Cyberinsurance is the fastest-growing insurance product in America as Yahoo and other breaches drive surge in corporate hacking insurance. The scale of fraud at Yahoo is astounding: in 2013 one billion accounts were hacked. No wonder The Wall Street Journal has just published an article on the “The Right Way to Answer Security Questions and More Online Safety Advice”, see.

Fraud occurs in many different areas of any business and their supply chains, there is no single solution. A holistic approach to fraud is vital, see, so that all aspects of fraud are managed. Individual solutions for a type of fraud need to be integrated with the overall approach. Each new package or system needs to be become part of this holistic approach.

Protecting your B2B web portal

The recently launched Guardian Analytics Sentinel™ uses behavioral analytics and machine learning to sniff out fraudulent activity. It is, Sentinel claim, the industry’s first and the most advanced behavioral analytics and machine learning solution to detect fraudulent activity, in real-time for B2B web portals.

The software is designed for companies’ supplier portals, which they use to submit invoices and maintain their contact and bank account information. 

Guardian Analytics Sentinel™

Source & Copyright©2016 - Guardian Analytics

The Guardian Analytics monitors, analyses and calculates a real-time risk score for every online portal interaction and automatically quarantines high-risk transactions such as wire, ACH or foreign exchange transfers while expediting the process for low-risk transactions.

The behavioural based software picks up evidence of malware or an unauthorized location or device, e.g. transaction coming in from Russia when the customer normally comes in from Chicago. The use of behavioral analytics and machine learning technology makes for a speedier system and avoids the false positives that can be thrown up by rules-based software.

Guardian’s Sentinel could also be used with companies' treasury management systems or ERPs

What to do when you have been hacked

First, don’t do what Yahoo did: not tell anyone for years. 

However, they are not alone in delaying telling anyone: “Companies are getting hacked more frequently but aren’t disclosing the incidents in their regulatory filings, a trend that worries investors.” writes Tatyana Shumsky in The Wall Street Journal. Shumsky continues, “To use the SEC’s yardstick—whether a data breach is material—company executives have to exercise judgment, seeking to strike a delicate balance.” (As to whom to tell and when.)

It is a particularly delicate balance when to tell shareholders, “Frequent disclosure of insignificant cyber incidents could overwhelm investors and harm a company’s stock price, said Eric Cernak, cyber practice leader at the U.S. division of  German insurer Munich Re.” However, it is generally agreed that Target, who had a data breach involving tens of millions of customers, left it too long before publically admitting the scale of their breach. (For more details see Shumshy’s excellent article, here.)

---

CTMfile take: A holistic approach to fraud and cyberfraud, in particular, is essential. Telling shareholders and the market when you have been hacked is a delicate balance. But, not telling is a mistake and can have serious impact on your reputation.