THE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED

Size: px
Start display at page:

Download "THE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED"

Transcription

1 THE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED

2 THE CYBER SECURITY PLAYBOOK 2 03 Introduction 04 Changing Roles, Changing Threat Landscape 10 Step 1: Preparing For A Breach CONTENTS 14 Step 2: Dealing With A Breach 16 Step 3: Regrouping After A Breach 18 Conclusion 19 A Checklist For Directors And Executives

3 THE CYBER SECURITY PLAYBOOK 3 A rash of recent high-profile data breaches among well-known companies has drawn attention to the critical role that corporate directors play in cyber security. Boards are increasingly involved in assessing the risk, improving the security profile of the companies they advise, and managing the consequences of a breach. But as directors are quickly learning, there s no one-sizefits-all playbook for dealing with serious data breaches. Every incident and every organization is unique. INTRODUCTION Still, there are important steps boards can and should take to prepare for and respond effectively to cyber attacks. Consider this guide a starting point. It draws on our extensive experience helping companies prepare for and combat cyber attacks. And it provides some best practices to follow for directors and top executives thrust into the new and unfamiliar role of security leaders. This guide is designed to help you forge an action plan to follow before, during, and after a breach. The goal: better, protect your company s most valuable assets and minimize the damage to the company and its reputation when a breach occurs. INTRODUCTION CHANGING ROLES, CHANGING THREAT LANDSCAPE PREPARING FOR A BREACH

4 THE CYBER SECURITY PLAYBOOK 4 CHANGING ROLES, CHANGING THREAT LANDSCAPE

5 THE CYBER SECURITY PLAYBOOK 5 Expectations about the board s responsibilities for cyber security are changing as attacks become more prevalent and public disclosures become more common. Security breaches are no longer just possible. They are inevitable. That s because attackers tactics change faster than security teams can adapt to them. More than a third of auditors surveyed in a 2014 study said their boards were minimally involved in cyber security preparedness, and nearly 15% weren t sure about their board s involvement (see Figure 1). 1 But more than two-thirds agree that boards perception of cyber risk has increased or was already at a high level (see Figure 2). 2 RESPONSE COUNT Actively Involved 14.1% 267 Involved 34.9% 662 Minimally Involved 36.1% 686 Not answered 14.9% 283 RESPONSE Has been at a high level Increased significantly 8.5% 18.7% COUNT Increased 40.8% % Decreased 38 Figure 1: How involved was the board during the last fiscal year regarding a specific action or request on cyber security preparedness? MINIMALLY INVOLVED 36.1% Figure 2: How would you characterize the board s perception of cybersecurity risks over the last one to two years? INCREASED 40.8% Decreased significantly 1.1% 20 No change 28.9% The Institute of Internal Auditors Research Foundation. Cybersecurity: What the Board of Directors Needs to Ask. 2 Ibid. Not answered 45 Source: The Institute of Internal Auditors Research Foundation

6 THE CYBER SECURITY PLAYBOOK 6 THE AVERAGE ANNUAL COST OF CYBER-CRIME IN 2014 GLOBALLY THE AVERAGE ANNUAL COST OF CYBER CRIME IN 2014 FOR U.S. ALONE $6 million 9% from 2013 $12.7million 10% from 2013 While attackers have to succeed once, security teams must be right 100% of the time. That objective is unrealistic. But the board can help companies match their security posture to the risks they face. There s got to be a standard of care, and a board essentially wants to make sure that they re going to meet that standard of care, says FireEye President Kevin Mandia. That standard of care varies by industry be it health care, government, financial services, or utilities. Within those categories, different rules and standards apply. The federal Health Insurance Portability and Accountability Act (HIPAA) governs how healthcare firms handle patient data, for example. And the Payment Card Industry (PCI) standard applies to credit card issuers, banks and other such firms. These standards evolve as new threats and security technologies emerge. A bigger financial impact When security breaches happen, they have a larger financial impact on victims than they have had in the past. The average annual cost of cyber crime to a sample of global companies in 2014 was $6 million, according to a Ponemon Institute report. 3 That s a 9% jump from in For the U.S. alone, the average annual cost hit $12.7 million in That s up 10% from in There s got to be a standard of care, and a board essentially wants to make sure that they re going to meet that standard of care. KEVIN MANDIA President, FireEye Inc. 3 Ponemon Institute Cost of Cyber Crime Study: United States.

7 THE CYBER SECURITY PLAYBOOK 7 The costs rose because the attacks grew more sophisticated and took longer to resolve, Ponemon found. In 2014, the average time it took to contain a cyber attack was 31 days at an average cost of $639,462. That was up 23% from the $509,665 to remediate an incident that lasted 27 days a year earlier. In other words, time is money THE AVERAGE TIME IT TOOK TO CONTAIN A CYBER ATTACK WAS: 27 days THE AVERAGE TIME IT TOOK TO CONTAIN A CYBER ATTACK WAS: 31 days AVERAGE COST: $509,665 AVERAGE COST: $639,462 23%

8 THE CYBER SECURITY PLAYBOOK 8 Companies sought to increase security by acquiring the following technology, in order of most expensive to least: Security incident and event management (SIEM) systems Intrusion prevention systems (IPS) Application security testing Enterprise governance, risk management and compliance (GRC) tools Breached companies risk financial and customer data along with damage to their network and other IT infrastructure. Also vulnerable are intellectual property, bid data, legal strategies, and information about potential mergers and acquisitions. Companies in certain sectors also face fines for not complying with security rules. While calculating the direct cost of a breach is difficult enough, it can also impose indirect costs. That can include damaging companies reputations and souring customer loyalty. If a major retail chain suffers a breach and customer credit card data is exposed, the business could lose money if customers no longer shop there. In another situation, a health insurer could suffer a customer backlash if a breach exposed personal medical information. A higher standard of care Directors also face increased liability for how they act or fail to act during a breach. Some recent high profile breaches have prompted lawsuits against directors for fiduciary duty breaches and calls to remove them from boards. The increased risk and impact of security breaches is prompting more boards to change their governance structure to improve accountability. While most boards already have an audit committee usually made up of the best and most experienced directors it may not be fully capable of addressing the specific risk of a cyber attack. Many companies create a privacy and security committee to go beyond the scope of a typical audit committee by including more tech-savvy members.

9 THE CYBER SECURITY PLAYBOOK 9 FIVE GUIDING PRINCIPLES 3 Boards should have adequate access to cyber security expertise, and discussions about cyber risk management should be given regular time on the board meeting agenda. The National Association of Corporate Directors (NACD) recommends five guiding principles for what a board response plan should address. Directors need to understand and approach cyber security as an enterprise-wide risk-management issue, not just an IT issue. 1 4 Directors should make sure that management establishes an enterprisewide risk management framework with adequate staffing and budget. Directors should understand the legal implications of cyber risks as they relate to their company s specific circumstances. 2 5 The board and management should identify which risks to avoid, accept, mitigate, or transfer through insurance, as well as specific plans associated with each approach. Source: Cyber-Risk Oversight Executive Summary, Director s Handbook Series 2014 Edition

10 THE CYBER SECURITY PLAYBOOK 10 PREPARING FOR A BREACH

11 THE CYBER SECURITY PLAYBOOK 11 Preparing for a breach should be a part of the daily security routine of a company. The board must be sure that the company continually monitors its networks and systems for signs of a breach. The company should draw up a detailed incident response plan for the board to review, outlining who does what when an attack is detected. Among other things, the incident response plan should designate a person or persons in the company to serve as the liaison between the company and the board the chief information security officer (CISO), for example. And the company should frequently test the plan and address any problems that arise. The NIST Security Framework Directors are elected to advise the company in all facets of business operation financial, strategic, legal, regulatory, and more. They apply principles based on their wisdom, experience, and ethics. As boards contemplate their expanding role in cyber security, they should consider additional principles. The NIST Cyber Security Framework, established in 2014 by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce, is a useful guide. While most companies are not required to observe the NIST Cybersecurity Framework, industry leaders regard it as an important template for directors and executives to embrace. Directors apply principles based on their wisdom, experience, and ethics. As boards contemplate their expanding role in cyber security, they should consider additional principles.

12 THE CYBER SECURITY PLAYBOOK 12 IDENTIFY FIVE KEY CAPABILITIES OF THE NIST FRAMEWORK RECOVER NIST Security Framework PROTECT RESPOND DETECT IDENTIFY PROTECT DETECT RESPOND RECOVER The company, with guidance from the board, should develop the understanding to manage the cyber security risk to systems, assets, data, and capabilities. This would address issues such as risk assessment, asset management, and governance. Develop and implement the appropriate safeguards to ensure delivery of services. This would include measures such as access control, data security, training, processes, and procedures. Develop and implement the appropriate systems to identify the occurrence of a cyber security event as soon as possible, preferably before others see it. This kind of vigilance depends on continuous monitoring and detection processes. Develop and carry out the appropriate actions to take once a cyber security event is underway. These include response planning, communications, analysis, mitigation, and other improvements. Develop and carry out the appropriate activities to restore any capabilities or services that were impaired due to a cyber security event. The focus should be to maintain resilience for the network and protect it from further attacks.

13 THE CYBER SECURITY PLAYBOOK 13 Creating a privacy and security committee To help protect against cyber security risks, consider creating a privacy and security committee. Give it responsibility for protecting the privacy of corporate and customer data on the network and securing it from intruders. The committee tasked with cyber security should make sure the company is spending the right amount of money on security technology including solutions built for advanced threats. Creating a committee dedicated to privacy and security demonstrates to the outside world that you take cyber security seriously. It creates accountability. And in the event of a security incident, it shows you are paying attention to it. But a privacy and security committee may not be the right answer for all companies. Many firms already have an IT or IT governance committee. In those cases, cyber security may be handled by that body rather than going through the time and expense of forming yet another committee. Regardless of the committee structure, the chief point of interaction between the board and the company when it comes to security but by no means the only one should be the CISO. The board is responsible for defining the company s risk posture. The CISO should tell the board what he or she is doing to maintain this risk posture. The board may also want to engage a third party from time to time to look for hidden vulnerabilities or even active compromises lurking in the company s environment. These outside assessments can serve as an extra check on the CISO s work. If your company doesn t have a CISO, the CIO would be the next most logical position to handle these duties. Making the right investments In another example of increased corporate attention to cyber threats, more and more public companies in the U.S. are identifying cyber threats as a risk factor in their 10-K filings with the SEC. The SEC also requires that boards disclose material cyber security risks in their 10-Ks while leaving it up to the board how to define which risks are material. The committee tasked with cyber security should make sure the company is spending the right amount of money on security technology including solutions built for advanced threats. But even the strongest security won t prevent all breaches. That s why your company may also want to consider cyber insurance. Directors and officers (D&O) insurance protects directors and officers from personal liability for their corporate actions. But today, that insurance also needs to protect them from additional liability associated with a cyber attack. Companies should carefully examine D&O policy language for exclusions for cyber attacks. And they should understand that D&O coverage doesn t protect the company itself from breach liability. That means the company must decide what additional insurance it needs for cyber losses and what losses it can absorb on its own.

14 THE CYBER SECURITY PLAYBOOK 14

15 THE CYBER SECURITY PLAYBOOK 15 Attackers routinely compromise companies despite their sustained and responsible investments in security. When hit, companies need to have a plan in place to guide their response. Each incident is unique. The board plays a crucial role in overseeing a company s response to a security incident especially the communication strategy. The board can sometimes act as a conduit for information between different groups within the company and external stakeholders including customers, partners, and regulators. In 69% of the incidents we responded to last year, the targeted company learned about the breach from a third party, such as law enforcement or a partner. The reality is that keeping knowledge of the breach inside your company is seldom possible these days. Boards need a communication strategy in place before they face an incident. Dealing with disclosure In the wake of a breach, companies have to determine whether they are subject to laws requiring them to disclose the incident. Many U.S. states and several foreign countries have laws that require breach disclosure, depending on the industry and the type of data compromised. Most companies will consult their board before disclosing the incident. The key for the company is not to assume facts it cannot verify. Disclose only what you know. In some cases, companies have been too quick to disclose information, in the interest of openness, only to have those facts contradicted when more information came out later. While the media and customers often want answers immediately, a full investigation may take weeks or months. Some facts can often be disclosed safely early on in an investigation. Other facts take more time to confirm. The most basic facts that victims typically disclose are things such as the earliest signs of compromise or when an attacker first gained access to your environment. As you uncover the scope and length of a compromise, you can begin to provide other details, such as the number of customers affected or potential data lost. These details should emerge from the solid facts your investigators uncover. The board plays a crucial role in overseeing a company s response to a security incident especially the communication strategy. Every situation is unique Once legal notification obligations are met, your approach to disclosure can also depend on who you are. For high profile companies with a sizable social media presence think Facebook or Google the urgency of acknowledging a breach may be greater than for an auto parts supplier that may be able to take more time to disclose the incident. Work closely with your legal counsel to make sure your disclosures comply with applicable law. And work with your public relations team to communicate with customers and partners in a way that helps minimize any backlash.

16 THE CYBER SECURITY PLAYBOOK 16

17 THE CYBER SECURITY PLAYBOOK 17 Once the company has resolved the breach and kicked out the attackers, executives and the board move on to damage control both literally and figuratively. The security team will usually remove any malware, reimage infected systems, and consider ways to strengthen the company s defenses. Your counsel should be involved in the remediation efforts as well to ensure that the company preserves evidence and properly preserves records and other information that may be required in a lawsuit. Bolstering your defenses The company will need to update its security programs and processes based on lessons learned during the breach. This might include an outside assessment of the security program. The board should also be involved in reviewing the incident and the response much like an NFL team replays video of last Sunday s game to see where the company made mistakes. The review should determine whether the company made the right investments in security and took the right security posture. The goal of the remediation effort is to repair and reinforce your IT Infrastructure so that breaching the network in the same way again is much more difficult. Damage control not just for systems Damage control also extends to repairing the company s reputation with its customers, partners, regulators, and the media. When a breach happens, shareholders and outside observers will call the company to account leaving no distinction between directors and executives. Both must communicate professionally and with candor to reassure the public. The company needs to explain how it is improving its security posture to prevent the breach from reoccurring. Work with your counsel and public relations team to ensure your public statements are consistent, accurate, and properly timed. While measuring the impact of a breach on a company s reputation can be hard to quantify, we get some indication of it from the Ponemon Institute s U.S Cost of Cyber Crime Study cited earlier. Ponemon states that the average customer churn rate after a breach rose 15% over the previous year. The churn rate refers to the number of new customers a company gains versus the number it loses in a given period. That s what makes a company s response to a breach so important. When attackers steal credit card numbers or personally identifiable information (PII), companies often try to win back customers trust by offering a year of free credit monitoring to mitigate any possible damage. As a gesture of goodwill, one U.S. retailer briefly also gave customers a 10% discount on any purchases made after it suffered a breach. 4 4 Target. A Message from CEO Gregg Steinhafel about Target s Payment Card Issues. December 2013.

18 THE CYBER SECURITY PLAYBOOK 18 Over the last year or so, cyber security has become a board-level issue. In the past, companies that complied with the applicable rules could withstand public scrutiny when they suffered a breach. That is no longer the case. Investors and regulators are holding corporations and their boards to a higher standard. Where money and secrets go, attackers quickly follow. As companies get more connected to their customers and their partners, they have created new opportunities for attackers to compromise their systems and steal valuable data. The role of directors is to protect shareholder interests. Cyber security breaches threaten those interests today as never before, forcing the issue into the boardroom whether or not directors want it there. Fortunately, there are reasonable steps and best practices that directors can adopt before, during, and after a breach to ensure they fulfill their responsibilities to protect their companies and their shareholders. To learn more about how your board and top executives can help prepare for, respond to, and rebound from cyber breaches, visit

19 THE CYBER SECURITY PLAYBOOK 19 A CHECKLIST FOR DIRECTORS

20 THE CYBER SECURITY PLAYBOOK 20 BEFORE AN INCIDENT Stay current on the latest threats and cyber security best practices. Research, design, and deploy security technology. Consider access control, data security, training, processes, and procedures. Ensure the response plan covers communications, analysis, mitigation, and other critical tasks. Discuss with counsel whether you should disclose cyber security risk factors in the company s SEC 10-K filings, if public. Designate a board committee tasked with cyber security responsibilities. Establish links between board and C-level executives, especially CIO and CISO. Develop and deploy the appropriate systems to identify a cyber security event as soon as possible. Run practice drills to test the plan and revise it as needed. Obtain liability insurance specifically covering cyber security risk for directors and officers as well as for the corporation. Identify the firm s security posture and the risks to the company. Assess the company s systems, assets, data, and capabilities. And identify risks unique to your industry. Create an incident response plan that lays out who reports to whom. Build in contingencies in case some people are unavailable at the time of an incident. Establish a recovery plan to restore any capabilities or services impaired by a breach and to protect the company from further attacks. To limit the company s liability in certain kinds of attacks, consider cyber security vendors certified by U.S. Department of Homeland Security s SAFETY ( Support Anti-Terrorism By Fostering Effective Technologies ) Act.

21 THE CYBER SECURITY PLAYBOOK 21 DURING AN INCIDENT Oversee an incident response. Serve as a conduit between incident responders within the company and external stakeholders including customers, partners, and regulators. Understand that news of the incident usually comes to the company from outsiders, such as law enforcement or partner companies. Keeping the event under wraps is no longer very likely. Work closely with your legal counsel and public relations team to advise C-level executives about how to disclose incident details, especially to news media. Don t disclose facts until they ve been verified. Stay in touch with your response team to assist as needed during response and through remediation.

22 THE CYBER SECURITY PLAYBOOK 22 AFTER AN INCIDENT After a breach has been repaired, intruders ejected, and systems restored, assist in damage control to fix the company s infrastructure and reputation. Review incident response to assess how it went. Identify weaknesses in equipment, systems, and procedures to determine where to make improvements. With guidance from your legal counsel, determine how to make customers whole if their data was exposed or stolen. Consider offering free credit monitoring, issuing new account numbers, and so on. Identify the churn rate the number of customers who left versus the number of new customers acquired. Counsel can advise as to any consumer remedies required by law. Disclaimer: The information presented here is not meant to constitute legal advice. Every situation is unique; this guide is not a substitute for experienced legal counsel or cyber security expertise. FireEye strongly recommends consulting legal and security professionals when mapping out a cyber defense strategy and responding to incidents.

23 To learn more about how your board and top executives can help prepare for, respond to, and rebound from cyber breaches, visit FireEye, Inc McCarthy Blvd. Milpitas, CA FIREEYE ( ) FireEye, Inc. All rights reserved. FireEye is a trademark of FireEye, Inc. All other brands, products, or service names are or may be trademarks or service marks of their respective owners. EB.CSP.EN-US091105

What SMBs Don t Know Can Hurt Them Perceptions vs. Reality in the New Cyber Threat Landscape

What SMBs Don t Know Can Hurt Them Perceptions vs. Reality in the New Cyber Threat Landscape What SMBs Don t Know Can Hurt Them Perceptions vs. Reality in the New Cyber Threat Landscape Contents Introduction 2 Many SMBs Are Unaware Of Threats 3 Many SMBs Are Exposed To Threats 5 Recommendations

More information

Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am

Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am 1 of 7 5/8/2014 7:34 PM Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am Editor s Note: David A. Katz is a partner at Wachtell, Lipton, Rosen & Katz specializing

More information

CYBERSECURITY: Is Your Business Ready?

CYBERSECURITY: Is Your Business Ready? CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring

More information

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison Gary Solway* Bennett Jones LLP The August release of the purported names and other details of over 35 million customers

More information

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks White Paper Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks A Guide for CIOs, CFOs, and CISOs White Paper Contents The Problem 3 Why You Should Care 4 What You Can Do About It

More information

CYBER INSURANCE: A GROWING IMPERATIVE WHAT IT IS AND WHY YOU SHOULD CONSIDER IT

CYBER INSURANCE: A GROWING IMPERATIVE WHAT IT IS AND WHY YOU SHOULD CONSIDER IT CYBER INSURANCE: A GROWING IMPERATIVE WHAT IT IS AND WHY YOU SHOULD CONSIDER IT W H I T E PA P E R EXECUTIVE SUMMARY CYBER CRIME IS A GROWTH INDUSTRY. THE RETURNS ARE HIGH AND THE RISKS TO THE CRIMINALS

More information

WRITTEN TESTIMONY OF

WRITTEN TESTIMONY OF WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you

More information

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom kpmg.bm Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom 1 Connecting the dots:

More information

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015 Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key

More information

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security

More information

CFO Changing the CFO Mindset on Cybersecurity

CFO Changing the CFO Mindset on Cybersecurity CFO Changing the CFO Mindset on Cybersecurity What CFOs don t know can hurt their bottom line Despite increasing cybersecurity involvement, too many CFOs still lack the cyber-savvy necessary to get ahead

More information

the evolving governance Model for CYBERSECURITY RISK By Gary owen, Director, Promontory Financial Group

the evolving governance Model for CYBERSECURITY RISK By Gary owen, Director, Promontory Financial Group the evolving governance Model for CYBERSECURITY RISK By Gary owen, Director, Promontory Financial Group 54 Banking PersPective Quarter 2, 2014 Responsibility for the oversight of information security and

More information

OVERVIEW. With just 10,000 customers in your database, the cost of a data breach averages more than $2 million.

OVERVIEW. With just 10,000 customers in your database, the cost of a data breach averages more than $2 million. Security PLAYBOOK OVERVIEW Today, security threats to retail organizations leave little margin for error. Retailers face increasingly complex security challenges persistent threats that can undermine the

More information

White Paper on Financial Industry Regulatory Climate

White Paper on Financial Industry Regulatory Climate White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during

More information

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

Defensible Strategy To. Cyber Incident Response

Defensible Strategy To. Cyber Incident Response Cyber Incident Response Defensible Strategy To Cyber Incident Response Cyber Incident Response Plans Every company should develop a written plan (cyber incident response plan) that identifies cyber attack

More information

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.

More information

Anatomy of a Hotel Breach

Anatomy of a Hotel Breach Page 1 of 6 Anatomy of a Hotel Breach Written by Sandy B. Garfinkel Monday, 09 June 2014 15:22 Like 0 Tweet 0 0 Data breach incidents have dominated the news in 2014, and they are only becoming more frequent

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

Cyberprivacy and Cybersecurity for Health Data

Cyberprivacy and Cybersecurity for Health Data Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies

More information

October 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches

October 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies

More information

Managing cyber risks with insurance

Managing cyber risks with insurance www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive

More information

Exercising Your Enterprise Cyber Response Crisis Management Capabilities

Exercising Your Enterprise Cyber Response Crisis Management Capabilities Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.

More information

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems

U.S. Office of Personnel Management. Actions to Strengthen Cybersecurity and Protect Critical IT Systems U.S. Office of Personnel Management Actions to Strengthen Cybersecurity and Protect Critical IT Systems June 2015 1 I. Introduction The recent intrusions into U.S. Office of Personnel Management (OPM)

More information

An Executive Brief for Network Security Investments

An Executive Brief for Network Security Investments An Executive Brief for Network Security Investments Implementing network security resilience is one of the few things that you can do that will: Protect company brand value Decrease operational costs Preserve

More information

7 th Annual Information Security Summit The Executive Forum. Information Security Management Overview

7 th Annual Information Security Summit The Executive Forum. Information Security Management Overview 7 th Annual Information Security Summit The Executive Forum Information Security Management Overview June 4, 2015 Copyright 2015. Citadel Information Group. All Rights Reserved. 2 Establishing Leadership.

More information

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system

More information

Is Your Company Ready for a Big Data Breach?

Is Your Company Ready for a Big Data Breach? Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication

More information

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14 www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the

More information

The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session

The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session The NIST Cybersecurity Framework (CSF) Unlocking CSF - An Educational Session Robert Smith Systemwide IT Policy Director Compliance & Audit Educational Series 5/5/2016 1 Today s reality There are two kinds

More information

Cybersecurity: A View from the Boardroom

Cybersecurity: A View from the Boardroom An Executive Brief from Cisco Cybersecurity: A View from the Boardroom In the modern economy, every company runs on IT. That makes security the business of every person in the organization, from the chief

More information

Cloud Computing Contract Clauses

Cloud Computing Contract Clauses Cloud Computing Contract Clauses Management Advisory Report Report Number SM-MA-14-005-DR April 30, 2014 Highlights The 13 cloud computing contracts did not address information accessibility and data security

More information

$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP

$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!

More information

Cyber Risks in the Boardroom

Cyber Risks in the Boardroom Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing

More information

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime? Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies

More information

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.

More information

The NIST Cybersecurity Framework Encouraging NIST Adoption Via Cost/Benefit Analysis

The NIST Cybersecurity Framework Encouraging NIST Adoption Via Cost/Benefit Analysis The NIST Cybersecurity Framework Encouraging NIST Adoption Via Cost/Benefit Analysis Paul A. Ferrillo March 2015 The NIST Cybersecurity Framework Encouraging NIST Adoption Via Cost Benefit Analysis Until

More information

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Data Breach Cost. Risks, costs and mitigation strategies for data breaches Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,

More information

Developing National Frameworks & Engaging the Private Sector

Developing National Frameworks & Engaging the Private Sector www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012

More information

Managing data security and privacy risk of third-party vendors

Managing data security and privacy risk of third-party vendors Managing data security and privacy risk of third-party vendors The use of third-party vendors for key business functions is here to stay. Routine sharing of critical information assets, including protected

More information

Cybersecurity: Protecting Your Business. March 11, 2015

Cybersecurity: Protecting Your Business. March 11, 2015 Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks

More information

Cyber Security Risk Management

Cyber Security Risk Management Cyber Security Risk Management For November 6, 2014 Jim Halpert Co-Chair Global Privacy & Security Practice jim.halpert@dlapiper.com Trends Point of Sale Attacks Malware Skimming Industrial Control Systems

More information

Collateral Effects of Cyberwar

Collateral Effects of Cyberwar Your texte here. Collateral Effects of Cyberwar by Ilia Kolochenko for Geneva Information Security Day 9 th of October 2015 Quick Facts and Numbers About Cybersecurity In 2014 the annual cost of global

More information

Cybersecurity y Managing g the Risks

Cybersecurity y Managing g the Risks Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking

More information

BIG SHIFT TO CLOUD-BASED SECURITY

BIG SHIFT TO CLOUD-BASED SECURITY GUIDE THE BIG SHIFT TO CLOUD-BASED SECURITY How mid-sized and smaller organizations can manage their IT risks and meet regulatory compliance with minimal staff and budget. CONTINUOUS SECURITY TABLE OF

More information

Who s next after TalkTalk?

Who s next after TalkTalk? Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many

More information

BOARD OF GOVERNORS MEETING JUNE 25, 2014

BOARD OF GOVERNORS MEETING JUNE 25, 2014 CYBER RISK UPDATE BOARD OF GOVERNORS MEETING JUNE 25, 2014 EXECUTIVE SUMMARY Cyber risk has become a major threat to organizations around the world, as highlighted in several well-publicized data breaches

More information

AlienVault for Regulatory Compliance

AlienVault for Regulatory Compliance AlienVault for Regulatory Compliance Overview of Regulatory Compliance in Information Security As computers and networks have become more important in society they and the information they contain have

More information

The Business Case for Security Information Management

The Business Case for Security Information Management The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un

More information

Cyber Risks Connect With Directors and Officers

Cyber Risks Connect With Directors and Officers Cyber Risks Connect With Directors and Officers Implications of the New SEC Guidance on Cyber Security February 2012 Lockton Companies, LLC The Securities and Exchange Commission (SEC) has changed the

More information

Cyber and Data Risk What Keeps You Up at Night?

Cyber and Data Risk What Keeps You Up at Night? Legal Counsel to the Financial Services Industry Cyber and Data Risk What Keeps You Up at Night? December 10, 2014 Introduction & Overview Today s Discussion: Evolving nature of data and privacy risks

More information

2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security

2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security 2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009

More information

SMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015

SMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015 SMB Data Breach Risk Management Best Practices By Mark Pribish February 19, 2015 Presentation Agenda About Mark Pribish Information Governance The Threat Landscape Data Breach Trends Legislative and Regulatory

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies

More information

PRIORITIZING CYBERSECURITY

PRIORITIZING CYBERSECURITY April 2016 PRIORITIZING CYBERSECURITY Five Investor Questions for Portfolio Company Boards Foreword As the frequency and severity of cyber attacks against global businesses continue to escalate, both companies

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

COMPETITION TRIGGERS BATTLE FOR TALENT AND ACQUISITIONS

COMPETITION TRIGGERS BATTLE FOR TALENT AND ACQUISITIONS 2015 www.bdo.com For more information on BDO USA s service offerings to this industry vertical, please contact one of the regional service leaders below: TIM CLACKETT Los Angeles 310-557-8201 / tclackett@bdo.com

More information

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response

Cybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response Cybersecurity and Hospitals What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response This resources was prepared exclusively for American Hospital Association members by Mary

More information

cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You!

cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You! cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You! Cybersecurity is all over the news. Target, University of Maryland, Neiman

More information

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH Andy Watson Grant Thornton LLP. All rights reserved. CYBERSECURITY 2 SURVEY OF CHIEF AUDIT EXECUTIVES (CAEs) GRANT THORNTON'S 2014 CAE SURVEY Data privacy and

More information

Healthcare Security: Improving Network Defenses While Serving Patients

Healthcare Security: Improving Network Defenses While Serving Patients White Paper Healthcare Security: Improving Network Defenses While Serving Patients What You Will Learn Safeguarding the privacy of patient information is critical for healthcare providers. However, Cisco

More information

Jefferson Glassie, FASAE Whiteford, Taylor & Preston

Jefferson Glassie, FASAE Whiteford, Taylor & Preston Jefferson Glassie, FASAE Whiteford, Taylor & Preston 2 * 3 PII = An individuals first name and last name or first initial and last name in combination with any one or more of the following data elements

More information

The Importance of Senior Executive Involvement in Breach Response

The Importance of Senior Executive Involvement in Breach Response The Importance of Senior Executive Involvement in Breach Response Sponsored by HP Enterprise Security Services Independently conducted by Ponemon Institute LLC Publication Date: October 2014 The Importance

More information

Brief. The BakerHostetler Data Security Incident Response Report 2015

Brief. The BakerHostetler Data Security Incident Response Report 2015 Brief The BakerHostetler Data Security Incident Response Report 2015 The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 the year of the

More information

Middle Class Economics: Cybersecurity Updated August 7, 2015

Middle Class Economics: Cybersecurity Updated August 7, 2015 Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest

More information

How GCs And Boards Can Brace For The Cybersecurity Storm - Law360

How GCs And Boards Can Brace For The Cybersecurity Storm - Law360 Page 1 of 6 Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com How GCs And Boards Can Brace For The Cybersecurity

More information

Cyber Security: Not if, but when...

Cyber Security: Not if, but when... Cyber Security: Not if, but when... Gerry Stegmaier Partner, Privacy and Data Security, Goodwin Procter Paul Luehr Managing Director & Chief Privacy Officer, Stroz Friedberg June 2015 Costs of Data Breaches

More information

Building a strong business continuity plan

Building a strong business continuity plan Building a strong business continuity plan Protect your clients and firm with a well-planned business continuity plan A solid business continuity plan (BCP) is about more than simply staying in compliance.

More information

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers

More information

By Daniel E. Frank and Don Borelli

By Daniel E. Frank and Don Borelli 30-SECOND SUMMARY As intelligent, interconnected devices become more widely available and increasingly host high-value information like a hospital patient s medical records the intrusion points for cyber

More information

FFIEC Cybersecurity Assessment Tool

FFIEC Cybersecurity Assessment Tool Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,

More information

Navigating the Waters of Incident Response and Recovery

Navigating the Waters of Incident Response and Recovery Navigating the Waters of Incident Response and Recovery Lee Kim, Esq. Tucker Arensberg, P.C. CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 2013 Lee Kim

More information

Aftermath of a Data Breach Study

Aftermath of a Data Breach Study Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath

More information

Into the cybersecurity breach

Into the cybersecurity breach Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing

More information

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for?

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations

More information

Keeping watch over your best business interests.

Keeping watch over your best business interests. Keeping watch over your best business interests. 0101010 1010101 0101010 1010101 IT Security Services Regulatory Compliance Services IT Audit Services Forensic Services Risk Management Services Attestation

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

Adopting a Cybersecurity Framework for Governance and Risk Management

Adopting a Cybersecurity Framework for Governance and Risk Management The American Hospital Association s Center for Healthcare Governance 2015 Fall Symposium Adopting a Cybersecurity Framework for Governance and Risk Management Jim Giordano Vice Chairman & Chair of Finance

More information

Law Firm Cyber Security & Compliance Risks

Law Firm Cyber Security & Compliance Risks ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014

More information

SMALL BUSINESS REPUTATION & THE CYBER RISK

SMALL BUSINESS REPUTATION & THE CYBER RISK SMALL BUSINESS REPUTATION & THE CYBER RISK Executive summary In the past few years there has been a rapid expansion in the development and adoption of new communications technologies which continue to

More information

The Numbers Game: An in-depth look at alert management in Europe. security Reimagined

The Numbers Game: An in-depth look at alert management in Europe. security Reimagined S P E C I A L R E P O R T The Numbers Game: An in-depth look at alert management in Europe security Reimagined Contents Introduction 3 Executive Summary 4 IT Security Spending 5 Alert Management 6 Managing

More information

Answering your cybersecurity questions The need for continued action

Answering your cybersecurity questions The need for continued action www.pwc.com/cybersecurity Answering your cybersecurity questions The need for continued action January 2014 Boards and executives keeping a sustained focus on cybersecurity do more than protect the business:

More information

A Wake-Up Call? Fight Back Against Cybercrime. Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014

A Wake-Up Call? Fight Back Against Cybercrime. Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014 A Wake-Up Call? Fight Back Against Cybercrime Prepared for: Ricky Link Managing Director, Southwest Region May 15, 2014 1 Coalfire Background Leading Information Security Consulting Firm Offices: Atlanta,

More information

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS RRD Donnelley SEC Hot Topics Institute May 21, 2014 1 MANAGING CYBERSECURITY RISK AND DISCLOSURE OBLIGATIONS Patrick J. Schultheis Partner Wilson

More information

MANAGED SECURITY SERVICES (MSS)

MANAGED SECURITY SERVICES (MSS) MANAGED SECURITY SERVICES (MSS) The Cyber Security Initiative. Cybercrime is becoming an important factor for CIOs and IT professionals, but also for CFOs, compliance officers and business owners. The

More information

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures TODAY S AGENDA Trends/Victimology Incident Response Remediation Disclosures Trends/Victimology ADVERSARY CLASSIFICATIONS SOCIAL ENGINEERING DATA SOURCES COVERT INDICATORS - METADATA METADATA data providing

More information

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future

www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future www.pwc.nl/cybersecurity Cyber security Building confidence in your digital future 2015 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence

More information

What are you trying to secure against Cyber Attack?

What are you trying to secure against Cyber Attack? Cybersecurity Legal Landscape Bonnie Harrington Executive Counsel EHS and Product Safety & Cybersecurity GE Energy Management Imagination at work. What are you trying to secure against Cyber Attack? Personally

More information

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015 Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas

More information

Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015

Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015 Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact February 10, 2015 Overview 1 The Legal Risks And Issues/The Role Of Legal Counsel: The Breach Coach The Slippery

More information

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the

More information

Best Practices for a Healthcare Data Breach: What You Don t Know Will Cost You

Best Practices for a Healthcare Data Breach: What You Don t Know Will Cost You Best Practices for a Healthcare Data Breach: What You Don t Know Will Cost You By: Emilio Cividanes, Venable LLP Partner and Co-Chair Regulatory Practice Group Paul Luehr, Stroz Friedberg Managing Director

More information

SHARING BEST PRACTICES IN INFORMATION SECURITY PREVENTION TIPS & RESPONSE TECHNIQUES

SHARING BEST PRACTICES IN INFORMATION SECURITY PREVENTION TIPS & RESPONSE TECHNIQUES SHARING BEST PRACTICES IN INFORMATION SECURITY PREVENTION TIPS & RESPONSE TECHNIQUES 2 On June 3, 2009, Plante & Moran attended the Midwest Technology Leaders (MTL) Conference, an event that brings together

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Cyber Insurance: How to Investigate the Right Coverage for Your Company

Cyber Insurance: How to Investigate the Right Coverage for Your Company 6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report

More information

Anatomy of a Healthcare Data Breach

Anatomy of a Healthcare Data Breach BUSINESS WHITE PAPER Anatomy of a Healthcare Data Breach Prevention and remediation strategies Anatomy of a Healthcare Data Breach Table of Contents 2 Increased risk 3 Mitigation costs 3 An Industry unprepared

More information

Cybersecurity Issues for Community Banks

Cybersecurity Issues for Community Banks Eastern Massachusetts Compliance Network Cybersecurity Issues for Community Banks Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L Gates LLP State Street

More information