Cybersecurity and Insurance Companies

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cybersecurity and Insurance Companies"

Transcription

1 Cybersecurity and Insurance Companies ACLI Forum 500 CEO Leadership Retreat Timothy J. Nagle Vice President & Chief Privacy Counsel Prudential Financial 1 May 13, 2015

2 What is cybersecurity? Protecting sensitive data and maintaining network integrity Threat to proprietary information and personal information Combination of process, policy, training and technology Challenge for public and private sectors 2

3 Why Should I Care? Individual customers or institutional/corporate clients will assume it Corporate clients will ask for representations or assurances about it State insurance commissioners and attorneys general will require it Employees will want it Boards will ask about it (or will be advised to do so) The SEC and shareholders consider it part of corporate governance Your peers and the industry will address it 3

4 Pending Legislation H.R Cyber Intelligence Sharing and Protection Act (CISPA) H.R Cyber Privacy Fortification Act of 2015 S Data Security and Breach Notification Act of 2015 S The Cyber Threat Sharing Act of 2015 S H.R H.R.1704 H.R Cybersecurity Information Sharing Act of 2015 (CISA) The Data Security and Breach Notification Act Personal Data Notification and Protection Act Protecting Cyber Networks Act H.R.1731 National Cybersecurity Protection Advancement Act of 2015 H.R.2205 (no title to date) S.961 The Data Security Act of

5 Evolving Regulatory Guidance Securities and Exchange Commission CF Disclosure Guidance: Topic No. 2 (Cybersecurity), October 13, 2011 National Exam Program Risk Alert; OCIE Cybersecurity Initiative, April 15, 2014 Division of Investment Management; IM Guidance Update ( Cybersecurity Guidance ), April 2015 FINRA Report on Cybersecurity Practices (Feb 2015) Commodity Futures Trading Commission, CFTC Staff Advisory No ( Gramm-Leach-Bliley Act Security Safeguards ), Feb 26,

6 Evolving Regulatory Guidance (cont d) FBI Best Practices for Victim Response and Reporting of Cyber Incidents (April 2015) State of New York Division of Financial Services Report on Cyber Security in the Insurance Sector (February 2015) Update on Cyber Security in the Banking Sector: Third Party Service Providers (April 2015) NAIC Principles for Effective Cybersecurity: Insurance Regulatory Guidance (April 2015) OCC Bulletin : Third Party Relationships (October 30, 2013) 6

7 The Top Ten List The Things I Wish I Would Have Done Before This Breach Event Happened 1. Been involved in employee training and awareness. 2. Managed vendors regarding contract language for security standards, privacy policy, and event notice/coordination requirements. Been involved in employee training and awareness. 3. Established relationships with outside counsel and a forensic/incident response/technology firm. Preservation of attorney-client privilege Negotiate a master service agreement An event should result in two types of report 4. Inserted myself into the reporting and threat intelligence collection process. 5. Identified and introduced myself to representatives from trade/industry groups, regulators and law enforcement agencies for ongoing dialogue, information sharing and event coordination. 7

8 Nagle s Top Ten (cont d) 6. Developed, implemented, socialized and exercised the event response plan. What constitutes an event and who makes the call? Distinguished between a network security breach and unauthorized access to personal information. 7. Scripted internal and external communications and had them preapproved to the extent possible. 8. Established criteria for formal notification to customers, regulators, executive management/board and shareholders. 9. Designated who leads the investigation, response, remediation, notification and after phases and who maintains the record. 10. Prepared for what happens after the event regarding insurance claims litigations and remediation. 8

9 SIX Things Every Company (Large or Small) Should Have 1. Information security policy/program 2. Privacy policy 3. Incident/breach response process 4. Employee training and awareness 5. Vendor management program 6. Business continuity plan 9

10 Other Considerations 1. Cyber insurance 2. Briefing the Board 3. SEC disclosures and other reporting requirements 4. State privacy breach reporting 5. Red flags rules 6. Payment Card Industry Data Security Standards 10

11 Timothy J. Nagle Vice President and Chief Privacy Counsel Prudential Financial, Inc. 11

Cybercrime and Regulatory Priorities for Cybersecurity

Cybercrime and Regulatory Priorities for Cybersecurity NRS Technology and Communication Compliance Forum Cybercrime and Regulatory Priorities for Cybersecurity Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L

More information

Current Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016

Current Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 Current Developments Concerning Cybersecurity ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 AGENDA Why is Cybersecurity Important? Top Cybersecurity

More information

Data Privacy & Security in the Cloud: Legal Basics and New Developments

Data Privacy & Security in the Cloud: Legal Basics and New Developments Data Privacy & Security in the Cloud: Legal Basics and New Developments Lawrence R. Freedman Partner, Edwards Wildman Palmer LLP lfreedman@edwardswildman.com (202) 939-7923 1 The Basics Two basic data

More information

CHAPTER 2016-138. Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 1033

CHAPTER 2016-138. Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 1033 CHAPTER 2016-138 Committee Substitute for Committee Substitute for Committee Substitute for House Bill No. 1033 An act relating to information technology security; amending s. 20.61, F.S.; revising the

More information

Litigating Privacy, Data Breach and Cybersecurity Issues in 2014: The SEC View on Disclosure Obligations

Litigating Privacy, Data Breach and Cybersecurity Issues in 2014: The SEC View on Disclosure Obligations Litigating Privacy, Data Breach and Cybersecurity Issues in 2014: The SEC View on Disclosure Obligations American Bar Association Section of Litigation Annual Conference 2014 Spring Program Scottsdale,

More information

Cybersecurity y Managing g the Risks

Cybersecurity y Managing g the Risks Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking

More information

Anthony J. Albanese, Acting Superintendent of Financial Services. Financial and Banking Information Infrastructure Committee (FBIIC) Members:

Anthony J. Albanese, Acting Superintendent of Financial Services. Financial and Banking Information Infrastructure Committee (FBIIC) Members: Andrew M. Cuomo Governor Anthony J. Albanese Acting Superintendent FROM: TO: Anthony J. Albanese, Acting Superintendent of Financial Services Financial and Banking Information Infrastructure Committee

More information

securities litigation & regulation

securities litigation & regulation Westlaw Journal securities litigation & regulation Litigation News and Analysis Legislation Regulation Expert Commentary VOLUME 21, issue 3 / june 11, 2015 Expert Analysis SEC Cybersecurity Investigations:

More information

Cybersecurity Risks, Regulation, Remorse, and Ruin

Cybersecurity Risks, Regulation, Remorse, and Ruin Financial Planning Association of Michigan 2014 Fall Symposium Cybersecurity Risks, Regulation, Remorse, and Ruin Shane B. Hansen shansen@wnj.com (616) 752-2145 October 23, 2014 Copyright 2014 Warner Norcross

More information

The Problems With SEC s Cybersecurity Approach

The Problems With SEC s Cybersecurity Approach Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com The Problems With SEC s Cybersecurity Approach Law360,

More information

SEC Cybersecurity Findings May Establish De Facto Standard

SEC Cybersecurity Findings May Establish De Facto Standard Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com SEC Cybersecurity Findings May Establish De Facto

More information

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?

Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce Heiman K&L Gates September 10, 2015 Bruce.Heiman@klgates.com (202) 661-3935 Why share information? Prevention

More information

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant

The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant THE MARKET LEADER IN IT, SECURITY AND COMPLIANCE SERVICES FOR COMMUNITY FINANCIAL INSTITUTIONS The Emergence of the ISO in Community Banking Patrick H. Whelan CISA IT Security & Compliance Consultant Agenda

More information

DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?

DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? Gregg Sommer, CAIA Head of Operational Risk Assessments St. Louis MERCER 2015 0 CYBERSECURITY BREACHES

More information

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures

TODAY S AGENDA. Trends/Victimology. Incident Response. Remediation. Disclosures TODAY S AGENDA Trends/Victimology Incident Response Remediation Disclosures Trends/Victimology ADVERSARY CLASSIFICATIONS SOCIAL ENGINEERING DATA SOURCES COVERT INDICATORS - METADATA METADATA data providing

More information

Data Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com

Data Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com Data Security 101 A Lawyer s Guide to Ethical Issues in the Digital Age Christopher M. Brubaker cbrubaker@clarkhill.com November 4-5, 2015 Pennsylvania Bar Institute 21 st Annual Business Lawyers Institute

More information

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties

Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Cyber-Security Risk- IP Theft and Data Breaches Protecting your Crown Jewels Internally and with Your Key Third Parties Pamela Passman President and CEO Center for Responsible Enterprise And Trade (CREATe.org)

More information

Cybersecurity Assessment

Cybersecurity Assessment Cybersecurity Assessment What Will the Regulators Be Looking For? Legal Counsel to the Financial Services Industry Digital Commerce & Payments Series Webinar March 18, 2015 1 Introduction & Overview Today

More information

Cybersecurity For Brokers: 'Only The Paranoid Survive'

Cybersecurity For Brokers: 'Only The Paranoid Survive' Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Cybersecurity For Brokers: 'Only The Paranoid Survive'

More information

DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?

DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? FREEMAN WOOD HEAD OF MERCER SENTINEL NORTH AMERICA GREGG SOMMER HEAD OF OPERATIONAL RISK ASSESSMENTS MERCER

More information

Cyber Risks in the Boardroom

Cyber Risks in the Boardroom Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing

More information

Cyber Security: Compliance and Protection 2012 A Complimentary LexisNexis Webinar December 11, 2012

Cyber Security: Compliance and Protection 2012 A Complimentary LexisNexis Webinar December 11, 2012 Cyber Security: Compliance and Protection 2012 A Complimentary LexisNexis Webinar December 11, 2012 David Chatfield, Vice President, Cyber Security Services, NetDiligence Linda Clark, Esq., U.S. Senior

More information

OCIE CYBERSECURITY INITIATIVE

OCIE CYBERSECURITY INITIATIVE Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.

More information

Cybersecurity..Is your PE Firm Ready? October 30, 2014

Cybersecurity..Is your PE Firm Ready? October 30, 2014 Cybersecurity..Is your PE Firm Ready? October 30, 2014 The Panel Melinda Scott, Founding Partner, Scott Goldring Eric Feldman, Chief Information Officer, The Riverside Company Joe Campbell, CTO, PEF Services

More information

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness

More information

Anatomy of a Privacy and Data Breach

Anatomy of a Privacy and Data Breach Anatomy of a Privacy and Data Breach Understanding the Risk and Managing a Crisis Adam Kardash: Partner, Heenan Blaikie LLP Robert Parisi: Senior Vice President, Marsh Leadership, Knowledge, Solutions

More information

The SEC s Initial Involvement: Encouraging Disclosures. From Comment Letters to Enforcement

The SEC s Initial Involvement: Encouraging Disclosures. From Comment Letters to Enforcement SEC ENFORCEMENT The SEC s Two Primary Theories in Cybersecurity Enforcement Actions By Daniel F. Schubert, Jonathan G. Cedarbaum and Leah Schloss WilmerHale Cyber attacks are increasingly common and affect

More information

CYBER SECURITY A L E G A L P E R S P E C T I V E

CYBER SECURITY A L E G A L P E R S P E C T I V E A L E G A L P E R S P E C T I V E T H O M A S G. S C H R O E T E R A S S O C I A T E G E N E R A L C O U N S E L P O R T O F H O U S T O N A U T H O R I T Y DISCLAIMER! This presentation: does not include

More information

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.

More information

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015

Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015 Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas

More information

Developing a Company Personal Information Breach Response Plan

Developing a Company Personal Information Breach Response Plan Developing a Company Personal Information Breach Response Plan September 9, 2014 Joyce Shroka Director Business Continuity & Records jashroka@nisource.com Presenta3on developed exclusively for the September,

More information

NATIONAL CYBERSECURITY PROTECTION ACT OF 2014

NATIONAL CYBERSECURITY PROTECTION ACT OF 2014 PUBLIC LAW 113 282 DEC. 18, 2014 NATIONAL CYBERSECURITY PROTECTION ACT OF 2014 VerDate Mar 15 2010 21:01 Feb 12, 2015 Jkt 049139 PO 00282 Frm 00001 Fmt 6579 Sfmt 6579 E:\PUBLAW\PUBL282.113 PUBL282 128

More information

White Paper on Financial Industry Regulatory Climate

White Paper on Financial Industry Regulatory Climate White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during

More information

CYBERSECURITY EXAMINATION SWEEP SUMMARY

CYBERSECURITY EXAMINATION SWEEP SUMMARY This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,

More information

CYBER READINESS FOR FINANCIAL INSTITUTIONS

CYBER READINESS FOR FINANCIAL INSTITUTIONS CYBER READINESS FOR FINANCIAL INSTITUTIONS Are You Prepared for Your Eventual Cyber Breach? April 15, 2015 Section one STRENGTHENING CYBER RISK MANAGEMENT Earl Crane, PhD, CISSP ecrane@promontory.com www.linkedin.com/in/earlcrane

More information

One Hundred Thirteenth Congress of the United States of America

One Hundred Thirteenth Congress of the United States of America S. 2519 One Hundred Thirteenth Congress of the United States of America AT THE SECOND SESSION Begun held at the City of Washington on Friday, the third day of January, two thous fourteen An Act To codify

More information

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY DISCLAIMER Views expressed in this presentation are not necessarily those of our respective Departments Any answers to questions are our own opinions

More information

FINRA Publishes its 2015 Report on Cybersecurity Practices

FINRA Publishes its 2015 Report on Cybersecurity Practices Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February

More information

HIT Audit Workshop. Jeffrey W. Short. jshort@hallrender.com

HIT Audit Workshop. Jeffrey W. Short. jshort@hallrender.com HIT Audit Workshop Jeffrey W. Short jshort@hallrender.com 1 Audits and Investigations to be Discussed Meaningful Use Audits HIPAA Audits Data Breach Investigations Software Vendor Audits FTC Investigations

More information

Cyber, PrivaCy. & Data SeCurity. www.mpplaw.com

Cyber, PrivaCy. & Data SeCurity. www.mpplaw.com Cyber, PrivaCy & Data SeCurity 360 www.mpplaw.com about our PraCtiCe Data is the lifeblood of our global economy. Collected, stored and transmitted, digital data not only imparts great opportunities, but

More information

What are you trying to secure against Cyber Attack?

What are you trying to secure against Cyber Attack? Cybersecurity Legal Landscape Bonnie Harrington Executive Counsel EHS and Product Safety & Cybersecurity GE Energy Management Imagination at work. What are you trying to secure against Cyber Attack? Personally

More information

CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015

CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015 CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015 TODAY S PRESENTER Viviana Campanaro, CISSP Director, Security and

More information

September 28, 2 012 MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President

September 28, 2 012 MEMORANDUM FOR. MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President 004216 THE WHITE HOUSE WASHINGTON MEMORANDUM FOR September 28, 2 012 MR. ANTONY BLINKEN Deputy Assistant to the President and National Security Advisor to the Vice President MR. STEPHEN D. MULL Executive

More information

SCAC Annual Conference. Cybersecurity Demystified

SCAC Annual Conference. Cybersecurity Demystified SCAC Annual Conference Cybersecurity Demystified Me Thomas Scott SC Deputy Chief Information Security Officer PMP, CISSP, CISA, GSLC, FEMA COOP Practitioner Tscott@admin.sc.gov 803-896-6395 What is Cyber

More information

HOW DID NETWORK SECURITY AND PRIVACY ISSUES BECOME D&O EXPOSURES?

HOW DID NETWORK SECURITY AND PRIVACY ISSUES BECOME D&O EXPOSURES? HOW DID NETWORK SECURITY AND PRIVACY ISSUES BECOME D&O EXPOSURES? MODERATOR: Richard J. Bortnick, Esq., Defense Attorney, Cozen O Connor PANELISTS: Anjali Das, MBA, Esq., Partner, Wilson Elser Moskowitz

More information

Law Firm Cyber Security & Compliance Risks

Law Firm Cyber Security & Compliance Risks ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014

More information

Gus P. Coldebella (@g_co) Partner, Goodwin Procter LLP Former General Counsel, Dept. of Homeland Security. What are we going to talk about today?

Gus P. Coldebella (@g_co) Partner, Goodwin Procter LLP Former General Counsel, Dept. of Homeland Security. What are we going to talk about today? Cyber Security Meets Corporate Securities: The SEC's Authority to Regulate Companies' Cyber Defenses and Corporate Directors' Fiduciary Responsibilities Gus P. Coldebella (@g_co) Partner, Goodwin Procter

More information

SEC Convenes Cybersecurity Roundtable: Highlights Importance of Cybersecurity for Public Companies and Financial Market Participants

SEC Convenes Cybersecurity Roundtable: Highlights Importance of Cybersecurity for Public Companies and Financial Market Participants Corporate Finance and Securities Client Service Group Data Privacy and Security Team To: Our Clients and Friends April 4, 2014 SEC Convenes Cybersecurity Roundtable: Highlights Importance of Cybersecurity

More information

Virginia Joint Commission on Technology and Science. Cybersecurity Legislation

Virginia Joint Commission on Technology and Science. Cybersecurity Legislation Virginia Joint Commission on Technology and Science Cybersecurity Legislation Pending Legislation Widespread agreement of need for legislation Three approaches CISPA Cybersecurity Act of 2012 SECURE IT

More information

Cyber Security Auditing for Credit Unions. ACUIA Fall Meeting October 7-9, 2015

Cyber Security Auditing for Credit Unions. ACUIA Fall Meeting October 7-9, 2015 Cyber Security Auditing for Credit Unions ACUIA Fall Meeting October 7-9, 2015 Topics Introduction Cyber Security Auditing Program Discuss an effective and compliant Cyber Security Auditing Program from

More information

ALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage

ALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage ALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage VENABLE LLP Attorneys at Law Washington, DC/New York/San Francisco/Los Angeles/Baltimore/Virginia/Delaware November

More information

IDENTIFYING AND RESPONDING TO DATA BREACHES

IDENTIFYING AND RESPONDING TO DATA BREACHES IDENTIFYING AND RESPONDING TO DATA BREACHES Michael P. Hindelang Honigman Miller Schwartz and Cohn LLP October 14, 2015 Merit Security Summit DATA SECURITY RISKS, THREATS & REAL WORLD EXAMPLES OVERVIEW

More information

Which Describes Your Cybersecurity Program Eager Beaver or Deer in Headlights? October 29, 2015

Which Describes Your Cybersecurity Program Eager Beaver or Deer in Headlights? October 29, 2015 Which Describes Your Cybersecurity Program Eager Beaver or Deer in Headlights? October 29, 2015 What you will learn. How to apply the results from The Office of Compliance Inspections and Examinations

More information

LEGAL ISSUES IN SHARING CYBER THREAT INTELLIGENCE: WHAT ARE THE REAL CONCERNS?

LEGAL ISSUES IN SHARING CYBER THREAT INTELLIGENCE: WHAT ARE THE REAL CONCERNS? LEGAL ISSUES IN SHARING CYBER THREAT INTELLIGENCE: WHAT ARE THE REAL CONCERNS? Kim PereK September 9, 2015 2015 Cybersecurity Innova0on Forum Agenda The Cyber Threat Landscape The Legal JusOficaOon for

More information

Moderated by: Paul M. Schwartz Berkeley Law School Fourth Annual BCLT Privacy Forum March 13, 2015. Data Security Issues

Moderated by: Paul M. Schwartz Berkeley Law School Fourth Annual BCLT Privacy Forum March 13, 2015. Data Security Issues Moderated by: Paul M. Schwartz Berkeley Law School Fourth Annual BCLT Privacy Forum March 13, 2015 Data Security Issues Roadmap I. Introduction: Data Security II. Top Three Data Security Issues or Trends

More information

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :

More information

Data Privacy and Cybersecurity Task Force

Data Privacy and Cybersecurity Task Force Data Privacy and Cybersecurity Task Force key contact Josephine Cicchetti Shareholder T: 202.965.8162 F: 202.965.8104 email We provide clients across industries with comprehensive counsel on complex, evolving,

More information

Big Data and Cybersecurity: Standards for Safeguarding Personal Information

Big Data and Cybersecurity: Standards for Safeguarding Personal Information White Paper Big Data and Cybersecurity: Standards for Safeguarding Personal Information Domestic and multinational companies are increasingly focused on safeguarding personal information due largely to

More information

Working with the FBI

Working with the FBI Working with the FBI WMACCA Data Privacy & Security Conference September 17, 2014 Individuals Organized Crime Syndicates Hacktivist Groups Nation States Nation-States Individuals Industry Law Enforcement

More information

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda! Rise in Data Breaches! Effects of Increase in Cybersecurity Threats! Cybersecurity

More information

IAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know

IAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know IAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know Moderator: Elaine Wolff, Partner Corporate Finance and Securities Practice, Jenner & Block Mary Ellen

More information

Outsourcing Technology Services A Management Decision

Outsourcing Technology Services A Management Decision Outsourcing Technology Services A Management Decision A Telephone Seminar for National Banks Tuesday, July 20, 2004 And again on Wednesday, July 21, 2004 Agenda Outsourcing activities and relationships

More information

Preservation of longstanding, roles and missions of civilian and intelligence agencies

Preservation of longstanding, roles and missions of civilian and intelligence agencies Safeguards for privacy and civil liberties Preservation of longstanding, respective roles and missions of civilian and sharing with targeted liability Why it matters The White House has pledged to veto

More information

Data Privacy And Cybersecurity For Investment Funds. Gregory J. Nowak Angelo A. Stio III October 28, 2014

Data Privacy And Cybersecurity For Investment Funds. Gregory J. Nowak Angelo A. Stio III October 28, 2014 Data Privacy And Cybersecurity For Investment Funds Gregory J. Nowak Angelo A. Stio III October 28, 2014 WHY IS DATA PRIVACY AND SECURITY IMPORTANT? 2 Why is it important to protect data? Data privacy

More information

Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION

Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION Title: Data Security Policy Code: 1-100-200 Date: 11-6-08rev Approved: WPL INTRODUCTION The purpose of this policy is to outline essential roles and responsibilities within the University community for

More information

CYBER SECURITY SPECIALREPORT

CYBER SECURITY SPECIALREPORT CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber

More information

White Paper on Financial Institution Vendor Management

White Paper on Financial Institution Vendor Management White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety

More information

S. 2519 AN ACT. To codify an existing operations center for cybersecurity.

S. 2519 AN ACT. To codify an existing operations center for cybersecurity. TH CONGRESS D SESSION S. 1 AN ACT To codify an existing operations center for cybersecurity. 1 Be it enacted by the Senate and House of Representa- tives of the United States of America in Congress assembled,

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator

More information

Cybersecurity: The Legal, Legislative and Regulatory Outlook

Cybersecurity: The Legal, Legislative and Regulatory Outlook Cybersecurity: The Legal, Legislative and Regulatory Outlook Jamie Barnett Rear Admiral USN (Retired) Co-Chair, Telecommunications Partner in Cybersecurity Practice Cybersecurity Impact and Costs Direct

More information

Ed McMurray, CISA, CISSP, CTGA CoNetrix

Ed McMurray, CISA, CISSP, CTGA CoNetrix Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats

More information

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management

More information

Technological Evolution

Technological Evolution Technological Evolution The Impact of Social Media, Big Data and Privacy on Business Cybersecurity: Promoting Prevention and Resilience Steven Chabinsky William Ridgway Marcus Christian James Woods General

More information

Corporate Perspectives On Cybersecurity: A Survey Of Execs

Corporate Perspectives On Cybersecurity: A Survey Of Execs Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Corporate Perspectives On Cybersecurity: A Survey

More information

SEC update: Cybersecurity initiatives. SEC update: Cybersecurity initiatives. Intelligize // 02

SEC update: Cybersecurity initiatives. SEC update: Cybersecurity initiatives. Intelligize // 02 Intelligize // 02 As is tradition, at the beginning of the year, the U.S. Securities and Exchange Commission outlined both its current state of affairs and annual goals for maintaining proper compliance

More information

The Role of the Board and GC in Corporate Strategy. Thomas White July 17, 2014

The Role of the Board and GC in Corporate Strategy. Thomas White July 17, 2014 The Role of the Board and GC in Corporate Strategy Thomas White July 17, 2014 Overview The Organization for Economic Cooperation and Development provides the following broad description of the responsibilities

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies

More information

PROPOSED INTERPRETIVE NOTICE

PROPOSED INTERPRETIVE NOTICE August 28, 2015 Via Federal Express Mr. Christopher J. Kirkpatrick Secretary Office of the Secretariat Commodity Futures Trading Commission Three Lafayette Centre 1155 21st Street, N.W. Washington, DC

More information

OCIE Technology Controls Program

OCIE Technology Controls Program OCIE Technology Controls Program Cybersecurity Update Chris Hetner Cybersecurity Lead, OCIE/TCP 212-336-5546 Introduction (Role, Disclaimer, Background and Speech Topics) SEC Cybersecurity Program Overview

More information

Legislative Language

Legislative Language Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking

More information

DSU Identity Theft Prevention Policy No. DSU 802.7.001

DSU Identity Theft Prevention Policy No. DSU 802.7.001 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 IDENTITY THEFT PREVENTION DSU Policy No. 802.7.001 SOURCE: Fair and Accurate

More information

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS

CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS NEW YORK Jeremy Feigelson jfeigelson@debevoise.com WASHINGTON, D.C. Satish M. Kini smkini@debevoise.com Renee

More information

Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World

Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World July 30, 2015 Sutherland Webinar Michael Steinig 202.383.0804 Michael.Steinig@sutherland.com

More information

TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the

TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the For Release Upon Delivery 10:00 a.m., December 10, 2014 TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY Before the COMMITTEE ON BANKING, HOUSING,

More information

Cyber Security for the Private Sector: What Companies and Their Lawyers Need to Know

Cyber Security for the Private Sector: What Companies and Their Lawyers Need to Know Cyber Security for the Private Sector: What Companies and Their Lawyers Need to Know Gus Coldebella, Goodwin Procter LLP John Geschke, VP and General Counsel, Zendesk, Inc. Jim Jaeger, VP, Cybersecurity

More information

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE

DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE ACC-Charlotte February 4, 2015 THIS WILL NEVER HAPPEN TO ME! Death, Taxes & Data Breach Not just Home Depot, Target or Sony Do you employ the next

More information

Privacy Rights Clearing House

Privacy Rights Clearing House 10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights

More information

SAFEGUARDS FOR PROTECTING PRIVATE DATA - SERVICE PROVIDERS AND CONTRACTORS

SAFEGUARDS FOR PROTECTING PRIVATE DATA - SERVICE PROVIDERS AND CONTRACTORS SAFEGUARDS FOR PROTECTING PRIVATE DATA - SERVICE PROVIDERS AND CONTRACTORS THE UNIVERSITY OF NEW MEXICO October 17, 2013 Audit Committee Members J.E. Gene Gallegos, Chair Lt. General Bradley Hosmer, Vice

More information

Data Security Incident Response Plan. [Insert Organization Name]

Data Security Incident Response Plan. [Insert Organization Name] Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security

More information

THE FUTURE OF CYBERSECURITY: STANDARDS AND REGULATION

THE FUTURE OF CYBERSECURITY: STANDARDS AND REGULATION THE FUTURE OF CYBERSECURITY: STANDARDS AND REGULATION Paul Rosenzweig Red Branch Consulting PLLC www.redbranchconsulting.com www.paulrosenzweigesq.com The Economics of Cybersecurity Non-Exclusive (Use

More information

Preventing And Dealing With Cyber Attacks And Data Breaches. Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014

Preventing And Dealing With Cyber Attacks And Data Breaches. Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014 Preventing And Dealing With Cyber Attacks And Data Breaches Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014 Charles A. Blanchard Arnold & Porter LLP Formerly General Counsel, U.S. Air Force

More information

Perspectives on Cybersecurity and Its Legal Implications

Perspectives on Cybersecurity and Its Legal Implications Survey Results 2015 Perspectives on Cybersecurity and Its Legal Implications a 2015 survey of corporate executives The National Institute of Standards and Technology (NIST), a non-regulatory agency of

More information

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for?

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations

More information

Adopting Best Practices to Manage Examinations by Multiple Regulators

Adopting Best Practices to Manage Examinations by Multiple Regulators Adopting Best Practices to Manage Examinations by Multiple Regulators Lisa Tate Vice President & Associate General Counsel American Council of Life Insurers 1 MoneyLaundering.com 15 th Annual International

More information

CYBERSECURITY RISK MANAGEMENT

CYBERSECURITY RISK MANAGEMENT CYBERSECURITY RISK MANAGEMENT Evan Wolff Maida Lerner Peter Miller Kate Growley 233 Roadmap Cybersecurity Risk Overview Cybersecurity Trends Selected Cybersecurity Topics Critical Infrastructure DFARS

More information

Cyber Liability Insurance:

Cyber Liability Insurance: Cyber Liability Insurance: Reg Harnish, CISSP, CISM, CISA Chief Security Strategist GreyCastle Security Steve Lobel Vice President Anchor Agency October 17, 2013 1,200 Introduction Cybercrime Today Major

More information

The NIST Cybersecurity Framework

The NIST Cybersecurity Framework View the online version at http://us.practicallaw.com/5-599-6825 The NIST Cybersecurity Framework RICHARD RAYSMAN, HOLLAND & KNIGHT LLP AND JOHN ROGERS, BOOZ ALLEN HAMILTON A Practice Note discussing the

More information

Cyber Risks Connect With Directors and Officers

Cyber Risks Connect With Directors and Officers Cyber Risks Connect With Directors and Officers Implications of the New SEC Guidance on Cyber Security February 2012 Lockton Companies, LLC The Securities and Exchange Commission (SEC) has changed the

More information

Cybersecurity and the Threat to Your Company

Cybersecurity and the Threat to Your Company Why is BIG Data Important? March 2012 1 Cybersecurity and the Threat to Your Company A Navint Partners White Paper September 2014 www.navint.com Cyber Security and the threat to your company September

More information