2015 PIAA Corporate Counsel Workshop October 22 23, 2015 Considerations in Cyber Liability Coverage
|
|
- Chester Kelly
- 8 years ago
- Views:
Transcription
1 2015 PIAA Corporate Counsel Workshop October 22 23, 2015 Considerations in Cyber Liability Coverage Chris Reese Vice President, Director of Underwriting Connie Rivas Asst. Vice President, Contracts and Legal Services Overview Introduction In the News Regulatory Oversight Current Data on Breaches Review of Best Practices Current Security and Privacy measures Summary of Cyber Insurance Coverage 2 1
2 A Data Breach Is Not ADisaster. Mishandling It Is. 3 Introduction: Complexity of Cyber Threats has Grown Dramatically US Business face increasingly sophisticated threats that outstrip traditional defenses Economics of cyber cybersecurity favor the attackers Reputational harm is significant Competing pressures within organizations Deploy IT resources to risk mitigation Deploy IT resources to advance the required business technologies to service and compete 4 2
3 What is a Breach? A breach is defined as an event in which an individual name plus Social Security Number (SSN), driver s license number, medical record or a financial record/credit/debit card is potentially put at risk Paper or Electronic Potential Security Threats Compromises the integrity, security or confidentiality of information Circumstances where a data breach may have happened or could happen in the future. (e.g. lost flash drive with PII) 5 In the News In 2013 and 2014, the Identity Theft Resource Center (ITRC) documented nearly 1,400 data breaches in the US, including: ( Target 110,000,000 Records Compromised Anthem Breach 78,800,000 Records Compromised (source: USA Today April 14, Home Depot 56,000,000 Records Compromised Excellus Blue Cross Blue Shield 10,000,000 Records Compromised (source: Privacy Rights Clearinghouse ) IRS 1,400,000 Records Compromised Saint Joseph Health System 405,000 Records Compromised University of Maryland 309,079 Records Compromised 6 3
4 In the News cont. In 2013 and 2014, the Identity Theft Resource Center (ITRC) documented nearly data breaches in the US, including: ( Touchstone Medical Imaging (TN) 307,528 Records Compromised Sutherland Healthcare Solutions 168,500 Records Compromised Indiana University 146,000 Records Compromised Orthopedic Specialty Institute (AL) Iron Mountain 49,714 Records Compromised Office of Nisar Quraishi (NY) 20,000 Records Compromised Office of Dennis Flynn, M.D. (IL) 13,646 Records Compromised 7 Regulatory Oversight Privacy and Cyber Gramm Leach Bliley Act; Federal Law passed in 1999 Oversight of insurance companies is delegated to state insurance authorities to enforce If a state insurance authority fails to adopt regulations, then the state shall not be eligible to override Federal oversight The NAIC (National Assoc. of Ins. Commissioners) published a model law for individual states to adopt. States took the following actions: Adopted the model law in a substantially similar manner Related State Activity have not adopted the current model but have an earlier version of the model or have legislation derived from other sources No current activity; includes states that have repealed legislation or never adopted legislation SOURCE: National Association OF Insurance Commissions
5 Regulatory Oversight Privacy and Cyber NAIC (National Assoc. of Ins. Commissioners) has adopted the Principles for Effective Cybersecurity Insurance Regulatory Guidance. State insurance regulators have a responsibility to ensure that personally identifiable consumer information held by insureds is protected from cybersecurity risks Confidential and/or personally identifiable financial information should be appropriately safeguarded State insurance regulators have a responsibility to protect information inside/outside of an insurance department or at the NAIC Cybersecurity regulatory guidance for insureds must be flexible, scalable, proactive, and consistent with nationally recognized efforts such as NIST framework Regulatory guidance must be risk based and must consider the resources of the insurer with a caveat of a minimum set of cybersecurity standards State insurance regulators should provide appropriate regulatory oversight, which includes but is not limited to, conducting risk based financial examination and/or market conduct examinations regarding cybersecurity SOURCE: National Association OF Insurance Commissions Regulatory Oversight Privacy and Cyber (continued) NAIC Principles for Effective Cybersecurity Insurance Regulatory Guidance [continued] Planning for incident response is an essential component to an effective cybersecurity program Insurers.should take appropriate steps to ensure that 3 rd parties and service providers have controls in place to protect PII Cybersecurity risks should be incorporated and part of an enterprise risk management process; transcends the IT department IT internal audit findings that present a material risk to an insurer should be reviewed with the board of directors or appropriate committee thereof It is essential to use information sharing and analysis organization (ISAO) to share information and stay informed of emerging threats, as well as physical threats intelligence sharing Period and timely training, paired with an assessment, for employees regarding cybersecurity issues is essential SOURCE: National Association OF Insurance Commissions
6 Regulatory Oversight Privacy and Cyber (continued) NIST National Institute of Standards and Technology Federal government framework for standards benchmark Standards, methodologies, procedures and processes that aligns policy, business and tech issues to address cyber risks SOURCE: National Association OF Insurance Commissions NAIC Cyber Security Bill of Rights Presented for Court July 2015, Final version, not yet Approved. 12 6
7 Cybersecurity Bill of Rights As an insurance consumer, you generally have the right to: 1. Know what type of personally identifiable information is being collected and how long that personally identifiable information is kept by an insurer 2. Expect that an insurer is adequately protecting the personally identifiable information from disclosure to unauthorized persons. 3. Receive notice from an insurer if your personally identifiable information was, or is reasonably believed to have been, acquired by an unauthorized person and could result in identity theft or fraud to you. 4. Receive notice from an insurer, insurance producer, or other state regulated entity in the event of a data breach. 13 Cybersecurity Bill of Rights 5. Receive notification, from health insurers regarding a data breach of protected health information that is held by a health plan, under federal HIPAA laws. 6. Receive notice from an insurer information on any relevant payment card/bank account number breach, if the breach involves a breach of the payment card/bank account numbers. 7. Receive notice from an insurer in the event of a data breach of their security system, maintained by a third party service provider that has been contracted to maintain, store, or process personally identifiable information in electronic or paper form. 8. Receive a general description of the actions taken by the insurer restore the security and confidentiality of the personally identifiable information involved in a data breach. 9. Receive a minimum of two years of identity theft protection from the insurer, insurance producer, or other state regulated entity in the event of a data breach. 14 7
8 Cybersecurity Bill of Rights 10. Receive a summary of the rights of victims of identity theft prepared under the Fair Credit Reporting Act, fair creditreporting act.pdf, in the event of a data breach that involves personally identifiable information. Your rights under the Fair Credit Reporting Act include: The right to ask the three nationwide consumer reporting agencies to place fraud alerts in your file to let potential creditors and others know that you may be a victim of identity theft. o An initial fraud alert remains in your file for at least 90 days; o An extended fraud alert remains in your file for seven years; The right to obtain free copies of your credit report; o An initial fraud alert entitles you to a copy of all information in your file for each of the three nationwide consumer reporting agencies: Equifax; Experian; and TransUnion.. 15 Cybersecurity Bill of Rights 11. Request all three nationwide consumer reporting agencies to place a security freeze on your credit report ( credit freeze faqs). A security freeze will limit the consumer reporting agency from releasing your credit report or any information from your credit report without your authorization. 12. Receive an insurer, insurance producer, or other regulated entity s privacy policy regarding the data they collect on you. The regulated entity should provide a clear and conspicuous notice to you that accurately reflects its privacy policies and practices on an annual basis. Note: Your specific data rights are based on and subject to state and federal law. For more details regarding protections in your state, contact your state insurance department. The contact information can be found on the NAIC s web page,
9 Number of Breaches is on the Rise Identity Theft Resource Center (ITRC) documented 783 U.S. data breaches in 2014, representing a 27.5% increase over the number of breaches reported in 2013 * Hacking incidents represented the leading cause of data breach incidents, accounting for 29% of the breaches tracked by the ITRC This was followed for the second year in a row by breaches involving Subcontractor/Third Party at 15.1 %. * Cyber Claims Study PII was the most frequently exposed data (41% of breaches), followed by PHI (21%) and PCI (19%). Hackers were the most frequent cause of loss (30%), followed by Staff Mistakes (14%). Healthcare was the sector most frequently breached (23%), followed closely by Financial Services (22%). Small Revenue ($300M $2B), Micro Revenue ($50M $300M) and Nano Revenue (<$50M) companies experienced the most incidents (25%, 24% and 23% respectively). (SOURCE: NetDiligence 2014 Cyber Claims Study
10 2014 Cyber Claims Study Third parties accounted for 20% of the claims submitted. There was insider involvement in 32% of the claims submitted. The median number of records lost was 3,500. The average number of records lost was 2.4 million. Non zero claim payouts in this year s study ranged from $600 to almost $6.5 million. Typical claims, however ranged from $30,000 to $400,000. (SOURCE: NetDiligence 2014 Cyber Claims Study Cyber Claims Study Median claim payout was $144,000. Average claim payout was $733,109. Healthcare sector $1.3 million. Median per record cost was $ Average per record cost was $ Median cost for Crisis Services (forensics, notification, legal guidance and miscellaneous other) was $110,594. Average cost for Crisis Services was $366,484. Median cost for legal defense was $283,300. Average cost for legal defense was $698,797. Median cost for legal settlement was $150,000. Average cost for legal settlement was $558,520. (SOURCE: NetDiligence 2014 Cyber Claims Study
11 MISSION: CRITICAL Highly valuable information to cyber criminals Cyber Threat Map 1 21 Economic Motivation Estimate of 95% of attacks are economically motivated Attempting to steal data Corporate trade secrets client list Personal information on insureds (Name/address/SS#/banking info) Employee records Insurance Company financial assets cyber crime 22 11
12 Advanced Persistent Threats High End Attacks Ultra sophisticated teams of cyber criminals Deploy increasingly targeted malware in multi staged stealth attacks Goal penetrate all of the perimeter defense systems Intruders look at multiple avenues to exploit all layers of security vulnerabilities until they reach their goal Cyber security field consensus criminals are ahead of the corporations that need to defend themselves 23 Vulnerability is not limited to External Threats Low End Attacks Employees poorly trained, not following required protocols, disgruntled Subcontractors and independent contractors BYOD bring your own device Any party that the company connects to electronically creates a vulnerability vendor and partner management 24 12
13 Balance Risk Management And Use of New Technology Mobile technology, cloud computing and smart devices need appropriate risk management to minimize risk 25 Four Basic Security Controls Restricting user installation of applications ( whitelisting ) Ensuring that the operations system is patched with current updates Ensuring software applications have current updates Restricting Administrative privileges 26 13
14 5 Steps Corporate Boards Should Consider to Enhance Oversight of Corporate Risks Cyber security is an enterprise wide risk management issue, not just IT Directors are responsible to understand the legal risks of cyber security Boards should be adequately informed of cyber security risk / risk management; entire board; not just the audit committee Directors and management work together to have an adequate enterprise wide risk management plan/budget Board management discussions include identification of risk and agreement re: avoidance, mitigation, acceptance and transfer. Including plans for each. Source: Cyber Risk Oversight, Director s Handbook Series, NACD ( National Association of Corporate Directors) 27 Boards Show be Adequately Informed of Cyber Security Risks / Risk Management Schedule educational sessions Participate in company privacy training Consider whether the company should have a cyber and/or IT expert serve on the board Regular reporting to the board by company management on cyber risk security and incidents; quarterl (Source: Cyber Risk Oversight, Director s Handbook Series, NACD)
15 Compliance Basics Assign ultimate privacy and data security responsibility to 1 person Prepare for data security incidents (Additional resources provided) Determine where Personal Information is stored (Additional resources provided) Conduct a risk assessment 29 Compliance Basics Continued Mitigate against identified risks Control your vendors and business partners Implement a continuous workforce training and awareness program Review and Update Procedures 30 15
16 Manage Breach Responding to an Incident Immediate Response Breach Notification Requirements Report Data Breach 31 A Simplified View Data Breach Insurance Response Evaluation of the Data Breach Managing the Short Term Crisis Handling the Long Term Consequences Class Action Lawsuits Discovery of a Data Breach Forensic Investigation and Legal Review Notification and Credit Monitoring Public Relations Regulatory Fines, Penalties, and Consumer Redress Reputational Damage Income Loss 32 16
17 Costs of a Data Breach Our results show that the cost to respond to a data breach is usually between $10 $30 per record for breach response services that include some legal expenses, patient notification letters, call center support, and credit monitoring services. (Keep in mind this number is an average. Costs can exceed $30 a record in some cases. IT costs, Legal fees, and government fines are additional costs.) 33 Coverage Considerations Balance Sheet Protection When considering the limits of insurance Resource Allocation Competing IT demands; insurance = risk transfer Risk Tolerance level Sleep at night 34 17
18 Available Insurance Coverage Multimedia Liability Coverage for third party claims alleging copyright/trademark infringement, libel/slander, advertising, plagiarism, and personal injury. Covers both online and offline media. Security & Privacy Liability Coverage for third party claims alleging liability resulting from a security or privacy breach, including the failure to safeguard online or offline information, or the failure to prevent virus attacks, denial of service of attacks or the transmission of malicious code. 35 Available Insurance Coverage (Continued) Privacy Regulatory Defense & Penalties Coverage for defense costs and fines/penalties incurred in defending against regulatory investigations of privacy or security breaches. Privacy Breach Responses Costs, Customer Notification Expenses and Customer Support and Credit Monitoring Expenses Coverage includes all reasonable legal, public relations, advertising, IT forensic, call center, credit monitoring and postage expenses incurred by the insured in response to a privacy breach
19 Available Insurance Coverage (Continued) BrandGuard Coverage for lost revenue directly resulting from an adverse media report and/or notification to customers of a security or privacy breach. Network Asset Protection Coverage for amounts incurred to recover and/or replace data that is compromised, damaged, lost, erased or corrupted due to accidental damage or destruction of electronic media or computer hardware, administrative or operational mistakes in the handling of electronic data, or computer crime/attacks. Coverage also extends to business income loss and interruption expenses incurred as a result of a total or partial interruption of the insured s computer system directly caused by any of the above events. 37 Available Insurance Coverage (Continued) Cyber Extortion Covers extortion expenses incurred, and extortion monies paid, as a direct result of a credible cyber extortion threat. Cyber Terrorism Coverage for income loss and business interruption expenses directly resulting from a total or partial interruption, degradation in service or failure of the insured s computer system due to a cyber terrorism attack
20 Possible Uninsured Exposures Intentional violation of law damages Prior Act exposures check retroactive date Wear/Tear/Gradual Deterioration Representations made regarding maintaining a certain level of cyber security Damages to data resulting from a Natural Event (may not be covered by Property Insurance either) Loss resulting from power outages Use of programs that are unlicensed or not operational 39 Coverage Features New Cyber Crime PCI Coverage Cyber Terrorism Voluntary Notification Cost Pre Breach cost 40 20
21 Fair Use Disclaimer FAIR USE DISCLAIMER: The following presentation contains copyrighted materials the use of which has not always been specifically authorized by the copyright owner. We are making the information available for education, news reporting, research, teaching and discussion purposes and to advance awareness and understanding of issues relating to personally identifiable information and associated risks. We believe this constitutes fair use of any such copyrighted material as provided for under the Fair Use exemptions of Title 17 U.S.C. Section 107 of the U.S. Copyright Law. Further use is prohibited. If you wish to use copyrighted material from this presentation for purposes of your own that go beyond fair use, you must obtain permission from the copyright owner. 41 Copyrighted Materials List Page 6 & 7 Identity Theft Resource Center Data Breach Source: Identity Theft Resource Center (ITRC) Page 6 Anthem Breach Source: USA Today April 14, Page 6 Excellus Blue Cross Blue Shield Source: Privacy Right Clearinghouse Page 8 11 Regulatory Oversight Privacy and Cyber Source: National Associate of Insurance Commissions Page Cybersecurity Bill of Rights Source: National Associate of Insurance Commissions Page 17 ITRC Data Breaches Source: Identity Theft Resource Center (ITRC) Surveys Studies/2014databreaches.html Page Cyber Claims Study Source: NetDiligence Page 21 $50 Million Class Action Lawsuit Against Long Island Health System Source: Modern Healthcare, Feb Page 21 $400,00 Penalty in HIPAA Case Source: Government Information Security, May penalty in hipaa case a 5782 Page 21 Page 28 Page 29 Three laptops stolen from New York podiatry office 5 Steps Corporate Boards Should Consider to Enhance Oversight of Corporate Risks Boards Show be Adequately Informed of Cyber Security Risks / Risk Management Source: Sims and Associates Podiatry, Important Security and Protection Notification, April, laptops stolen from new york podiatry office 6475 atrisk/article/343644/ Source: Cyber Risk Oversight, Director s Handbook Series, NACD (National Association of Corporate Directors) Source: Cyber Risk Oversight, Director s Handbook Series, NACD (National Association of Corporate Directors)
22 NAS INSURANCE THANK YOU Chris Reese Vice President, Director of Underwriting Connie Rivas Assistant Vice President, Contracts and Legal Services
GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationManaging Cyber & Privacy Risks
Managing Cyber & Privacy Risks NAATP Conference 2013 NSM Insurance Group Sean Conaboy Rich Willetts SEAN CONABOY INSURANCE BROKER NSM INSURANCE GROUP o Sean has been with NSM Insurance Group for the past
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationInternet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler
Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in
More informationPrivacy Rights Clearing House
10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights
More informationData breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
More informationCyber Exposure for Credit Unions
Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of
More informationRISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION
RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION October 23, 2015 THREAT ENVIRONMENT Growing incentive for insiders to abuse access to sensitive data for financial gain Disgruntled current and former
More informationCyber/ Network Security. FINEX Global
Cyber/ Network Security FINEX Global ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over
More informationManaging Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec
Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Jeremy Ong Divisional Vice-President Great American Insurance Company November 13, 2010 1 Agenda Overview of data breach statistics
More informationCYBER RISK SECURITY, NETWORK & PRIVACY
CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationInsurance Considerations Related to Data Security and Breach in Outsourcing Agreements
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
More informationBeyond Data Breach: Cyber Trends and Exposures
Beyond Data Breach: Cyber Trends and Exposures Vietnam 7 th May 2015 Jason Kelly Head of Asia Financial Lines AIG Agenda Why do companies need cyber protection Example of Cyber attack worldwide and in
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationCyber Liability. What School Districts Need to Know
Cyber Liability What School Districts Need to Know Data Breaches Growing In Number Between January 1, 2008 and April 4, 2012 314,216,842 reported records containing sensitive personal information have
More informationImplementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind
Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and
More informationData breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
More informationCyber and Privacy Risk What Are the Trends? Is Insurance the Answer?
Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information
More informationBest practices and insight to protect your firm today against tomorrow s cybersecurity breach
Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently
More informationMANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS
MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS RRD Donnelley SEC Hot Topics Institute May 21, 2014 1 MANAGING CYBERSECURITY RISK AND DISCLOSURE OBLIGATIONS Patrick J. Schultheis Partner Wilson
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationReducing Risk. Raising Expectations. CyberRisk and Professional Liability
Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today
More informationCyber Threats: Exposures and Breach Costs
Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals
More informationManaging Cyber Risk through Insurance
Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes
More informationCYBER SECURITY SPECIALREPORT
CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber
More informationCyber Insurance: How to Investigate the Right Coverage for Your Company
6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationIRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411
IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING
More informationPrivacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014
Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Nikos Georgopoulos Privacy Liability & Data Breach Management wwww.privacyrisksadvisors.com October 2014
More informationCyber-Crime Protection
Cyber-Crime Protection A program of cyber-crime prevention, data breach remedies and data risk liability insurance for houses of worship, camps, schools, denominational/association offices and senior living
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationUnderstanding. your Cyber Liability coverage
Understanding your Cyber Liability coverage TEXAS MEDICAL LIABILITY TRUST 901 S. Mopac Expressway Barton Oaks Plaza V, Suite 500 Austin, TX 78746-5942 P.O. Box 160140 Austin, TX 78716-0140 800-580-8658
More informationCyber Liability & Data Breach Insurance Claims
Cyber Liability & Data Breach Insurance Claims A Study of Actual Payouts for Covered Data Breaches Mark Greisiger President NetDiligence June 2011 Last year, privacy breaches ran about 1-2 per week. This
More informationCyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor
Cyber Risks Management Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor 1 Contents Corporate Assets Data Breach Costs Time from Earliest Evidence of Compromise to Discovery of Compromise The Data Protection
More informationDATA BREACH COVERAGE
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000
More informationAnatomy of a Privacy and Data Breach
Anatomy of a Privacy and Data Breach Understanding the Risk and Managing a Crisis Adam Kardash: Partner, Heenan Blaikie LLP Robert Parisi: Senior Vice President, Marsh Leadership, Knowledge, Solutions
More informationJoe A. Ramirez Catherine Crane
RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More informationCyberSecurity for Law Firms
CyberSecurity for Law Firms Cracking the Cyber Code: Recent Headlines, Reinforcing the Need and Response Planning July 16, 2013 Making the Case Matthew Magner Senior Underwriting Officer Chubb & Son, a
More informationCyber and data Policy wording
Please read the schedule to see whether Breach costs, Cyber business interruption, Hacker damage, Cyber extortion, Privacy protection or Media liability are covered by this section. The General terms and
More informationRogers Insurance Client Presentation
Rogers Insurance Client Presentation Network Security and Privacy Breach Insurance Presented by Matthew Davies Director Professional, Media & Cyber Liability Chubb Insurance Company of Canada mdavies@chubb.com
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationCyber Liability. AlaHA Annual Meeting 2013
Cyber Liability AlaHA Annual Meeting 2013 Disclaimer We are not providing legal advise. This Presentation is a broad overview of health care cyber loss exposures, the process in the event of loss and coverages
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationcyber invasions cyber risk insurance AFP Exchange
Cyber Risk With cyber invasions now a common place occurrence, insurance coverage isn t found in your liability policy. So many different types of computer invasions exist, but there is cyber risk insurance
More informationCyber Risks and Insurance Solutions Malaysia, November 2013
Cyber Risks and Insurance Solutions Malaysia, November 2013 Dynamic but vulnerable IT environment 2 Cyber risks are many and varied Malicious attacks Cyber theft/cyber fraud Cyber terrorism Cyber warfare
More informationCybersecurity. Are you prepared?
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
More informationCAGNY Spring 2015 Meeting Fundamentals of Cyber Risk. Brad Gow June 9th, 2015 Endurance
Fundamentals of Cyber Risk Brad Gow June 9th, 2015 Endurance But consider the kickoff chuckle to a speech given to the Wharton School in March 1977 by Sidney Homer of Salomon Brothers, the leading bond
More informationLaw Firm Cyber Security & Compliance Risks
ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014
More informationSMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015
SMB Data Breach Risk Management Best Practices By Mark Pribish February 19, 2015 Presentation Agenda About Mark Pribish Information Governance The Threat Landscape Data Breach Trends Legislative and Regulatory
More informationISO? ISO? ISO? LTD ISO?
Property NetProtect 360 SM and NetProtect Essential SM Which one is right for your client? Do your clients Use e-mail? Rely on networks, computers and electronic data to conduct business? Browse the Internet
More informationCyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day
Lloyd s of London (Reuters) May 8, 2000 Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Rivers Casino, Pittsburgh November 17, 2014
More informationInsuring Innovation. CyberFirst Coverage for Technology Companies
Insuring Innovation. CyberFirst for Technology Companies TECHNOLOGY IS EVERYWHERE. SO ARE THE THREATS. protection that goes well beyond a traditional general liability policy. CyberFirst CyberFirst is
More informationHow To Buy Cyber Insurance
10-26-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More information3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.
Cybersecurity: Minimizing Risk & Responding to Breaches March 5, 2015 Andy Chambers Michael Kelly Jimmie Pursell Scope of Problem Data Breaches A Daily Phenomenon Anthem JP Morgan / Chase Sony Home Depot
More informationPrivacy and Data Breach Protection Modular application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationNZI LIABILITY CYBER. Are you protected?
NZI LIABILITY CYBER Are you protected? Any business that operates online is vulnerable to cyber attacks and data breaches. From viruses and hackers to employee error and system damage, your business is
More informationCyber Risks in Italian market
Cyber Risks in Italian market Milano, 01.10.2014 Forum Ri&Assicurativo Gianmarco Capannini Agenda 1 Cyber Risk - USA 2 Cyber Risk Europe experience trends Market size and trends Market size and trends
More informationCyber/Information Security Insurance. Pros / Cons and Facts to Consider
1 Cyber/Information Security Insurance Pros / Cons and Facts to Consider 2 Presenters Calvin Rhodes, Georgia Chief Information Officer Ron Baldwin, Montana Chief Information Officer Ted Kobus, Partner
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationEd McMurray, CISA, CISSP, CTGA CoNetrix
Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats
More informationCyber Risk Insurance for Agents. Frequently Asked Questions
Cyber Risk Insurance for Agents Frequently Asked Questions 1 Cyber Risk Insurance About Great American Insurance Great American Insurance Group s roots go back to 1872 with the founding of its flagship
More informationInsulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015
Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact February 10, 2015 Overview 1 The Legal Risks And Issues/The Role Of Legal Counsel: The Breach Coach The Slippery
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More information4/30/2015 CYBER LIABILITY AND AVIATION AGENDA LEARNING OBJECTIVES. Presented by Hal Hunt May 3, 2015
CYBER LIABILITY AND AVIATION Presented by Hal Hunt May 3, 2015 AGENDA Introduction Leaning Objectives Threat Examples Underwriting Protection/Cyber Policy Summary 2 LEARNING OBJECTIVES Understand Key Terms
More informationCyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029
Cyber Liability Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Today s Agenda What is Cyber Liability? What are the exposures? Reality of a
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationUnderstanding Professional Liability Insurance
Understanding Professional Liability Insurance Definition Professional liability is more commonly known as errors & omissions (E&O) and is a form of liability insurance that helps protect professional
More informationDon t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks
Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Thank you for joining us. We have a great many participants in today s call. Your phone is currently
More informationCYBER & PRIVACY LIABILITY INSURANCE GUIDE
CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,
More informationCyber Insurance Presentation
Cyber Insurance Presentation Presentation Outline Introduction General overview of Insurance About us Cyber loss statistics Cyber Insurance product coverage Loss examples Q & A About Us A- Rated reinsurance
More informationAdding Cloud Solutions to Customer Contracts Robert J. Scott
Adding Cloud Solutions to Customer Contracts Robert J. Scott MSP vs. Cloud Who owns the hardware? Where does the data reside? Dedicated vs. Multi tenant? Who contracts with 3 rd parties? How are services
More informationData Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked
Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed
More informationBig Data, Big Risk, Big Rewards. Hussein Syed
Big Data, Big Risk, Big Rewards Hussein Syed Discussion Topics Information Security in healthcare Cyber Security Big Data Security Security and Privacy concerns Security and Privacy Governance Big Data
More informationOctober 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches
October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title
More informationCybersecurity Workshop
Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Pam Townley, AVP / Eastern Zonal Manager AIG Professional Liability Division Jennifer Bolling, Account Executive Gallagher Management Liability Division
More informationAdopting a Cybersecurity Framework for Governance and Risk Management
The American Hospital Association s Center for Healthcare Governance 2015 Fall Symposium Adopting a Cybersecurity Framework for Governance and Risk Management Jim Giordano Vice Chairman & Chair of Finance
More informationEnterprise PrivaProtector 9.0
IRONSHORE INSURANCE COMPANIES 75 Federal St Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING FOR A CLAIMS
More informationNetwork Security and Data Privacy Insurance for Physician Groups
Network Security and Data Privacy Insurance for Physician Groups February 2014 Lockton Companies While exposure to medical malpractice remains a principal risk MIKE EGAN, CPCU Senior Vice President Unit
More informationGRC/Cyber Insurance. February 18, 2014. Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London. Join the conversation: #ISSAWebConf
GRC/Cyber Insurance February 18, 2014 Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London Join the conversation: 1 Generously sponsored by: 2 Welcome Conference Moderator Allan Wall ISSA Web Conference
More informationStandard: Information Security Incident Management
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
More informationCYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131
CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations
More informationUnderstanding the Business Risk
AAPA Cybersecurity Seminar Andaz Savannah Hotel March 11, 2015 10:30 am Noon Understanding the Business Risk Presenter: Joshua Gold, Esq. (212) 278-1886 jgold@andersonkill.com Disclaimer The views expressed
More informationInformation Security Addressing Your Advanced Threats
Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?
More informationAHLA. N. HIPAA Security Breaches: What Should We Be Doing to Keep Us Out of the Headlines? Diane E. Felix Armstrong Teasdale LLP Saint Louis, MO
AHLA N. HIPAA Security Breaches: What Should We Be Doing to Keep Us Out of the Headlines? Diane E. Felix Armstrong Teasdale LLP Saint Louis, MO Anthony J. Munns Brown Smith Wallace LLC Saint Louis, MO
More informationCyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014
Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A. Puplava
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationStay ahead of insiderthreats with predictive,intelligent security
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies
More informationCYBER/ NETWORK SECURITY
CYBER/ NETWORK SECURITY FINEX AUSTRALIA ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over
More informationCyber Risk: Global Warning? by Cinzia Altomare, Gen Re
Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationBe Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance
Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance Today s agenda Introductions Cyber exposure overview Cyber insurance market and coverages Captive cyber insurance
More informationThe Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services
The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services What we are NOT doing today Providing Legal Advice o Informational Purposes
More information