Cybersecurity Risk Transfer

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cybersecurity Risk Transfer"

Transcription

1 Cybersecurity Risk Transfer Wednesday, October 30, 2013 Part IV in a 4 part series on Cybersecurity Presented by: Arthur J. Gallagher & Co., Huron Legal and Pillsbury Winthrop Shaw Pittman Pillsbury Winthrop Shaw Pittman LLP

2 Cybersecurity Risk Transfer Presented by: Joe DePaul, Arthur J. Gallagher & Co. Rene Siemens & Joe Kendall, Pillsbury Winthrop Shaw Pittman Laurey Harris, Huron Legal 1 Cybersecurity Risk Transfer

3 Today s Agenda Let s Recap: Cybersecurity - Overview Cybersecurity - Claims Cybersecurity - Global Records Management & ediscovery What is Risk Transfer? Insurance/Non-Insurance Alternative Methods of Risk Transfer Risk Transfer via Contracting with IT Suppliers Coverage Network Security Liability Privacy Liability Media Liability Crisis Management Cyber Extortion Data Asset Protection Business Interruption Technology Products/Services E&O Questions? 2 Cybersecurity Risk Transfer

4 Cyber Insurance Market Trends 1 Billion 800 Total Premiums Underwritten Premiums $15,000 to $35,000 per $1,000,000 of limits, for low retentions Soft market: Premiums steadily declining Large corporations were early adopters Most growth is among middle market companies 3 Cybersecurity Risk Transfer

5 Who Is Issuing Cyber Insurance Policies? 4 Cybersecurity Risk Transfer

6 The REGULATORY LANDSCAPE is complex, challenging and growing 50 State Privacy Laws (County/Local) - Laws or Regulation Foreign Privacy Laws UK ICO Information Commissioner s Office & many others (trans-border privacy issues) Canada White House Cybersecurity Executive Order Federal Trade Commission FACTA/Red Flags Rule HIPAA / HITECH Standard for smooth, consistent, and secure electronic transmission of health care data. PII/PHI personally identifiable information/health information about individuals - PII includes drivers license # s, SS # s, Credit Card # s, address, account numbers & PIN s PHI includes written documents, electronic files, and verbal information. (Even information from an informal conversation can be considered PHI.) Examples of PHI include: Completed health care claims forms Detailed claim forms Explanations of benefits Notes documenting discussions with plan participants SEC/GLB PCI/DSS 5 Cybersecurity Risk Transfer

7 Alternative Methods to Risk Transfer Company Strategic Priorities Protect company assets and viability against loss or disruption Achieve the appropriate level of security commensurate with the sensitivity and amount of data collected and retained Protect company systems and data against threats to the network structure and network security Anticipate evolving threats targeting company system vulnerabilities Meet compliance obligations Reduce litigation risks 6 Cybersecurity Risk Transfer

8 Alternative Methods to Risk Transfer Protect Data Investment There are two primary ways to protect your data investment to avoid a cyber incident: 1. Minimize Risks Associated with Data Breaches by safeguarding your data 2. Implement Records & Information Governance 7 Cybersecurity Risk Transfer

9 Safeguarding Data Security Goals Good security is A business enabler A process A privacy enabler Risk based Built in Continuous improvement Flexible and Changeable Good security is not A business impediment A product or technology Privacy The absence of danger Added on Ahead of the adversary Static 8 Cybersecurity Risk Transfer

10 Minimize Risks Associated with Data Breaches by safeguarding your data 1. You need a security framework that addresses Protection user authentication, encryption, firewalls, virus protection Detection intrusion detection, open source monitoring Response disaster recovery plan, incident response 2. Inventory your data by developing data maps Know the Who, Where, What & Why Limit access commensurate with sensitivity of data Secure your data through appropriate means two factor identification, strong passwords and robust network security Train all stakeholders personal online security hygiene Monitor your systems 9 Cybersecurity Risk Transfer

11 Minimize Risks Associated with Data Breaches by safeguarding your data 3. Create a Data Breach Response Plan Cross-disciplinary team legal, business partners, vendors and law enforcement Repeatable process that is well documented Conduct assessments and drills 4. Implement Information Governance Program - by developing record retention schedules and policies Records and information are retained for as long as legally or operationally required Systematic destruction of records and information in the ordinary course of business Protection of PII, vital and confidential records and information Improved customer service 10 Cybersecurity Risk Transfer

12 Moving to the Left Data Disposition Costs are volume driven If we shrink volumes, we shrink costs. Figure out how to get their electronic houses in order to cut costs (e-discovery and data breach) risks associated with ESI, from initial creation through final disposition 11 Cybersecurity Risk Transfer

13 Takeaways for Big Data and Cybersecurity Good security is a process that is necessarily risk based 100% security does not exist anywhere Threats and attackers are real and interested in your data Educate employees on personal security hygiene Develop a plan for information governance Big Databases are valuable assets and therefore; targets You need a security framework that addresses Protection, Detection, and Response to minimize the risk of a breach Know who is responsible for protection in 3 rd Party hosting Prepare for incident response before the crisis Prepare for e-discovery in advance of litigation 12 Cybersecurity Risk Transfer

14 Risk Transfer via Contracting with IT Suppliers Step 1 - Include Security Obligations Supplier shall maintain an information security program that - ensures security of Customer Data and protects against unauthorized use or access of Customer Data Supplier shall comply with Customer s Policies & Procedures Specific IT requirements. Supplier shall - encrypt all data maintain firewalls and security gateways monitor usage of User IDs / Passwords to access System Customer has right to modify Customer policies only question is cost Cloud Contracts Cloud Providers will not sign up for Customer s Policies and Procedures Business model depends on standardized service offering Cloud Providers require the right to change their security policies 13 Cybersecurity Risk Transfer

15 Risk Transfer via Contracting with IT Suppliers Step 2 Audit and Compliance Provisions Customer should have robust rights to audit Supplier Supplier should provide Customer with audits performed for Supplier by third parties SAS 70 Type 2 previously used to evaluate Supplier s security, but was not designed to be a security audit AICPA established SSAE 16 and Service Organization Controls ( SOC ) reporting Framework in June 2011 SOC 1 tests controls at a Supplier relevant to internal controls over financial reporting SOC 2 tests controls at a service organization relevant to security, availability, processing integrity, confidentiality and privacy Type I versus Type II Type I verifies the existence of the controls, and Type II audits whether the controls are being observed ISO Certification Add rep and warranty that Supplier will provide this Certification annually 14 Cybersecurity Risk Transfer

16 Risk Transfer via Contracting with IT Suppliers Step 3 - Subcontracting and other Protections Subcontracting Approval Right or Notice at a minimum Key is understand who may access data Subs obligated to comply with same security obligations as Supplier Supplier responsible for actions of subcontractors Restrictions on Supplier s Delivery Location Supplier will not change location from which it provides Services without Customer s consent Obligations to Destroy/Clean Media Supplier shall remove all Customer Data from any media which is retired and destroy or securely erase such media as Customer directs Instructions on wiping, shredding, destroying can be very specific 15 Cybersecurity Risk Transfer

17 Risk Transfer via Contracting with IT Suppliers Step 4 - What if there is a Cybersecurity Incident? Supplier shall - notify Customer within X Hours investigate the Incident and provide a report remediate the Incident in accordance with plan approved by Customer conduct forensic investigation to determine cause and what data / systems are implicated provide daily updates of its investigation to Customer and permit Customer reasonable access to the investigation cooperate with Customer s investigation Customer (and not Supplier) makes final decision on whether notices will be sent to affected individuals 16 Cybersecurity Risk Transfer

18 Risk Transfer via Contracting with IT Suppliers Step 5 Risk Shifting Liability Provisions Traditionally Supplier s Liability for data breach was unlimited Today, due to increasing number of cybersecurity incidents, Suppliers seek to limit liability as much as possible by: inserting liability cap limit liability to their breach of data security obligations preserve defense that damages are consequential (not recoverable) Supplier should be liable for any issues caused by Supplier s fault or negligence (includes an omission as well as not performing an obligation) Separate liability pool for these damages Stipulate types of costs that are recoverable to avoid claim that the damages are consequential and therefore not recoverable. Include: Preparation / sending of Notices, Credit monitoring services, etc. 17 Cybersecurity Risk Transfer

19 Where are the Gaps with Traditional Insurance? General Liability Property E&O/D&O Crime Cyber Network security POSSIBLE POSSIBLE POSSIBLE POSSIBLE COVERAGE Privacy breach POSSIBLE POSSIBLE POSSIBLE POSSIBLE COVERAGE Media liability POSSIBLE NONE POSSIBLE NONE COVERAGE Professional services POSSIBLE NONE POSSIBLE POSSIBLE COVERAGE Virus Transmission POSSIBLE POSSIBLE POSSIBLE POSSIBLE COVERAGE Damage to data POSSIBLE POSSIBLE POSSIBLE POSSIBLE COVERAGE Breach notification POSSIBLE NONE POSSIBLE POSSIBLE COVERAGE Regulatory investigation POSSIBLE NONE POSSIBLE POSSIBLE COVERAGE Extortion POSSIBLE NONE POSSIBLE POSSIBLE COVERAGE Virus/hacker attack POSSIBLE POSSIBLE POSSIBLE POSSIBLE COVERAGE Denial of service attack Business interruption loss POSSIBLE POSSIBLE POSSIBLE POSSIBLE COVERAGE NONE POSSIBLE POSSIBLE NONE COVERAGE 18 Cybersecurity Risk Transfer

20 Available Insurance Coverage Exposure Category Network Security Liability Privacy Liability Description Provides liability coverage if an Insured's Computer System fails to prevent a Security Breach or a Privacy Breach Provides liability coverage if an Insured fails to protect electronic or non-electronic information in their care custody and control Media Liability Covers the Insured for Intellectual Property and Personal Injury perils the result from an error or omission in content (coverage for Patent and Trade Secrets are generally not provided) Regulatory Liability Notification Expense Coverage for lawsuits or investigations by Federal, State, or Foreign regulators relating to Privacy Laws 1st Party expenses to comply with Privacy Law notification requirements Crisis Management Credit Monitoring Expense Forensic Investigations 1st Party expenses to provide up to 12 months credit monitoring 1st Party expenses to investigate a system intrusion into an Insured Computer System Data Recovery Public Relations & Call Center 1st Party expenses to hire a Public Relations firm & manage a Call Center 1st party expenses to recover data damaged on an Insured Computer System as a result of a Failure of Security Business Interruption Cyber Extortion Technology Services/Products & Professional Errors & Omission Liability 1st party expenses for lost income from an interruption to an Insured Computer System as a result of a Failure of Security Payments made to a party threatening to attack an Insured's Computer System in order to avert a cyber attack Technology Products & Services and Miscellaneous E&O can be added to a policy when applicable 19 Cybersecurity Risk Transfer

21 3rd Party Coverage Network and Privacy Liability Coverage for: Claims arising from the unauthorized access to data containing identity information, Failure to protect non-public information (PII/PHI/Corporate Confidential Information in your care, custody and control Transmission of a computer virus, and Liability associated with the failure to provide authorized users with access to the company s website 20 Cybersecurity Risk Transfer

22 3rd Party Coverage Technology Products/Services Errors & Omissions Coverage for: Claims arising from the failure of a technology product or service to perform as indicated. Media Liability Coverage for: Claims arising from Personal Injury perils on/off line Defamation/Infringement/libel/slander *Not Patent/Trade secret 21 Cybersecurity Risk Transfer

23 1st Party Coverage Crisis Management/Security Breach Remediation and Notification Expenses Coverage for: Crisis Management Expenses Covers expenses to obtain legal assistance to navigate the event, determine which regulatory bodies need to be notified and which laws would apply Public relations services to mitigate negative publicity as a result of cyber liability Forensic costs incurred to determine the scope of a failure of Network Security and determine whose information was accessed Notification to those individuals of the security breach Credit monitoring Call center to handle inquiries Identity fraud expense reimbursement for those individuals affected by the breach 22 Cybersecurity Risk Transfer

24 1st Party Coverage Computer Program and Electronic Data Restoration Expenses Coverage for: Expenses incurred to restore data lost from damage to computer systems due to computer virus or unauthorized access Cyber Extortion Coverage for: Money paid due to threats made regarding an intent to fraudulently transfer funds, destroy data, introduce a virus or attack on computer system, or disclose electronic data/information Business Interruption and Additional Expense Coverage for: Loss of income, and the extra expense incurred to restore operations, as result of a computer system disruption caused by a virus or other unauthorized computer attack 23 Cybersecurity Risk Transfer

25 Ten Tips For Buying Cyber Insurance #1 Make sure your limits and sub-limits are adequate Average remediation cost is $7.2 million per data breach event Average remediation cost is $214 per record Source: Symantec Corp. and Ponemon Institute: Global Cost of a Data Breach (2010) WARNING! Many policies impose inadequate limits for crisis management expenses and regulatory action expenses 24 Cybersecurity Risk Transfer

26 Ten Tips For Buying Cyber Insurance #2 Ask for retroactive coverage What if a breach happens before you buy insurance, but you were unaware of it? Retroactive coverage insures prior unknown events that result in claims or expenses during the policy period Commonly available for 1, 2, 5 or 10 year periods and sometimes is unlimited Insurers may not offer it, so ask! 25 Cybersecurity Risk Transfer

27 Ten Tips For Buying Cyber Insurance #3 Watch out for panel and consent provisions Policies often provide that you must use the insurance company s pre-approved forensic consultants, defense counsel, etc. Make sure that your advisers and attorneys are pre-approved Or reject panel provisions and insist on control Policies often say that forensic, notification and defense costs are covered only if you obtain the insurer s prior consent Ask for policy language specifying that the insurer s consent shall not be unreasonably withheld Or insist that such provisions be deleted 26 Cybersecurity Risk Transfer

28 Ten Tips For Buying Cyber Insurance #4 Make sure you are covered for your vendors errors and omissions Example: Bad The Insurer shall pay all Loss that an Insured incurs as a result of your actual or alleged breach of duty to maintain security of confidentiality Confidential Information Good The Insurer shall pay all Loss that an Insured incurs as a result of any alleged failure to protect Confidential Information in the care, custody and control of the Insured or a third party to which an Insured has provided Confidential Information 27 Cybersecurity Risk Transfer

29 Ten Tips For Buying Cyber Insurance #4, cont d Conversely if you handle data for others, make sure your liability to them is covered too Example: Bad The Insurer will not make any payment for any claim alleging or arising from your performance of services under a contract with your client Better The Insurer will not pay for Claims arising out of breach of contract; provided, however, that this exclusion shall not apply to liabilities that the Insured would have in the absence of contract, or arising out of breach of a confidentiality agreement or a professional services agreement for the handling of confidential information Best The Insurer will pay on behalf of the Insured all Damages and Claim Expense which the Insured becomes legally obligated to pay because of liability imposed by law or Assumed Under Contract 28 Cybersecurity Risk Transfer

30 Ten Tips For Buying Cyber Insurance #5 Make sure you are covered for loss of data, not just theft or unauthorized access Example: Bad A covered breach shall include the unauthorized acquisition, access, use, or disclosure of confidential information Good A covered breach shall include the unauthorized acquisition, access, use, disclosure or loss of confidential information 29 Cybersecurity Risk Transfer

31 Ten Tips For Buying Cyber Insurance #6 Avoid one size fits all crisis management coverage Example: Bank suffers loss of thousands of customer credit card numbers Insurance policy covers cost of providing notice and credit monitoring Bank would rather just cancel and re-issue the cards, but that cost isn t covered Lesson: When procuring insurance, negotiate for the coverage you will actually need 30 Cybersecurity Risk Transfer

32 Ten Tips For Buying Cyber Insurance #7 Beware of hidden traps Example: Bad The Insurer shall pay Crisis Management Expenses incurred by an Insured arising out of a Claim Good The Insurer shall pay Crisis Management Expenses incurred by an Insured in response to an actual or alleged security breach 31 Cybersecurity Risk Transfer

33 Ten Tips For Buying Cyber Insurance #8 Harmonize cyber insurance with your indemnity agreements Bad The Insurer s liability applies only to amounts in excess of the policy s Self- Insured Retention. Such Retention Amount shall be borne by the Insured s uninsured and at their own risk Good The Insurer s liability applies only to amounts in excess of the policy s Self- Insured Retention. Such Retention Amount may be paid either by the Insured, or by the Insured s other insurance or indemnified by third parties Emerging Issues: If you contractually waive or cap your indemnity rights against vendors, will your insurer use that as an excuse to deny coverage? Cloud vendors often refuse to indemnify Ask for a subrogation waiver but you might not get it 32 Cybersecurity Risk Transfer

34 Ten Tips For Buying Cyber Insurance #9 Harmonize cyber insurance with your other insurance & vendors insurance Review your agreements with vendors Make sure your vendors are required to have adequate insurance Ask to be added as an additional insured on their policies Make sure your policy s other insurance clause specifies that their policy will apply first Example: This Policy shall be primary, unless the Insured is also covered for the loss under the insurance of a third party, in which case this insurance shall apply excess of amounts actually paid by that other insurance 33 Cybersecurity Risk Transfer

35 Ten Tips For Buying Cyber Insurance #10 Negotiate favorable defense provisions Pay defense costs on behalf of vs. duty to defend Will you control your own defense? At least negotiate the right to choose your own counsel if the policy has a panel provision Negotiate specific deadlines for payment by the insurer (e.g., within 30 days of invoicing) If rates are an issue, negotiate them up front! 34 Cybersecurity Risk Transfer

36 What If You Don t Have Cyber Insurance? Insurance industry often asserts that there is no coverage under most conventional insurance for privacy and network security breaches, but many courts disagree. The most recent example: DSW, Inc. v. National Union (6 th Cir. July 17, 2012) holds that costs of customer communications, public relations, lawsuits, attorneys fees, and fines imposed by Visa and Mastercard resulting from a hacking incident in which 1.4M customers information was stolen were covered losses under a crime policy Therefore, even if you have cyber insurance policy, tender to your other insurers! You have little to lose and much to gain. 35 Cybersecurity Risk Transfer

37 Many company networks are compromised without them even knowing it. 36 Cybersecurity Risk Transfer 36

38 37 Cybersecurity Risk Transfer

39 Cybersecurity Webinar Series 9/18: Cybersecurity Overview Catherine Meyer and David Stanton Pillsbury Winthrop Shaw Pittman Joe DePaul Arthur J. Gallagher & Co. 10/2: Cybersecurity Claims Joe DePaul Arthur J. Gallagher & Co. Rene Siemens - Pillsbury Winthrop Shaw Pittman Chris Adams Huron Legal 10/16: Cybersecurity Issues Related to Global Records Management and E-Discovery Catherine Meyer and David Stanton Pillsbury Winthrop Shaw Pittman Carolyn Southerland Huron Legal 10/30: Cybersecurity Risk Transfer Joe DePaul Arthur J. Gallagher & Co. Laurey Harris) Huron Legal Rene Siemens, Joe Kendall Pillsbury Winthrop Shaw Pittman Please complete our Cybsecurity survey: 38 Cybersecurity Risk Transfer

40 Contact Details Joe DePaul Managing Director, CyberRisk Services Arthur J. Gallagher & Co. 35 Waterview Blvd. - 3 rd Floor Parsippany, NJ Ph Laurey Harris Huron Legal 9101 Kings Parade Blvd., Ste. 300 Charlotte, NC Ph Rene Siemens Pillsbury Winthrop Shaw Pittman LLP 725 South Figueroa Street, Suite 2800 Los Angeles, CA Ph Joseph E. Kendall Pillsbury Winthrop Shaw Pittman LLP 2300 N Street, NW Washington, DC Ph Cybersecurity Risk Transfer

Cyber Liability. What you need to know! PRESENTED BY: GALLAGHER / CYBERRISK SERVICES MAY 2014 2013 ARTHUR J. GALLAGHER & CO.

Cyber Liability. What you need to know! PRESENTED BY: GALLAGHER / CYBERRISK SERVICES MAY 2014 2013 ARTHUR J. GALLAGHER & CO. Cyber Liability What you need to know! PRESENTED BY: GALLAGHER / CYBERRISK SERVICES MAY 2014 Most Common Reactions to Cyber Liability Questions: We don t need cyber liability coverage; we have tort immunity

More information

Don t Wait Until It s Too Late: Top 10 Recommendations for Negotiating Your Cyber Insurance Policy

Don t Wait Until It s Too Late: Top 10 Recommendations for Negotiating Your Cyber Insurance Policy Privacy, Data Security & Information Use Insurance Recovery & Advisory Cyber Insurance June 17, 2015 Don t Wait Until It s Too Late: Top 10 Recommendations for Negotiating Your Cyber Insurance Policy By

More information

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the

More information

Understanding the Business Risk

Understanding the Business Risk AAPA Cybersecurity Seminar Andaz Savannah Hotel March 11, 2015 10:30 am Noon Understanding the Business Risk Presenter: Joshua Gold, Esq. (212) 278-1886 jgold@andersonkill.com Disclaimer The views expressed

More information

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President

More information

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today

More information

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS RRD Donnelley SEC Hot Topics Institute May 21, 2014 1 MANAGING CYBERSECURITY RISK AND DISCLOSURE OBLIGATIONS Patrick J. Schultheis Partner Wilson

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Distributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015

Distributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015 Distributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015 Today s Agenda What are we talking about today? What is Risk Evolution of risk management Understand the importance of Risk

More information

Insurance for Data Breaches in the Hospitality Industry

Insurance for Data Breaches in the Hospitality Industry The Academy of Hospitality Industry Attorneys The Pl Palmer House Hilton Chicago, IL April 25, 2014 Insurance for Data Breaches in the Hospitality Industry Presenters: David P. Bender, Jr. dbender@andersonkill.com

More information

How Consumer and Retail Businesses Can Prepare for the Next Data Breach

How Consumer and Retail Businesses Can Prepare for the Next Data Breach How Consumer and Retail Businesses Can Prepare for the Next Data Breach April 17, 2014 Pillsbury Winthrop Shaw Pittman LLP Agenda Introduction and Lessons Learned from Previous Data Breaches Risk Management

More information

DATA BREACH COVERAGE

DATA BREACH COVERAGE THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000

More information

Cyber/Information Security Insurance. Pros / Cons and Facts to Consider

Cyber/Information Security Insurance. Pros / Cons and Facts to Consider 1 Cyber/Information Security Insurance Pros / Cons and Facts to Consider 2 Presenters Calvin Rhodes, Georgia Chief Information Officer Ron Baldwin, Montana Chief Information Officer Ted Kobus, Partner

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Managing Cyber & Privacy Risks

Managing Cyber & Privacy Risks Managing Cyber & Privacy Risks NAATP Conference 2013 NSM Insurance Group Sean Conaboy Rich Willetts SEAN CONABOY INSURANCE BROKER NSM INSURANCE GROUP o Sean has been with NSM Insurance Group for the past

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies

More information

Cyber Exposure for Credit Unions

Cyber Exposure for Credit Unions Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of

More information

Rogers Insurance Client Presentation

Rogers Insurance Client Presentation Rogers Insurance Client Presentation Network Security and Privacy Breach Insurance Presented by Matthew Davies Director Professional, Media & Cyber Liability Chubb Insurance Company of Canada mdavies@chubb.com

More information

Privacy and Data Breach Protection Modular application form

Privacy and Data Breach Protection Modular application form Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while

More information

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual

More information

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system

More information

Joe A. Ramirez Catherine Crane

Joe A. Ramirez Catherine Crane RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract

More information

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

Top Ten Technology Risks Facing Colleges and Universities

Top Ten Technology Risks Facing Colleges and Universities Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology

More information

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed

More information

Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks

Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Thank you for joining us. We have a great many participants in today s call. Your phone is currently

More information

Cybersecurity Issues Related to Global Records Management and E-Discovery

Cybersecurity Issues Related to Global Records Management and E-Discovery Cybersecurity Issues Related to Global Records Management and E-Discovery Wednesday, October 16, 2013 Part 3 in a 4 part series on Cybersecurity Presented by: Arthur J. Gallagher & Co., Huron Legal and

More information

Coverage is subject to a Deductible

Coverage is subject to a Deductible Frank Cowan Company Limited 75 Main Street North, Princeton, ON N0J 1V0 Phone: 519-458-4331 Fax: 519-458-4366 Toll Free: 1-800-265-4000 www.frankcowan.com CYBER RISK INSURANCE DETAILED APPLICATION Notes:

More information

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ APIP - Cyber Liability Insurance Coverages, Limits, and FAQ The state of Washington purchases property insurance from Alliant Insurance Services through the Alliant Property Insurance Program (APIP). APIP

More information

CYBER & PRIVACY LIABILITY INSURANCE GUIDE

CYBER & PRIVACY LIABILITY INSURANCE GUIDE CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,

More information

Cyber Liability Insurance: It May Surprise You

Cyber Liability Insurance: It May Surprise You Cyber Liability Insurance: It May Surprise You Moderator Eugene Montgomery, President & CEO Community Financial Insurance Center Panelists Antonio Trotta, Senior Claim Counsel, CNA Specialty William Heinbokel,

More information

Tools Conference Toronto November 26, 2014 Insurance for NFP s. Presented by Paul Spark HUB International HKMB Limited

Tools Conference Toronto November 26, 2014 Insurance for NFP s. Presented by Paul Spark HUB International HKMB Limited Tools Conference Toronto November 26, 2014 Insurance for NFP s Presented by Paul Spark HUB International HKMB Limited Topics Insurance Policies Basics Directors and Officers Liability Insurance Commercial

More information

INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES

INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES NOTICE: INSURING AGREEMENTS I.A., I.C. AND I.D. OF THIS POLICY PROVIDE COVERAGE ON A CLAIMS MADE AND REPORTED BASIS AND APPLY ONLY

More information

INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE. I. GENERAL INFORMATION Full Name:

INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE. I. GENERAL INFORMATION Full Name: INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE NOTICE: COVERAGE UNDER THIS POLICY IS PROVIDED ON A CLAIMS MADE AND REPORTED BASIS AND APPLIES ONLY TO CLAIMS FIRST MADE

More information

Cybersecurity: Protecting Your Business. March 11, 2015

Cybersecurity: Protecting Your Business. March 11, 2015 Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks

More information

Health Care Data Breach Discovery Strategies for Immediate Response

Health Care Data Breach Discovery Strategies for Immediate Response Health Care Data Breach Discovery Strategies for Immediate Response March 27, 2014 Pillsbury Winthrop Shaw Pittman LLP Faculty Gerry Hinkley Partner Pillsbury Winthrop Shaw Pittman LLP Sarah Flanagan Partner

More information

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION October 23, 2015 THREAT ENVIRONMENT Growing incentive for insiders to abuse access to sensitive data for financial gain Disgruntled current and former

More information

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Data Breach Cost. Risks, costs and mitigation strategies for data breaches Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,

More information

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Lloyd s of London (Reuters) May 8, 2000 Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Rivers Casino, Pittsburgh November 17, 2014

More information

Technology, Privacy and Cyber Protection Modular application form

Technology, Privacy and Cyber Protection Modular application form Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while

More information

Data Privacy & Security: Essential Questions Every Business Must Ask

Data Privacy & Security: Essential Questions Every Business Must Ask Data Privacy & Security: Essential Questions Every Business Must Ask Presented by: Riddell Williams P.S. Riddell Williams P.S. May 6, 2015 #4841-4703-9779 Innocent? 2 Overview 3 basic questions every business

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies

More information

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently

More information

Data Privacy, Security, and Risk Management in the Cloud

Data Privacy, Security, and Risk Management in the Cloud Data Privacy, Security, and Risk Management in the Cloud Diana S. Hare, Associate General Counsel and Chief Privacy Counsel, Drexel University David W. Opderbeck, Counsel, Gibbons P.C. Robin Rosenberg,

More information

Enterprise PrivaProtector 9.0

Enterprise PrivaProtector 9.0 IRONSHORE INSURANCE COMPANIES 75 Federal St Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING FOR A CLAIMS

More information

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in

More information

The Intersection of 21st Century Risk Management and Data: Risk Allocation and Mitigation for Customer Data Breaches

The Intersection of 21st Century Risk Management and Data: Risk Allocation and Mitigation for Customer Data Breaches The Intersection of 21st Century Risk Management and Data: Risk Allocation and Mitigation for Customer Data Breaches Ethan D. Lenz, CPCU, and Christopher C. Cain, Foley & Lardner LLP Data. It has always

More information

Cyber and data Policy wording

Cyber and data Policy wording Please read the schedule to see whether Breach costs, Cyber business interruption, Hacker damage, Cyber extortion, Privacy protection or Media liability are covered by this section. The General terms and

More information

Policy Considerations for Covering Special Exposures. Claire Lee Reiss Program Director National League of Cities Risk Information Sharing Consortium

Policy Considerations for Covering Special Exposures. Claire Lee Reiss Program Director National League of Cities Risk Information Sharing Consortium Policy Considerations for Covering Special Exposures Claire Lee Reiss Program Director National League of Cities Risk Information Sharing Consortium Special exposures Coverage that targets a loss with

More information

INFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY APPLICATION

INFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY APPLICATION INFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY APPLICATION NOTICE: COVERAGE UNDER THIS POLICY IS PROVIDED ON A CLAIMS MADE AND REPORTED BASIS AND APPLIES ONLY TO CLAIMS FIRST

More information

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide

Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com

More information

Cyber-insurance: Understanding Your Risks

Cyber-insurance: Understanding Your Risks Cyber-insurance: Understanding Your Risks Cyber-insurance represents a complete paradigm shift. The assessment of real risks becomes a critical part of the analysis. This article will seek to provide some

More information

Managing Cyber Risk through Insurance

Managing Cyber Risk through Insurance Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes

More information

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer?

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information

More information

IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411

IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411 IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT COLUMBIA AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) is entered into as of ( Effective Date ) by and between The Trustees of Columbia University in the City of

More information

Cyber Liability. AlaHA Annual Meeting 2013

Cyber Liability. AlaHA Annual Meeting 2013 Cyber Liability AlaHA Annual Meeting 2013 Disclaimer We are not providing legal advise. This Presentation is a broad overview of health care cyber loss exposures, the process in the event of loss and coverages

More information

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime? Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies

More information

Cyber Insurance: How to Investigate the Right Coverage for Your Company

Cyber Insurance: How to Investigate the Right Coverage for Your Company 6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)

More information

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in

More information

CYBER SECURITY SPECIALREPORT

CYBER SECURITY SPECIALREPORT CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber

More information

ACE Advantage PRIVACY & NETWORK SECURITY

ACE Advantage PRIVACY & NETWORK SECURITY ACE Advantage PRIVACY & NETWORK SECURITY SUPPLEMENTAL APPLICATION COMPLETE THIS APPLICATION ONLY IF REQUESTING COVERAGE FOR PRIVACY LIABILITY AND/OR NETWORK SECURITY LIABILITY COVERAGE. Please submit with

More information

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations

More information

Protecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks

Protecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks Protecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks Hacks, breaches, stolen data, trade secrets hijacked, privacy violated, ransom demands made; how can you protect your data

More information

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

Columbia University Service Provider Agreement

Columbia University Service Provider Agreement Columbia University Agreement Agreement ( Agreement ) dated as of, 20 (the Effective Date ) between The Trustees of Columbia University in the City of New York ( Columbia ) and ( Service Provider ). 1.

More information

Anatomy of a Privacy and Data Breach

Anatomy of a Privacy and Data Breach Anatomy of a Privacy and Data Breach Understanding the Risk and Managing a Crisis Adam Kardash: Partner, Heenan Blaikie LLP Robert Parisi: Senior Vice President, Marsh Leadership, Knowledge, Solutions

More information

Second Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL

Second Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL Second Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL Using Insurance Coverage to Mitigate Cybersecurity Risks To Warranty and Service Contract Businesses Barry Buchman, Partner

More information

Cyber Insurance: How to Investigate the

Cyber Insurance: How to Investigate the 10-26-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)

More information

What Data? I m A Trucking Company!

What Data? I m A Trucking Company! What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West

More information

Risk Management of Outsourced Technology Services. November 28, 2000

Risk Management of Outsourced Technology Services. November 28, 2000 Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the

More information

Insuring Innovation. CyberFirst Coverage for Technology Companies

Insuring Innovation. CyberFirst Coverage for Technology Companies Insuring Innovation. CyberFirst for Technology Companies TECHNOLOGY IS EVERYWHERE. SO ARE THE THREATS. protection that goes well beyond a traditional general liability policy. CyberFirst CyberFirst is

More information

Data Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015

Data Privacy: What your nonprofit needs to know. Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Data Privacy: What your nonprofit needs to know Donna Balaguer and Ed Lavergne Washington, D.C. February 5, 2015 Overview 2 Data privacy versus data security Privacy polices and best practices Data security

More information

Page 1 of 15. VISC Third Party Guideline

Page 1 of 15. VISC Third Party Guideline Page 1 of 15 VISC Third Party Guideline REVISION CONTROL Document Title: Author: File Reference: VISC Third Party Guidelines Andru Luvisi CSU Information Security Managing Third Parties policy Revision

More information

Cyber Insurance as one element of the Cyber risk management strategy

Cyber Insurance as one element of the Cyber risk management strategy Cyber Insurance as one element of the Cyber risk management strategy Stéphane Hurtaud Partner Governance, Risk & Compliance Thierry Flamand Partner Insurance Leader Laurent de la Vaissière Director Governance,

More information

CyberSecurity for Law Firms

CyberSecurity for Law Firms CyberSecurity for Law Firms Cracking the Cyber Code: Recent Headlines, Reinforcing the Need and Response Planning July 16, 2013 Making the Case Matthew Magner Senior Underwriting Officer Chubb & Son, a

More information

Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014

Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A.

More information

Cyberinsurance: Insuring for Data Breach Risk

Cyberinsurance: Insuring for Data Breach Risk View the online version at http://us.practicallaw.com/2-588-8785 Cyberinsurance: Insuring for Data Breach Risk JUDY SELBY AND C. ZACHARY ROSENBERG, BAKER HOSTETLER LLP, WITH PRACTICAL LAW INTELLECTUAL

More information

Cybersecurity y Managing g the Risks

Cybersecurity y Managing g the Risks Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking

More information

MEDIATECH APPLICATION

MEDIATECH APPLICATION MEDIATECH APPLICATION FOR PURPOSES OF THE INSURANCE COMPANIES ACT (CANADA), THIS DOCUMENT WAS ISSUED IN THE COURSE OF LLOYD S UNDERWRITERS AND LIBERTY MUTUAL INSURANCE COMPANY S INSURANCE BUSINESSES IN

More information

BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM RECITALS

BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM RECITALS BUSINESS ASSOCIATE PRIVACY AND SECURITY ADDENDUM This Business Associate Addendum ( Addendum ), effective, 20 ( Effective Date ), is entered into by and between University of Southern California, ( University

More information

SMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015

SMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015 SMB Data Breach Risk Management Best Practices By Mark Pribish February 19, 2015 Presentation Agenda About Mark Pribish Information Governance The Threat Landscape Data Breach Trends Legislative and Regulatory

More information

Data Breaches and Trade Secrets: What to Do When Your Client Gets Hacked

Data Breaches and Trade Secrets: What to Do When Your Client Gets Hacked Data Breaches and Trade Secrets: What to Do When Your Client Gets Hacked R. Mark Halligan, FisherBroyles, LLP Andreas Kaltsounis, Stroz Friedberg Amy L. Carlson, Stoel Rives LLP Moderated by David A. Bateman,

More information

ISO? ISO? ISO? LTD ISO?

ISO? ISO? ISO? LTD ISO? Property NetProtect 360 SM and NetProtect Essential SM Which one is right for your client? Do your clients Use e-mail? Rely on networks, computers and electronic data to conduct business? Browse the Internet

More information

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION

More information

Preventing And Dealing With Cyber Attacks And Data Breaches. Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014

Preventing And Dealing With Cyber Attacks And Data Breaches. Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014 Preventing And Dealing With Cyber Attacks And Data Breaches Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014 Charles A. Blanchard Arnold & Porter LLP Formerly General Counsel, U.S. Air Force

More information

Network Security & Privacy Landscape

Network Security & Privacy Landscape Network Security & Privacy Landscape Presented By: Pam Townley, AVP / Eastern Zonal Manager AIG Professional Liability Division Jennifer Bolling, Account Executive Gallagher Management Liability Division

More information

Standard: Information Security Incident Management

Standard: Information Security Incident Management Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of

More information

ROHIT GROUP OF COMPANIES PRIVACY POLICY This privacy policy is subject to change without notice. It was last updated on July 23, 2014.

ROHIT GROUP OF COMPANIES PRIVACY POLICY This privacy policy is subject to change without notice. It was last updated on July 23, 2014. ROHIT GROUP OF COMPANIES PRIVACY POLICY This privacy policy is subject to change without notice. It was last updated on July 23, 2014. The Rohit Group of Companies ( Rohit Group, Company, our, we ) understands

More information

Understanding Professional Liability Insurance

Understanding Professional Liability Insurance Understanding Professional Liability Insurance Definition Professional liability is more commonly known as errors & omissions (E&O) and is a form of liability insurance that helps protect professional

More information

New Devices Mean New Risks: The Potential for Liability When Software is a Component of Medical Devices. September 25, 2013

New Devices Mean New Risks: The Potential for Liability When Software is a Component of Medical Devices. September 25, 2013 New Devices Mean New Risks: The Potential for Liability When Software is a Component of Medical Devices September 25, 2013 The Hartford Insuring Innovation Joe Coray Dan Silverman Providing insurance solutions

More information

plantemoran.com What School Personnel Administrators Need to know

plantemoran.com What School Personnel Administrators Need to know plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of

More information

THE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK

THE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK THE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK SECURITY AND THEFT OF DATA COVERAGE APPLICATION Name of Insurance Company to which application is made NOTICE: THIS POLICY PROVIDES CLAIMS MADE COVERAGE.

More information

Cyber Risk State of the Art

Cyber Risk State of the Art Proudly presents Cyber Risk State of the Art Matthew Davies, Chubb Insurance Catherine Dowdall, Canada Post Mike Petersen, Marsh 1 Agenda 1. Who is At Risk? 2. New/Emerging Risk and Trends 3. Canada Post

More information

www.shipmangoodwin.com Shipman & Goodwin LLP 2015. All rights reserved. @SGHealthLaw HARTFORD STAMFORD GREENWICH WASHINGTON, DC

www.shipmangoodwin.com Shipman & Goodwin LLP 2015. All rights reserved. @SGHealthLaw HARTFORD STAMFORD GREENWICH WASHINGTON, DC HIPAA Compliance and Non-Business Associate Vendors: Strategies and Best Practices July 14, 2015 William J. Roberts, Esq. Shipman & Goodwin LLP 2015. All rights reserved. HARTFORD STAMFORD GREENWICH WASHINGTON,

More information

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S):

UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): UNIVERSITY PHYSICIANS OF BROOKLYN HIPAA BUSINESS ASSOCIATE AGREEMENT CONTRACT NO(S): THIS AGREEMENT is made by and between UNIVERSITY PHYSICIANS OF BROOKLYN, INC., located at 450 Clarkson Ave., Brooklyn,

More information

PCL2\13991300\1 CYBER RISKS: RISK MANAGEMENT STRATEGIES

PCL2\13991300\1 CYBER RISKS: RISK MANAGEMENT STRATEGIES PCL2\13991300\1 CYBER RISKS: RISK MANAGEMENT STRATEGIES Cyber Attacks: How prepared are you? With barely a day passing without a reported breach of corporate information security, the threat to financial

More information