On Jan. 5, 2023, the Federal Trade Commission (FTC) announced a proposed rule that would ban noncompete clauses in employment agreements. In making its historic announcement, the agency stated that noncompete agreements harm competition; suppress wages for workers, including those not subjected to noncompete clauses; reduce labor mobility; and hamper innovation.

Today’s society has become increasingly digital in nature, prompting businesses to leverage additional technology and online services in their operations. Specifically, some businesses have grown more reliant on the internet and social media platforms to market their products and services, allowing them to connect with a wider range of customers.

In the commercial property insurance space, rising inflation increases the risk of undervaluing property. A rise in building costs due to factors such as labor shortages, worker wage growth, supply chain disruptions and raw material price increases can increase the severity of a property insurance claim and create potential underinsurance issues for the policyholder.

At some point, all software will reach the end of its life. This means manufacturers will no longer develop or service the product, discontinuing all technical support, upgrades, bug fixes and security fixes. As a result, end-of-life (EOL) software will have known vulnerabilities that cybercriminals can easily exploit. This article discusses the risks of continuing to use EOL software and discusses best practices for organizations to mitigate this risk.

An attack surface is the total possible entry points (a.k.a. attack vectors) for unauthorized access into any system. The recent increase in remote and hybrid work combined with the shift to the cloud and widespread implementation of software-as-a-service (SAAS) applications have made attack surfaces increasingly large, complex and difficult to defend against cyberattacks.

Patch management is the process of acquiring and applying software updates to a variety of endpoints, including mobile devices, computers, servers and embedded devices. Installing patches regularly is necessary to correct errors, help protect data and optimize system functions. This article provides information on how a consistent approach to patching and updating software can limit exposure to various exploits.

Endpoint detection and response (EDR) is a cybersecurity solution that continuously monitors security-related threat information and endpoint data to detect and respond to ransomware and other kinds of malware. It provides visibility into security incidents occurring on endpoints—such as mobile devices, desktop computers, laptops, embedded devices and servers—to prevent damage and future attacks.

Despite having cause for optimism in 2021, the U.S. commercial auto insurance market shows signs of falling behind again in 2022 as losses increase, according to a new segment report from AM Best. The sector had its best year in a decade in 2021, with a combined ratio under 100, a small net underwriting loss and strong premium growth, the company noted.

According to a recent analysis from S&P Global Ratings (S&P), the cyber insurance sector needs “clear and precise policy wording” to build a sustainable market and encourage contract certainty for buyers and insurers. The cyber coverage segment has grown faster than any other subsector of the insurance market, reaching $9.2 billion in global premiums in 2021.

Fewer ransomware victims paid to retrieve access to their systems, and the median ransom payment dropped 51% in the second quarter of 2022, according to a recent report from Coveware. Though the median payment dropped to $36,360, the average ransom payment increased 8% to $228,125, boosted by a few outliers. However, the improvement in the median payment reflected threat actors’ shifts toward less risky, lower-profile targets, and the average remains below a fourth quarter 2021 high of over $300,000.

The Cybersecurity & Infrastructure Security Agency (CISA) maintains the Known Exploited Vulnerability (KEV) catalog to help organizations better manage and mitigate cybersecurity vulnerabilities. The agency encourages organizations to utilize the KEV catalog—the authoritative list of vulnerabilities that have been exploited—to keep pace with threat activity and remediate the listed vulnerabilities to reduce the likelihood of compromise by known threat actors.

Cyberespionage is a type of cyberattack that involves an unauthorized user (or multiple users) accessing a victim’s sensitive information in order to secure economic benefits, competitive advantages or political gain. Also known as cyberspying, the primary targets of such cyberattacks include government entities, large corporations and other competitive organizations.

Hackers exploit virtual vulnerabilities to gain access to networks and devices illegally. While most engage in this activity for financial gain, others, called hacktivists, have different motivations.

Ransomware incidents entail cybercriminals compromising their victims’ computers or servers with malware and demanding large payments in order to restore the technology (as well as any files or data stored on it). They have often been considered one of the most damaging cyberattack methods.

Every year, people report fraud, identity theft and bad business practices to the Federal Trade Commission (FTC) and law enforcement partners. According to FTC data, more than 2.8 million people reported fraud in 2021, and 1 in 4 said they also lost money.

Credential stuffing incidents entail cybercriminals leveraging stolen usernames and passwords in attempts to gain access to additional accounts and systems. For example, a cybercriminal may obtain a target’s username and password for a social media account and use those same login credentials to try and access the victim’s other systems (e.g., email accounts, banking applications or workplace networks).

A man-in-the-middle (MITM) cyberattack refers to a cybercriminal intercepting a digital interaction or exchange between individuals, systems or an individual and a system. During a MITM incident, a cybercriminal could either eavesdrop on an interaction or pretend to be a genuine participant in the exchange.

As cyberattacks become more frequent and severe it is increasingly important for organizations to practice good cyber hygiene to minimize their exposure to risk. Cyber hygiene refers to habitual practices ensuring critical data and connected devices are handled safely.

Organizations face heightened cybersecurity risks when their employees travel. Business travelers are prime targets for cybercriminals, as they often carry valuable data and may not always be careful about securing their devices.

A business owners policy (BOP) combines commercial general liability coverage with commercial property insurance for qualifying small and medium-sized companies. A BOP offers businesses the opportunity to get more affordable coverage to meet basic insurance needs.