Connect with us


Legal storms loom over businesses as new US regulations mandate swift disclosure of cyberattacks

The new US regulations pose a legal and reputational minefield for businesses and experts say Canada may follow suit, highlighting the need for cybersecurity and crisis communication strategies



Share this:

In the case of new US regulations for businesses required to publicize that they were hacked, there may be an unpleasant price to pay. Observers in the industry say companies are increasingly facing legal consequences and public relations disasters.

The regulation requires businesses to report any cyberattack to the Securities and Exchange Commission (SEC). They must disclose the breach within four days, list various ways the data was compromised, and show how risks were mitigated. 

“The new rules are a part of a larger regulatory shift to hold businesses accountable for protecting their customers online, and to hold the companies liable for the losses they suffer because of these attacks,” notes Israel Mazin, co-founder and CEO of Memcyco, a website impersonation detection and protection solution.  

The drawbacks? 

“This puts businesses in a vulnerable position,” he adds. “Publicly disclosing attacks means potentially big reputational blowback — and it has yet to be shown to help solve the problem.” 

Though he won’t mention names, Mazin says he knows of several renowned businesses that lost revenue as a result of their willingness to announce a data breach.

The US regulations have already become a source of perverse games for hackers.

In one story, a hacker played “cop and robber” at the same time: after breaching a company, they then reported them to the SEC for not disclosing the breach. Essentially, this double attack was an unforeseen consequence of otherwise well-intentioned law.

What are the implications in Canada?

The legal problem is another challenge. 

Dave Oswald, founder of Forensic Restitution, which specializes in forensic accounting and computer forensics, says there’s already a proliferation of court cases filed against American breached entities. Expect the phenomena to soon inch north to Canada, he says. 

“I think over time there will be increased litigation,” he says. “Especially with companies who don’t have adequate cyber training.” Those organizations or businesses that do not have a cyber reaction team, or are not set up to protect against a cyber attack, “are the companies that, I think, will end up on the wrong side of lawsuits going forward.” 

There are already plenty of cybersecurity lawsuits being handled in Canada and the US, adds Andrew Buckles, cyber services owner at ISA Cybersecurity in Toronto. He points out five Ontario hospitals that recently faced a “major cyber attack” and are currently facing a close to half-billion dollar class action lawsuit.  

“If you’re being hit with a very large lawsuit, that can be extremely detrimental to your business,” Buckles says. “Chances are you weren’t managing that risk effectively. And you may not have even been aware of that risk.”

Canada has its own cybersecurity laws proposed in Bill C-26, also known as the Critical Cyber Systems Protection Act, which Buckles says is a “good example” of oversight. However, he adds that “Canada certainly needs to continue looking at what regulatory authority they have over different industries and how [they can] improve those requirements to a minimum standard.” 

“Lots of businesses collect data and information and digitize; if they experience a cybersecurity incident, the public is impacted in many cases,” he continues. “So there is a public interest in making sure that organizations do manage their risks effectively so that the public doesn’t have to ultimately pay the price.”

Guidelines for data security

When it comes to dealing with cyber breaches, the United States and Canada have different rules. In Canada, if a cyber breach is considered significant, companies only need to issue a press release. Other than this, most of the guidelines are more like suggestions than strict requirements. 

In February 2017, the guidelines for this in Canada were outlined in the Canadian Securities Administrators’ (CSA) notice for disclosure of cybersecurity risks and incidents. 

Canadian Securities Litigation reported that these were characterized as “guidelines,” including: risk governance and risk mitigation strategy, detailed disclosure of material cybersecurity risks, procedures designed to ensure that detected cybersecurity incidents are communicated to management for timely disclosure, disclosure of the anticipated impact, and costs of the incident.

The report said legal and protocol demands of companies are sure to follow. “Trends in the United States are often a harbinger of what may be coming to Canada,” the article states. And, while the trend in cybersecurity disclosure-related litigation hasn’t hit the Great White North to the same extent yet, the authors say that “Canadian companies should be watching.”

In Canada, the emphasis in proposed class actions regarding cyber attacks has mainly centered around individuals whose data might have been impacted by a cybersecurity event rather than securities class actions, according to the authors. 

In November 2022, Ontario Court of Appeal issued three decisions that held that companies who had been cyber attacked by unknown third parties, were not liable for the damages. The authors of the article, however, say this law “will continue to be tested.”

Mitigating risk

Ultimately, for any Canadian or American company, cyber damage control is key to mitigating legal issues or reputational issues. At the point of discovering a hack, an organization or company should know the right steps to curtail the threat and minimize damages. 

“Communication should include clear identification of the threat, steps the business is taking, and actionable advice for customers, such as verifying website URLs, avoiding clicking on suspicious links, and monitoring their accounts for unusual activity,” says Mazin.

By the time of discovery, attackers may have already harvested user data — which they can use or sell — leading to identity theft or further scams. 

As a result, it could shake customer confidence in the brand. 

“It’s vital to provide reassurance that customer protection is a priority, and to offer support services for those who may have been compromised,” Mazin adds.

In regards to the new US regulations, he says the government did the right thing by looking out for the consumer’s best interest in requiring data breach crises to be open and transparent. The next requirement should be legally-mandated up-to-date cybersecurity, he says, “to greatly minimize the overall risk of privacy breaches, and legal consequences.”

Something like this would require security professionals to work in tandem with the government so as not to make this kind of law onerous, “but also ensure a standard set for major companies.” 

As for the reputational damages after the fact, “it would pay for companies to have a pre-emptive plan to cope with public relations fallout,” says Mazin.

Here are some tips to on how to mitigate risk:

Implement robust cybersecurity measures:

  • Establish strong firewalls, encryption, and intrusion detection systems.
  • Regularly update and patch software to address vulnerabilities.

Prioritize employee training and awareness:

  • Provide comprehensive cybersecurity training to employees to avoid human error.

Develop and test an incident response plan:

  • Create a well-documented incident response plan for cybersecurity breaches.
  • Regularly conduct simulations and drills to ensure effectiveness.

Secure customer data and communication:

  • Encrypt customer data.
  • Develop clear communication protocols for timely and transparent disclosure of cyber incidents.

Regularly review and update policies:

Share this:


Cashiers vs. digital ordering: What do people want, and at what cost?




Task Group summarized the rise in digital ordering over the past couple of years, its acceptance among customers, and its cost.
Share this:

You walk into a fast-food restaurant on your lunch break. You don’t see a cashier but instead a self-service kiosk, a technology that is becoming the new norm in eateries across the country. The kiosks usually offer customers a menu to scroll through and pictures of meals and specials with prompts to select their food and submit their payment in one place.

Self-service kiosks are big business. In fact, the market for self-service products is expected to grow from a $40.3 billion market value in 2022 to $63 billion by 2027, according to a report from BCC Research. Consumers do have mixed opinions about the kiosks, but about 3 out of 5 surveyed consumers reported that they were likely to use self-service kiosks, according to the National Restaurant Association. The technology, while expensive, can boost businesses’ bottom lines in the long run.

Task Group summarized the rise in digital ordering over the past couple of years, its acceptance among customers, and a cost analysis of adopting the technology.

Self-service kiosks—digital machines or display booths—are generally placed in high-traffic areas. They can be used for different reasons, including navigating a store or promoting a product. Interactive self-service kiosks in particular are meant for consumers to place orders with little to no assistance from employees.

The idea of kiosks isn’t new. The concept of self-service was first introduced in the 1880s when the first types of kiosks appeared as vending machines selling items like gum and postcards. In the present age of technology, the trend of self-service has only grown. Restaurants such as McDonald’s and Starbucks have already tried out cashierless technology.

From a business perspective, the kiosks offer a huge upside. While many employers are looking for workers, they’re having a hard time finding staff. In the midst of the COVID-19 pandemic, employers struggled with a severe employee shortage. Since then, the problem has continued. In 2022, the National Restaurant Association reported that 65% of restaurant operators didn’t have enough workers on staff to meet consumer demand. With labor shortages running rampant, cashierless technology could help restaurants fill in for the lack of human employees.

The initial investment for the kiosks can be high. The general cost per kiosk is difficult to quantify, with one manufacturer estimating a range of $1,500 to $20,000 per station. However, with the use of kiosks, restaurants may not need as many cashiers or front-end employees, instead reallocating workers’ time to other tasks.

In May 2022, the hourly mean wage for cashiers who worked in restaurants and other eating establishments was $12.99, according to the Bureau of Labor Statistics. Kiosks could cost less money than a cashier in the long run.

But how do the customers themselves feel about the growing trend? According to a Deloitte survey, 62% of respondents report that they were “somewhat likely” to order from a cashierless restaurant if given the chance to do so. The same survey reported that only 19% of respondents had experience with a cashierless restaurant.

What would it mean for society if restaurants did decide to go completely cashierless? Well, millions of positions would likely no longer be necessary. One report suggests 82% of restaurant positions could be replaced by robots, a prospect making automation appealing to owners who can’t find staff to hire.

Due to the ongoing labor shortage, employers have tried raising employee wages. Papa John’s, Texas Roadhouse, and Chipotle were among the restaurant companies that increased employee pay or offered bonuses in an attempt to hire and retain more workers. Meanwhile, some companies have decided to use technology to perform those jobs instead, so that they wouldn’t have to put effort into hiring or focus their existing staff on other roles.

Story editing by Ashleigh Graf and Jeff Inglis. Copy editing by Tim Bruns.

Share this:
Continue Reading


Is real estate actually a good investment?




Wealth Enhancement Group analyzed data from academic research, Standard and Poor's, and Nareit to compare real estate to stocks as investments.
Share this:

It’s well-documented that the surest, and often best, return on investments comes from playing the long game. But between stocks and real estate, which is the stronger bet?

To find out, financial planning firm Wealth Enhancement Group analyzed data from academic research, Standard and Poor’s, and Nareit to see how real estate compares to stocks as an investment.

Data going back to 1870 shows the well-established power of real estate as a powerful “long-run investment.” From 1870-2015, and after adjusting for inflation, real estate produced an average annual return of 7.05%, compared to 6.89% for equities. These findings, published in the 2019 issue of The Quarterly Journal of Economics, illustrate that stocks can deviate as much as 22% from their average, while housing only spreads out 10%. That’s because despite having comparable returns, stocks are inherently more volatile due to following the whims of the business cycle.

Real estate has inherent benefits, from unlocking cash flow and offering tax breaks to building equity and protecting investors from inflation. Investments here also help to diversify a portfolio, whether via physical properties or a real estate investment trust. Investors can track markets with standard resources that include the S&P CoreLogic Case-Shiller Home Price Indices, which tracks residential real estate prices; the Nareit U.S. Real Estate Index, which gathers data on the real estate investment trust, or REIT, industry; and the S&P 500, which tracks the stocks of 500 of the largest companies in the U.S.

High interest rates and a competitive market dampened the flurry of real-estate investments made in the last four years. The rise in interest rates equates to a bigger borrowing cost for investors, which can spell big reductions in profit margins. That, combined with the risk of high vacancies, difficult tenants, or hidden structural problems, can make real estate investing a less attractive option—especially for first-time investors.

Keep reading to learn more about whether real estate is a good investment today and how it stacks up against the stock market.

A line chart showing returns in the S&P 500, REITs, and US housing. $100 invested in the S&P 500 at the start of 1990 would be worth around $2,700 today if you reinvested the dividends.

Wealth Enhancement Group

Stocks and housing have both done well

REITs can offer investors the stability of real estate returns without bidding wars or hefty down payments. A hybrid model of stocks and real estate, REITs allow the average person to invest in businesses that finance or own income-generating properties.

REITs delivered slightly better returns than the S&P 500 over the past 20-, 25-, and 50-year blocks. However, in the short term—the last 10 years, for instance—stocks outperformed REITs with a 12% return versus 9.5%, according to data compiled by The Motley Fool investor publication.

Whether a new normal is emerging that stocks will continue to offer higher REITs remains to be seen.

This year, the S&P 500 reached an all-time high, courtesy of investor enthusiasm in speculative tech such as artificial intelligence. However, just seven tech companies, dubbed “The Magnificent 7,” are responsible for an outsized amount of the S&P’s returns last year, creating worry that there may be a tech bubble.

While indexes keep a pulse on investment performance, they don’t always tell the whole story. The Case-Shiller Index only measures housing prices, for example, which leaves out rental income (profit) or maintenance costs (loss) when calculating the return on residential real estate investment.

A chart showing the annual returns to real estate, stocks, bonds, and bills in 16 major countries between 1870 and 2015.

Wealth Enhancement Group

Housing returns have been strong globally too

Like its American peers, the global real estate market in industrialized nations offers comparable returns to the international stock market.

Over the long term, returns on stocks in industrialized nations is 7%, including dividends, and 7.2% in global real estate, including rental income some investors receive from properties. Investing internationally may have more risk for American buyers, who are less likely to know local rules and regulations in foreign countries; however, global markets may offer opportunities for a higher return. For instance, Portugal’s real estate market is booming due to international visitors deciding to move there for a better quality of life. Portugal’s housing offers a 6.3% return in the long term, versus only 4.3% for its stock market.

For those with deep enough pockets to stay in, investing in housing will almost always bear out as long as the buyer has enough equity to manage unforeseen expenses and wait out vacancies or slumps in the market. Real estate promises to appreciate over the long term, offers an opportunity to collect rent for income, and allows investors to leverage borrowed capital to increase additional returns on investment.

Above all, though, the diversification of assets is the surest way to guarantee a strong return on investments. Spreading investments across different assets increases potential returns and mitigates risk.

Story editing by Nicole Caldwell. Copy editing by Paris Close. Photo selection by Lacy Kerrick.

This story originally appeared on Wealth Enhancement Group and was produced and
distributed in partnership with Stacker Studio.

Share this:
Continue Reading


5 tech advancements sports venues have added since your last event




Uniqode compiled a list of technologies adopted by stadiums, arenas, and other major sporting venues in the past few years.
Share this:

In today’s digital climate, consuming sports has never been easier. Thanks to a plethora of streaming sites, alternative broadcasts, and advancements to home entertainment systems, the average fan has myriad options to watch and learn about their favorite teams at the touch of a button—all without ever having to leave the couch.

As a result, more and more sports venues have committed to improving and modernizing their facilities and fan experiences to compete with at-home audiences. Consider using mobile ticketing and parking passes, self-service kiosks for entry and ordering food, enhanced video boards, and jumbotrons that supply data analytics and high-definition replays. These innovations and upgrades are meant to draw more revenue and attract various sponsored partners. They also deliver unique and convenient in-person experiences that rival and outmatch traditional ways of enjoying games.

In Los Angeles, the Rams and Chargers’ SoFi Stadium has become the gold standard for football venues. It’s an architectural wonder with closer views, enhanced hospitality, and a translucent roof that cools the stadium’s internal temperature. 

The Texas Rangers’ ballpark, Globe Life Field, added field-level suites and lounges that resemble the look and feel of a sports bar. Meanwhile, the Los Angeles Clippers are building a new arena (in addition to retail space, team offices, and an outdoor public plaza) that will seat 18,000 people and feature a fan section called The Wall, which will regulate attire and rooting interest.

It’s no longer acceptable to operate with old-school facilities and technology. Just look at Commanders Field (formerly FedExField), home of the Washington Commanders, which has faced criticism for its faulty barriers, leaking ceilings, poor food options, and long lines. Understandably, the team has been attempting to find a new location to build a state-of-the-art stadium and keep up with the demand for high-end amenities.

As more organizations audit their stadiums and arenas and keep up with technological innovations, Uniqode compiled a list of the latest tech advancements to coax—and keep—fans inside venues.

A person using the new walk out technology with a palm scan.

Jeff Gritchen/MediaNews Group/Orange County Register // Getty Images

Just Walk Out technology

After successfully installing its first cashierless grocery store in 2020, Amazon has continued to put its tracking technology into practice.

In 2023, the Seahawks incorporated Just Walk Out technology at various merchandise stores throughout Lumen Field, allowing fans to purchase items with a swipe and scan of their palms.

The radio-frequency identification system, which involves overhead cameras and computer vision, is a substitute for cashiers and eliminates long lines. 

RFID is now found in a handful of stadiums and arenas nationwide. These stores have already curbed checkout wait times, eliminated theft, and freed up workers to assist shoppers, according to Jon Jenkins, vice president of Just Walk Out tech.

A fan presenting a digital ticket at a kiosk.

Billie Weiss/Boston Red Sox // Getty Images

Self-serve kiosks

In the same vein as Amazon’s self-scanning technology, self-serve kiosks have become a more integrated part of professional stadiums and arenas over the last few years. Some of these function as top-tier vending machines with canned beers and nonalcoholic drinks, shuffling lines quicker with virtual bartenders capable of spinning cocktails and mixed drinks.

The kiosks extend past beverages, as many college and professional venues have started using them to scan printed and digital tickets for more efficient entrance. It’s an effort to cut down lines and limit the more tedious aspects of in-person attendance, and it’s led various competing kiosk brands to provide their specific conveniences.

A family eating food in a stadium.

Kyle Rivas // Getty Images

Mobile ordering

Is there anything worse than navigating the concourse for food and alcohol and subsequently missing a go-ahead home run, clutch double play, or diving catch?

Within the last few years, more stadiums have eliminated those worries thanks to contactless mobile ordering. Fans can select food and drink items online on their phones to be delivered right to their seats. Nearly half of consumers said mobile app ordering would influence them to make more restaurant purchases, according to a 2020 study at PYMNTS. Another study showed a 22% increase in order size.

Many venues, including Yankee Stadium, have taken notice and now offer personalized deliveries in certain sections and established mobile order pick-up zones throughout the ballpark.

A fan walking past a QR code sign in a seating area.

Darrian Traynor // Getty Images

QR codes at seats

Need to remember a player’s name? Want to look up an opponent’s statistics at halftime? The team at Digital Seat Media has you covered.

Thus far, the company has added seat tags to more than 50 venues—including two NFL stadiums—with QR codes to promote more engagement with the product on the field.  After scanning the code, fans can access augmented reality features, look up rosters and scores, participate in sponsorship integrations, and answer fan polls on the mobile platform.

Analysts introducing AI technology at a sports conference.

Boris Streubel/Getty Images for DFL // Getty Images

Real-time data analytics and generative AI

As more venues look to reinvigorate the in-stadium experience, some have started using generative artificial intelligence and real-time data analytics.  Though not used widely yet, generative AI tools can create new content—text, imagery, or music—in conjunction with the game, providing updates, instant replays, and location-based dining suggestions

Last year, the Masters golf tournament even began including AI score projections in its mobile app. Real-time data is streamlining various stadium pitfalls, allowing operation managers to monitor staffing issues at busy food spots, adjust parking flows, and alert custodians to dirty or damaged bathrooms. The data also helps with security measures. Open up an app at a venue like the Honda Center in Anaheim, California, and report safety issues or belligerent fans to help better target disruptions and preserve an enjoyable experience.

Story editing by Nicole Caldwell. Copy editing by Paris Close. Photo selection by Lacy Kerrick.

This story originally appeared on Uniqode and was produced and
distributed in partnership with Stacker Studio.

Share this:
Continue Reading