Damage from Data Breaches in the Retail Sector is Diminishing, But Progress is a Mixed Bag
|
|
- Agnes Clark
- 8 years ago
- Views:
Transcription
1 Damage from Data Breaches in the Retail Sector is Diminishing, But Progress is a Mixed Bag Retailers were well represented on the list of The 10 Most Expensive Data Breaches compiled by Lori Widmer in LifeHealthPro (June 18, 2015). The Hannaford Bros, Target, TJ Maxx, and Home Depot breaches represented a combined estimated cost of $722 million, according to Widmer. As contingent third party losses trickle in and become adjudicated, that number could well climb much higher over time. In addition to direct monetary costs, retailers run the risk of losing customers to competitors and other channels. In his New York Times article, A Hacking Epidemic That Hits Few Consumers in the Wallet, Nathaniel Popper writes that, according to The Nilson Report, criminals made $7.8 billion in fraudulent purchases in 2014, with retailers paying 38% of the cost ($3.0 billion) that portion which banks did not pay. As we enter 2016, retail breaches seem to make fewer headlines, so prevention and detection systems would appear to be working better. But there are still some key areas that should be addressed to improve security, including having up-to-date contingency plans. Fraudulent use of customers credit card information is only one of the areas requiring improvement as criminals There were $7.8 billion in fraudulent purchases in 2014, with retailers paying 38% of the cost, or $3 billion. become more sophisticated. Consequently, retailers and their customers are being exposed to new risks. Impact of a Data Breach One way to measure the impact of data breaches on retailers is to look at their per capita costs. This is calculated based on the number of people impacted plus any costs associated with repairing the data breach, including notification, forensics, reputational repair and crisis communication. The $165 per capita cost of data breaches in retail is well below the median cost of $215 per capita for all industry sectors (which is skewed upward by high costs for health and education related breaches), but remains slightly above the cross-industry mean cost of $154 per capita. (Ponemon Institute 2015 Cost of Data Breach Study: Global Analysis.) However, the $165 cost to retailers in 2015 represents a dramatic increase from a per capita cost of $105 in The Ponemon study, which included 37 retailers, generally attributes this increase to retailers spending more to address the consequences of data breaches, such as breach escalation, lost business, and post-breach costs.
2 Even though the cost per capita and customer churn for data breaches rose last year, retailers continue to whittle away at many of the blind spots that bedevil companies in every industry sector (which we ll discuss shortly) but the industry still has a long way to go. Another way to measure the impact of a data breach is the loss of customers to competitors and other channels. Abnormal customer churn for retailers (after data breaches that compromise personally identifiable information) is still well below customer churn rates in the healthcare, pharmaceutical and financial services sectors. However, between 2014 and 2015 abnormal churn increased appreciably to 2.1% from 1.3%, a 62% increase. So while churn is still a challenge for retailers, it s not quite as bad as in other industries. What Are Retailers Doing Better? Merchants are partnering with banks and credit card issuers to develop new methods to detect fraudulent purchases as a reasonable way to deal with apportioning liability for credit card fraud. They are working Merchants are to delineate responsibility for partnering with the Sisyphean task of trying to banks and credit protect credit card numbers card issuers to which may be essentially unprotectable because, as develop new one writer said, credit card methods to numbers are an asset that detect fraudulent have to be shared in order purchases. to be used, and which can be abused simply by knowing what they are. Banks and new enterprises are helping by creating alternative secure payment infrastructures, and replacing traditional (mag stripe) credit cards with those with E.M.V. chips (the Europay, MasterCard, and Visa technical standard for smart cards). These techniques, which are focused more on protection, are making a difference. Identity Theft Resource Center and Javelin Strategy and Research reported in the New York Times that, while data breaches are up, the total cost of identity fraud across all industries is down in the U.S. from $32 billion in 2009 to $16 billion in The average out-of-pocket cost per identity fraud victim during this period has dropped from $388 to $115. What s Still Needed Continued Emphasis on Prevention and Detection Retailers should watch their insiders. A majority of cyberattacks are thought to be triggered by inadvertent or malicious insider activity. In Crowd Research Partners 2015 Insider Threat Spotlight Report, 62% of polled security professionals think insider attacks are on the rise because of cloud applications, insufficient A majority of cyberattacks are thought to be triggered by insider activity. data protection, and lack of training. Privileged users (IT administrators and staff), the report tells us, represent the biggest risk (said 59% of respondents), followed by contractors, consultants, and temporary workers, and then regular employees. Insider hacks are expensive because they take an average of seven months to detect. For attacks triggered by malicious insiders, focus on deterrence (access control, encryption and policies), detection (monitoring), and analysis and forensics, and on carefully managing permissions and rights that are granted to your technical staff, so they can only access those portions of your technical and data infrastructure that their roles require. Encryption (of data at rest, in transit and in storage) reduces the $165 cost per capita for retail data breaches by $12 (Ponemon). For attacks caused by human error and carelessness, retailers should work to improve security awareness, training and policies, so employees are more risk aware and become partners in prevention. Employee training is said to reduce the per capita cost of breaches to retailers by another $8 (Ponemon).
3 It s not safe online. As online sales grow at the expense of bricks and mortar, these transactions are being increasingly targeted by hackers. As mobile devices take market share from traditional desktop PCs for online transacting, security risks are increasing yet again so mobile security is paramount. A 2015 Gartner report says that over 75% of mobile apps will fail a basic security test. And Veracode welcomes retailers to social media with the warning at the average global enterprise has 2,400 unsafe apps installed in its mobile environment. So retailers have to do double duty to match the ease of use they build into mobile shopping with significant mobile security expenditures. Beware the myth of standards. They are important and legally helpful, but they need to be supplemented with relentless behavioral work training, awareness campaigns, effective policies, and an enterprise risk management approach to the daunting threat that cyberrisk continues to represent to retailers. So meeting the Payment Card Industry (PCI) standard, managing cybersecurity to the ISO/IEC 27001:2013/27002:2013 standards, and implementing ISO compliant business continuity plans certainly do help but are insufficient by themselves. Balancing Prevention with Response and Recovery Retailers should aspire to prevent hacks but plan as if data breaches are inevitable. To do that, retailers must move toward a better balance in their IT security spend between prevention and detection on the one hand, and response and recovery on the other. This means developing a team that focuses on recovery. Start with Board-level involvement; educate and engage Board members and involve them in decision-making recognizing that cybersecurity is not just a technical issue but a fundamental element of the governance, compliance and risk management framework of the enterprise. As such, cybersecurity should be controlled by a CISO (Chief Information Security Officer). The CISO probably should not report to the technical leadership (CIO, CTO)--as is the case in 94% of surveyed companies but to the Chief Risk Officer (CRO). This alignment transitions the CISO into more of an independent and credibly funded compliance role instead of a subordinate role in the IT shop, where the objectives of efficiency and up-time can understandably clash. When the Board becomes actively involved in cybersecurity risk management and the company installs a CISO, Ponemon tells us that breach cost per capita of $165 for retailers is reduced by over $10. It s also important to develop a strong business continuity management (BCM) governance framework, and implement a standards-based business continuity plan (BCP) and IT disaster recovery plan (DRP). Ponemon s 2015 study indicates that without these plans, the mean time to identify (MTTI) and the mean time to contain (MTTC) cyber-attacks increase appreciably, leading to greater costs from data loss and operational downtime. Having a good BCP and DRP contributes significantly to the incident response process and promotes an orderly and less costly recovery, reduces the likelihood of a material data breach, and reduces the per capital breach cost to retailers by over $7. As part of their BCM regime, retailers with a strong and well-prepared incident response team at the ready reduce the per capita cost another $12-$13. There has been some talk in insurance circles that if major breaches continue in the retail sector the industry could become uninsurable and would have to rely on captive self-insurance structures. Regardless, retailers should purchase stand-alone or cyber coverage as part of their E&O, commercial general liability, property or D&O policies. The RIMS Cyber Survey of 283 companies (including 15 retailers) in May 2015 tells us that only 51% of companies buy this stand-along cybersecurity coverage. These companies top three first party exposures are business interruption, reputational harm and data breach response and notification costs. To mitigate those kinds of damage have a business continuity plan, a good crisis communications partner, and a cyber-incident response plan in place.
4 New Threats (and Hopes) on the Horizon As if we needed further evidence of how costly major hacks can be, cumulative expenses accrued by Target in connection with its massive data breach in late 2013 topped $250 million through 2014, of which only $90 million has been reimbursed by insurers, while financial institutions claim more than $200 million in card replacement costs and related expenses associated with the breach. Several banks that had previously filed a class action lawsuit against Target recently agreed to a nearly $40 million settlement to resolve breach-related claims for cost reimbursement, following Target s $67 million settlement with Visa back in August. And the book isn t yet closed. Nilson s warning that retailers paid almost $3 billion of the fraudulent purchases made in 2014 is an alarming statistic. However, in a recent New York Times piece David Robertson, publisher of The Nilson Report, is quoted as suggesting that the five-year plan for the bad guys is not data breaches and stealing credit cards. It involves stealing all the information [they] can and opening legitimate accounts in people s names with this trove of pilfered personally identifiable information. Yet Robertson provides a positive and hopeful outlook when he comments, The bad guys are getting good and the good guys are getting even better.
5 Authors Bob Duffy Global Leader Corporate Finance Steve Coulombe Christa Hart Keith Jelinek Scott Corzine Managing Director Duane Lohn Managing Director Disclosure: The views expressed in this piece are those of the author(s) and are not necessarily the views of FTI Consulting, its management or its subsidiaries. About FTI Consulting FTI Consulting, Inc. is a global business advisory firm dedicated to helping organizations protect and enhance enterprise value in an increasingly complex legal, regulatory and economic environment. FTI Consulting professionals, who are located in all major business centers throughout the world, work closely with clients to anticipate, illuminate and overcome complex business challenges in areas such as investigations, litigation, mergers and acquisitions, regulatory issues, reputation management and restructuring FTI Consulting, Inc. All rights reserved.
WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationPCI Compliance for Healthcare
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
More informationCyber Liability & Data Breach Insurance Claims
Cyber Liability & Data Breach Insurance Claims A Study of Actual Payouts for Covered Data Breaches Mark Greisiger President NetDiligence June 2011 Last year, privacy breaches ran about 1-2 per week. This
More informationWILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES
WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.
More informationData breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
More informationCYBERSECURITY IN HEALTHCARE: A TIME TO ACT
share: TM CYBERSECURITY IN HEALTHCARE: A TIME TO ACT Why healthcare is especially vulnerable to cyberattacks, and how it can protect data and mitigate risk At a time of well-publicized incidents of cybersecurity
More informationLangara College PCI Awareness Training
Langara College PCI Awareness Training Have you heard of PCI? Due to the increase of credit card fraud and identity theft, major credit card companies like Visa, MasterCard and Amex have formed a security
More informationCyber Risks in Italian market
Cyber Risks in Italian market Milano, 01.10.2014 Forum Ri&Assicurativo Gianmarco Capannini Agenda 1 Cyber Risk - USA 2 Cyber Risk Europe experience trends Market size and trends Market size and trends
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationDATA BREACH: hy you should care!
DATA BREACH: hy you should care! Bob Gregg CEO Bob.gregg@idexpertscorp.com 1 Overview Defining the cyber security and Data breach problem The threat source- surprising Potential business impact No one
More information2015 Cost of Data Breach Study: United States
2015 Cost of Data Breach Study: United States Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC May 2015 Ponemon Institute Research Report 2015 1 Cost of Data Breach
More informationCyber Risk: Global Warning? by Cinzia Altomare, Gen Re
Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in
More informationAnswering your cybersecurity questions The need for continued action
www.pwc.com/cybersecurity Answering your cybersecurity questions The need for continued action January 2014 Boards and executives keeping a sustained focus on cybersecurity do more than protect the business:
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationTHE SECURITY EXECUTIVE S GUIDE TO A SECURE INBOX. How to create a thriving business through email trust
THE SECURITY EXECUTIVE S GUIDE TO A SECURE INBOX How to create a thriving business through email trust FORWARD Today the role of the CISO is evolving rapidly. Gone are the days of the CISO as primarily
More informationManaging Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec
Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Jeremy Ong Divisional Vice-President Great American Insurance Company November 13, 2010 1 Agenda Overview of data breach statistics
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationDiscussion on Network Security & Privacy Liability Exposures and Insurance
Discussion on Network Security & Privacy Liability Exposures and Insurance Presented By: Kevin Violette Errors & Omissions Senior Broker, R.T. Specialty, LLC February, 25 2014 HFMA Washington-Alaska Chapter
More informationCYBERSECURITY: Is Your Business Ready?
CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring
More information2015 Cost of Data Breach Study: Global Analysis
2015 Cost of Data Breach Study: Global Analysis Benchmark research sponsored by IBM Independently conducted by Ponemon Institute LLC May 2015 Ponemon Institute Research Report Part 1. Introduction 2015
More informationOctober 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches
October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationWho s next after TalkTalk?
Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many
More informationJoe A. Ramirez Catherine Crane
RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract
More informationCyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor
Cyber Risks Management Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor 1 Contents Corporate Assets Data Breach Costs Time from Earliest Evidence of Compromise to Discovery of Compromise The Data Protection
More informationPrivacy / Network Security Liability Insurance Discussion. January 30, 2013. Kevin Violette RT ProExec
Privacy / Network Security Liability Insurance Discussion January 30, 2013 Kevin Violette RT ProExec 1 Irrefutable Laws of Information Security 1) Information wants to be free People want to talk, post,
More informationWhite Paper: Are there Payment Threats Lurking in Your Hospital?
White Paper: Are there Payment Threats Lurking in Your Hospital? With all the recent high profile stories about data breaches, payment security is a hot topic in healthcare today. There s been a steep
More informationSOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT)
INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT THE FIFTH ANNUAL SURVEY ON THE CURRENT STATE OF AND TRENDS IN INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT Sponsored by October 2015
More informationData Breaches, Identity Theft, and Employees
Data Breaches, Identity Theft, and Employees Joining the Dots and Dispelling the Myths What you ll learn Data Breaches + identity theft + employees Data Breaches or Data Donations? Data Breaches + Identity
More informationPrivacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014
Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Nikos Georgopoulos Privacy Liability & Data Breach Management wwww.privacyrisksadvisors.com October 2014
More informationAftermath of a Data Breach Study
Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath
More informationNationwide Cyber Security Survey
Research Nationwide Cyber Security Survey Presented by Harris Poll Executive Summary: Cyber-Security Cyber-security is a low priority for many because the threat is not palpable Eight in ten (79%) have
More informationManaging Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal
Managing Cyber Threats Risk Management & Insurance Solutions Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal Overview Recent Trends and Loss Exposures Risk Management Strategies
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationData security: A growing liability threat
Data security: A growing liability threat Data security breaches occur with alarming frequency in today s technology-laden world. Even a comparatively moderate breach can cost a company millions of dollars
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationCybersecurity Workshop
Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153
More informationCybersecurity. Are you prepared?
Cybersecurity Are you prepared? First Cash, then your customer, now YOU! What is Cybersecurity? The body of technologies, processes, practices designed to protect networks, computers, programs, and data
More informationMay 14, 2015. Statement for the Record. On behalf of the. American Bankers Association. Consumer Bankers Association
Statement for the Record On behalf of the American Bankers Association Consumer Bankers Association Credit Union National Association Independent Community Bankers of America National Association of Federal
More informationManaging Cyber Security as a Business Risk: Cyber Insurance in the Digital Age
Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013
More informationCyber/ Network Security. FINEX Global
Cyber/ Network Security FINEX Global ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over
More informationNine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity
Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers
More informationBOARD OF GOVERNORS MEETING JUNE 25, 2014
CYBER RISK UPDATE BOARD OF GOVERNORS MEETING JUNE 25, 2014 EXECUTIVE SUMMARY Cyber risk has become a major threat to organizations around the world, as highlighted in several well-publicized data breaches
More informationBest practices and insight to protect your firm today against tomorrow s cybersecurity breach
Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationCybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015
Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key
More informationThe Future of Data Breach Risk Management Response and Recovery. The Cybersecurity Forum April 14, 2016
The Future of Data Breach Risk Management Response and Recovery Increasing electronic product life and reliability The Cybersecurity Forum April 14, 2016 Today s Topics About Merchants Information Solutions,
More informationCyber/Information Security Insurance. Pros / Cons and Facts to Consider
1 Cyber/Information Security Insurance Pros / Cons and Facts to Consider 2 Presenters Calvin Rhodes, Georgia Chief Information Officer Ron Baldwin, Montana Chief Information Officer Ted Kobus, Partner
More informationDATA SECURITY: EVERYTHING YOU NEED TO KNOW
DATA SECURITY: EVERYTHING YOU NEED TO KNOW! Data Breaches: Where, What and Why! Federal and State Regulations to Protect Data! EMV Chip Technology! PIN or Signature?! Existing and Emerging Security Options!
More informationCyber Insurance as one element of the Cyber risk management strategy
Cyber Insurance as one element of the Cyber risk management strategy Stéphane Hurtaud Partner Governance, Risk & Compliance Thierry Flamand Partner Insurance Leader Laurent de la Vaissière Director Governance,
More informationHacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows
Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber
More informationHow To Protect Your Restaurant From A Data Security Breach
NAVIGATING THE PAYMENTS AND SECURITY LANDSCAPE Payment disruptions impacting restaurant owners today An NCR Hospitality white paper Almost every month we hear a news story about another data breach that
More informationFive Questions to Ask Before Your Next Healthcare Data Breach
Five Questions to Ask Before Your Next Healthcare Data Breach Dorothy DeAngelis Health Solutions Peter Kerr Managing Director Strategic Communications Thomas G.A. Brown Global Risk & Investigations Practice
More informationData Privacy & Security: Essential Questions Every Business Must Ask
Data Privacy & Security: Essential Questions Every Business Must Ask Presented by: Riddell Williams P.S. Riddell Williams P.S. May 6, 2015 #4841-4703-9779 Innocent? 2 Overview 3 basic questions every business
More informationRegulatory and Market Imperatives Place Cyber Security High on Carrier Agendas
Regulatory and Market Imperatives Place Cyber Security High on Agendas Written by Scott Corzine // Managing Director, Risk Practice, FTI Consulting, Inc. Insurance carriers, with their large repositories
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationCybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048
Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator
More informationData breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report
More informationPosted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am
1 of 7 5/8/2014 7:34 PM Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am Editor s Note: David A. Katz is a partner at Wachtell, Lipton, Rosen & Katz specializing
More informationSTATE of the market ON CYBER RISK
STATE of the market ON CYBER RISK TABLE OF CONTENTS The Takeaway 1 The Overview 2 Review & Outlook 5 Placements & Considerations 7 Summary 9 Notes 10 THE TAKEAWAY Year-over-year increases in the frequency
More informationInsulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015
Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact February 10, 2015 Overview 1 The Legal Risks And Issues/The Role Of Legal Counsel: The Breach Coach The Slippery
More informationCYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE 12/16/2015. December 17, 2015
12/16/2015 CYBERSECURITY FRAUD LOSS ISSUES & HOW TO ADDRESS RISKS IN TODAY'S INSURANCE MARKETPLACE December 17, 2015 Angela R. Morelock, CPA, CFE, CFF, ABV Partner, BKD, LLP amorelock@bkd.com Jeff Eiserman
More information$22k. Payment Card Data Breaches: What You Need to Know About Your Risk and Liability. First Data Market Insight
Need to Know About Your Risk and Liability Many small merchants are surprised to learn that they can be held liable for tens of thousands of dollars in fines and other expenses when a card data breach
More informationThink STRENGTH. Think Chubb. Cyber Insurance. Andrew Taylor. Asia Pacific Zone Product Manager Chubb Pro PI, Media, Cyber
Think STRENGTH. Think Chubb. Cyber Insurance Andrew Taylor Asia Pacific Zone Product Manager Chubb Pro PI, Media, Cyber The World Has Changed Then Now 1992 first text message More txt s that the entire
More informationBe Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance
Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance Today s agenda Introductions Cyber exposure overview Cyber insurance market and coverages Captive cyber insurance
More informationDATA BREACHES: HOW IT IMPACTS THE CUSTOMER & THE FINANCIAL INSTITUTION. Prepared For: First Citizens Federal Credit Union 3/18/2015
DATA BREACHES: HOW IT IMPACTS THE CUSTOMER & THE FINANCIAL INSTITUTION. Prepared For: First Citizens Federal Credit Union TABLE OF CONTENTS Data Breach Trends Financial Institutions Impact How First Citizens
More information2015 Global Cyber Impact Report
2015 Global Cyber Impact Report Sponsored by Aon Risk Services Independently conducted by Ponemon Institute LLC Publication Date: April 2015 2015 Global Cyber Impact Report Ponemon Institute, April 2015
More information2015 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE FOURTH ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE
2015 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE FOURTH ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE February 2015 2015 Network Security & Cyber Risk Management: The FOURTH
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report
More informationCYBER & PRIVACY LIABILITY INSURANCE GUIDE
CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,
More informationPayment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard (PCI DSS) WARNING: Your company may be in noncompliance with the Payment Card Industry Data Security Standard (PCI DSS), placing it at risk of brand damage,
More informationcyber invasions cyber risk insurance AFP Exchange
Cyber Risk With cyber invasions now a common place occurrence, insurance coverage isn t found in your liability policy. So many different types of computer invasions exist, but there is cyber risk insurance
More informationRISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION
RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION October 23, 2015 THREAT ENVIRONMENT Growing incentive for insiders to abuse access to sensitive data for financial gain Disgruntled current and former
More informationAHLA. N. HIPAA Security Breaches: What Should We Be Doing to Keep Us Out of the Headlines? Diane E. Felix Armstrong Teasdale LLP Saint Louis, MO
AHLA N. HIPAA Security Breaches: What Should We Be Doing to Keep Us Out of the Headlines? Diane E. Felix Armstrong Teasdale LLP Saint Louis, MO Anthony J. Munns Brown Smith Wallace LLC Saint Louis, MO
More informationDATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT
Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security
More informationRogers Insurance Client Presentation
Rogers Insurance Client Presentation Network Security and Privacy Breach Insurance Presented by Matthew Davies Director Professional, Media & Cyber Liability Chubb Insurance Company of Canada mdavies@chubb.com
More informationSafeBiz. Identity Theft and Data Breach Program For Small & Medium Size Businesses (SMB)
SafeBiz Identity Theft and Data Breach Program For Small & Medium Size Businesses (SMB) 1 About Us Since 2003 we have helped victims of identity theft recover fully from this devastating crime, and continue
More informationStatement of. Carlos Minetti. Discover Financial Services. Before the. Subcommittee on Oversight and Investigations. of the
Statement of Carlos Minetti Discover Financial Services Before the Subcommittee on Oversight and Investigations of the Committee on Financial Services United States House of Representatives July 21, 2005
More informationPCI Risks and Compliance Considerations
PCI Risks and Compliance Considerations July 21, 2015 Stephen Ramminger, Senior Business Operations Manager, ControlScan Jon Uyterlinde, Product Manager, Merchant Services, SVB Agenda 1 2 3 4 5 6 7 8 Introduction
More informationIs the PCI Data Security Standard Enough?
Is the PCI Data Security Standard Enough? By: Christina M. Freeman ICTN 6870 Advanced Network Security Abstract: This paper will present the researched facts on Payment Card Industry Data Security Standard
More informationInsurance Considerations Related to Data Security and Breach in Outsourcing Agreements
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
More informationWhite Paper September 2013 By Peer1 and CompliancePoint www.peer1.com. PCI DSS Compliance Clarity Out of Complexity
White Paper September 2013 By Peer1 and CompliancePoint www.peer1.com PCI DSS Compliance Clarity Out of Complexity Table of Contents Introduction 1 Businesses are losing customer data 1 Customers are learning
More informationRemarks by. Thomas J. Curry. Comptroller of the Currency. Before the. Chicago. November 7, 2014
Remarks by Thomas J. Curry Comptroller of the Currency Before the 10 th Annual Community Bankers Symposium Chicago November 7, 2014 Good morning, it s a pleasure to be here today and to have this opportunity
More informationPAI Secure Program Guide
PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements and utilizing the PAI Secure Program. Letter From the CEO Welcome to PAI Secure. As you
More informationPayment Card Industry Update and Cyber Risk Management
Payment Card Industry Update and Cyber Risk Management CRAIG A. HOFFMAN, ESQ. BAKERHOSTETLER ADAM COTTINI, MANAGING DIRECTOR, CYBER LIABILITY PRACTICE, ARTHUR J GALLAGHER & CO. OCTOBER 22, 2015 2014 ARTHUR
More informationCyber Risks and Insurance Solutions Malaysia, November 2013
Cyber Risks and Insurance Solutions Malaysia, November 2013 Dynamic but vulnerable IT environment 2 Cyber risks are many and varied Malicious attacks Cyber theft/cyber fraud Cyber terrorism Cyber warfare
More informationSMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015
SMB Data Breach Risk Management Best Practices By Mark Pribish February 19, 2015 Presentation Agenda About Mark Pribish Information Governance The Threat Landscape Data Breach Trends Legislative and Regulatory
More informationDATA BREACH RESPONSE READINESS Is Your Organization Prepared?
March 30, 2015 DATA BREACH RESPONSE READINESS Is Your Organization Prepared? Peter Sloan Pete Enko Jeff Jensen Deborah Juhnke The data security imperatives of Prevention, Detection, and Response do not
More informationWhite Paper. Data Breach Mitigation in the Healthcare Industry
White Paper Data Breach Mitigation in the Healthcare Industry Thursday, October 08, 2015 Table of contents 1 Executive Summary 3 2 Personally Identifiable Information & Protected Health Information 4 2.1
More informationExercising Your Enterprise Cyber Response Crisis Management Capabilities
Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.
More information2015 CENTRI Data Breach Report:
INDUSTRY REPORT 2015 CENTRI Data Breach Report: An Analysis of Enterprise Data Breaches & How to Mitigate Their Impact P r o t e c t y o u r d a t a Introduction This industry report attempts to answer
More informationFinancial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age
Financial Implications of Cybercrime Meeting the Information Security Management Challenge in the Cyber-Age Southern California Association for Financial Professionals February 14, 2014 Stan Stahl, Ph.D.
More informationCybersecurity Best Practices in Mortgage Banking. Article by Jim Deitch October 2015
Cybersecurity Best Practices in Mortgage Banking Article by Jim Deitch Cybersecurity Best Practices in Mortgage Banking BY JIM DEITCH Jim Deitch Recent high-profile cyberattacks have clearly demonstrated
More information4/30/2015 CYBER LIABILITY AND AVIATION AGENDA LEARNING OBJECTIVES. Presented by Hal Hunt May 3, 2015
CYBER LIABILITY AND AVIATION Presented by Hal Hunt May 3, 2015 AGENDA Introduction Leaning Objectives Threat Examples Underwriting Protection/Cyber Policy Summary 2 LEARNING OBJECTIVES Understand Key Terms
More informationCYBER EXPOSURES OF SMALL AND MIDSIZE BUSINESSES A DIGITAL PANDEMIC. October 2014. Sponsored by:
CYBER EXPOSURES OF SMALL AND MIDSIZE BUSINESSES A DIGITAL PANDEMIC October 2014 Cyber Exposures of Small and Midsize Businesses A digital pandemic Executive Summary Gone are the days when data breaches,
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationBeazley Group Beazley Breach Response. A data breach isn t always a disaster Mishandling it is.
Beazley Group Beazley Breach Response A data breach isn t always a disaster Mishandling it is. A world of risk 932.7m Personal records breached in the U.S. since 2005 3 51% The proportion of breaches attributable
More informationIS YOUR CUSTOMERS PAYMENT DATA REALLY THAT SAFE? A Chase Paymentech Paper
IS YOUR CUSTOMERS PAYMENT DATA REALLY THAT SAFE? A Chase Paymentech Paper A data breach has the potential to cost retailers millions in lost customers and sales. In this paper we discuss a number of possible
More information