January 3, 2018
How Identity Data Is Turning Toxic for Big Companies – United States
Google might be in trouble for collecting the personal data of its users, but many companies have a growing incentive to rid their hands of the data that users entrust them with. This is because of growing costs of holding onto it. A major cause is the rising number of cyberattacks where hackers steal the identity information held by companies, often to sell them on to various black markets. Take the recent example of US giant Equifax, one of the top three companies in the consumer credit reporting industry. It chalked up another 2.5m identity-theft casualties to its existing toll of 143m in October 2017. The firm has suffered a steady stream of identity information loss following a cyber-attack that took place in May this year, where hackers capitalized on weaknesses in its software. The security breach – as a primary cause – resulted in around US$4.8 billion being wiped off Equifax’s market value from May to September 2017. It also tarnished its image and cost the firm’s longstanding CEO his job. As well as cyberattacks, companies are having to contend with growing levels of regulation. As well as the regulations of the jurisdiction they are based in, when firms are spread across nations, they must also abide by international standards. The costs of this compliance in the banking sector is increasing at an alarming rate. One report has found that banks spent nearly US$100 billion on compliance in 2016 and the global spending on meeting the regulatory requirements increased from 15% to 25% over the previous four years. This skyrocketing spend on compliance leaves little room for product development.
600,000 American Truckers Are Now Being Tracked by A Chinese Corporation – China and The United States
If you’re one of the 600,000 American truck drivers who use the popular Trucker Path app for planning trips and finding parking, then you’re willingly running a tracking device now owned by a Chinese corporation. Chinese social networking company Renren Inc. officially announced that it has acquired Trucker Path Inc, the creators of the Trucker Path app, on Friday for an undisclosed sum. The Trucker Path app was created by Viktor Radchenko, who moved from Ukraine to the U.S. in 2012. It quickly became one of the most popular trucking mobile apps of all time, racking up hundreds of thousands of active users in just a few years. With the sale to Renren Inc., the location and behavioral data of up to a third of all American over-the-road drivers will be owned and controlled by the Beijing-based company.
SEC Plans Cybersecurity Guidance Refresh – United States
The agency has indicated that it expects to refine guidance around how businesses disclose cybersecurity risks to investors as well as require insider trading programs to include blackout rules in the event that a suspected data breach gets discovered. With the refresh, Rossi says businesses should expect to have to disclose more cyber risks, refine their insider trading policies and prove that they're taking information security seriously. "We're likely to see an increased emphasis on having public companies disclose the cyber risks they face, focusing on their business model, the nature of their operations and the evolving and changing nature of cyber risks," Rossi says. "I also think there's going to be an expectation by the commission that we're going to see more timely disclosure of data breaches when they do occur." No information security practices, policies or procedures are ironclad. But Rossi says businesses will likely be called on to prove that they have mechanisms in place to increase the likelihood that they can detect breaches in a timely manner, escalate these concerns to senior management and rapidly "figure out if the breach is material to investors and needs to be disclosed in a timely basis." The SEC declined to comment on when it will issue the updated guidance, but Pierson expects to see it in the first or second quarter of 2018, once more details about the Equifax breach come to light.
FOR MORE INFORMATION:
To sign up for the complete daily G4S Corporate Risk Services Intelligence Bulletin, as well as regular intelligence and risk updates and news, click here to subscribe!