Monday, July 31, 2023

Red Magic Cyberbuds Dao TWS hit international market with advanced ANC, low latency

The gaming sub-brand of nubia called Red Magic is best known for its smartphones, but lately branched into gaming monitors and various peripherals. It delivered its first TWS earphones in 2020 and now it's following up with a more upscale model dubbed Cyberbuds Dao TWS. These gaming earphone are hitting international markets today with the latest Qualcomm Bluetooth technology, long battery life and RGB light effects. These wireless earphones have the latest Qualcomm S5 chip for sound over Bluetooth, which supports lossless and high-res music, Bluetooth LE (Low Energy) audio,...



from GSMArena.com - Latest articles https://ift.tt/4oOjh6T

Apple greenlights Twitter app’s rebrand to X

After weeks of changes to its social handles, branding on its interface, a redirect on the web, and lots of chatter from its owner, Twitter the app has finally changed its name on the App Store to X. The single-letter name may have an exception: Apple typically doesn’t allow developers name their apps as a single character.

Last week, Twitter rebranded its iOS and Android apps, replacing the old bird logo, and screenshots in the App Store, with the new ‘X’ logo. However, the company wasn’t able to change its actual listed name on the App Store. As developers pointed out, this is because the App Store Connect — the portal that lets developers manage their apps — shows an error when developers try to use just one character as the app name.

Despite that, today Apple seems finally to have granted Elon Musk’s X Corp. — the official owner of Twitter — an exception to have a single-letter app name. We have reached out to Apple for a comment, and we’ll update the story if we hear back.

X also changed its App Store tagline from “Let’s talk.” to “Blaze your glory!” It’s not clear what that means. Musk himself posted a tweet with this tagline without any context.

In contrast, Twitter’s rebranding on Android faced no roadblocks as the app changed the name to X along with the logo swap earlier.

Over the weekend, another app named X — which supposedly was using Unicode in its name to get around Apple’s character limits — was renamed. The app description now reads “[We are not affiliated with Twitter/X and will soon give our app a new name]”

Last week, TechCrunch reported that X took over the @X handle without any warning to its original owner. The company didn’t compensate the user and just offered him a selection of X merchandise and a tour of X’s HQ, as a “reflection of our appreciation.”

X is also in the process of renaming its subscription service from Twitter Blue to X Blue. The company now mentions on the support page that the subscription service allows users to upload up to three hours of video — extending the previous limit of two hours set in May.

Last week, X also expanded its ad revenue-sharing program globally after giving creators $5 million in the first round of payments. To earn however, you have to pay and play to cash in: to be eligible, creators have to be verified; need at least 500 followers; and they also must have accrued 15 million total impressions from across their posts in the last three months.



from TechCrunch https://ift.tt/SE4AyDq

Strengthening security in a multi-SaaS cloud environment

Managing security across multiple SaaS cloud deployments is becoming more challenging as the number of zero-day and ransomware attacks continues to rise. In fact, recent research reveals that a staggering 76% of organizations fell victim to a ransomware attack in the past year.

It’s no secret that protecting data is hard, and with the rise of cloud technologies, it’s becoming harder. But when it comes to cloud SaaS application risk, what does that look like? And what actionable steps can teams and IT pros take to help mitigate those risks at their organization? In this article, I’m going to explore those questions and provide some insights.

Navigating the maze of SaaS challenges

Modern organizations encounter a variety of SaaS challenges, including the absence of configuration standards, multiple APIs, and user interfaces (UIs) with varying access levels and potential data leaks across interconnected systems. Securing structured data in CRM applications, communication data in messaging platforms, and unstructured data from file providers is already difficult.

However, when these systems are sourced from different vendors, it becomes even more challenging to detect and prevent attacks in a timely manner. The interconnected nature of these systems makes tracking data provenance difficult and facilitates broad spread of malware and ransomware.

This challenge is further exacerbated when organizations extend their systems to include external users. With expanding footprints, the inadvertent leakage or destruction of sensitive data becomes a significant concern. Popular platforms like Salesforce Communities, Slack Connect, Microsoft Teams, Microsoft 365, and Google Drive create a complex web of identity, permissions, and integration controls.

Unfortunately, most endpoint management tools on the market were designed for a pre-cloud, pre-bring-your-own-device (BYOD) era, making them inadequate for managing the modern SaaS landscape. So how do you take control?

Taking control with new solutions

When managing risk in the cloud, it’s crucial to select IT and security solutions that truly address the intricacies of the deployed SaaS applications and were born 100% in the cloud without any legacy on-premises components. The good news is that vendors are developing innovative solutions to help IT and security teams do this. But it’s essential to explore the options and consider the following:

First, do they go beyond basic factors such as OAuth scopes, login IP addresses, and high-level scores, and instead delve deeper into data usage patterns and even examine the code of all integrations?

Second, many major SaaS vendors provide event monitoring, antivirus protection, and basic data leak prevention as check boxes. But these features often fall short when it comes to preventing and remediating data attacks because of miscalibrated thresholds in alert systems and logs that are not tuned for specific organizations. That results in alert overload and fatigue. It’s important to understand how a solution improves risk scoring and alert prioritization.



from TechCrunch https://ift.tt/xiYredn

Italy accepts data portability offer from Google to settle antitrust complaint

Italy’s competition authority has settled a probe of Google focused on data portability after accepting commitments from the tech giant that look set to make it easier for users to take their data elsewhere, the AGCM said today.

The watchdog opened the investigation last summer, acting on a complaint by a local company which operates a direct marketing platform, called Weople. Its owner, Hoda, had complained Google’s data portability offer — aka Takeout — is extremely complicated and discourages users from porting their data elsewhere.

The Italian company has a commercial reason to want to smooth the path of data portability since the Weople service works by encouraging users to port data from third parties, such as social media platforms and loyalty card schemes, in order to populate so-called virtual data deposit boxes.

Per an explainer on its website, data deposited in virtual spaces on the Weople platform is encrypted and tokenized — a process Hoda claims renders personal data “anonymized” and “aggregated” — in order that it can be repurposed for targeted marketing, including the sending of personalized offers, without users’ personal data or identity being shared with advertisers. So Hoda is purporting to act as an identity-screening intermediary, albeit while processing user data itself.

The carrot offered to users to encourage them to share a copy of their data is a promise that they’ll get cut in on any ad revenue. The FAQ suggests up to 90% of any revenue generated off the data is returned to users in passive earnings.

Given the dominant role Google plays in several online market, such as the market for general search, access to data it holds on users was seen by Hoda as important for the development of its business.

Back in 2019 it started by asking Google to improve interoperability mechanisms to make it easier for users to port their data into its platform. But its complaint to the AGCM said the tech giant rebuffed its asks — pointing to its existing Takeout procedure as the only available route for porting data. Hence Hoda filing a formal complaint with the watchdog that Google was obstructing interoperability.

The regulatory oversight has now culminated in the AGCM accepting proposals from Google aimed at easing data portability.

Trio of commitments ahead of API

It’s not a formal finding that Google broke competition law by impeding interoperability. But the Italian authority said it believes the three commitments offered by Google resolve competition concerns.

Two of the commitments supplement what Google already offers with Takeout, while a third relates to a new direct (service to service) data portability offering that Google will make available to third party operators in the future.

The AGCM’s settlement decision provides more details of the commitments. One of which will see Google provide third parties with a URL they can embed in their own applications to help automate the Takeout process — making it easier for users to select and export their data via Takeout by linking them directly to their Takeout profile where one or more categories of Google user data will have been pre-selected in line with the third party’s preferences. A field for the frequency of data exports may also be pre-selected.

Google has also committed to make the data available as a single file in a standard machine-readable format via relevant cloud storage services. And Google users will receive a notification email once the down has finished — containing a link to the cloud storage service where the export file is hosted so they can more easily share it with third parties of their choice.

A second commitment by Google will see it make more detailed documentation available to third parties regarding data fields related to users’ web searches, Chrome browsing history and YouTube — with the aim of making exported data more useful to third parties.

Under the third commitment, it has pledged to provide early access (i.e. for testing before official release) to a new service-to-service direct portability API it’s developing. Per the AGCM, this API is expected to be ready in the first quarter of 2024 but under the early adopter program commitment third parties will be able to start testing what Google has in the works at least six months ahead of the full release in the case of some of its services (such as Google Search and YouTube).

The AGCM document specifies October 2023 as the start date for the early access to the API.

The first two commitments run for five years from their implementation dates. The third commitment is binding until Google releases the direct data portability API. An independent monitoring trustee will be appointed to monitor Google’s compliance.

In a press release announcing the settlement, the AGCM suggested the commitments from Google will see users benefiting by more easily being able to take their data elsewhere — ahead of what it couched as a key development next year, when the tech giant is set to release an API to automate the data portability process.

Reached for comment on the settlement, A Google company spokeswoman sent us this statement:

People should be able to use their data with the services that they like best. For over a decade we have offered people the ability to take out and transfer their data from more than 70 Google products. We continue to make investments in Takeout, the Data Transfer Project, and data portability more broadly in a way that improves user experience while protecting user privacy and security. We are pleased that the AGCM have accepted our commitments in this matter.

Data portability and the EU’s DMA

The commitments Google is making around data portability may have been extracted by the Italian watchdog but are likely to be linked to wider efforts to prepare its business for compliance with the pan-EU Digital Markets Act (DMA).

The regulation started to apply in May but designations are still pending and compliance for the first so-called “gatekeepers” won’t kick in until next Spring. Although the ex ante competition reboot is widely expected to apply to Google’s business in Europe.

The tech giant recently signalled it believes it operates at least one “core platform service” which will be regulated under the new regime.

The DMA applies a series of ‘dos and don’ts’ on the platform giants it applies to with the aim of rebalancing the competitive playing field online. Among these obligations is a requirement that gatekeepers support market contestability by enabling service switching (or multi-homing) via support for data portability linked to their core platform services.

Here’s a chunk of a relevant recital from the DMA:

[E]nd users, as well as third parties authorised by an end user, should be granted effective and immediate access to the data they provided or that was generated through their activity on the relevant core platform services of the gatekeeper. The data should be received in a format that can be immediately and effectively accessed and used by the end user or the relevant third party authorised by the end user to which the data is ported. Gatekeepers should also ensure, by means of appropriate and high quality technical measures, such as application programming interfaces, that end users or third parties authorised by end users can freely port the data continuously and in real time. This should apply also to any other data at different levels of aggregation necessary to effectively enable such portability.

This suggests the API that Google is developing for direct data portability is likely to be part of its response to DMA compliance — meaning it will be made available across the EU (at least). The Italian procedure thus looks like a stop-gap measure until the bloc’s big digital competition reboot kicks in next Spring. But in that regard it offers a taster of more major changes coming down the pipe for the most powerful digital players early next year.



from TechCrunch https://ift.tt/XyHmUxg

Here is how to get a $50 discount on a Galaxy Z Flip5 or Z Fold5 from Samsung US

If you missed the pre-registration bonus, you still have a chance to pick up a $50 discount on both the Flip and the Z Fold5. Note that the discount is applied directly at checkout and is available only through the following links to the Samsung US online store: Samsung Galaxy Z Flip5 Samsung Galaxy Z Fold5 You might not want to wait too long as the shipping dates for the Samsung Galaxy Z Flip5 in the US have already started to slip back – the phone is set to release on August 11 and you can still get the Graphite and Lavender colorways on that date. However, all the others are...



from GSMArena.com - Latest articles https://ift.tt/fiLWIaF

Samsung Galaxy S24+ stops by Geekbench, S24 Ultra’s battery certified

With the Samsung Galaxy Z Fold5 and Z Flip5 already announced, it’s time to turn our attention to the next big launch from Samsung’s camp – the Galaxy S24 series. A new series of listings for the Galaxy S24+ (SM-S926) and S24 Ultra (SM-S928) are revealing some key details about the upcoming devices. Samsung Galaxy S24+ (SM-926) Geekbench scorecard The Geekbench listing for the S24+ shows the device is equipped with a chipset codenamed “pineapple” which is speculated to be the upcoming Snapdragon 8 Gen 3. The listing reports a prime core clocked @ 3.3GHz alongside 3x cores clocked @...



from GSMArena.com - Latest articles https://ift.tt/4NsTcxt

Sunday, July 30, 2023

Tesla’s range-flation problem, Waymo reverses on self-driving trucks and Ford tweaks its EV playbook

The Station is a weekly newsletter dedicated to all things transportation. Sign up here — just click The Station — to receive the newsletter every weekend in your inbox. Subscribe for free. 

Welcome back to The Station, your central hub for all past, present and future means of moving people and packages from Point A to Point B.

Hey frens! I’m back from vacation and who-wee — a lot happened this week from automaker earnings and the Tesla range inflation drama to Waymo tapping the brakes on self-driving and Cruise expanding to yet another city.

One other note, you can find me on TechCrunch’s Equity podcast, a place where I will show up on a semi-regular basis, including this episode that came out Friday!

Onward!


Want to reach out with a tip, comment or complaint? Email Kirsten at kirsten.korosec@techcrunch.com.

Reminder that you can drop us a note at tips@techcrunch.comIf you prefer to remain anonymousclick here to contact us, which includes SecureDrop (instructions here) and various encrypted messaging apps.

Micromobbin’

the station scooter1a

Is there anything else to talk about besides Lyft mulling the sale of its ebike division?

Lyft posted on its blog that it had received “strong inbound interest” in its bikes and scooters business.

The company stated:

As a leading bikeshare provider, supplying solutions to over 53 markets across 15 countries, it’s only logical for Lyft to listen to credible proposals and explore strategic partners and options in several forms to serve more riders in more cities. We expect this part of the business to continue to be a meaningful part of Lyft’s offering now and into the future.

The announcement runs contrary to what newly appointed CEO David Risher has told reporter Rebecca Bellan in past interviews. Risher, who is known as a big supporter of ebikes, did say the company planned to focus on its core ride-hailing business and become profitable, but it didn’t seem like the two-wheeled share service was on the chopping block.

The news prompted some here at TechCrunch to declare that shared micromobility was officially dead. I’m not so sure.

What do you think?

Deal of the week

money the station

Instead of a deal of the week, I’d like to call y’all’s attention to the list of deals below. See a pattern emerging?

Yup, me too. Software and EV charging sure seems like a thing, eh?

Other deals that got my attention this week …

Ampcontrol, an EV fleet management software startup, raised $10 million in Series A funding round led by the Westly Group. Other investors included AngelPad and Lorimer Ventures.

Aurora raised $820 million in a public and concurrent private offering (a deal we covered last week.) As I mentioned in the Equity podcast, tucked inside the SEC filing detailing the deal we learn that Uber invested $1 million in the private placement and $74 million in the public follow-on. When taking into account the Class B shares, Uber has a 22% stake in Aurora.

EV.energy, the UK-based EV charging software startup, raised $33 million in a Series B round led by National Grid Partners with participation from new investors Aviva Ventures, WEX Venture Capital and InMotion Ventures, as well as existing investors Energy Impact Partners, Future Energy Ventures and ArcTern Ventures.

Flipturn, a startup that developed a software management system for EV truck fleets, raised $4.5 million in a seed round led by Accel.

Field, the battery energy storage systems developer launched by former Bulb Energy co-founder Amit Gudka, raised £200 million from DIF Capital Partners.

Voltpost, a New York City–based startup that developed hardware that converts lampposts into EV charging spots, raised $3.6 million in a seed round led by RWE Energy Transition Investments with participation from Twynam Funds Management, Exelon Foundation, Good News Ventures and Climate Capital.

VW Group made a pair of deals with Chinese automakers aimed at shoring up sales in China, including taking a 5% stake valued at about $700 million XPeng as part of a deal to jointly develop and produce two mid-sized EVs for China. In a separate agreement, Audi expanded a partnership with SAIC. Reporter Rita Liao provides insight on what this deal could mean for future alliances between China and the West.

Notable reads and other tidbits

Autonomous vehicles

Cruise self-driving vehicles arrived in Nashville this week for testing; a robotaxi service is expected to follow. Cruise will also begin testing in multiple, new cities as part of its aggressive commercial ramp, according to the company. If the company’s careers page provides any hints, it seems Atlanta is one of them.

Want evidence that Cruise is accelerating? One year ago, Cruise only operated in San Francisco. Cruise has since expanded to Austin, Dallas, Houston, Phoenix and most recently Miami.

Rafaela Vasquez, the safety driver who was behind the wheel of an Uber ATG self-driving vehicle when it struck and killed a pedestrian in Tempe in 2018, pleaded guilty to endangerment. Vasquez was sentenced to three years of supervised probation.

Waymo is tapping the brakes on self-driving trucks and shifting most of its capital, resources and talent to one commercial bet: ride-hailing. I won’t call it a complete shutdown as limited testing will continue. But the program as it once stood is over. It seems most people on the team have kept their jobs at Waymo, per sources. (However, it’s still early; we’ll see how it all shakes out once the program is wound down.)

Earnings

Ford and GM both posted earnings this week and there were some general themes; namely that business is good if you’re selling gas and hybrid trucks and SUVs. The EV business? Well that’s a bit of a money loser. Both companies raised profit guidance for the year and GM said it would cut costs another $1 billion as it focuses on earning more money.

Ford, which now breaks out earnings for three business units, is tweaking its EV plans. The big line item is that Ford expects its EV business to lose $4.5 billion in 2023 — double what it previously forecast. And the company seems to be more bullish than ever on hybrids, which reminds me of Bill Ford’s comments way back in 2016 about viewing hybrids as a transitional, or bridge technology. At the time, the sentiment was about consumer adoption. These days Ford is learning that hybrid technology applied to trucks is particularly attractive to buyers.

Electric vehicles, batteries & charging

Ample, a San Francisco-based startup, is bringing its modular EV battery swapping technology to Mitsubishi Fuso’s electric trucks this winter.

GM isn’t going to kill off the Chevy Bolt EV after all. This is going to be a next-gen Bolt EV based on the new Ultium platform and battery design. I’m fascinated by this reversal because it happened so quickly (3 months!).  Will it still be assembled at the Orion plant? Reminder: Orion was supposed to be retooled for electric truck production once the Bolt went out of production at the end of 2023.

Tesla exaggerated the range estimates for its EVs for years, prompting owners to flood its service center over concerns that their vehicles needed service, according to a new detailed Reuters report. As I note in my own story, one of the nagging problems with range estimates is their variability, which allows some automakers to push the boundaries of the system. While the EPA does review and approve those estimates, it allows automakers to use one of two methods to reach those figures: use a standard formula that converts fuel economy results, or conduct additional tests to come up with their own range estimate. Tesla has always done the latter, which gives far better numbers.

Miscellaneous

Lacuna Technologies, a startup that sold software services to cities to help create and enforce transportation policies, has shut down, per a LinkedIn post from product lead Samuel Jackson. (h/t to the source who pointed me to the post).

Disrupt!

Beep beep! TechCrunch Disrupt 2023, taking place in San Francisco on September 19–21, is where you’ll get the inside scoop on the future of mobility. Come and hear from today’s leading mobility entrepreneurs on what it takes to build and innovate for a more sustainable future. Save up to $600 when you buy your pass now through August 11, and save 15% on top of that with promo code STATION. Learn more.



from TechCrunch https://ift.tt/lyOxiFs

Weekly deals: the best smartphone deals from the US, the UK, Germany and India

Samsung unveiled its 5th generation foldable phones this week and they went on pre-order. There are some great deals in some regions and not-so-great deals in other regions. We also look at possible alternatives to the Galaxy Z foldables. USA The UK Germany India USA Samsung US is offering some killer trade-in deals. For example, if you send in your old Galaxy Z Flip4, you can get the new Z Flip5 for just $100 (assuming it’s in a good condition, if your old Flip has screen damage you will have to pay $300 instead). $100 to get the new hinge and cover display,...



from GSMArena.com - Latest articles https://ift.tt/aOLPyYT

Can we trust automakers to build an EV charging network that rivals Tesla’s Supercharger?

Automakers appear to have had an awakening last week: Electric vehicles are the future, and if they want to continue selling cars, they have to think beyond the car. I’m not talking about subscriptions, though; I’m talking about charging.

For years, major auto manufacturers were happy to leave the infrastructure to someone else. Tesla was the lone exception, building a globe-spanning network of speedy and reliable chargers that have placated range-anxious car shoppers who have bought the company’s EVs in droves. Other automakers, though, failed to connect the EV charging experience with EV sales. Perhaps it’s because infrastructure is unfamiliar territory. Or maybe they actually weren’t that interested in selling EVs.

Whatever the case, automakers’ recent come-to-Jesus moment culminated in an announcement last week that seven of the largest would be forming a joint venture to build a massive charging network across North America.

Consisting of no fewer than 30,000 charge points offering both Combined Charging System (CCS) and the North American Charging Standard (NACS) connectors, the as-yet-unnamed network promises to be a true rival to Tesla’s Supercharger and the Volkswagen diesel settlement-funded Electrify America.

Sounds like a step in the right direction.



from TechCrunch https://ift.tt/xK4gysh

When you’ve got two exits under your belt by the age of 26

In this week’s edition of The Interchange, we get into M&As in the fintech space as AngelList nabbed a startup and Uplift got bought for less than it raised in venture funding. We get into those deals and much more. Want to receive this in your inbox every Sunday? Sign up here.

Shopify’s credit bet, Jeeves’ update and AngelList’s second buy

Last week, Shopify announced a new offering — Shopify Credit, a business credit card designed exclusively for its merchants. The new product marked Shopify’s first pay-in-full business credit card, said Shopify president Harley Finkelstein. It is powered by Stripe and issued by Celtic Bank, “and accepted everywhere Visa is,” he added. My editor and I were intrigued by the fact that Shopify insisted it would charge no fees — no late fees, no foreign transaction fees, and no interest. But upon further digging into the fine print, as fellow fintech enthusiast Sar Haribhakti tweeted about, it turns out that Shopify is also describing the new offering as a “pay in full credit card.” So, merchants have 25 days after the close of their monthly billing cycle to pay their balance. And if they don’t? Well, according to Shopify’s website, the card will be locked and the merchant won’t be able to make any new purchases until the balance has been repaid. That explains how/why the company is not charging any interest! Unfortunately, I was traveling early last week and didn’t get to actually speak to Harley — our interview was over email, and somehow this little tidbit of information got left out. It certainly was not something that Shopify publicized. It feels like retail/commerce companies deciding to go into the credit card space should proceed with some caution, though, if Apple’s experience is any indication. The Information did a deep dive last week on how “the tech giant and the Wall Street titan went from ‘the most successful credit card launch ever’ to Goldman trying to exit the partnership.”

I also gave us an update on fintech startup Jeeves, which did something that us reporters wish more (actually, all) private companies would do — share financials. We’ve been covering the goings-on at Jeeves since the startup first emerged from stealth in July of 2021, announcing $131 million in debt and equity financing from investors such as Andreessen Horowitz (a16z). It then announced a $57 million Series B exactly three months later. Jeeves is among the many players in the corporate card space — but CEO and founder Dileep Thazhmon believes it’s got an advantage over competitors in that it can serve clients in Latin America (its biggest market) and other regions by offering cards that can be paid in local currencies. That’s a big deal, he says, because businesses can save money on foreign transaction fees, for example. He told us: “This is a really big differentiator because it means we’re the only expense management company that can issue local cards in Latin America, North America and Europe. It takes time to build rails in other countries. If you look at U.S.-based expense management platforms, they cannot onboard a company headquartered in Mexico. If you look at Mexican expense management providers, they cannot onboard a company [that] is headquartered in the U.S. Jeeves can do both.” Read about how Jeeves entered 2023 with annualized revenue of $40 million, its recent expansion beyond corporate cards into prepaid cards and cross-border payments, and what its plans for the future are here.

I also got the exclusive on some big news out of AngelList — its purchase of fintech startup Nova and formal expansion into the private equity space. I talked both with AngelList CEO Avlok Kohli and Nova founder Pradyuman Vig about how the deal came about and what the expansion means for the organization. On Friday’s episode of the Equity podcast, Alex Wilhelm, Kirsten Korosec and I dug into what some might consider an unexpected move for AngelList — which has historically served early-stage investors. Hint: We thought it might have a little something to do with its 2022 raise that was co-led by a global investor that rhymes with Kiger. Private equity talk aside, it’s always cool to see a young founder with not just one exit under their belt, but two — by the age of 26. — Mary Ann


Jeeves raises $180M at a $2.1B valuation

Image Credits: Founder Dileep Thazhmon / Jeeves

Weekly News

What do caregiving and divorce have in common? Financial stress for employees. This week, Christine reported on Helpful raising $7.5 million. The new app brings together insurance benefits, medical records and caregiving resources into one dashboard.

As reported by Manish Singh: “The world’s largest asset manager is re-entering India — and it’s doing so in a partnership with Asia’s richest man. Jio Financial Services and BlackRock have struck a deal to form a joint venture, called Jio BlackRock, aimed at serving India’s growing investor base. BlackRock and Reliance’s finance unit are targeting an initial investment of $150 million each into the new 50/50 venture, which will seek to offer tech-enabled access to ‘affordable, innovative’ investment solutions for millions of investors in India, they said.” More here.

Dan Macklin, co-founder of SoFi, has joined Summer as president to help more students and families navigate and reduce student loans. TechCrunch reported on his original departure from SoFi here.

We spotted a tweet (or whatever it’s called now) by Forbes’ Alex Konrad this week about his interview with Victor Lazarte (the former CEO of Brazilian games startup Wildlife Studios), who is Benchmark’s newest equal partner. Lazarte told Forbes that he will invest broadly but has an interest in startups in games, consumer and fintech. TechCrunch’s Connie Loizos caught up with Benchmark’s Miles Grimshaw in June to discuss AI investment. More here.

Also, feds raised rates, and now some fintechs are doing so, too. Wealthfront announced on X that the rate on its “Cash Account” is increasing to 4.80% APY (annual percentage yield), up from 4.55% through its partner banks. If you refer a friend, you get 5.30% APY. Perhaps an interesting note is the up to $5 million FDIC insurance (and $10 million for joint accounts) being offered. Not to be outdone is Robinhood, which also announced via X that it was offering 4.9% APY on accounts that were FDIC-insured up to $2 million through program banks.

What else we’re reading

Six ways FedNow may affect businesses’ cash flow 

Vesttoo investigation reveals $4B fraud involving fake letters of credit

John Collison’s land grab: A Stripe co-founder grows in power

Mastercard’s cease-and-desist letters halt cannabis debit card transactions

Clearwater Analytics to launch new generative artificial intelligence solution for investment management

American Express introduces commercial partner program

Fundings and M&A

Seen on TechCrunch

Upgrade acquires travel-focused BNPL startup Uplift for a song (This is particularly notable considering that Uplift got acquired for far less than it raised over its lifetime.)

GlossGenius raises $28M to expand its bookings and payments platform for beauty businesses

Bloom Money raises £1M to digitize finance for ethnic communities

a16z-backed Eco unveils Beam, a P2P crypto transfer service aiming to be a ‘global Venmo’

Bunq, the Dutch neobank, has raised $111M at a flat $1.8B valuation to break into the US 

Seen elsewhere

Inspectify, which sells software for property inspection services, lands $5.7M 

Digital MGA Foxquilt secures $12M funding

Houston workforce training startup acquired by California company

Mercury Financial secures $200M for its credit card business expansion

Deposit ‘marketplace’ launches with backing from BMO

Settle books $145M credit facility from Silicon Valley Bank 


Join us at TechCrunch Disrupt 2023 in San Francisco this September as we explore the impact of fintech on our world today. New this year, we will have a whole day dedicated to all things fintech, featuring some of today’s leading fintech figures. Save up to $600 when you buy your pass now through August 11, and save 15% on top of that with promo code INTERCHANGE. Learn more.


Image Credits: Bryce Durbin



from TechCrunch https://ift.tt/ZhYXl6Q

This week in food tech: New fund shows food investments are still simmering

If you’re adventurous with your food, or just like to keep up with the fast-moving food tech industry, here’s a roundup of this week’s stories and some notable news we weren’t able to cover.

Supply Change Capital

The venture capital fund madness we’ve seen all year has made its way to the food sector. This week, I wrote about Supply Change Capital, which closed on $40 million in capital commitments for its first fund, targeting investments in the global food industry.

The female and Latina-owned firm is spearheaded by co-founders and managing partners Noramay Cadena and Shayna Harris, who met 14 years ago in business school.

The firm has already made 15 investments, including in allergen-free snack food company Partake Foods, ingredients startup Michroma and alternative seafood maker Aqua Cultured Foods.

Supply Change joins firms like Joyful Ventures, which debuted in June with $23 million, focused on investment in sustainable protein startups. Joyful was co-founded by Jennifer Stojkovic, Milo Runkle and Blaine Vess and has made two investments from the fund, including New School Foods and Orbillion Bio.

Global investment in food tech and agtech startups were 44% lower than in 2021, totaling $29.6 billion last year. Granted, 2021 had record-breaking investments into this space, but with all this dry powder on the sidelines, it looks promising for the next year.

As seen in TechCrunch

Brevel sprouts $18.5M to develop microalgae-based alternative proteins

Microalgae is everywhere, it seems. This week, Brevel announced a large seed round that will go toward developing microalgae into an alternative protein powder that can be used in foods.

What else I’m reading

Cultivated beef, it’s what’s for dinner in Europe: Israel’s Aleph Farms gears up to sell first cultivated beef cuts in Europe.

New to the aisles of Whole Foods Markets: Actual Veggies expands at the grocery chain amid over 300% growth in the past year. Meati Foods makes its national launch in 46 states (here’s more about them). And Konscious Foods debuts its frozen, plant-based sushi there.

Egg-citing growth: Yo! Egg makes its nationwide launch via a partnership with Veggie Grill. Read our coverage of the company, especially as it relates to the recent hike in traditional egg prices.

Smooth to the touch: MycoWorks unveils plastic-free leather alternative for luxury fashion brands. Read more about our coverage of this company making “leather” from mushrooms.

Gordon Ramsay likes ramen: Gordon Ramsay partners with vegan ramen brand. See who else has plant-based ramen.

Brewing up some M&A: RTD cold brew maker High Brew acquired by Beliv. Ready-to-drink is big; read more.

If you have a juicy tip or lead about happenings in the venture and food tech worlds, you can reach Christine Hall at chall.techcrunch@gmail.com or Signal at 832-862-1051. Anonymity requests will be respected. 



from TechCrunch https://ift.tt/OpcWw8M

We review the camera apps on the Sony Xperia 1 V

Sony has put a lot of effort into making pro-grade content-creation apps for its flagship Xperia phones. The latest Xperia 1 V has a trio of those - Photo Pro, Video Pro, and Cinema Pro - that unlock the potential of the phone's imaging system. You can access tech straight out of Sony's dedicated camera division like the advanced burst shooting with subject tracking and advanced autofocus. In video, you can choose Sony's flatter Cinetone profile, which can be tuned to your specific style. We delve deep into all three apps and what's possible with them and the Xperia 1 V combination....



from GSMArena.com - Latest articles https://ift.tt/RenrgGX

Weekly poll: Galaxy Z Fold5 and Galaxy Z Flip5 pre-orders have started, who is getting one?

Samsung's next generation foldables are almost here - they are already on pre-order and will start shipping in a couple of weeks time. But the market they enter is more heavily contested than ever. The Samsung Galaxy Z Fold5 is no longer the only horizontal foldable in North America, following the launch of the Google Pixel Fold. The Fold may not have the best chipset in the world, but it has a very similar inner display, an IPX8 water resistance rating and, perhaps, better cameras. You can check out the photos we took with the Z Fold5 in Seoul - it's too early to discuss quality...



from GSMArena.com - Latest articles https://ift.tt/lqHF5Xy

Saturday, July 29, 2023

Abundant opportunities for founders at TechCrunch Disrupt 2023

“Founders first” is the TechCrunch credo — this is the way — and you’ll find the very best and brightest minds in the startup ecosystem gathered at TechCrunch Disrupt 2023, taking place September 19–21 in San Francisco.

This year, our programming spans nine stages, seven industries and dozens of breakout sessions and roundtable discussions (for starters). Disrupt is where founders go to grow, collaborate, network and find inspiration — and, who knows, maybe a term sheet.

Founder opportunities at TechCrunch 2023

Let’s take a look at just some of the founders-first sessions and opportunities waiting for you.

The Builder Stage

Head to the Builder Stage for panels and interviews focused on the nuts and bolts of building and funding new tech enterprises — including these:

  • What Do You Need to Raise a Series A Today?
  • How to Build Intelligent Startup Ops that Will Scale with Your Business

Seven new industry stages

In addition to the Disrupt Stage (more on the folks you’ll see there coming soon), we’re filling seven stages with salon-like programs that focus on the industries that matter most to the tech world today. It’s a rare opportunity to explore cross-sector collaborations under one roof. Check out just some of the sessions on each stage below — click the stage link to see the individual agendas.

AI Stage:

  • A Deep Dive on DeepMind, Google’s Premiere AI Lab
  • Bias, Toxicity and Hallucination: Can AI Be Ethical?

Fintech Stage:

  • Plaid’s Zach Perret Opens up on Open Banking
  • The Future of Payments

Hardware Stage:

  • Mixed Reality Finds Its Focus
  • What’s Next in Robotics?

SaaS Stage:

  • What’s Next for GitHub?
  • AI for SaaS

Security Stage:

  • Signal and the Future of Encrypted Messaging
  • The Spyware Industry Is Out of Control. Now What?

Sustainability Stage

  • Doing Something Concrete on Climate
  • The Upside (and Downside) of Cultured Meat

Wait (we hear you cry) —  that’s only six. Ah, you don’t miss a trick. We’re in the process of adding the Space Stage, which is gonna rock-et! Check back for updates and the agenda — coming soon!

Breakout sessions and roundtable discussions

This is your chance to learn more about specific topics, engage with the startup experts leading the conversations and get your burning questions asked and answered. Roundtables are 30-minute discussions. Breakouts are 30-minute presentations followed by a 20-minute Q&A. Here are a couple examples of each.

Roundtable discussions:

  • How to Build a Team for a Growing Startup
  • The Art of Choosing the Right Investor: A Guide for Startup Founders

Breakouts sessions:

  • AI for Social Good: How Technologists and Nonprofits Can Partner to Deliver Lasting Impact
  • Building Early-Stage Products as a Nontechnical Founder: What to and Not to Do

Networking at TechCrunch Disrupt 2023

Disrupt is no ordinary tech conference: Our audience spans the most influential corners of the startup community, from visionaries and prominent funders to cutting-edge innovators in the Fortune Global 500. My point? Disrupt is prime networking territory.

Connecting starts with the Disrupt event app — an essential connection and scheduling tool. But that’s just the beginning. We’re creating more organic networking opportunities where you can experience moments of magic in a variety of settings.

  • Get your network mojo moving on Disrupt eve, September 18, at the Women in Tech (Crunch) reception.
  • Head to the Deal Flow Café, our brand-new investor-to-founder networking area.
  • Enhance your trip to San Francisco at After-Hours Events happening during Disrupt week throughout the city.
  • Meet like-minded travelers in the many engaging workshops, discussions, meetups and Q&A sessions in the expo.
  • Recharge and reconnect at the TechCrunch+ Lounge, where TC+ subscribers can network and chat with our writers and other special guests.

TechCrunch Disrupt 2023 runs September 19–21 in San Francisco. Founders, put yourself first. Buy your pass before prices go up on August 11, and you’ll save up to $600. This is the way!

Is your company interested in sponsoring or exhibiting at TechCrunch Disrupt 2023? Contact our sponsorship sales team by filling out this form.



from TechCrunch https://ift.tt/FMScDnw

Deal Dive: Cutting through the noise in a category clouded by catastrophic failure

Building a startup is hard enough but growing one in a category marred with Theranos-sized stigma is a new level of challenge. Vital Bio seems up for the test.

The Toronto-based startup is building a machine, VitalOne, that can perform more than 50 blood tests — covering nearly all of those considered routine — and get patient results back in 20 minutes, not multiple days. Co-founder and CEO Vasu Nadella said that he got interested in the space because he and his co-founders have watched family members deal with chronic illness and know that being able to get quick diagnostic results is crucial for treatment.

Plus, Nadella wanted to know why companies couldn’t seem to get the solution to this problem right. While Theranos failed for a variety of reasons, the other companies trying to build these quicker blood diagnostic tools had yet to ship products. He thought maybe he could crack the code.

The startup launched in 2019 and built quietly until it debuted its device at the American Association of Clinical Chemistry’s annual meeting — the industry’s “Super Bowl” — last Monday. Vital Bio also announced that it had raised $48 million in venture funding from Labcorp, Inovia Capital, Lachy Groom and Sam Altman, among others.

Nadella said the company has focused on making sure that its device produces accurate results and that when it does drift, they know how to prevent it from impacting the final diagnosis. He said the company waited to start talking about what it was up to until it felt it had enough to back up its claims.



from TechCrunch https://ift.tt/BJ9eTM2

Poco Pods announced with 12mm drivers, up to 30-hour playback

Xiaomi's Poco has announced its entry into the AIoT space in India with the launch of Poco Pods TWS earphones in the Asian country. The Poco Pods are budget wireless earphones that pack a 12mm driver in each bud and have an IPX4 rating. The Poco Pods have Bluetooth 5.3 connectivity, support Google Fast Pair, and are advertised with a latency of up to 60ms. The earphones come with Environmental Noise Cancellation (ENC) and only support SBC audio codec. The Poco Pods also support touch controls, allowing users to control their calls and music playback. You can answer the call and...



from GSMArena.com - Latest articles https://ift.tt/pc29I1H

Samsung to start production of its rumored Galaxy Ring next month

There's been a rumor doing rounds for the past year or so that Samsung is preparing a new smart wearable - a ring, possibly called Galaxy Ring. It's a fairly untapped smart wearable market, so it makes sense for Samsung to explore it. According to The Elec, the company has already finished the development process and will likely kickstart production next month. The Korean tech giant has reportedly secured its sourcing of the needed hardware and it just needs to decide when to start mass production. Although production is near, the release won't happen until 2024. Aside from the...



from GSMArena.com - Latest articles https://ift.tt/km9SriP

CISA’s security-by-design initiative is at risk: Here’s a path forward

The Biden administration’s 2023 National Cybersecurity Strategy identified structural shortcomings in the state of cybersecurity, calling out the failure of market forces to adequately distribute responsibility for the security of data and digital systems. Most prominently, the strategy seeks to “rebalance responsibility [for security] to those best positioned.”

Shortly after the strategy’s launch in March of this year, the Cybersecurity and Infrastructure Security Agency (CISA) kicked off an effort to “shift the balance of cybersecurity risk” by pushing firms to adopt security-by-design (SbD) practices, improving the safety and security of their products at the design phase and throughout their life cycle.

CISA director Jen Easterly’s announcement of these efforts appears to put CISA at the forefront of this rebalancing, addressing technology vendors’ incentives to underinvest in security through changes in how those firms design and deploy the products they sell. As the first substantive proposal from President Biden’s administration to effectuate this rebalancing since the launch of the strategy, the success or failure of the SbD initiative could be a bellwether for one of the strategy’s two fundamental ideas.

Success with SbD is at risk, however, both from the political challenges of implementing SbD practices and the threat of unrealistic expectations. This piece addresses both and highlights a path forward.

Political and structural headwinds

The politics of SbD implementation — which implicitly require a capacity to compel change in vendor practices, as well as the insight to design them — are treacherous ground for CISA, as the fast-growing agency is not a regulator. In time, it might become one, but current and past leadership insist that such responsibilities would be at odds with agency culture and its operational responsibilities.

The agency’s ability to support, build capacity, train, coordinate, and plan together with state, local, tribal and territorial entities, and industry stakeholders is rooted in its disposition as a trusted partner and neutral convener.

This means CISA should be only one of several federal agencies working to implement SbD, with cooperation from regulators like the Federal Trade Commission (FTC), a sharp and pointy complement to CISA’s open-handed approach. Otherwise, the SbD initiative could place CISA in a bind, trying to fix entrenched market incentive problems but without the ability to compel companies to act differently. CISA efforts to create accountability might undermine its attempts to generate goodwill.

Developing and defining a set of SbD practices that vendors can attest to, and that the U.S. government and other parties can verify or enforce, is a tremendous undertaking in and of itself. CISA must build SbD practices alongside an architecture for enforcement that sets clear roles for entities like the FTC, the Department of Defense, the Securities and Exchange Commission, and the General Services Administration.

The White House has responsibility here, too, and specifically the Office of the National Cyber Director, to guide this multi-agency effort within a strategy to manage the industry politics of shifting the incentives in this market — precisely what the office was designed, staffed, and organized to do. CISA’s focus must remain on enumerating and updating the essential SbD practices.

Just one piece of the puzzle

As we have argued before, “no strategy can address all sources of risk at once, but . . . silver bullets often trade rhetorical clarity for crippling internal compromises.” The SbD program could achieve deep, meaningful changes in how some of the largest technology vendors build services and products. Those changes would have material benefits for the security of every technology user.

However, cajoling all firms toward a comprehensive and uniform set of best practices is a fundamentally incompletable task.

Malicious actors perpetually seek new means of exploit; different sectors and system classes face different and unique challenges; and new technologies are prone to modes of failure, both new and unforeseen. Adopting certain new processes, rigorously enforcing them, and fixing existing incentives would still be a much-needed improvement over the current status quo.

However, adopting memory-safe languages or pushing large actors toward better risk management would not necessarily have prevented many significant vulnerabilities in recent memory, such as Log4Shell. To succeed, CISA will also need to understand how large technology companies build products and services — current industry practice is far from complete or perfect, but it is the baseline from which SbD hopes to drive change. Understanding that baseline is critical.

There is danger when rhetoric around shifting responsibility in cyberspace suggests that cybersecurity problems and challenges exist only because technology vendors cut corners or that all cybersecurity risk can be avoided by following a simple set of straightforward practices. The increasingly interconnected, dependent nature of software systems, as well as the variety of organizations and systems they connect to, creates risks all its own.

SbD is an important piece of managing this — the status quo of responsibility deferred to the user is broken — but describing SbD as a panacea risks creating backlash when insecurity inevitably persists.

It is clear CISA recognizes that success in SbD could be one of the most impactful policy interventions in cybersecurity in the last decade. It is also clear that the program, even in its most successful incarnation, will leave some problems unsolved. Specificity about the scope and goals of the program will help prevent its inevitable critics from distorting the debate into all-or-nothing terms.

Risk and opportunity

SbD — the first policy manifestation of the National Cybersecurity Strategy’s effort to shift responsibility — will not come about by sheer goodwill alone. CISA is not a regulator, and it must define a path for federal agencies that are regulators so that the implementation of SbD leverages the broader standards setting, enforcement, and regulatory powers of the federal government.

Shying away from direct government enforcement of these security practices risks consigning the effort to history, alongside many other “voluntary” and “industry-led” programs.

The growing and talented team at CISA have 18 months until January 2025, which will bring either the paralyzing tumult of transition or the still-chaotic maturation of a first-term administration into a second. The largest vendors that would participate in this program are not going anywhere and can afford to wait.

In this sense, CISA and the wider U.S. government’s cyber policy apparatus is on the clock. CISA must focus on the essential elements of SbD and organize, build, and engage with a clear deadline in mind. The clock is ticking.



from TechCrunch https://ift.tt/bZmJH05

Sony Xperia I V starts shipping in the US

The Sony Xperia I V, which was unveiled in May and was up for pre-orders in the US until now, is finally shipping in the States. It's priced at $1,400 in the US and comes in a single 12GB/256GB configuration. You can purchase it from Sony's official website or Amazon. The Sony Xperia I V is built around a 6.5" 120Hz OLED having 3,840x1,644-pixel resolution and Gorilla Glass Victus 2 protection. It's powered by the Snapdragon 8 Gen 2 SoC and runs Android 13 out of the box. Sony Xperia I V The Xperia I V features four cameras - 48MP primary (with OIS), 12MP telephoto (with OIS),...



from GSMArena.com - Latest articles https://ift.tt/Ytz0cFC

AMD announces Radeon RX 7900 GRE in China

AMD today announced the Radeon RX 7900 GRE desktop graphics. Although announced first in China, it seems the card will also be available globally. The RX 7900 GRE (which stands for Golden Rabbit Edition) is a cut-down version of the RX 7900 XT with some minor reductions to the GPU and significant reductions to the memory. Compared to the 7900 XT's 84 compute units, the 7900 GRE has 80. The game clock drops from 2000MHz to 1880MHz. The 20GB 20Gbps 320-bit memory drops down to 16GB 18Gbps 256-bit, which causes the memory bandwidth to drop from 800GB/s to 576GB/s. The Infinity...



from GSMArena.com - Latest articles https://ift.tt/CGa6Jf2

Friday, July 28, 2023

HerMD opening new women’s health clinics following $18M extension

Women’s healthcare got another capital infusion today in HerMD, which announced $18 million in additional Series A funding, showing that this area continues to be of interest to investors.

My colleague Dominic-Madori Davis reported earlier this year that women’s health companies raised about $1.16 billion in 2022. Though down from $1.41 billion in 2021, this is still a vast improvement over the $496 million raised in 2020, according to PitchBook data.

Somi Javaid, HerMD

Dr. Somi Javaid, founder and chief medical officer of HerMD. Image Credits: HerMD

HerMD is among a group of companies (for example, Herself Health, Tia Health, Vira Health and Adyn) providing care options specifically for women, at all stages of their lives, and attracting venture capital for their approaches.

Founder and chief medical officer Dr. Somi Javaid opened the first HerMD location in 2015 in Cincinnati to help change the notion that less than 20% of OBGYNs are trained in menopause and sexual health care. She later brought on Kathy McAleer as CEO in 2022.

The company offers comprehensive women’s healthcare, either in-person or virtual, and one of its differentiators is that the average appointment is between 20 and 60 minutes. All medical services are insurance- and Medicare-based. In addition, HerMD provides aesthetic services, including facial injectables and body treatments.

To address the lack of training, the company created the HerMD University that centers around proprietary algorithms of care to take providers from classroom to clinic. Providers are able to attend health conferences around menopause and sexual health and participate in monthly meetings.

“The first thing we had to fix was the educational component,” Javaid told TechCrunch. “Some providers have told us that they get more education in the first couple of weeks at HerMD University than they have in their entire career. Then we had to give our providers and patients more time.”

HerMD has around 20 providers between its clinics in Cincinnati, Franklin, Tennessee and Carmel, Indiana and is consistently seeing a waitlist of approximately 500 patients leading up to a clinic opening.

One of the areas that Javaid also focuses on is provider experience, explaining that many providers have become burned out in recent years amid the failings of the existing U.S. healthcare system.

“We’re in this era where we may lose 47% of our workforce by 2025 because of burnout from COVID, because of lack of mission-driven work and because female providers feel like they can’t climb the ladder as well and there’s a pay gap,” Javaid said. “We don’t have any of that at HerMD — it’s equal opportunity. You want to climb the ladder, you climb a ladder. And we give work-life balance, so we have almost zero turnover.”

Meanwhile, the Series A extension was led by existing investor JAZZ with participation from Amboy Street Ventures and B-Flexion. The new investment brings HerMD’s total funding to nearly $30 million.

With the funding, the company will expand its brick-and-mortar locations, including the first in the New York City area and a second Nashville-area clinic. HerMD will also continue developing its virtual services and HerMD University and grow its team — Javaid said there are 100 providers eager to join. The company will also launch mental health services and invest in the latest technologies around sexual health and menopause.

“We will also be introducing e-commerce and physician-curated products,” Javaid said. “Hospital-based systems, and relationships like that, is another thing that we would love to do. We rely on hospitals for imaging, primary care and obstetric and oncology care, but a lot of hospital systems say they struggle because their providers aren’t trained in menopause and sexual health. They need a partner like us, and I see HerMD having over 200 clinics in the future.”



from TechCrunch https://ift.tt/jOyhHMd

Cyber insurance audit: Painful necessity, or a valuable opportunity?

Not that long ago, few companies even considered purchasing insurance to mitigate their financial exposure from a cyber incident, and for those that did, obtaining a policy was as easy as filling out an application and writing a check. Those days are now squarely in the rearview mirror. Today, companies everywhere are rushing to get cyber insurance — the value of the global cyber insurance market reached $13.33 billion in 2022 and is projected to soar to $84.62 billion by 2030.

However, the increased number of policies combined with the sharp uptick in costly attacks led to higher costs for cybersecurity insurance providers. To stem their losses, insurance companies now often require proof that an organization has implemented a variety of security measures in order to be eligible to purchase a policy.

Rather than resisting or resenting risk assessments from potential cyber insurance vendors, IT leaders should regard them as an opportunity to strengthen their organization’s security posture.

Cyber insurance involves risk assessment

Across the insurance industry, policy requirements and premiums vary according to risk assessment. For instance, installing an anti-theft system might reduce the cost of insuring an expensive sports car. A person living in a flood plain can expect to pay more for a homeowner’s policy than someone with a similar house on higher ground — or they might not be able to purchase a policy at all, as homeowners in states like Florida are discovering.

It is the same for cyber insurance. An insurance provider may impose more security demands on a company that hosts large volumes of personally identifiable information (PII) than it does for a company of similar size with far less PII. And organizations that lack sufficient security controls to bring risk down to a level acceptable to an insurance provider might not be eligible for any policy at any price.

What cyber insurance actually covers

The main focus of cyber insurance is obviously on covering the financial risks of an incident. Typically, you can expect the insurance to cover the firsthand costs to the business that are the direct result of the cyber event, such as:

  • Forensic analysis and incident response. Some insurers require that you engage specific managed incident response services.
  • Recovery of data and systems caused by actual loss and destruction.
  • Cost of the downtime due to the cyber event.
  • Costs incurred from sensitive data breaches, such as handling PR activities, notifying impacted clients, or even providing credit monitoring services to customers.
  • Legal services and certain types of liability for regulated data, including covering the costs of the civil lawsuits.

It is important to note that insurance rarely or never covers some of the longer-lasting impacts of the event, such as any future profit loss due to theft of intellectual property or the need to invest in cybersecurity program improvements after the event.

There is no consensus on reimbursement for paying a ransom. Not all insurers cover this type of expense. Some experts argue that it can encourage further attacks and fund criminal activities. In some jurisdictions, the discussion is going back and forth on whether paying ransom should be banned altogether.

As with any insurance policy, you can expect extra clauses. These may include the top amount they cover, the requirement to go through a due process with the law enforcement agencies, or involvement in professional ransom-negotiation services.

The must-have security measures for cyber insurance

A recent Netwrix study reveals useful details about the process of qualifying for cyber insurance today. It found that 50% of organizations with cyber insurance implemented additional security measures either to meet the requirements of the policy they selected or to simply be eligible for a policy at all. The figure below shows the specific requirements they reported having to meet:

Image Credits: Netwrix/Netwrix Hybrid Trends Security Report 2023

Don’t take this list as comprehensive or authoritative. For instance, implementing MFA does not necessarily mean requiring MFA for all users; an insurer might require additional authentication only for users with privileged access to sensitive data and systems. In addition, remember that these controls are interrelated. For example, in order to require MFA for access to particular types of data, you need to know where sensitive and regulated data resides and have control over user and administrative privileges.



from TechCrunch https://ift.tt/ZpIjadS