—each a potential attack vector. Gartner finds that 65% of organizations still lack IAM maturity, weighed down by technical debt and fragmented architectures. Point solutions deployed to 'fix' audit findings or compliance gaps create more complexity, not less. Attackers exploit these seams, moving laterally between systems and identities that aren't monitored holistically. CISA's Silentshield Red Team Assessment demonstrated that decentralized teams and poor communication allowed adversaries to persist undetected, even when individual groups spotted anomalies. The lesson is clear: Solo efforts—whether a lone expert, an isolated AI agent or a disconnected tool—cannot keep pace with adversaries who are increasingly agile, automated and collaborative. To close these gaps, interoperability must become the standard for tools and the people and AI agents using them. Interoperability means more than connecting dashboards or sharing alerts. It's about ensuring that identity security posture management (ISPM) and identity threat detection and response (ITDR) systems share data, context and workflows in real time, across both human and machine identities. Gartner recommends a 'system of systems' approach, built on identity fabric principles, to support zero trust and intelligent automation. This means breaking down technical and organizational silos so prevention and detection teams operate from a unified, continuously updated single source of truth for identity data—a concept Gartner identifies as foundational for modern identity security. This trusted, authoritative data layer enables faster, more accurate decisions and ensures that every team acts on the same intelligence. When ISPM and ITDR interoperate, and when human and AI teammates collaborate based on shared reference points, blind spots shrink and attackers have fewer seams to exploit. I call the next evolution in identity security: multiplayer AI—intelligent systems designed to amplify human capabilities through enhanced teamwork. Gartner predicts by 2027, 90% of successful AI implementations in cybersecurity will focus on tactical task automation and process augmentation, not full autonomy or staff replacement. Multiplayer AI enables human and AI collaboration, breaking down silos and bridging gaps between prevention and detection. AI excels at analyzing vast datasets, detecting patterns humans miss and automating repetitive processes. Critical decisions, like determining whether anomalies are a threat or false positives, still require human judgment and contextual understanding. Studies show organizations using collaborative AI models—human decisions based on AI recommendations—see faster response times, fewer security incidents and improved resilience. The key is not just technology, but teamwork: AI handles the heavy lift of data processing and pattern recognition, while humans provide creativity, ethical oversight and business context. Thankfully, the industry is moving quickly. With the meteoric rise of agentic AI, open standards like Model Context Protocol (MCP) and Agent2Agent (A2A) are enabling AI agents from different vendors, clouds and frameworks to communicate, share context and coordinate tasks securely. Technology partners including OpenAI, Microsoft and Google are already adopting these protocols, breaking down silos that limit automation's impact. For business leaders, agentic AI means specialized agents for threat detection, access management, compliance and user behavior analytics can now form ad hoc teams-automating complex workflows and adapt to new threats. By 2028, Gartner forecasts multiagent AI will account for 70% of threat detection and response implementations, primarily to augment—not replace—staff. Early adopters will see measurable results: Leveraging agent-to-agent collaboration is predicted to cut attacker dwell time in compromised environments by up to 50%, while accelerating response and reducing operational risk. When humans and AI work together, identity security becomes faster, smarter and more resilient. 1. Establish an interoperability baseline. Audit ISPM and ITDR tools for data sharing and workflow integration across human and machine identities. Ensure architectures support agent-to-agent interoperability using open standards like MCP and A2A, so specialized agents can collaborate and automate cross-vendor workflows. Set quarterly targets to reduce IAM tool integration gaps. 2. Pilot tactical AI augmentation. Start with a focused, data-driven use case, such as automated privilege review or anomaly detection. Track improvement in response time and risk reduction. 3. Build AI literacy and human oversight. Train teams on both the benefits and limits of AI, including where human verification is required in critical workflows. 4. Continuously review identity hygiene. Use AI-driven discovery to identify unused or risky accounts, but require human validation before making changes. Aim to reduce privileged account sprawl and remediate orphaned accounts as they are detected. 5. Measure what matters. Track outcome-driven metrics such as percentage reduction in excessive permissions, improvement in MFA deployment rates and decreased incident response times. For example, reducing excessive permissions by 20% and increasing MFA coverage to 95% of privileged accounts within one year. The next breach won't be stopped by just another dashboard or a new AI agent. Organizations that have achieved true interoperability across tools, teams and AI will be able to respond more accurately to security issues. Multiplayer AI and agent-to-agent collaboration will lead the blueprints for resilience in the age of AI turbulence. Start by assessing your current environment for interoperability gaps, unify your tools and teams and empower your people with AI that amplifies—not replaces—their expertise. In the high-stakes game of identity security, victory belongs to those who play as a team. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Yahoo
17-06-2025
- Business
- Yahoo
Aon's 2025 Global Cyber Risk Report Reveals Reputation Risk Events Can Reduce Shareholder Value by 27 percent
DUBLIN, June 17, 2025 /PRNewswire/ -- Aon plc (NYSE: AON), a leading global professional services firm, today released its 2025 Cyber Risk Report, revealing that cyber events that cause reputation risks can result in an average of 27 percent drop in shareholder value, highlighting the growing financial and reputational stakes of cyber risk. The findings build on Aon's 2023 research, which showed that major cyber incidents led to an average 9 percent decline in shareholder value over the following year. This year's report goes further, analyzing more than 1,400 global cyber events and identifying which types of attacks are most likely to evolve into reputation risk events and which can be the most damaging when they do. "Cyber risk is no longer just a technology issue — it's a boardroom issue," said Brent Rieth, global cyber leader at Aon. "Our latest research underscores the importance of proactive risk mitigation. Organizations that invest in preparedness and resilience are far better positioned to avoid the reputational and financial fallout that can follow a cyber event." Among the report's key findings: Of the 1,414 cyber events analysed, 56 developed into reputation risk events, which are defined as cyber incidents that attract significant media attention and lead to a measurable decline in share price. Companies affected by these reputation risk events experienced an average shareholder value decline of 27 percent. Malware and Ransomware attacks were the most likely to trigger reputational damage, accounting for 60 percent of all reputation risk events, despite making up only 45 percent of total cyber incidents. Five drivers of value recovery — preparedness, leadership, swift action, communication and change — were identified as critical levers for mitigating reputational fallout. The report also highlights the growing challenge of managing uninsurable risks. While cyber insurance can help transfer some financial exposure, reputation risk remains largely nontransferable, making proactive risk management and crisis response essential. "As cyber threats grow more complex and interconnected, companies need a clearer view of their exposure, stronger alignment between cybersecurity and insurance strategies, and the tools to make better, data-driven decisions. Aon is uniquely positioned to support clients through these challenges," added Rieth. Aon's 2025 Cyber Risk Report draws on proprietary data from the firm's Cyber Quotient Evaluation, a patented global e-submission platform that streamlines the cyber insurance intake process and empowers organizations with actionable insights into their cyber exposures and insurability — helping to strengthen both underwriting outcomes and cyber risk management strategies. About AonAon plc (NYSE: AON) exists to shape decisions for the better — to protect and enrich the lives of people around the world. Through actionable analytic insight, globally integrated Risk Capital and Human Capital expertise, and locally relevant solutions, our colleagues provide clients in over 120 countries with the clarity and confidence to make better risk and people decisions that protect and grow their businesses. Follow Aon on LinkedIn, X, Facebook and Instagram. Stay up-to-date by visiting Aon's newsroom and sign up for news alerts here. Media Contactmediainquiries@ (U.S., Canada and Puerto Rico): +1 833 751 8114International: +1 312 381 3024 SOURCE Aon plc
Yahoo
04-06-2025
- Business
- Yahoo
Markel expands tie-up with Cyberwrite for cyber risk modelling
Cyberwrite, a provider of cyber risk modelling, has expanded its partnership with Markel Insurance to enhance underwriting, broker enablement and cyber risk modelling across Europe. Markel Europe uses Cyberwrite's AI-driven technology to help underwriters model exposures and share findings with brokers and clients. The integration provides predictive cyber risk analytics for businesses worldwide, reducing loss ratios and enabling data-driven underwriting in seconds. The technology also supports advanced cyber catastrophe modelling. Cyberwrite's patented AI transforms complex cyber risk data into actionable insights, allowing professionals to quickly communicate breach probabilities and economic impacts. The platform offers benchmarking against industry peers and supports Cyberwrite's next-generation catastrophe modelling solution. Cyberwrite CEO and founder Nir Perry said: 'This expanded partnership demonstrates how our patented AI-driven cyber insurance underwriting technology specifically addresses the gaps that have historically complicated cyber insurance underwriting and modelling.' Markel Europe CEO Frederik Wulff stated: 'Cyberwrite's platform has transformed how we evaluate cyber risk across diverse markets and industries for small and mid-size businesses. 'Our underwriters can now quantify factors that were previously difficult to measure in real-time for any business in local language, enabling brokers to easily explain cyber risks, and giving clients a clearer picture of their specific cyber risks so they know how much cyber coverage to buy, and how to reduce the risk of a breach.' This partnership expansion follows a similar initiative by Samsung Fire & Marine Insurance, which recently joined forces with Cyberwrite to enhance its cyber insurance processes. Founded in 2017 by cybersecurity and insurance veterans, Cyberwrite is a leader in AI-driven cyber risk quantification. Its solutions are used by insurers, reinsurers and brokers to streamline cyber insurance distribution and reduce costs. "Markel expands tie-up with Cyberwrite for cyber risk modelling " was originally created and published by Life Insurance International, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site. Sign in to access your portfolio
