Data Breach Incidents
|
|
- Rudolf Austin
- 8 years ago
- Views:
Transcription
1 Data Breach Incidents A Risk Mitigation Snapshot: 2014 into 2015 Contributing Authors: Jessica Flinn, James Sheehan, William J. McDonough If not already on the enterprise risk radar screen, cyber risks are quickly becoming a central issue for the C-suite and board members in a variety of industries. Today, mitigating cyber risk is a concern for a wide range of organizations. The scale and impact of breach incidents, coupled with the vulnerability of various organizations to such attacks, threaten businesses across all sectors. As cyber threats evolve, the network security and privacy liability insurance market tries to keep pace. Here, we will briefly consider how issues encountered in 2014 may influence market realities in For discussion purposes, we will treat data breaches as incidents in which an individual s social security number, driver s license number, medical record or financial record (e.g., account number, credit or credit card number) has been acquired either unlawfully or without authorization. The Frequency and Severity of Breaches Unfortunately, 2014 was a year in which we witnessed U.S. data breaches reach record levels. It was also the year when U.S. data breach incidents surpassed 5,000 with more than an estimated 675 million records implicated. 1 It is also important to note that many data breach incidents go unreported as organizations do not want to incur the expense of notifying affected individuals or suffer the reputational harm resulting from a release or breach. 2 On an industry basis, healthcare again topped the Identity Theft Resource Centers 2014 Breach List with 42.5 percent of the breaches identified in The general business sector ranked second with 33.0 percent of the data breach incidents, followed by the Government/Military sector at 11.7 percent, the Education sector at 7.3 percent and Banking/Credit/Financial at 5.5 percent. 3 Among the larger breaches: Sony had 47,000 records stolen; J.P. Morgan had 83 million records stolen (affecting 76 million households and 7 million small businesses); Home Depot had 100 million records stolen (implicating 56 million credit cards and 53 million addresses); and the ebay breach is estimated to involve the addresses, physical addresses and login credentials of up to 145 million users. 4 1 Identity Theft Resource Center (2015, January 12). Identity Theft Resource Center Breach Report Hits record High in Retrieved February 16, 2015, from 2 Ibid., 1. 3 Ibid., 2. 4 Collins, K. (2014, December 12). A Quick Guide to the Worst Corporate Hack Attacks of Retrieved January 21, 2015, from Data Breach Incidents A Risk Mitigation Snapshot April
2 According to Ponemon Institute s 2014 Cost of Data Breach Study: Global Analysis, U.S. companies rank first in the cost per compromised record of $201 per record (Figure 1) and have the largest number of exposed records per breach (Figure 2). The news for U.S. companies deteriorates further as the report detailed the average total cost of a data breach increased 15% and the average per record cost increased more than 9%. 5 The retail and healthcare sectors saw the largest increases in compromised systems at 5% and 4%, respectively. 6 Figure 1. The average per capita cost of data breach over two years (Measured in US$) 5 Ponemon Institute. (2014, May 1) Cost of Data Breach Study: Global Analysis. Retrieved January 21, 2015, from ibm.com/services/multimedia/SEL03027USEN_Poneman_2014_Cost_of_Data_Breach_Study.pdf 6 Maginot Revisited: More Real-World Results from Real-World Tests. (2015, January 1). Retrieved January 21, 2015, from Data Breach Incidents A Risk Mitigation Snapshot April
3 Figure 2. The average number of breached records by country Shown below are the number of exposed or compromised records for organizations in the ten countries represented in this research. Organizations in the U.S., the Arabian region and India had the largest average number of records lost or stolen. The Cost of Compromised Security to U.S. Companies It is clear that the frequency and severity of data breach incidents have caused U.S. companies considerable consternation in 2014 (see Figure Cyber Fast Facts). Of additional concern is the regulatory framework that allows multiple agencies to assess fines and penalties when data has been released. Increased participation by regulatory agencies necessarily results in increased costs attributed to a release. The Federal Communications Commission s (FCC) entry into the arena illustrates how a regulators involvement can significantly increase the total cost of a release. Recently, the FCC proposed fines of $10 million to two companies for alleged data security breaches. The Office for Civil Rights (OCR) issued seven resolution agreements in 2014 as a result of HIPAA related privacy issues. The fines ranged between $150,000 and $4.8 million. Such fines are in addition to those often levied by state attorneys general. Data Breach Incidents A Risk Mitigation Snapshot April
4 Figure Cyber Fast Facts New Tactics It s Not All About Data Anymore No longer are cyber intrusions limited to searches for personally identifiable information and protected health information (PHI). There were several hacking incidents in 2014 that demonstrated how incursions into a company s network could have direct repercussions in the operations of an organization with worldwide implications. Take, for instance, the attack on Sony. Aside from Sony s data, the hackers took actions that rendered the company s entire computer network and landline phones unusable. In a separate cyber intrusion, hackers gained access to a German iron plant s blast furnace, and disrupted the plant s production capabilities. These incidents go beyond cyber extortion and illustrate how intrusions into a company s computer network can result in more than the soft expense associated with notification, data re-creation, remediation, etc. Hackers have now realized their ability to disrupt a businesses delivery of its core services. This disruption has real world tangible consequences and manifests itself in loss of business and future opportunities. 7 Card Issuers as Victims In 2014 we witnessed the emergence of a new plaintiff s class. The class consists of credit and debit card issuers who incur considerable expense in issuing replacement cards and refunding monies to customers as a result of a data breach. Take, for example, the Target case wherein the card issuers survived dismissal of their claims for out-of-pocket costs. Essentially, the court found that the card issuers furnished a plausible argument that Target was responsible for damages (i.e., the expense associated with the issuance of replacement cards) caused by the 7 King, R. (2014, December 18). Cyberattack on German Iron Plant Causes 'Widespread Damage' Retrieved January 21, 2015, from Data Breach Incidents A Risk Mitigation Snapshot April
5 hackers intrusion into Target s network. The court s finding was somewhat novel, in that, there did not exist a contractual relationship between Target and the card issuers. Allegations of negligence, it seems, may carry the day for banks and card issuers looking to recoup their costs from businesses who suffered an attack. Plaintiff s Bar Moving the Ball The Target breach has also led to inroads for consumer plaintiffs pursuit of class action status. Previously, the plaintiffs bar has had difficulty surviving motions to dismiss due to an inability to satisfy the damages element of a negligence claim. Causes of action sounded in negligence require plaintiffs to allege actual or imminent injury. To date, plaintiff s bar has been unable to show that parties affected by a release of data, on its own, have suffered damages or are in imminent risk of injury. However, the Court in the Target case appears more receptive to this type of class action litigation at the motion to dismiss stage of litigation. Specifically, the Court refused an individualized assessment of standing, instead concluding the requirement was met because some plaintiffs alleged injuries of unlawful charges, restricted or blocked access to bank accounts, inability to pay other bills, and late payment charges or new card fees. 8 This may significantly increase defense costs in the preclass certification stage as additional resources will be deployed in the discovery phase. The Target court is not alone in moving the plaintiff s bar closer to class certification. A recent California federal district court found plaintiffs have standing to sue based on increased risk of future harm due to the alleged release of their personally identifiable information. It should be noted that this ruling is contrary to the more accepted line of reasoning, which finds that the increased risk of identity theft does not satisfy the concrete or imminent injury requirement for standing. What Lies Ahead The era of the data breach is upon us and it is unlikely to recede. A new global standard for credit card security, commonly referred to as chip and pin technology, may help insulate consumers from credit card fraud; however, hackers have turned their sights to the more lucrative fraud of identity theft. The misappropriation of an individual s identity, either by the procurement of personally identifiable information or protected health information, will allow the hacker to command a significantly higher per record payment then credit card data alone. Personal Data Notification & Protection Act President Obama has proposed new legislation that would create a single country-wide data breach notification standard. The Act, as proposed, clarifies and strengthens the obligations companies have to notify customers when their personal information has been exposed, including establishing a 30-day notification requirement from the discovery of a breach, while providing companies with the certainty of a single, national standard. 9 If passed, this Act will replace the current patchwork of notification requirements implemented by various governmental agencies and the individual states. 8 In re Target Corp. Customer Data Security Breach Litig., MDL No (PAM/JJK) (D. Minn. Dec. 18, 2014). 9 FACT SHEET: Safeguarding American Consumers & Families. (2015, January 12). Retrieved January 21, 2015, from Data Breach Incidents A Risk Mitigation Snapshot April
6 The Healthcare Industry Will Likely Retain First Place It comes as no surprise that the healthcare industry will remain squarely in hackers sights. The personal information contained in health records will enable hackers to perpetrate a multitude of different follow-up attacks and various types of fraud, including financial exploitation and identity fraud. The FBI has warned the healthcare industry that its attempts at cyber security remain woefully insufficient. 10 As noted, in 2014 healthcare organizations accounted for about 42 percent of all major data breaches reported, according to the Identity Theft Resource Center. 11 A Ponemon study estimates that the potential cost of healthcare industry breaches will reach $5.6 billion annually. 12 Not surprisingly, it is expected that healthcare breaches will increase as we continue a move towards electronic medical records and growing usage of mobile and wearable technologies (Figure 4). Figure 4. Preparing for the Risks of Mobile and Wearable Technology 13 MOBILE TECHNOLOGY RISK PREVENTION INITIATIVES - ALL INDUSTRIES Percent of All Respondents INTERNAL APP STORE USE OF GEO-LOCATION, GEO-FENCING DEVICE ENCRYPTION STRONG DEVICE AUTHENTIFICATION CORPORATE AND CALENDAR BAN OF USER OWNED DEVICES MOBILE DEVICE MANAGEMENT SOFTWARE MOBILE SECURITY STRATEGY Weisman, S. (2014, December 20). Cyber predictions for Retrieved January 21, 2015, from Was Landmark Year for Health Data Breaches. (n.d.). Retrieved December 26, 2014, from 12 Ponemon Institute. (2014, May 1) Cost of Data Breach Study: Global Analysis. Retrieved January 21, 2015, from ibm.com/services/multimedia/SEL03027USEN_Poneman_2014_Cost_of_Data_Breach_Study.pdf 13 The Global State of Information Security Survey, Data Breach Incidents A Risk Mitigation Snapshot April
7 Corporate IP and Trade Secrets Are Valuable The Sony hack sent shivers through every R&D department in the digital universe. Hackers not only exposed personal information and embarrassing internal communications, but also Sony s valuable intellectual property in the form of scripts, profits and budget projections. The intellectual property and trade secrets cultivated by companies appears fair game for hackers interested in extortion. 14 Figure 5 How Breaches Occur 15 Vulnerable Code 6% CAUSE OF BREACH Targeted Attack 6% Undetermined 15% Misconfigured System 42% End User Error 31% Note: Although preventable errors are often to blame for security incidents, it was impossible to identify the culprit in nearly 20 percent of the cases reviewed in the IBM Annual Report. Policy Implications The marketplace for cyber security and privacy liability insurance remains in its infancy and is struggling towards maturation. The standardization of coverage terms and claims handling are a distant dream. Policy terms and conditions differ from form to form, and market developments routinely result in mid-term revisions. Typically, policies contain a number of insuring clauses that speak to coverage for breach response costs and claims resulting from a cyber event. The forms may also provide coverage for extortion, network damage, public relations and crisis management, website media content and regulatory investigation costs arising out of a cyber event, as well as business interruption losses. Although provided, the sub-limits placed on these ancillary coverages likely leave many companies substantially exposed. Regulatory sub-limits placed on policies create a lack of meaningful coverage for many insureds, particularly in 14 Troutman Sanders LLP. (2014, December 19). 5 Reasons Sony Pictures Will Be a Cybersecurity Inflection Point. Retrieved January 21, 2015, from point/?utm_source=mondaq&utm_medium=syndication&utm_campaign=view- 15 IBM Security Services Cyber Security Intelligence Index Report, 2014 Data Breach Incidents A Risk Mitigation Snapshot April
8 the financial services and healthcare industries. With more regulators taking interest in cyber issues and data breaches implicating multiple states statutes, it is anticipated that regulatory fines will continue to expand. This will likely require insureds to make payments out-of-pocket for a portion of the regulatory fines, particularly if more than one breach occurs in any given policy period. In other instances the cyber policy may not provide coverage at all. For example, as evidenced by attacks on Sony and J.P. Morgan, companies are vulnerable to hacking by nation states, criminal organizations or terrorists. Many cyber policies have specific exclusions for acts of terrorism or acts of a nation state. Insureds will need to keep a careful eye on the breadth of any such exclusion on their cyber policies. Additionally, physical damage sustained by an insured as a result of a cyber-attack will likely be precluded from coverage. Property insurers have been making it increasingly clear that they do not intend to provide insurance for anything in the cyber realm. At this time, cyber insurance carriers have not shown an inclination to expand coverage for this type of exposure. However, to ensure robust coverage, the insurance market will need to adapt and create insuring clauses specifically geared towards addressing physical damage resulting from a cyber incident. Loss associated with an insured s own intellectual property creates another vacuum in coverage. Today s cyber policies may provide coverage for the intellectual property of others, but do not extend to include first party coverage. For instance, the loss Sony experienced relating to stolen screenplays and other valuable internal intellectual property would not be covered under the typical cyber policy. Perhaps, with time, cyber insurers can be convinced to add such coverage. Concluding Thoughts The cyber insurance market is in a constant state of fluidity. Carriers have been altering their policies to include loss prevention and risk mitigation tools, from breach response teams to risk analytics. As cyber incidents increase in frequency and severity, and evolve to keep pace with technological advances, the insurance industry will need to create new forms of cyber coverage to meet the needs of their clients. As we wait for the market to catch-up, your insurance broker may be able to help with other suggestions to increase the breadth of coverage by, for example, minimizing any state actor, contractual liability or bodily injury exclusions, expanding the definition of computer network and backdating the prior acts date as far as possible. Companies can also use collaboration to protect themselves. Information sharing platforms such as the Information Sharing and Analysis Centers (ISACs), industry associations, and government agencies are valuable risk-awareness tools. Sharing information should help companies improve their incident response through trusted collaboration, analysis, coordination, and drive decision-making by policy makers on cybersecurity, incident response, and risk mitigation and financing for breaches. Data Breach Incidents A Risk Mitigation Snapshot April
9 About the Authors Jessica Flinn is a vice president within Integro s Management Risk practice. She provides professional lines claims advocacy services, including detailed coverage analysis, contract interpretation, consultation and negotiation. She specializes in employment practices, directors & officers and errors & omissions coverages. James Sheehan is a principal of Integro Insurance Brokers, resident in the firm s Boston office. An executive liability and professional liability insurance broker by background, he specializes in the placement of executive liability programs for healthcare organizations and private equity firms William McDonough is a managing principal within Integro s Healthcare practice. Bill counsels clients across America on healthcare alternative risk financing vehicles, captive best practices, and loss prevention. He speaks and writes regularly on patient safety, reporting systems, and strategic planning, among other topics, and is a Fellow with the American Society for Healthcare Risk Management (ASHRM). About Integro Integro is an insurance brokerage and risk management firm. Clients credit Integro s superior technical abilities and creative, collaborative work style for securing superior program results and pricing. The firm's acknowledged capabilities in brokerage, risk analytics and claims are rewriting industry standards for service and quality. Launched in 2005, Integro and its family of specialty insurance and reinsurance companies, some having served clients for more than 150 years, operate from offices in the United States, Canada, Bermuda and the United Kingdom. Its U.S. headquarter office is located at 1 State Street Plaza, 9th Floor, New York, NY Integro Ltd Data Breach Incidents A Risk Mitigation Snapshot April
GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationInsurance Considerations Related to Data Security and Breach in Outsourcing Agreements
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
More informationEMERGING CYBER RISK CYBER ATTACKS AND PROPERTY DAMAGE: WILL INSURANCE RESPOND?
EMERGING CYBER RISK CYBER ATTACKS AND PROPERTY DAMAGE: WILL INSURANCE RESPOND? ABOUT JLT SPECIALTY JLT Specialty Insurance Services is the U.S. platform of JLT Group, the leading specialty business adivsory
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationReducing Risk. Raising Expectations. CyberRisk and Professional Liability
Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationCybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048
Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator
More informationRISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION
RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION October 23, 2015 THREAT ENVIRONMENT Growing incentive for insiders to abuse access to sensitive data for financial gain Disgruntled current and former
More informationCyber-insurance: Understanding Your Risks
Cyber-insurance: Understanding Your Risks Cyber-insurance represents a complete paradigm shift. The assessment of real risks becomes a critical part of the analysis. This article will seek to provide some
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationCyber Risk: Global Warning? by Cinzia Altomare, Gen Re
Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies
More informationHit ratios are still very low for Security & Privacy coverage: What are companies waiting for?
Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations
More informationReducing Cyber Risk in Your Organization
Reducing Cyber Risk in Your Organization White Paper 2016 The First Step to Reducing Cyber Risk Understanding Your Cyber Assets With nearly 80,000 cyber security incidents worldwide in 2014 and more than
More informationCyber Risks Connect With Directors and Officers
Cyber Risks Connect With Directors and Officers Implications of the New SEC Guidance on Cyber Security February 2012 Lockton Companies, LLC The Securities and Exchange Commission (SEC) has changed the
More informationCyber Risks in Italian market
Cyber Risks in Italian market Milano, 01.10.2014 Forum Ri&Assicurativo Gianmarco Capannini Agenda 1 Cyber Risk - USA 2 Cyber Risk Europe experience trends Market size and trends Market size and trends
More informationCyber Threats and the Insurance Response
Cyber Threats and the Insurance Response Scott Reeves & Laurence Yan Munich Reinsurance Company This presentation has been prepared for the Actuaries Institute 2014 General Insurance Seminar. The Institute
More informationData breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
More informationTestimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies
Marsh & McLennan Companies, Inc. 1166 Avenue of the Americas New York, NY 10036 +1 212 345 5000 Fax +1 212 345 4808 Testimony of PETER J. BESHAR Executive Vice President and General Counsel Marsh & McLennan
More informationCAGNY Spring 2015 Meeting Fundamentals of Cyber Risk. Brad Gow June 9th, 2015 Endurance
Fundamentals of Cyber Risk Brad Gow June 9th, 2015 Endurance But consider the kickoff chuckle to a speech given to the Wharton School in March 1977 by Sidney Homer of Salomon Brothers, the leading bond
More informationPractical Cyber Law: Why the Standard of Care Requires Lawyers to Have a Basic Understanding of Cyber Insurance
Practical Cyber Law: Why the Standard of Care Requires Lawyers to Have a Basic Understanding of Cyber Insurance By Shawn Tuma & Katti Smith Data breaches have become far more common than most people realize.
More informationAnatomy of a Hotel Breach
Page 1 of 6 Anatomy of a Hotel Breach Written by Sandy B. Garfinkel Monday, 09 June 2014 15:22 Like 0 Tweet 0 0 Data breach incidents have dominated the news in 2014, and they are only becoming more frequent
More informationTHE CHANGING FACE OF IDENTITY THEFT THE CURRENT AND FUTURE LANDSCAPE
THE CHANGING FACE OF IDENTITY THEFT THE CURRENT AND FUTURE LANDSCAPE Identity is the unique set of characteristics that define an entity or individual. Identity theft is the unauthorized use of an individual
More informationData Breach Response Basic Principles Under U.S. State and Federal Law. ABA Litigation Section Core Knowledge January 2015 1
Data Breach Response Basic Principles Under U.S. State and Federal Law ABA Litigation Section Core Knowledge January 2015 1 I. Introduction Data breaches have become an unfortunate reality for many of
More informationCyber Exposure for Credit Unions
Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationData breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
More informationInternet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler
Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in
More informationSenate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace
Senate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace Testimony of Ben Beeson Vice President, Cyber Security and Privacy Lockton
More informationBe Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance
Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance Today s agenda Introductions Cyber exposure overview Cyber insurance market and coverages Captive cyber insurance
More informationCyber Insurance Presentation
Cyber Insurance Presentation Presentation Outline Introduction General overview of Insurance About us Cyber loss statistics Cyber Insurance product coverage Loss examples Q & A About Us A- Rated reinsurance
More informationManaging Cyber Security as a Business Risk: Cyber Insurance in the Digital Age
Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013
More informationPresidential Summit Reveals Cybersecurity Concerns, Trends
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Presidential Summit Reveals Cybersecurity Concerns,
More informationWritten Testimony of Michael Menapace. Sen. Jerry Moran, Sen. Blumenthal, and other members of the Subcommittee -
Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security Hearing entitled Examining the Evolving Cyber Insurance Marketplace. Thursday, March 19, 2015 Written Testimony of Michael
More informationNetwork Security and Data Privacy Insurance for Physician Groups
Network Security and Data Privacy Insurance for Physician Groups February 2014 Lockton Companies While exposure to medical malpractice remains a principal risk MIKE EGAN, CPCU Senior Vice President Unit
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationWILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES
WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.
More informationCYBER & PRIVACY LIABILITY INSURANCE GUIDE
CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,
More informationCyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029
Cyber Liability Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Today s Agenda What is Cyber Liability? What are the exposures? Reality of a
More informationWho s next after TalkTalk?
Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationUnderstanding Professional Liability Insurance
Understanding Professional Liability Insurance Definition Professional liability is more commonly known as errors & omissions (E&O) and is a form of liability insurance that helps protect professional
More informationCyber/Information Security Insurance. Pros / Cons and Facts to Consider
1 Cyber/Information Security Insurance Pros / Cons and Facts to Consider 2 Presenters Calvin Rhodes, Georgia Chief Information Officer Ron Baldwin, Montana Chief Information Officer Ted Kobus, Partner
More informationWhat Data? I m A Trucking Company!
What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West
More information3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.
Cybersecurity: Minimizing Risk & Responding to Breaches March 5, 2015 Andy Chambers Michael Kelly Jimmie Pursell Scope of Problem Data Breaches A Daily Phenomenon Anthem JP Morgan / Chase Sony Home Depot
More informationCyber Insurance as one element of the Cyber risk management strategy
Cyber Insurance as one element of the Cyber risk management strategy Stéphane Hurtaud Partner Governance, Risk & Compliance Thierry Flamand Partner Insurance Leader Laurent de la Vaissière Director Governance,
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationCyber Insurance in an Evolving Liability Landscape: Informed, Strategic Expectations Monday, February 29, 2016 2:00pm 3:00pm
Cyber Insurance in an Evolving Liability Landscape: Informed, Strategic Expectations Monday, February 29, 2016 2:00pm 3:00pm Kimberly B. Holmes, Esq., RPLU VP, Product Development, Chief Underwriting Office
More informationCyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor
Cyber Risks Management Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor 1 Contents Corporate Assets Data Breach Costs Time from Earliest Evidence of Compromise to Discovery of Compromise The Data Protection
More informationInsights Conversations: Cybersecurity
January 2015 This article is from Skadden s 2015 Insights and is available at skadden.com/insights. Contributing Partners Cyrus Amir-Mokri New York Patrick Fitzgerald Chicago Marc S. Gerber Washington,
More informationCYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP
www.willis.com CYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP INSIDE THIS EDITION... CYBER CLAIMS LANDSCAPE A SAMPLING OF LARGE CYBER SETTLEMENTS LEGAL SPOTLIGHT, PRIVILEGE
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationDiscussion on Network Security & Privacy Liability Exposures and Insurance
Discussion on Network Security & Privacy Liability Exposures and Insurance Presented By: Kevin Violette Errors & Omissions Senior Broker, R.T. Specialty, LLC February, 25 2014 HFMA Washington-Alaska Chapter
More informationManaging Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal
Managing Cyber Threats Risk Management & Insurance Solutions Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal Overview Recent Trends and Loss Exposures Risk Management Strategies
More informationCybersecurity Workshop
Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153
More informationWhite Paper #6. Privacy and Security
The Complexity of America s Health Care Industry White Paper #6 Privacy and Security www.nextwavehealthadvisors.com 2015 Next Wave Health Advisors and Lynn Harold Vogel, Ph.D. The Complexity of America
More informationWHITE PAPER BREACH, PRIVACY, AND CYBER COVERAGES: FACT AND FICTION CYBER COVERAGES
BREACH, PRIVACY, AND CYBER COVERAGES: FACT AND FICTION IDT911 1 DEFINITIONS 1. Cyber Programs - Focuses on services and systems related to technology and their use in business. Risks addressed include
More informationCybersecurity y Managing g the Risks
Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking
More informationSMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015
SMB Data Breach Risk Management Best Practices By Mark Pribish February 19, 2015 Presentation Agenda About Mark Pribish Information Governance The Threat Landscape Data Breach Trends Legislative and Regulatory
More informationCGI Cyber Risk Advisory and Management Services for Insurers
CGI Cyber Risk Advisory and Management Services for Insurers Minimizing Cyber Risks cgi.com 3 As organizations seek to create value in today s highly interconnected world, they inherently increase their
More informationPrivacy and Data Breach Protection Modular application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationLaw Firm Cyber Security & Compliance Risks
ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014
More informationInsulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015
Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact February 10, 2015 Overview 1 The Legal Risks And Issues/The Role Of Legal Counsel: The Breach Coach The Slippery
More informationData security: A growing liability threat
Data security: A growing liability threat Data security breaches occur with alarming frequency in today s technology-laden world. Even a comparatively moderate breach can cost a company millions of dollars
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More informationNZI LIABILITY CYBER. Are you protected?
NZI LIABILITY CYBER Are you protected? Any business that operates online is vulnerable to cyber attacks and data breaches. From viruses and hackers to employee error and system damage, your business is
More informationPrivacy Rights Clearing House
10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights
More informationCyber-Crime Protection
Cyber-Crime Protection A program of cyber-crime prevention, data breach remedies and data risk liability insurance for houses of worship, camps, schools, denominational/association offices and senior living
More informationThe Age of Data Breaches:
The Age of Data Breaches: HOW TO AVOID BEING THE NEXT HEADLINE MARCH 24, 2015 2015 Epstein Becker & Green, P.C. All Rights Reserved. ebglaw.com This presentation has been provided for informational purposes
More informationUnderstanding the Cyber Risk Insurance and Remediation Services Marketplace:
Understanding the Cyber Risk Insurance and Remediation Services Marketplace: A Report on the Experiences and Opinions of Middle Market CFOs September 2010 Betterley Risk Research Insight for the Insurance
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationAnatomy of a Privacy and Data Breach
Anatomy of a Privacy and Data Breach Understanding the Risk and Managing a Crisis Adam Kardash: Partner, Heenan Blaikie LLP Robert Parisi: Senior Vice President, Marsh Leadership, Knowledge, Solutions
More informationHow GCs And Boards Can Brace For The Cybersecurity Storm - Law360
Page 1 of 6 Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com How GCs And Boards Can Brace For The Cybersecurity
More informationCyber and Privacy Risk What Are the Trends? Is Insurance the Answer?
Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information
More informationDon t Wait Until It s Too Late: Top 10 Recommendations for Negotiating Your Cyber Insurance Policy
Privacy, Data Security & Information Use Insurance Recovery & Advisory Cyber Insurance June 17, 2015 Don t Wait Until It s Too Late: Top 10 Recommendations for Negotiating Your Cyber Insurance Policy By
More informationWhite Paper. Data Breach Mitigation in the Healthcare Industry
White Paper Data Breach Mitigation in the Healthcare Industry Thursday, October 08, 2015 Table of contents 1 Executive Summary 3 2 Personally Identifiable Information & Protected Health Information 4 2.1
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationCyberinsurance: Insuring for Data Breach Risk
View the online version at http://us.practicallaw.com/2-588-8785 Cyberinsurance: Insuring for Data Breach Risk JUDY SELBY AND C. ZACHARY ROSENBERG, BAKER HOSTETLER LLP, WITH PRACTICAL LAW INTELLECTUAL
More informationHow To Cover A Data Breach In The European Market
SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE Businesses today rely heavily on computer networks. Using computers, and logging on to public and private networks has become second nature to
More informationWRITTEN TESTIMONY OF
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationPreparing for the Inevitable Data Breach: What to Do Before Sensitive Customer and Employee Data is Breached, Stolen or Compromised
ACE USA Podcast Released February 3, 2010 Preparing for the Inevitable Data Breach: What to Do Before Sensitive Customer and Employee Data is Breached, Stolen or Compromised Moderator: Richard Tallo Senior
More informationSurviving the Ever Changing Threat Landscape
Surviving the Ever Changing Threat Landscape Kevin Jordan Cyber Security Specialist Dell GLBA FFIEC NCUA PCI HIPAA NERC CIP FISMA 700+ Percentage of U.S. adults who Federal named online and banking state
More informationProtecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks
Protecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks Hacks, breaches, stolen data, trade secrets hijacked, privacy violated, ransom demands made; how can you protect your data
More informationPreventing And Dealing With Cyber Attacks And Data Breaches. Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014
Preventing And Dealing With Cyber Attacks And Data Breaches Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014 Charles A. Blanchard Arnold & Porter LLP Formerly General Counsel, U.S. Air Force
More informationJoe A. Ramirez Catherine Crane
RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract
More informationCyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?
Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies
More informationCoverage is subject to a Deductible
Frank Cowan Company Limited 75 Main Street North, Princeton, ON N0J 1V0 Phone: 519-458-4331 Fax: 519-458-4366 Toll Free: 1-800-265-4000 www.frankcowan.com CYBER RISK INSURANCE DETAILED APPLICATION Notes:
More informationThe Matrix Reloaded: Cybersecurity and Data Protection for Employers. Jodi D. Taylor
The Matrix Reloaded: Cybersecurity and Data Protection for Employers Jodi D. Taylor Why Talk About This Now? Landscape is changing Enforcement by federal and state governments on the rise Legislation on
More informationMay 14, 2015. Statement for the Record. On behalf of the. American Bankers Association. Consumer Bankers Association
Statement for the Record On behalf of the American Bankers Association Consumer Bankers Association Credit Union National Association Independent Community Bankers of America National Association of Federal
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationUnderstanding the Business Risk
AAPA Cybersecurity Seminar Andaz Savannah Hotel March 11, 2015 10:30 am Noon Understanding the Business Risk Presenter: Joshua Gold, Esq. (212) 278-1886 jgold@andersonkill.com Disclaimer The views expressed
More informationPrivacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014
Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Nikos Georgopoulos Privacy Liability & Data Breach Management wwww.privacyrisksadvisors.com October 2014
More informationCyber/ Network Security. FINEX Global
Cyber/ Network Security FINEX Global ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over
More informationCYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY
CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY October 2015 CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY Global reinsurer PartnerRe has once again collaborated with Advisen to conduct a comprehensive
More informationCYBER SECURITY SPECIALREPORT
CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber
More informationcyber invasions cyber risk insurance AFP Exchange
Cyber Risk With cyber invasions now a common place occurrence, insurance coverage isn t found in your liability policy. So many different types of computer invasions exist, but there is cyber risk insurance
More informationCyber Liability Insurance: It May Surprise You
Cyber Liability Insurance: It May Surprise You Moderator Eugene Montgomery, President & CEO Community Financial Insurance Center Panelists Antonio Trotta, Senior Claim Counsel, CNA Specialty William Heinbokel,
More informationFINAL // FOR OFFICIAL USE ONLY. William Noonan
FINAL // FOR OFFICIAL USE ONLY William Noonan Deputy Special Agent in Charge United States Secret Service Criminal Investigative Division Cyber Operations Branch Prepared Testimony Before the United States
More information