Data security: A growing liability threat

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Data security: A growing liability threat"

Transcription

1 Data security: A growing liability threat Data security breaches occur with alarming frequency in today s technology-laden world. Even a comparatively moderate breach can cost a company millions of dollars in emergency response costs, lawsuit defense and settlements and fines and penalties. Lawsuits may be filed by customers, business partners and shareholders, with plaintiffs joining together in class action suits to press their claims. The release of non-public personal information may violate data privacy laws and lead to investigations and enforcement actions by regulatory and law enforcement agencies. The damage to a company s reputation following a data security breach is hard to quantify and even harder to restore. Consider the following recent example of a security breach of private data: Heartland Payment Systems, which provides bank card payment processing services (about 100 million transactions per month) to 250,000 merchants and businesses nationwide, was notified of suspicious activity by Visa and MasterCard. Apparently, when consumers used their debit cards, software had been capturing information about the transactions, including the cardholder name and card number, exposing tens of millions of debit cardholders to fraud. After being alerted of a possible security breach, Heartland found evidence of malicious software that compromised card data that crossed their network. This data security breach is alleged to have begun in 2007, but not discovered by the company until 2008 and not disclosed to the public until January Since the breach was disclosed, Heartland has been bombarded with lawsuits by consumers and credit card issuers. A securities class action suit filed by shareholders alleges that executives violated securities laws, made false and misleading statements regarding the breach and failed to disclose material adverse facts. Through March 2009, Heartland had recorded $12.6 million in costs associated with the intrusion, including a fine assessed by Mastercard, as well as costs associated with remediating the intrusion and notifying customers. What is especially alarming for Heartland s directors and officers is what has happened to the company s share price since the security breach was reported in the New York Times on January 20, Before the article was published, shares in Heartland Payment Systems were trading at $ The day the article was published shares declined 8.16 percent to close at $ Over the next two days the shares declined an additional percent to close at $8.18 on January 22. On February 24, Heartland announced earnings, which missed analysts earnings estimates for fiscal 2008 and the fourth quarter, and disclosed that it might incur losses from the recent security breach of its systems. However, it could not estimate the amount of losses that might be incurred in connection with the security breach. On that news, shares declined percent to close at $5.34 on February 24. The class action alleges a decline of 80 percent ($21.84) per share from a high of $27.19 on September 19, Some of the decline in share price can be attributed to the tremendous turmoil in the financial markets in the fall of Exactly how much of the decline is attributable to the data security breach remains to be answered. 1 As of the date of this paper, August 24, 2009, Heartland Payment Systems share price closed at $12.50

2 The outcome of the Heartland securities class action suit and the other lawsuits should be closely followed to see how liability is assessed and allocated for a massive security breach. The alleged hacker, Albert Gonzalez, who has been charged in the Heartland criminal case, also was charged and is awaiting trial for breaching TJX s data systems. Questions sure to be raised in this case include how the breach of data security could have gone undetected for so long and if management used all available tools to prevent such a breach. Furthermore, management s response to the crisis including how quickly and effectively consumers and business partners were notified, and what steps were taken to mitigate further damage undoubtedly will be an important consideration. Heartland Payment Systems reportedly was compliant with the security requirements of the credit card industry known as Payment Card Industry Data Security Standards (PCI DSS) requirements. Whether compliance with standards provides a shield against liability, however, remains to be seen. This is just one example of the many data security breaches occurring daily. In fact, since January 2005, according to privacyrights.org, more than 250 million records containing sensitive personal information have been involved in security breaches in the United States. Data security and privacy regulations The privacy and security of non-public personal data first became an issue of significant concern in the 1960s and 1970s. With the emergence of the internet, however, came unprecedented new possibilities for widespread loss and abuse of personal information. Around the world, data protection concerns have led to legislation affecting every company operating in the global marketplace. Until the late 1990s, legislative attempts to address these issues were based largely on sector-specific legislation and self-regulation. The introduction of sweeping European Union (EU) legislation in recent years and the subsequent upsetting of the international status quo on the treatment of personal data have altered standards of privacy and data protection. An understanding of the differences in regulation that exist between industries and countries, as well as the potential liabilities for the misuse or improper handling of personal information, is now essential for any company operating in the global online marketplace. The protection of personal information in the US The United States has no one comprehensive privacy protection law. Rather, several laws address particular situations, such as for healthcare data (HIPAA), financial data (Gramm-Leach-Bliley Act), credit information (Fair Credit Reporting Act), and information obtained from children (the Children s Online Privacy Protection Act). Another federal laws that touchs upon data privacy and security issues is the Electronic Communications Privacy Act, which principally addresses government surveillance, but also includes provisions concerning access to private computerized messages by third parties without legitimate authorization. Yet another law is the Computer Fraud and Abuse Act, which prohibits accessing a computer without authorization to obtain certain types of information. The Computer Fraud and Abuse Act also prohibits knowingly accessing a computer with the intent to defraud and thereby obtaining anything of value. As of August 2009, 45 states and the District of Columbia have enacted laws that require companies to notify consumers when there is breach of security involving non-public personal information. There are currently no breach notification laws in Alabama, Kentucky, Mississippi, New Mexico, and South Dakota. New regulations are emerging seemingly daily. As part of the Fair and Accurate Credit Transactions (FACT) Act of 2003, recently enacted Red Flag Rules require creditors and financial institutions to implement programs to provide for the identification, detection and response to patterns, practices, or specific activities known as red flags that could indicate identity theft. Each knowing violation of this law results in a $2,500 penalty.

3 Data privacy laws are also becoming more onerous. Massachusetts is set to implement the strictest data protection rules in the country. This law will require notification of a security breach and provide for the implementation of security freezes. The law will also allow for triple damages, payment of defense costs and other costs. The rule, once set for implementation on January 1, 2010, has been pushed back to accommodate the concerns of small businesses. Finally, to demonstrate the spreading breadth of data privacy compliance, even the American Recovery & Reinvestment Act (ARRA) of 2009 (Stimulus Act) mandates additional data breach notification requirements for certain types of companies. The protection of personal information in the EU The EU has taken a global leadership position in setting and enforcing standards for the protection of private data. The Information Directive of 1995 and the more recent Directive on Privacy and Electronic Communications of 2002 emphatically state that EU residents are entitled to a right to privacy. The 2002 EU Directive builds on the privacy protections that are contained in the 1995 EU Information Directive which defines personal data as any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, psychological, mental, economic, cultural or social identity In the US, medical and financial records are protected under separate legislation, while most other private information acquired online does not have legal protection. The EU centrally supervises the private sector s use of personal data. A proposed amendment to the Directive on Privacy and Electronic Communications would mandate security breach notification. European regulators remain vigilant of data security breaches. In July 2009, the UK s Financial Services Authority (FSA) fined three HSBC Holding PLC firms a total of 3 million ($4.9 million) for failing to protect customers confidential information, the highest fine ever imposed by the FSA for data security breaches. Costs associated with data security breaches Data security breaches can result in large losses from a number of sources. Companies need to consider the full range of costs associated with data security breaches, which can include: Costs of notice to consumers and government authorities, which can average $30-$140 per notice to each consumer; Credit monitoring services; ID theft coverage; Defense costs and damages; Expenses to secure compromised networks and assess damages; Costs of compliance with government investigations; an Fines for violation of laws (e.g. HIPAA, GLBA, FRCA) Loss of trust and other reputational damages can also have significant top line and bottom line impact. In extreme cases it can be ruinous. Lawsuits by customers, business partners and shareholders can result in tens of millions of dollars in settlements. For example, a well publicized case involved the parent company of T.J. Maxx and Marshalls (TJX), in which debit card information belonging to at least 45.7 million customers was obtained by hackers. TJX has reached settlements with private plaintiffs as well as the FTC. TJX has reported that cost of the breach may total as much as $256 million.

4 Coverage for data breaches under standard property and casualty insurance policies Security breaches via hacking, phishing, pharming, unauthorized internal access and the inadvertent disclosure of non-public personal information are all circumstances that can lead to legal exposure. Potential causes of action resulting from data security breaches may include increased risk of identity theft, actual or attempted identity theft, violation of consumer protection statutes, negligence, breach of contract, breach of fiduciary duty and even fraud. A company s standard property and casualty insurance policies may provide some coverage in the event of a data security breach, but specialized cyberliability coverages may be worth exploring and evaluating. The following types of insurance policies may provide some coverage for data security breaches and resulting claims: 1. First-party property polices typically cover all risk of loss or damage to covered property. However: a. Some policies may have exclusions for certain causes of damage to systems; and b. The policy may need to be endorsed to cover computer equipment and electronic data. 2. Third-party liability policies such as Commercial General Liability (CGL) policies provide coverage to a company when it issued. Provisions in CGL policies may provide coverage for some types of lawsuits triggered by a data security breaches. However: a. Some policies may exclude personal or advertising injury arising out of knowingly violating the rights of another and/or personal or advertising Injury arising out of publication of material that violates a person s right of privacy; b. Damage to personal property in the care, custody or control of the insured is usually excluded; and c. Some policies exclude coverage for electronic data. 3. Errors and Omissions (E&O) policies cover wrongful acts committed in the insured s performance of professional services. However: a. Whether there is coverage for data security breaches depends upon the policy s definition of the covered professional services. 4. Directors and Officers Liability (D&O) insurance provides coverage for directors and officers, and usually coverage for the entity, for wrongful acts committed in their capacity as directors and officers of the insured organization. However: a. Organization coverage may be limited to securities claims; b. D&O policies typically contain exclusions for intentional acts and property damage. Of all the standard property and casualty insurance coverages, D&O policies may be the most exposed to large claims arising from a data breach. As incidents of data security breaches rise, so does the impact, financial and reputational, to companies. Directors and officers are increasingly a target for lawsuits by shareholders looking to hold management responsible for losses incurred by a company and loss of shareholder value. Exposure for directors and officers may arise if they have not responded appropriately to prepare for, respond to, and finance the cost of a data security breach. Additionally, once a breach occurs, directors and officers may be targeted by shareholders if it is believed that the financial consequences of the breach were not fully disclosed in a timely manner. Relevant principally to public companies, the corporate governance rules of the Sarbanes-Oxley Act of 2002 require that company directors and officers evaluate and maintain a safe control environment. This responsibility may be interpreted as including regular evaluation of an organization s procedures for data security to ensure the company is protected against unauthorized breaches.

5 Cyberliability insurance: data breach coverage As a backstop to data security technology, data breach insurance coverages have been introduced. Data breach coverage still is relatively new, and terms can vary materially from one carrier to another. However, policies have become both more comprehensive and more focused as insurers have come to better understand the risk landscape of cyberspace, as well as the specific business needs of their customers. Additionally, meaningful limits of liability now are available, which was not the case only a few years ago. Insurers offer property and theft (first party) coverage and liability (third party) coverage related to privacy and data security. Some insurers also offer crises management benefits (including hiring a public relations team), customer notification expense coverage and risk management services. Data breach coverages also may be bundled with complimentary cyberliability coverages such as unauthorized access or use of an insured s computer system, alteration or destruction of electronic data and denial of service attacks. Conclusion As the world becomes increasingly reliant on new technologies, utmost care must be taken to ensure that the private data entrusted to companies is protected. Almost every company maintains transaction and customer information on computers, and a great many companies transact at least a portion of their business electronically. Consequently, the vast majority of companies are exposed to electronic data security breaches. When non-public personal data is inadvertently released, a company faces civil litigation, regulatory inquires, fines, penalties and even criminal investigation. It is imperative to consider the consequences of a data security breach before it happens and to prepare for the likely event a company will be the victim of an unauthorized release of non-public personal information at some point in the near future. The financial consequences of a data breach can be enormous sometimes even devastating but most companies have relied almost exclusively on technological solutions to manage the risk. The market for data security insurance is growing with increasingly sophisticated products, higher policy limits, and competitive pricing. Combined with a growing awareness at many companies that data security should not be exclusively an IT issue, these developments will eventually make cyberliability insurance products a standard part of data security risk management strategies. This report was produced by Advisen Ltd. Advisen integrates business information and market data for the commercial insurance industry and maintains critical risk analytics and time-saving workflow tools for over 530 industry leading firms. Advisen combines the industry s deepest data sets with proprietary analytics to offer unique insights into risk and insurance. For more information, visit For more information, contact: Zurich 1400 American Lane, Schaumburg, Illinois This fact sheet is intended as a general description of certain types of insurance and services available to qualified customers through the companies of Zurich in North America. It is not an insurance contract. The insurance policy is the contract that specifically and fully describes coverage. The description of the policy provisions gives a broad overview of coverages and does not revise or amend the policy. We make no guarantee of results and assume no liability in connection with the information, methods or suggestions contained in this fact sheet. Insurance coverages underwritten by member companies of Zurich in North America, including Zurich American Insurance Company. Certain coverages are not available in all states. Some coverages may be written on a nonadmitted basis through surplus lines brokers 2009 Zurich American Insurance Company

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Data Breach Cost. Risks, costs and mitigation strategies for data breaches Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,

More information

Privacy Legislation and Industry Security Standards

Privacy Legislation and Industry Security Standards Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies

More information

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT

DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security

More information

Cyber-insurance: Understanding Your Risks

Cyber-insurance: Understanding Your Risks Cyber-insurance: Understanding Your Risks Cyber-insurance represents a complete paradigm shift. The assessment of real risks becomes a critical part of the analysis. This article will seek to provide some

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

Joe A. Ramirez Catherine Crane

Joe A. Ramirez Catherine Crane RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract

More information

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the

More information

ACE Advantage PRIVACY & NETWORK SECURITY

ACE Advantage PRIVACY & NETWORK SECURITY ACE Advantage PRIVACY & NETWORK SECURITY SUPPLEMENTAL APPLICATION COMPLETE THIS APPLICATION ONLY IF REQUESTING COVERAGE FOR PRIVACY LIABILITY AND/OR NETWORK SECURITY LIABILITY COVERAGE. Please submit with

More information

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for?

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations

More information

ANATOMY of a DATA BREACH DISASTER. Avoiding a Cyber Catastrophe. June, 2011. Sponsored by:

ANATOMY of a DATA BREACH DISASTER. Avoiding a Cyber Catastrophe. June, 2011. Sponsored by: ANATOMY of a DATA BREACH DISASTER Avoiding a Cyber Catastrophe June, 2011 Sponsored by: ANATOMY of a DATA BREACH DISASTER Avoiding a Cyber Catastrophe An Advisen Special Report Sponsored by Chartis Security

More information

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :

More information

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Jeremy Ong Divisional Vice-President Great American Insurance Company November 13, 2010 1 Agenda Overview of data breach statistics

More information

Privacy Rights Clearing House

Privacy Rights Clearing House 10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights

More information

CYBER & PRIVACY LIABILITY INSURANCE GUIDE

CYBER & PRIVACY LIABILITY INSURANCE GUIDE CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,

More information

Insuring Innovation. CyberFirst Coverage for Technology Companies

Insuring Innovation. CyberFirst Coverage for Technology Companies Insuring Innovation. CyberFirst for Technology Companies TECHNOLOGY IS EVERYWHERE. SO ARE THE THREATS. protection that goes well beyond a traditional general liability policy. CyberFirst CyberFirst is

More information

Global Privacy Japan Sets its Rules for Personal Data

Global Privacy Japan Sets its Rules for Personal Data Global Privacy Japan Sets its Rules for Personal Data Global companies must comply with differing privacy rules. The great divide between the EU and the USA is well-known. See Global Privacy Protection

More information

Network Security and Data Privacy Insurance for Physician Groups

Network Security and Data Privacy Insurance for Physician Groups Network Security and Data Privacy Insurance for Physician Groups February 2014 Lockton Companies While exposure to medical malpractice remains a principal risk MIKE EGAN, CPCU Senior Vice President Unit

More information

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION October 23, 2015 THREAT ENVIRONMENT Growing incentive for insiders to abuse access to sensitive data for financial gain Disgruntled current and former

More information

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Cyber Exposure for Credit Unions

Cyber Exposure for Credit Unions Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of

More information

INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES

INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES NOTICE: INSURING AGREEMENTS I.A., I.C. AND I.D. OF THIS POLICY PROVIDE COVERAGE ON A CLAIMS MADE AND REPORTED BASIS AND APPLY ONLY

More information

Solutions Brief. PC Encryption Regulatory Compliance. Meeting Statutes for Personal Information Privacy. Gerald Hopkins Cam Roberson

Solutions Brief. PC Encryption Regulatory Compliance. Meeting Statutes for Personal Information Privacy. Gerald Hopkins Cam Roberson Solutions Brief PC Encryption Regulatory Compliance Meeting Statutes for Personal Information Privacy Gerald Hopkins Cam Roberson March, 2013 Personal Information at Risk Legislating the threat Since the

More information

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed

More information

THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.

THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY. THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY. NETWORK SECURITY ENDORSEMENT INTEGRATED TECH CLAIMS MADE CLAIM EXPENSES INCLUDED WITHIN THE LIMITS OF INSURANCE This endorsement modifies

More information

Tools Conference Toronto November 26, 2014 Insurance for NFP s. Presented by Paul Spark HUB International HKMB Limited

Tools Conference Toronto November 26, 2014 Insurance for NFP s. Presented by Paul Spark HUB International HKMB Limited Tools Conference Toronto November 26, 2014 Insurance for NFP s Presented by Paul Spark HUB International HKMB Limited Topics Insurance Policies Basics Directors and Officers Liability Insurance Commercial

More information

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Lloyd s of London (Reuters) May 8, 2000 Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Rivers Casino, Pittsburgh November 17, 2014

More information

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator

More information

INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE. I. GENERAL INFORMATION Full Name:

INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE. I. GENERAL INFORMATION Full Name: INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE NOTICE: COVERAGE UNDER THIS POLICY IS PROVIDED ON A CLAIMS MADE AND REPORTED BASIS AND APPLIES ONLY TO CLAIMS FIRST MADE

More information

Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014

Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A.

More information

Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable. Data Breaches Are All Too Common

Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable. Data Breaches Are All Too Common Hackers, Slackers & Packers: Preventing Data Loss & Dealing with the Inevitable Steven J. Fox (sjfox@postschell.com) Peter D. Hardy (phardy@postschell.com) Robert Brandfass (BrandfassR@wvuh.com) (Mr. Brandfass

More information

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ APIP - Cyber Liability Insurance Coverages, Limits, and FAQ The state of Washington purchases property insurance from Alliant Insurance Services through the Alliant Property Insurance Program (APIP). APIP

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Pam Townley, AVP / Eastern Zonal Manager AIG Professional Liability Division Jennifer Bolling, Account Executive Gallagher Management Liability Division

More information

An Executive Overview of GAPP. Generally Accepted Privacy Principles

An Executive Overview of GAPP. Generally Accepted Privacy Principles An Executive Overview of GAPP Generally Accepted Privacy Principles Current Environment One of today s key business imperatives is maintaining the privacy of your customers personal information. As business

More information

Cyber Security: Emerging Risks and Trends (and what you can do about it)

Cyber Security: Emerging Risks and Trends (and what you can do about it) Cyber Security: Emerging Risks and Trends (and what you can do about it) UVU Business and Economic Forum May 19, 2016 Presented by: Daniel D. Hill, Esq. Christopher Droubay, Esq. Risks and Trends Widely

More information

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor Cyber Risks Management Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor 1 Contents Corporate Assets Data Breach Costs Time from Earliest Evidence of Compromise to Discovery of Compromise The Data Protection

More information

CYBER SECURITY SPECIALREPORT

CYBER SECURITY SPECIALREPORT CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber

More information

PENNSYLVANIA IDENTITY THEFT RANKING BY STATE: Rank 14, 72.5 Complaints Per 100,000 Population, 9016 Complaints (2007) Updated January 29, 2009

PENNSYLVANIA IDENTITY THEFT RANKING BY STATE: Rank 14, 72.5 Complaints Per 100,000 Population, 9016 Complaints (2007) Updated January 29, 2009 PENNSYLVANIA IDENTITY THEFT RANKING BY STATE: Rank 14, 72.5 Complaints Per 100,000 Population, 9016 Complaints (2007) Updated January 29, 2009 Current Laws: A person commits the offense of identity theft

More information

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today

More information

What would you do if your agency had a data breach?

What would you do if your agency had a data breach? What would you do if your agency had a data breach? 80% of businesses fail to recover from a breach because they do not know this answer. Responding to a breach is a complicated process that requires the

More information

AN INFORMATION GOVERNANCE BEST

AN INFORMATION GOVERNANCE BEST SMALL BUSINESS ID THEFT AND FRAUD AN INFORMATION GOVERNANCE BEST PRACTICES GUIDE FOR SMALL BUSINESS IT IS NOT A MATTER OF IF BUT WHEN AN INTRUSION WILL BE ATTEMPTED ON YOUR BUSINESS COMPUTER SYSTEM IN

More information

Standard: Information Security Incident Management

Standard: Information Security Incident Management Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of

More information

Data Breach Response Basic Principles Under U.S. State and Federal Law. ABA Litigation Section Core Knowledge January 2015 1

Data Breach Response Basic Principles Under U.S. State and Federal Law. ABA Litigation Section Core Knowledge January 2015 1 Data Breach Response Basic Principles Under U.S. State and Federal Law ABA Litigation Section Core Knowledge January 2015 1 I. Introduction Data breaches have become an unfortunate reality for many of

More information

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP

Delaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats

More information

APPLICATION FOR TECHNOLOGY & PRIVACY PROFESSIONAL LIABILITY

APPLICATION FOR TECHNOLOGY & PRIVACY PROFESSIONAL LIABILITY APPLICATION FOR TECHNOLOGY & PRIVACY PROFESSIONAL LIABILITY GENERAL INFORMATION 1. APPLICANT NAME: 2. PHONE: 3. MAILING ADDRESS: 4. WEB ADDRESS: 5. The following officer of the Applicant is designated

More information

Enterprise PrivaProtector 9.0

Enterprise PrivaProtector 9.0 IRONSHORE INSURANCE COMPANIES 75 Federal St Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING FOR A CLAIMS

More information

PCI Compliance: Protection Against Data Breaches

PCI Compliance: Protection Against Data Breaches Protection Against Data Breaches Get Started Now: 877.611.6342 to learn more. www.megapath.com The Growing Impact of Data Breaches Since 2005, there have been 4,579 data breaches (disclosed through 2013)

More information

Privacy and Data Breach Protection Modular application form

Privacy and Data Breach Protection Modular application form Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

CYBER LIABILITY AND PRIVACY CRISIS MANAGEMENT EXPENSE APPLICATION

CYBER LIABILITY AND PRIVACY CRISIS MANAGEMENT EXPENSE APPLICATION CYBER LIABILITY AND PRIVACY CRISIS MANAGEMENT EXPENSE APPLICATION THIS APPLICATION IS FOR A FIRST DISCOVERY POLICY. COVERAGE IS FOR EVENTS FIRST DISCOVERED DURING THE "POLICY PERIOD" OR ANY APPLICABLE

More information

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President

More information

Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance

Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance Today s agenda Introductions Cyber exposure overview Cyber insurance market and coverages Captive cyber insurance

More information

Responding to New Identity Theft Laws

Responding to New Identity Theft Laws Responding to New Identity Theft Laws March 2011 Privacy Expectations Today, there is increasing recognition that an individual has a legitimate interest in controlling the collection, use and disclosure/dissemination

More information

Self-Service SOX Auditing With S3 Control

Self-Service SOX Auditing With S3 Control Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with

More information

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in

More information

Cyber and CGL Insurance Coverage for Data Breach Claims

Cyber and CGL Insurance Coverage for Data Breach Claims Cyber and CGL Insurance Coverage for Data Breach Claims Paula Weseman Theisen, Partner Data breach overview Definition of data breach/types Data breach costs Data breach legal claims and damages Cyber-insurance

More information

INFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY APPLICATION

INFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY APPLICATION INFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY APPLICATION NOTICE: COVERAGE UNDER THIS POLICY IS PROVIDED ON A CLAIMS MADE AND REPORTED BASIS AND APPLIES ONLY TO CLAIMS FIRST

More information

Specialty Risk Protector

Specialty Risk Protector Specialty Professional Liability and Data and Network Security Insurance is a single policy that makes it easy for companies to secure the multi-faceted E&O protection our networked world requires. A simplified,

More information

WISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, 175.9 Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009

WISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, 175.9 Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009 WISCONSIN IDENTITY THEFT RANKING BY STATE: Rank 15, 175.9 Complaints Per 100,000 Population, 9852 Complaints (2007) Updated January 16, 2009 Current Laws: It is unlawful to intentionally use or attempt

More information

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer?

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information

More information

Cyber Risk Insurance for Agents. Frequently Asked Questions

Cyber Risk Insurance for Agents. Frequently Asked Questions Cyber Risk Insurance for Agents Frequently Asked Questions 1 Cyber Risk Insurance About Great American Insurance Great American Insurance Group s roots go back to 1872 with the founding of its flagship

More information

Cyber Liability. AlaHA Annual Meeting 2013

Cyber Liability. AlaHA Annual Meeting 2013 Cyber Liability AlaHA Annual Meeting 2013 Disclaimer We are not providing legal advise. This Presentation is a broad overview of health care cyber loss exposures, the process in the event of loss and coverages

More information

Cyber Threats: Exposures and Breach Costs

Cyber Threats: Exposures and Breach Costs Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals

More information

6. Does Applicant encrypt all sensitive and Personally Identifiable Information? Yes No If yes, give details:

6. Does Applicant encrypt all sensitive and Personally Identifiable Information? Yes No If yes, give details: Name of Insurance Company to which Application is made (herein called the Insurer ) CORPORATE IDENTITY PROTECTION NOTICE: AMOUNTS INCURRED FOR DEFENSE COSTS, ADMINISTRATIVE EXPENSES, NOTIFICATION COSTS,

More information

Cyber Risks Connect With Directors and Officers

Cyber Risks Connect With Directors and Officers Cyber Risks Connect With Directors and Officers Implications of the New SEC Guidance on Cyber Security February 2012 Lockton Companies, LLC The Securities and Exchange Commission (SEC) has changed the

More information

Cyber Security for Non- Profit Organizations. Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3

Cyber Security for Non- Profit Organizations. Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3 Cyber Security for Non- Profit Organizations Scott Lawler CISSP- ISSAP, ISSMP, HCISPP Copyright 2015 LP3 May 2015 Agenda IT Security Basics e- Discovery Compliance Legal Risk Disaster Plans Non- Profit

More information

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and

More information

(1) regulate the storage, retention, transmission, and security measures for credit card, debit card, and other payment-related data;

(1) regulate the storage, retention, transmission, and security measures for credit card, debit card, and other payment-related data; Legal Updates & News Legal Updates Pending Changes to California s Data Breach Law: New Burdens for Retailers? September 2007 by Christine E. Lyon, William L. Stern Related Practices: Privacy and Data

More information

Understanding Professional Liability Insurance

Understanding Professional Liability Insurance Understanding Professional Liability Insurance Definition Professional liability is more commonly known as errors & omissions (E&O) and is a form of liability insurance that helps protect professional

More information

PCI Compliance for Healthcare

PCI Compliance for Healthcare PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?

More information

Cyber Security: Compliance and Protection 2012 A Complimentary LexisNexis Webinar December 11, 2012

Cyber Security: Compliance and Protection 2012 A Complimentary LexisNexis Webinar December 11, 2012 Cyber Security: Compliance and Protection 2012 A Complimentary LexisNexis Webinar December 11, 2012 David Chatfield, Vice President, Cyber Security Services, NetDiligence Linda Clark, Esq., U.S. Senior

More information

AUTOMATED PENETRATION TESTING PRODUCTS

AUTOMATED PENETRATION TESTING PRODUCTS AUTOMATED PENETRATION TESTING PRODUCTS Justification and Return on Investment (ROI) EXECUTIVE SUMMARY This paper will help you justify the need for automated penetration testing software and demonstrate

More information

Discussion on Network Security & Privacy Liability Exposures and Insurance

Discussion on Network Security & Privacy Liability Exposures and Insurance Discussion on Network Security & Privacy Liability Exposures and Insurance Presented By: Kevin Violette Errors & Omissions Senior Broker, R.T. Specialty, LLC February, 25 2014 HFMA Washington-Alaska Chapter

More information

12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013

12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013 Regulatory Updates Eric M. Wright, CPA, CITP Schneider Downs & Co., Inc. December 5, 2013 Eric M. Wright, CPA, CITP Eric has been involved with Information Technology with Schneider Downs since 1983. He

More information

IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411

IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411 IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING

More information

DRAFT. Six Recommendations to MasterCard and Visa to Improve Credit and Debit Cardholder Security. Presented by

DRAFT. Six Recommendations to MasterCard and Visa to Improve Credit and Debit Cardholder Security. Presented by DRAFT Six Recommendations to MasterCard and Visa to Improve Credit and Debit Cardholder Security Presented by The American Bankers Association National Bank Card Fraud Task Force in an effort to give consumers

More information

CSR Breach Reporting Service Frequently Asked Questions

CSR Breach Reporting Service Frequently Asked Questions CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could

More information

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become

More information

Securing Critical Information Assets: A Business Case for Managed Security Services

Securing Critical Information Assets: A Business Case for Managed Security Services White Paper Securing Critical Information Assets: A Business Case for Managed Security Services Business solutions through information technology Entire contents 2004 by CGI Group Inc. All rights reserved.

More information

CYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP

CYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP www.willis.com CYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP INSIDE THIS EDITION... CYBER CLAIMS LANDSCAPE A SAMPLING OF LARGE CYBER SETTLEMENTS LEGAL SPOTLIGHT, PRIVILEGE

More information

White Paper #6. Privacy and Security

White Paper #6. Privacy and Security The Complexity of America s Health Care Industry White Paper #6 Privacy and Security www.nextwavehealthadvisors.com 2015 Next Wave Health Advisors and Lynn Harold Vogel, Ph.D. The Complexity of America

More information

Data Security: Recent Events, Trends and Best Practices

Data Security: Recent Events, Trends and Best Practices EXPLORE OUR WORLD Data Security: Recent Events, Trends and Best Practices Presented to: IAOP, London By: Tony Lucas EMEA Head of Compliance, Sitel Date: 8 th October 2008 Data Security Challenges for the

More information

Understanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule

Understanding Health Insurance Portability Accountability Act AND HITECH. HIPAA s Privacy Rule Understanding Health Insurance Portability Accountability Act AND HITECH HIPAA s Privacy Rule 1 What Is HIPAA s Privacy Rule The privacy rule is a component of the Health Insurance Portability and Accountability

More information

Texas Medical Records Privacy Act

Texas Medical Records Privacy Act A COALFIRE PERSPECTIVE Texas Medical Records Privacy Act Texas House Bill 300 (HB 300) Rick Dakin, CEO & Co-Founder Rick Link, Director Andrew Hicks, Director Overview The State of Texas has pushed ahead

More information

Data Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015

Data Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Data Privacy: What your nonprofit needs to know Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Overview 2 Data privacy versus data security Privacy polices and best practices Data security

More information

BY COMPLETING THIS NEW BUSINESS APPLICATION THE APPLICANT IS APPLYING FOR COVERAGE WITH FEDERAL INSURANCE COMPANY (THE COMPANY )

BY COMPLETING THIS NEW BUSINESS APPLICATION THE APPLICANT IS APPLYING FOR COVERAGE WITH FEDERAL INSURANCE COMPANY (THE COMPANY ) .. BY COMPLETING THIS THE APPLICANT IS APPLYING FOR COVERAGE WITH FEDERAL INSURANCE COMPANY (THE COMPANY ) NOTICE: INSURING CLAUSE A OF THE POLICY PROVIDES CLAIMS MADE COVERAGE, WHICH APPLIES ONLY TO "CLAIMS"

More information

State of Illinois Department of Central Management Services ACTION PLAN FOR NOTIFICATION OF A SECURITY BREACH

State of Illinois Department of Central Management Services ACTION PLAN FOR NOTIFICATION OF A SECURITY BREACH State of Illinois Department of Central Management Services ACTION PLAN FOR NOTIFICATION Effective August 31, 2007 Publication Name(s): Version #(1): ILLINOIS DEPARTMENT OF CENTRAL MANAGEMENT SERVICES

More information

Target Data Breach Survey of Illinois Banks. Executive Summary

Target Data Breach Survey of Illinois Banks. Executive Summary Target Data Breach Survey of Illinois Banks Executive Summary February 2014 www.ilbanker.com Target Data Breach Survey of Illinois Banks Executive Summary In December of 2013, just days before the holidays,

More information

CYBER RISK SECURITY, NETWORK & PRIVACY

CYBER RISK SECURITY, NETWORK & PRIVACY CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread

More information

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures

More information

DATA BREACH COVERAGE

DATA BREACH COVERAGE THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000

More information

WHITE PAPER. PCI Compliance: Are UK Businesses Ready?

WHITE PAPER. PCI Compliance: Are UK Businesses Ready? WHITE PAPER PCI Compliance: Are UK Businesses Ready? Executive Summary The Payment Card Industry Data Security Standard (PCI DSS), one of the most prescriptive data protection standards ever developed,

More information

cyber invasions cyber risk insurance AFP Exchange

cyber invasions cyber risk insurance AFP Exchange Cyber Risk With cyber invasions now a common place occurrence, insurance coverage isn t found in your liability policy. So many different types of computer invasions exist, but there is cyber risk insurance

More information

Cyber Insurance: How to Investigate the Right Coverage for Your Company

Cyber Insurance: How to Investigate the Right Coverage for Your Company 6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)

More information

Cyber/Information Security Insurance. Pros / Cons and Facts to Consider

Cyber/Information Security Insurance. Pros / Cons and Facts to Consider 1 Cyber/Information Security Insurance Pros / Cons and Facts to Consider 2 Presenters Calvin Rhodes, Georgia Chief Information Officer Ron Baldwin, Montana Chief Information Officer Ted Kobus, Partner

More information

The Liability of Technology Companies for Data Breaches

The Liability of Technology Companies for Data Breaches The Liability of Technology Companies for Data Breaches Suits against technology companies sparked by breaches of customer data are relatively uncommon today, but they are likely to mushroom in the coming

More information

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations

More information

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING By: Jerry Jackson Compliance and Privacy Officer 1 1 Introduction Welcome to Privacy and Security Training course. This course will help you

More information

TRENDS IN CYBER LIABILITY Presented by Chris DiIenno Data Privacy and Network Security Group Lewis Brisbois Bisgaard & Smith

TRENDS IN CYBER LIABILITY Presented by Chris DiIenno Data Privacy and Network Security Group Lewis Brisbois Bisgaard & Smith TRENDS IN CYBER LIABILITY Presented by Chris DiIenno Data Privacy and Network Security Group Lewis Brisbois Bisgaard & Smith Types of Data at Stake Residents, constituents, employees PII Personally Identifiable

More information