erm (173)

8219689880?profile=originalLast Friday, Marriott disclosed that the data of about 500 million guests had been exposed as a result of a hack that dates all the way back to 2014.

In 2014, hackers exploited the reservation system of Starwood Hotels and Resorts, which was acquired by Marriott in 2016. The breach exposed user data that not only included names, phone numbers, email addresses, passport numbers, and dates of birth, but even access to some encrypted credit card data.

As a result of this breach, Marriott may be one o

Read more…

IMPACT 2018: Becoming a Risk Management Hero

On Nov. 29, the LogicManager community arrived at Hotel Commonwealth in the historic Fenway district of Boston for sold-out IMPACT 2018. Every year, LogicManager hosts a customer conference where users of the ERM software can learn, share, and grow their risk management program to full maturity.

    

Upon walking into the conference space, you could feel the partnership LogicManager strives to create between customer and employee. As a SaaS provider, most of our work is virtual. But at IMPACT, it

Read more…

In late September, Facebook announced that it had discovered a breach in its network that had exposed the personal data of nearly 50 million users to hackers.

The hackers exploited a feature in Facebook’s code to gain access to user accounts, potentially enabling them to take control of them. The breach was the largest in Facebook’s fourteen years of existence.

The fallout Facebook is facing from this breach is the latest example of the see-through economy at work. Since September 27, Facebook’s m

Read more…

The Society of Corporate Compliance and Ethics (SCCE) held their annual Ethics and Compliance conference from September 20 to 24 in Las Vegas. This year, I was fortunate enough to be selected to hold a three-hour workshop on risk-based compliance: “Meeting Increased Customer Expectations, Not Just Regulatory Requirements.”

 

8028278069?profile=originalThe SCCE holds this conference to promote ethical and compliant practices in organizations and to equip ethics and compliance professionals with skills and tools necessary to

Read more…

8028276478?profile=originalUber has agreed to pay a hefty $148 million settlement after concealing a data breach in 2016 containing 57 million users’ data. In hopes of preventing this from recurring, it’s time for Uber to reassess their risk management practices, and in turn regain the public’s trust as well. 

Although this regulatory problem has resulted in a huge sum of money, this is not the greatest consequence Uber will face due to a risk management failure. The hit on Uber’s reputation is massive. The concept I call

Read more…

8028274053?profile=originalWe’d like to congratulate the 25% of US-based companies that achieved GDPR compliance by the May 25th deadline, and to share a little guidance on how to stay compliant over time.

As we all know, the GDPR is a huge deal. In addition to the scope of this new regulation, there’s also the consequences of non-compliance, i.e. up to €20 million or 4% of annual global revenue, whichever is higher.

Aside from incurring steep fines and lofty litigation, the risk of non-compliance also includes losing your

Read more…

8028278090?profile=originalEmergency situations like natural disasters, data breaches, fraud, and the like arise, by definition, without warning, leaving you little to no time to prepare. So how do you build a BCDR plan that is flexible to handle any situation and is always up to date without huge investments?

The hallmark of a successful BCDR program is leveraging the information you already have to discover the potential impact and remediation tactics for an anticipated disaster. So, if you’re collecting information arou

Read more…

It’s been a rough two years for Wells Fargo.

Ever since the existence of the bank’s massive cross-selling scandal came to light in 2016, Wells Fargo seemed to be trapped in a downward spiral of failure after failure in risk management. In 2016, we were the first to identify the root-cause of the cross-selling scandal as being a failed risk management program, and correctly predicted there would be more Wells Fargo risk management mishaps in the future.

In 2018, regulator investigations finally con

Read more…
To run an effective ERM program, you need the right metrics.

Risk professionals today are facing an unprecedented level of scrutiny. Risk managers are not only responsible for protecting and securing their organizations, they also have to provide evidence that their risk management programs are actually effective at managing risk.

At the very minimum, risk managers must prove they are meeting the expectations of not only regulators, examiners, and their board of directors, but also their customers

Read more…

8028274101?profile=originalSince 2015, Chipotle has suffered multiple scandals of food-borne illness. The latest Chipotle outbreak has left more than 700 people ill. What does the Mexican grill have yet to learn?

In my last blog, “Hey, Chipotle, Can You Say Risk Management Rehab?” I took a look at the company’s timeline, and more specifically asked the question as to whether changing their CEO structure twice in less than two years was really the answer to their spicy woes.

This latest Chipotle outbreak, which has been ongo

Read more…

GDPR Readiness: How Do You Stack Up?

8028273687?profile=originalThe GDPR is the strictest set of data protection rules any nation has published, featuring some of the most severe penalties connected to data privacy seen yet. Now that the compliance deadline has passed, we started to wonder about GDPR readiness. How are companies stacking up to the new regulation?

We compiled a host of GDPR statistics to answer that exact question, alongside some quick facts about what this new regulation is asking of international companies. 92% of US-based multi-national com

Read more…

8028272266?profile=originalRisk management in the insurance business is a bit of a head scratcher. On the one hand, insurance companies are selling what many people consider to be a risk mitigation. On the other hand, insurance companies themselves face a variety of risks they need to mitigate.

Let’s briefly consider a misconception about insurance as it pertains to risk management. Too often, people think insurance is a sufficient, catch-all control activity. But while insurance is a perfect way to protect a business from

Read more…

8028273264?profile=originalMichigan State University has employed a new Chief Compliance Officer in response to the Larry Nassar scandal. By creating an Office of Enterprise Risk Management within the university, MSU is getting on the right track.

Earlier this year, former MSU doctor and USA gymnastics coach Larry Nassar was charged with sexually assaulting 332 students. Shortly after this story broke, Michigan State was embroiled in two other sexual harassments scandals and has since struggled to escape the spotlight.

MSU’

Read more…

8028273666?profile=originalBack in March, President Trump’s administration threatened to impose steep tariffs on imported goods from some of America’s biggest trading partners. In the following months, the administration set a 25% import tax on steel and 10% on aluminum. Just as I predicted, these decisions are impacting the supply chains of American businesses, forcing them to consider the effects this kind of tumult could have on their business.

In my first blog post on the subject, I detailed a few direct and indirect c

Read more…

Chief risk officers and heads of operational risk responded to a survey held by Risk.net and identified their top risk concerns. Their number one concern was IT disruption, while their second highest concern was data compromise. Why is cybersecurity risk on everyone’s mind?

For one thing, technology is an inescapable reality of every business. Even the smallest of mom and pop shops have an electronic system to make credit card transactions, while larger corporations rely on immense data centers t

Read more…

Year over year, scandals like Wells Fargo, Equifax, Chipotle and so many others have dominated news headlines as they wreak havoc on consumers, investors, and awaken industry and government regulators. What is driving this trend?

Consumers have entrusted corporations with increasing involvement and influence in their lives through the decades. In 2014, for example, the Supreme Court ruled that corporations have some of the rights and responsibilities as natural persons. In other words, corporatio

Read more…

8028272083?profile=originalWells Fargo has suffered the consequences of repeat scandals since 2016. This week, the bank agreed to a $1 billion settlement with federal regulators who have cited their lack of effective risk management practices as the root cause of their woes.

This settlement with the Consumer Financial Protection Bureau and Office of the Comptroller of the Currency would be another blow to Wells Fargo in a long line of many.

Let’s look at a timeline of Wells Fargo’s risk management scandals:

  • 2009-2016 – Wells
Read more…

risk-jenga-1024x512.jpg


When risk increases, the natural response is to take action to reduce that risk. But not every increase requires action. In fact, it may distract you from more important issues.

I’m talking about the risk of treating every risk the same.

Astute observers of risk have a variety of tools to monitor risk, from near real-time indicators to audits, exams, and reviews. But it’s not enough to recognize that risk has increased. Its ultimate impact must be considered.

For example, a review might show that e

Read more…

8028264484?profile=originalOn Sunday April 1, Retail group Hudson’s Bay disclosed that it was the victim of a security breach that compromised data on payment cards used at Saks Fifth Avenue and Lord & Taylor stores in North America.

As many as 5 million cards may have been compromised, which would make the breach one of the largest involving payment cards over the past year.

Customers, investors, and regulators learned of this breach not through any press release issued by the company itself, but through news of the data a

Read more…

8028275279?profile=originalOrbitz said hackers may have accessed 880,000 credit card numbers and possibly the names, dates of birth, phone numbers, and addresses of consumers who booked through the site in 2016 and 2017.

The Orbitz data breach pales in comparison to the Equifax hack of 2017 and has been buried among headlines concerning Facebook. For many, this story barely counts as “news” because it’s just honestly not that “new.”

For me, the humdrum attitude of complacency is what makes the Orbitz data breach blogworthy.

Read more…

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead