1 CyberSecurity for Law Firms Cracking the Cyber Code: Recent Headlines, Reinforcing the Need and Response Planning July 16, 2013
2 Making the Case Matthew Magner Senior Underwriting Officer Chubb & Son, a division of Federal Insurance Company Leah Montgomery Asst. Vice President, Cyber Security Specialist Chubb & Son, a division of Federal Insurance Company Brian Lapidus Managing Director, InfoSec Practice Leader Kroll Advisory Solutions
3 Agenda What is the Cyber Exposure? Recent Headlines Reinforcing the Need for Coverage Coverage Considerations Risk Management Response Planning Questions
4 DISCLAIMER. CRT1 Chubb refers to the insurers of the Chubb Group of Insurance Companies. This presentation is for informational purposes only. The information provided should not be relied on as legal advice or a definitive statement of the law in any jurisdiction. For such advice, an applicant, insured, listener or reader should consult their own legal counsel. Actual coverage is subject to the language of the policies issued. Chubb, Box 1615, Warren, NJ
5 The Cyber Exposure and Law Firms The technology and amount of confidential data that a law firm relies upon to conduct its business can also significantly increase its vulnerability to cyber security threats any of which can result in significant out-of-pocket and reputational costs that can devastate the bottom line.
6 What Is A Data Breach Unintended disclosure of personal or confidential information Hacking Rogue Employees Negligence 3 rd Party Vendors
7 The Cyber Challenge Facing the Legal Profession Law Practice Today, April, 2013 Laurel Bellows, ABA President: Cyber-attacks are happening thousands of times a day, and some of the most vulnerable targets are law firms, which hold significant amounts of client information and serve as gates to their clients. Small law firms, in particular, have become cyber criminals latest victims. Focus of attacks has shifted from server rooms and data centers to the space occupied between the desktop and the chair attorneys, paralegals and administrative assistants.
8 Lawyers Get Vigilant on Cybersecurity Wall Street Journal, June 24, 2012 current and former law enforcement officials say cyber attacks against law firms are on the rise many law firms may not be aware that they were hacked until [an] agent shows up on their doorstep the weakest links at law firms of any size are often their own employees
9 Chinese Superspies Have Hacked Most Washington Institutions, Experts Say The Washington Post, February 20, 2013 Law firms, think tanks, newspapers if there s something of interest, you should assume you ve been penetrated. Mandiant: Chinese military unit is allegedly responsible for hundreds of terabytes of data from 141 organizations in 20 industries in the United States and around the world.
10 Law Firm, Police Hit By Hack Attacks; Lawyer Cell Phone Records Reportedly Accessed ABA Journal Law News Now, Feb. 7, 2012 VA law firm s network hacked by Anonymous through it s web site and sensitive client data was published on YouTube.com. Firm s web-site replaced with hip-hop video. Network off-line for days, with the firm ultimately ceasing operations. Many hacked s had documents attached and were published on Wikileaks.
11 Three Indicted for Hacking Into Law Firm s Computer System Pittsburgh Post-Gazette, June 27, 2012 Laid off employee at an unnamed law firm, her husband, and another accomplice, allegedly hacked into the computer system at the law firm and installed malware to capture passwords of anyone on the firm s network. Breached information included the personal financial information of the law firm s employees.
12 Park Sterling Bank Suing Law Firm After Fraudulent Wire Transfer Charlotte Observer, April 3, 2013 Using s, hackers were able to install a keylogger on a law firm s computer. After figuring out the law firm s online banking passwords, the hackers directed Park Sterling to send a $336, transfer through JP Morgan Chase & Co. to a Konstantin Pomogalove in Moscow. Bank initially refunded the money, then demanded it back.
13 Outside Law Firm Cybersecurity Under Scrutiny Corporate Counsel, June 6, Regulators, such as the Office of the Comptroller of the Currency, which oversees financial institutions, have been focusing on law firms. In response, banks are auditing the information security of their outside law firms.
14 Breach Related Expenses Notification Public Relations Forensics Legal Crafting letter or other notification Printing or design Mailing or other transmission Advertising & Press Releases Call Center Operations Other Services for Affected Persons: Credit Monitoring Legal expenses for outside attorney Cost of forensic examination Cost to remediate discovered vulnerabilities Response to claims or suits Payment of judgments or settlements
15 Direct Breach Costs By Activity Activity Percent Dollar Investigation & Forensics 12% $23 Outbound Contact 5% $9 Inbound Contact 5% $9 Public Relations/Communications 1% $2 Legal Services - Compliance 4% $8 Free or Discounted Services 1% $2 Identity Protection Services 4% $7 Total Direct Costs Per Record 32% $60 TOTAL COST PER RECORD 100% $ Annual Study: Cost of a Data Breach; Ponemon Institute, LLC, May 2013
16 Where s The Coverage ISO Commercial Property? Commercial Crime Form? General Liability Policy? Professional Liability Policy?
17 ISO Commercial Property Electronic Data Covered Causes of Loss extended to include a virus. But Coverage is limited because data must be destroyed or corrupted.
18 ISO Commercial Crime Exclusion
19 What about CGL or LPL Coverage? General Liability Insurance Addresses only physical injury to persons or tangible property, as well as the Insured s liability arising from the publication of material that violates a person s right to privacy. May be further restricted by several exclusions. Professional Liability Insurance May be limited by the description of Professional Services or by Exclusions for Invasion of Privacy. LPL is only a liability contract.
20 How Policies Can Overlap CYBERSECURITY POLICY Privacy Notification & Crisis Management Expenses Cyber Liability Privacy Injury Lawyers Professional Liability Policy Data Breach Notification & Crisis Data Breach Notification & Mitigation Costs Defense Expenses & Possible Damages Breach of Employee Data
21 CyberSecurity For Law Firms Lawyers Professional Liability Policy Cyber Liability Privacy Injury Privacy Notification & Crisis Management Expense One Breach E-Business Interruption & Extra Expense E-Threat Expense E-Vandalism Expense
22 Does the Policy Address Negligent release of information? Lost Laptops and other mobile devices? Access to information in non-electronic form? Employees Data Breach caused by rogue employee? Access to information other than over the Internet? Access to information residing on an outsourced system anywhere? Outsourcers New Technology Cloud Computing?
23 Crisis Management Coverage Considerations Notification Expenses When required by law or on a voluntary basis Credit Monitoring Expenses For a stipulated period of time and/or under specified circumstances Healthcare Monitoring included Forced to use one vendor Crisis Management Expenses Include expenses related to legal analysis, as well as public relations
24 Watch for Policy Limitations Some policies exclude coverage for claims related to the Insured s failure to maintain or upgrade their security! Some policies exclude coverage for claims alleging fraudulent or malicious acts by employees! Some policies may not cover various types of computer devices. Some policies exclude claims alleging unfair and deceptive trade practices. Is there defense of regulatory suits and/or coverage for fines and penalties?
25 Law Firm Specific Considerations Does Business Income include billable hours or fees, if necessary Can the liability portion of the Cyber policy be tailored to dovetail with the LPL? Difference in Conditions First-party coverage remains primary
26 Incident Response Planning: A Primer Deter Unless there is an investigative reason for permitting an intrusion to continue, steps should be put into place to deter and prevent another (or continuing) intrusion. Detect At the same time the enterprise takes steps to deter problems, it must simultaneously assume that their perimeter security will be breached or that existing intrusions are there and need to be detected. In a nutshell, detection is monitoring the network. Respond When a problem is detected, incident response must respond. Remediate Based on the type of incident and the depth of penetration, remediation events (e.g., swapping out of hardware, rebuilding bastions, re-engineering the network architecture) may be required.
27 Incident Response Planning: Creating an IRT Establish an Incident Response Team Mission - prevent and minimize any detrimental effects to staff, partners, and stakeholders; and thereby prevent a serious loss of profits and public confidence. They will provide an immediate, comprehensive, effective, and skillful response to any unexpected data loss event involving information, information systems, networks, or databases. Comprised of senior leadership who have been authorized to take appropriate steps deemed necessary to contain, mitigate and resolve a data security event Develop policies, procedures and training in order to ensure that the entire team is prepared for these events Establish a communication protocol for communicating with stakeholders, employees and customers (and media as appropriate) when these issues occur
28 Incident Response Team: Key Responsibilities
29 Incident Response Planning: Train Staff on Safeguarding PII Training Documented plans, conducted training, and tested procedures in advance will allow staff members to efficiently coordinate activities when responding to an incident. This gives the ability to exercise procedures and eliminate potential errors or omissions in advance of an incident. This training should include the following: How to identify when the loss of PII has occurred; The actions they need to take to report a suspected incident, including who to notify, how (e.g., web, , phone), and what information they should report; How to use incident response tools and environments based on their roles and responsibilities; How to communicate appropriately with the news media, including forwarding inquires to public relations staff.
30 Incident Response Planning: Conduct Drills for the IRT Practice Having a completed and implemented incident response plan does not necessarily mean it will lead to an effective recovery when utilized, or that staff fully understand tasks and responsibilities in a recovery situation. Only through repeated and continuous testing can an organization be assured that the plan will work as designed and personnel will know what to do. Run and perform drills twice a year at a minimum focusing on coordination, integration and interaction of an organizations policies, procedures, roles and responsibilities; Ensure that the IRT team is comfortable in their respective roles and knows what they need to do to ensure a smooth response.
Managing Cyber & Privacy Risks NAATP Conference 2013 NSM Insurance Group Sean Conaboy Rich Willetts SEAN CONABOY INSURANCE BROKER NSM INSURANCE GROUP o Sean has been with NSM Insurance Group for the past
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
Rogers Insurance Client Presentation Network Security and Privacy Breach Insurance Presented by Matthew Davies Director Professional, Media & Cyber Liability Chubb Insurance Company of Canada email@example.com
What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 firstname.lastname@example.org Presented by: Rob D. Moseley, Jr. 2 West
Cyber Liability Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Today s Agenda What is Cyber Liability? What are the exposures? Reality of a
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
Second Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL Using Insurance Coverage to Mitigate Cybersecurity Risks To Warranty and Service Contract Businesses Barry Buchman, Partner
AAPA Cybersecurity Seminar Andaz Savannah Hotel March 11, 2015 10:30 am Noon Understanding the Business Risk Presenter: Joshua Gold, Esq. (212) 278-1886 email@example.com Disclaimer The views expressed
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
Cyber-Crime Protection A program of cyber-crime prevention, data breach remedies and data risk liability insurance for houses of worship, camps, schools, denominational/association offices and senior living
ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014
Practical Cyber Law: Why the Standard of Care Requires Lawyers to Have a Basic Understanding of Cyber Insurance By Shawn Tuma & Katti Smith Data breaches have become far more common than most people realize.
Privacy / Network Security Liability Insurance Discussion January 30, 2013 Kevin Violette RT ProExec 1 Irrefutable Laws of Information Security 1) Information wants to be free People want to talk, post,
NZI LIABILITY CYBER Are you protected? Any business that operates online is vulnerable to cyber attacks and data breaches. From viruses and hackers to employee error and system damage, your business is
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President firstname.lastname@example.org 2 What s at Risk? $300 billion in
.. BY COMPLETING THIS THE APPLICANT IS APPLYING FOR COVERAGE WITH FEDERAL INSURANCE COMPANY (THE COMPANY ) NOTICE: INSURING CLAUSE A OF THE POLICY PROVIDES CLAIMS MADE COVERAGE, WHICH APPLIES ONLY TO "CLAIMS"
Lloyd s of London (Reuters) May 8, 2000 Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Rivers Casino, Pittsburgh November 17, 2014
Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies
2015 PIAA Corporate Counsel Workshop October 22 23, 2015 Considerations in Cyber Liability Coverage Chris Reese Vice President, Director of Underwriting Connie Rivas Asst. Vice President, Contracts and
Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations
Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
Cybersecurity: Emerging Legal Risks Data Breach Cyber Liability Seminar April 17, 2015 By: Tsutomu L. Johnson email@example.com Overview of 2014 Data Breaches: JP Morgan, Home Depot, P.F. Chang s, Healthcare.gov,
ANATOMY of a DATA BREACH DISASTER Avoiding a Cyber Catastrophe June, 2011 Sponsored by: ANATOMY of a DATA BREACH DISASTER Avoiding a Cyber Catastrophe An Advisen Special Report Sponsored by Chartis Security
CYBER RISK UPDATE BOARD OF GOVERNORS MEETING JUNE 25, 2014 EXECUTIVE SUMMARY Cyber risk has become a major threat to organizations around the world, as highlighted in several well-publicized data breaches
Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently
Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Thank you for joining us. We have a great many participants in today s call. Your phone is currently
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today
The Future of Data Breach Risk Management Response and Recovery Increasing electronic product life and reliability The Cybersecurity Forum April 14, 2016 Today s Topics About Merchants Information Solutions,
Cyber Liability Insurance: It May Surprise You Moderator Eugene Montgomery, President & CEO Community Financial Insurance Center Panelists Antonio Trotta, Senior Claim Counsel, CNA Specialty William Heinbokel,
October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title
Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers
David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!
INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES NOTICE: INSURING AGREEMENTS I.A., I.C. AND I.D. OF THIS POLICY PROVIDE COVERAGE ON A CLAIMS MADE AND REPORTED BASIS AND APPLY ONLY
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
Cyber-insurance: Understanding Your Risks Cyber-insurance represents a complete paradigm shift. The assessment of real risks becomes a critical part of the analysis. This article will seek to provide some
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000
Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals
SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE Businesses today rely heavily on computer networks. Using computers, and logging on to public and private networks has become second nature to
Cyber Risk With cyber invasions now a common place occurrence, insurance coverage isn t found in your liability policy. So many different types of computer invasions exist, but there is cyber risk insurance
INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE NOTICE: COVERAGE UNDER THIS POLICY IS PROVIDED ON A CLAIMS MADE AND REPORTED BASIS AND APPLIES ONLY TO CLAIMS FIRST MADE
Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes
CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread
Proudly presents Cyber Risk State of the Art Matthew Davies, Chubb Insurance Catherine Dowdall, Canada Post Mike Petersen, Marsh 1 Agenda 1. Who is At Risk? 2. New/Emerging Risk and Trends 3. Canada Post
Think STRENGTH. Think Chubb. Cyber Insurance Andrew Taylor Asia Pacific Zone Product Manager Chubb Pro PI, Media, Cyber The World Has Changed Then Now 1992 first text message More txt s that the entire
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW TECHNOLOGY AND TELECOM COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the technology and telecommunications
Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed
www.willis.com CYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP INSIDE THIS EDITION... CYBER CLAIMS LANDSCAPE A SAMPLING OF LARGE CYBER SETTLEMENTS LEGAL SPOTLIGHT, PRIVILEGE
IRONSHORE INSURANCE COMPANIES 75 Federal St Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING FOR A CLAIMS
The Academy of Hospitality Industry Attorneys The Pl Palmer House Hilton Chicago, IL April 25, 2014 Insurance for Data Breaches in the Hospitality Industry Presenters: David P. Bender, Jr. firstname.lastname@example.org
Willis Healthcare Practice 11 th Annual Forum July 10,2007 Managing and Insuring Risks in Network Privacy/Cyber Risk What is Network Security & Privacy Insurance? Created to cover gaps in traditional insurance
Helping clients build operational capability in cyber security. A DELTA RISK VIEWPOINT Law Firms and Cyber Security A hacker s dream and a lawyer s nightmare About Delta Risk is a global provider of strategic
IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING
Cyber Liability What you need to know! PRESENTED BY: GALLAGHER / CYBERRISK SERVICES MAY 2014 Most Common Reactions to Cyber Liability Questions: We don t need cyber liability coverage; we have tort immunity
Cyber Risks and Insurance Solutions Malaysia, November 2013 Dynamic but vulnerable IT environment 2 Cyber risks are many and varied Malicious attacks Cyber theft/cyber fraud Cyber terrorism Cyber warfare
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
Property NetProtect 360 SM and NetProtect Essential SM Which one is right for your client? Do your clients Use e-mail? Rely on networks, computers and electronic data to conduct business? Browse the Internet
Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
Please read the schedule to see whether Breach costs, Cyber business interruption, Hacker damage, Cyber extortion, Privacy protection or Media liability are covered by this section. The General terms and
Need for Cyberliability Insurance Continues to Grow 14 benefits magazine may 2015 MAGAZINE Reproduced with permission from Benefits Magazine, Volume 52, No. 5, May 2015, pages 14-19, published by the International
Cyber and CGL Insurance Coverage for Data Breach Claims Paula Weseman Theisen, Partner Data breach overview Definition of data breach/types Data breach costs Data breach legal claims and damages Cyber-insurance
What would you do if your agency had a data breach? 80% of businesses fail to recover from a breach because they do not know this answer. Responding to a breach is a complicated process that requires the
Utica College Information Security Plan Author: James Farr (Information Security Officer) Version: 1.0 November 1 2012 Contents Introduction... 3 Scope... 3 Information Security Organization... 4 Roles
Cyber Liability AlaHA Annual Meeting 2013 Disclaimer We are not providing legal advise. This Presentation is a broad overview of health care cyber loss exposures, the process in the event of loss and coverages
Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m. Topics: Explain why it is important for firms of all sizes to address cybersecurity risk. Demonstrate awareness
Cybersecurity: Minimizing Risk & Responding to Breaches March 5, 2015 Andy Chambers Michael Kelly Jimmie Pursell Scope of Problem Data Breaches A Daily Phenomenon Anthem JP Morgan / Chase Sony Home Depot