How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised
|
|
- Jonah Parsons
- 8 years ago
- Views:
Transcription
1 ACE USA Podcast Released June 24, 2010 How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised Moderator: Richard Tallo Senior Vice President, ACE North America Marketing & Communications, ACE USA Panelists: Toby Merrill Vice President, ACE Professional Risk, ACE USA John Mullen Attorney, Nelson, Levine, DeLuca & Horst Mark Greisiger President, NetDiligence Hello, I m Richard Tallo, of North America Communications, at the Philadelphia headquarters of the ACE Group of Companies. Welcome back to the second of two podcasts ACE has produced to discuss how companies can learn how to prepare for, and deal with data breaches. In our first broadcast ( Preparing for the Inevitable Data Breach: What to do Before Sensitive Customer and Employee Data is Breached, Stolen or Compromised ), we discussed the steps that organizations and their risk managers need to take in order to put together an effective crisis response plan. To briefly recap, these steps were: Naming a specific senior manger to take charge following a breach; Identifying computer forensic specialists before the event, to determine what has been compromised in a manner that preserves the chain of custody and other stakeholders; Structuring proper service provider contracts; Pre-negotiating notification, call center and credit monitoring services; and Looking into privacy liability insurance. Spending a few thousand dollars on legal counsel up front can potentially save the organization millions in defense costs on the back end. Today, we ll move beyond crisis management planning and look at how companies can respond following the breach of sensitive consumer or employee information. Once again, I m joined by: Toby Merrill, National Privacy Product Manager for ACE USA; John Mullen, a partner with the law firm of Nelson, Levine, DeLuca & Horst; and finally, Mark Greisiger, President of Net Diligence, a data privacy and security firm. I d like to start today s discussion by asking Toby how he would handle the following scenario: It s Monday morning at 10 a.m., and a major credit card company has just alerted you that they noticed a suspicious pattern of charges they suspect was caused by a serious breach at their company. Can you tell us what should occur in the first hour after that phone call?
2 Well, Rich, hopefully management has already put in place an incident response plan in advance of the breach, outlining who inside and outside of the organization needs to be involved and what steps need to be taken. In either case, the company needs to first assemble a crisis response team to determine exactly what happened and begin delegating responsibilities. At the very least, the first action items need to include: Engaging a forensics team to determine the extent of the breach, including the number of records affected and the type of information that has been exposed. Assessing the severity of the breach as early as possible to determine the best course of action. For example, a breach of 10 or 20 credit cards should be classified very differently than a breach of a few thousand social security numbers. What are action steps for the next phase? Engaging a legal firm to counsel senior management on the organization s legal obligations around a number of issues, such as state notification requirements and litigation holds. Spending a few thousand dollars on legal counsel up front can potentially save the organization millions in defense costs on the back end. Then, depending on the severity of the breach, the organization should bring in crisis management consultants to review the situation and to advise on the best means of communication with the public, should it be required or recommended. Thanks, Toby. Mark, why are computer forensics so critically important at this stage? Many companies that have not properly examined the nature of a breach before disclosing have found that they may have disclosed a little bit too soon. First, it is critically important that you get a snapshot of the security breach event. You will need to determine what internal computer servers have been impacted by this event, when and where the attack occurred, and what prudent controls were in place at the time of the incident. Next, you are going to need to identify the individuals who could have potentially been affected by this event. Computer server logs should be reviewed to verify important information, such as: How the company s servers were accessed as well as when and how often this illegal access occurred; Whether the culprit actually accessed the customer s information and employee data; What type of data was accessed and when; and Where the victims physically resided to determine the proper course for notification. Another key point is, depending on the applicable state notification laws, a company may not be legally required to notify customers or employees whose sensitive information has been comprised. Many companies that have not properly examined the nature of a breach before disclosing have found that they may have disclosed a little bit too soon. This past year, I worked with several clients that experienced a real life data breach event impacting their customer data. And in many of these instances, they found they did not have a duty to notify because either the data impacted was limited, for example, no public identifiable information was impacted, such as a combined name with social security number, or the data was encrypted and thus the laws of Safe Harbor may apply. 2
3 Thanks, Mark. John, can you discuss the key ingredients of an effective media message? And, how should the news that sensitive consumer data has been comprised be communicated to both affected customers and the public? Rich, ideally a simple, clear, company statement by a senior executive should include key facts of the incident that are known at that time, what is being done to address the breach, in what timeframe, and it should conclude with confirming that appropriate steps are being taken actively. It s always best to tell your story up front, stressing open communication within the organization and making yourself available for participation in news stories as appropriate, taking care to work with trusted media sources. Thanks, John. Are there other best practices to consider when communicating to key audiences? Yes, they include the following: Keeping to the basic facts of the breach and not overstating the facts; Showing empathy and concern for the affected individuals; Reassuring key audiences and stakeholders that the response to the privacy breach is being handled properly and that assistance is being offered to those affected; and Finally, accepting responsibility for the incident while taking care not to admit negligence. That s important. Thanks, John. Mark, is it always necessary to provide credit monitoring services to affected customers? Rich, it depends on the situation. A lost laptop with encrypted data is much different than a hacking attack where compromised information is being used for real identity theft purposes. The most important issue is determining the type of data that has been lost. If the data compromised is medical data or credit card information, than credit monitoring services may only provide limited assistance for the customers that were affected. However, if customers social security numbers have been compromised, which is the holy grail of data, then credit monitoring services will be an appropriate response. Another consideration is whether there is any concrete evidence of actual fraud. A laptop that went missing for two days and was returned by a trustworthy citizen may not warrant the additional costs of credit monitoring. It is important to note that there are currently no state notification laws on the books requiring that credit monitoring be offered. This is not a mandatory offering. However, research has demonstrated that individuals who are offered free or subsidized services, may perceive the company more positively and are less likely to participate in a class action lawsuit. But credit monitoring services can be expensive, which is a key reason why pre-planning is so important. Thanks, Mark. Would you share some best practices for offering credit monitoring services? First, a prudent step is to offer those customers whose data has been compromised a free credit check, such as from the ftc.gov site. If a free service is not available, rates should be negotiated in advance of a data security breach event and the company should talk to a number of different providers before a making a final selection. A company should also try to find the most economical way to manage its costs. In many cases, choosing a provider that charges for redemptions only and not on every offer made is a better value since we only see between 10 and 25 percent of offers redeemed. And finally, if a third-party service provider was responsible for the breach you may be able to seek indemnity. 3
4 Toby, we ve spent time focusing on best practices for companies. Can you share lessons learned from companies that have experienced data breaches? Of course. The three biggest mistakes I have seen companies make after a breach are really related to a lack of preparation: First, without a crisis response plan in place, the company is forced to make rash decisions due to a lack of direction and leadership. A company responding to a breach should consider its culture and reputation, and how it is perceived by its customers. Senior management needs to agree on this prior to developing an appropriate response. Another common mistake I ve seen is when companies have not taken the time to properly screen forensic, legal, and public relations as well as notification vendors prior to the breach. Not doing this may often result in a company making hasty decisions and hiring inexperienced firms or grossly overpaying for these services. The third mistake I have seen companies make is the tendency to over-notify, as Mark mentioned earlier. In some instances there have been a number of notifications that could have been significantly reduced, and in some cases, eliminated entirely had management taken the time to hire a qualified attorney who knows the intricacies of the various privacy regulations. Toby, are there any instances where a company may choose to notify even after they ve determined they are not legally obligated to do so? The organization s decision to notify could mitigate its liability from class action considerably. Absolutely. There are three major areas where this has been the case: First, many organizations reputations are built on their open culture environment, such as universities. The organizations may risk more by hiding the incident than any pending litigation might bring. Second, there are a number of foreign jurisdictions, such as Canada, that have yet to pass notification legislation. [Note: Alberta has become the first province to add a data breach notification requirement into its legislation. The new measures were added into its Personal Information Protection Act (PIPA) on May 1, 2010 and are now law]. And many of the notification laws are very limited in the type of information that triggers the obligation to notify. For example, a breach of a customer s address may not trigger a notification requirement but could be used by a hacker to obtain more sensitive information. In each of these instances, the organization s decision to notify could mitigate its liability from class action considerably. Thanks, Toby. John, can you talk about the actual financial damages suffered in the real cases that you have been involved with? Of course. Incidents of data loss can be very costly for companies, especially those organizations that fail to take their legal duties seriously up front. Prior to any lawsuit being filed, there are expenses that can include notification to affected customers, call centers, and service offerings to reduce damage to the customer or employee base, litigation expense and e-discovery costs. If a customer files a lawsuit, costs will escalate. 4
5 Should there be a lawsuit, legal cases tend to fall into three basic categories: First, the Federal Trade Commission, considered the most active government authority currently policing the data loss world, can elect to pursue statutory damages based on a fines per record type loss situation. These can be expensive to pay and even more expensive to defend against as anyone who has ever gone up against the government in a lawsuit knows it s a very time consuming and very expense. The second type of case is a suit related to financial institutions. Should a company lose significant amounts of data, particularly with credit card information, most banks, regardless of best practices, will replace those credit cards. However, there is a fee involved in credit card replacement it is how many dollars per credit card to replace it. And, with lost records often in the millions, the amount claimed by financial institutions to replace those cards will be substantial. The third type of lawsuit -- and by far the most expensive and problematic -- are those that are called class actions. These are brought in the guise of customer and employee lawsuits. Class actions are generally brought in federal court, and although the industry has been relatively successful in defending against them, fighting certification of classes, because they lack the requisite damages required under the law, the data breach context is tricky and that trend seems to be eroding in the courts. Thanks, John. From our discussions, it s apparent that preparing a formal response plan is a necessity for a company. In the heat of a crisis, you don t want to be caught unprepared. As we ve been discussing during this broadcast, an open and measured response can also help retain goodwill with customers and reduce the potential for legal liability down the road. I d like to thank Toby, John and Mark for joining us today. On behalf of everyone at ACE, thanks for joining us. NetDiligence : is a cyber risk assessment services company. NetDiligence also offers a unique post data breach response service called service erisk Hub to fully support & assist clients with their inevitable data breach crisis incident. For the past decade NetDiligence has established itself as a leader for performing due diligence cyber risk assessments on behalf of majority of P&C insurers in US & UK that offer cyber liability coverage. Our clients also include well-known names in banking, brokerage, mortgage, insurance, clearinghouse, and other financial service sectors. NELSON LEVINE deluca & HORST: With seven offices from New York to Denver, NLdH is devoted solely to helping build and protect the insurance industry's business practices and clients, providing comprehensive legal services in the areas of reinsurance, regulatory, complex litigation, class action, coverage, subrogation, bad faith consulting and insurance fraud. For more information, please visit the NLdH website at ACE USA is the U.S.-based retail operating division of the ACE Group of Companies, headed by ACE Limited (NYSE: ACE), and is rated A+ (Superior) by A.M. Best Company and A+ (Strong) by Standard & Poor s. ACE USA, through its underwriting companies, provides insurance products and services throughout the U.S. Additional information on ACE USA and its products and services can be found at The ACE Group of Companies provides insurance and reinsurance for a diverse group of clients around the world. Product highlights are summaries only; please see actual policy for terms and conditions. Products may not be available in all locations and remain subject to ACE Professional Risk s underwriting criteria. The views expressed by Messrs. Merrill, Tallo, Mullen and Greisiger are their own and do not represent those of ACE USA, any of The ACE Group of Companies, Nelson Levine or NetDiligence. The material presented in this podcast is not intended to provide legal or other expert advice as to any of the subjects mentioned but is presented for general information only. You should consult knowledgeable legal counsel or other experts as to any legal or other questions they may have. Any references to insurance are also intended for general information only. For actual terms and conditions of any insurance, please refer to the policy. Coverage may not be available in all states. Copyright 2010, the ACE Group. All rights reserved. 5
Preparing for the Inevitable Data Breach: What to Do Before Sensitive Customer and Employee Data is Breached, Stolen or Compromised
ACE USA Podcast Released February 3, 2010 Preparing for the Inevitable Data Breach: What to Do Before Sensitive Customer and Employee Data is Breached, Stolen or Compromised Moderator: Richard Tallo Senior
More informationCyber Liability & Data Breach Insurance Claims
Cyber Liability & Data Breach Insurance Claims A Study of Actual Payouts for Covered Data Breaches Mark Greisiger President NetDiligence June 2011 Last year, privacy breaches ran about 1-2 per week. This
More informationcyber invasions cyber risk insurance AFP Exchange
Cyber Risk With cyber invasions now a common place occurrence, insurance coverage isn t found in your liability policy. So many different types of computer invasions exist, but there is cyber risk insurance
More informationCyber Insurance: How to Investigate the Right Coverage for Your Company
6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationPROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS
PROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS The following claim scenarios are hypothetical and are offered solely to illustrate the types of situations that may result in claims. Although sorted by industry,
More informationHow To Buy Cyber Insurance
10-26-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationPersonal Information Protection Act Information Sheet 11
Notification of a Security Breach Personal Information Protection Act Information Sheet 11 Introduction Personal information is used by organizations for a variety of purposes: retail and grocery stores
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationCyber Liability & Data Breach Insurance Claims
NetDiligence 2013 Cyber Liability & Data Breach Insurance Claims Authored by: Mark Greisiger Sponsored by: AllClear ID Faruki Ireland & Cox PLL Kivu Consulting Introduction The third annual NetDiligence
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More informationPanel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices
Panel Title: Data Breaches: Industry and Law Enforcement Perspectives on Best Practices Over the course of this one hour presentation, panelists will cover the following subject areas, providing answers
More informationUnderstanding Professional Liability Insurance
Understanding Professional Liability Insurance Definition Professional liability is more commonly known as errors & omissions (E&O) and is a form of liability insurance that helps protect professional
More informationCyber-Crime Protection
Cyber-Crime Protection A program of cyber-crime prevention, data breach remedies and data risk liability insurance for houses of worship, camps, schools, denominational/association offices and senior living
More informationBeazley Group Beazley Breach Response. A data breach isn t always a disaster Mishandling it is.
Beazley Group Beazley Breach Response A data breach isn t always a disaster Mishandling it is. A world of risk 932.7m Personal records breached in the U.S. since 2005 3 51% The proportion of breaches attributable
More informationCyber Liability & Data Breach Insurance Claims
Cyber Liability & Data Breach Insurance Claims A Study of Actual Payouts for Covered Data Breaches Mark Greisiger President NetDiligence June 2011 Last year, privacy breaches ran about 1-2 per week. This
More information$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP
David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!
More informationAnatomy of a Privacy and Data Breach
Anatomy of a Privacy and Data Breach Understanding the Risk and Managing a Crisis Adam Kardash: Partner, Heenan Blaikie LLP Robert Parisi: Senior Vice President, Marsh Leadership, Knowledge, Solutions
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationCYBER SECURITY SPECIALREPORT
CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber
More informationBe Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance
Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance Today s agenda Introductions Cyber exposure overview Cyber insurance market and coverages Captive cyber insurance
More informationDATA BREACH RESPONSE READINESS Is Your Organization Prepared?
March 30, 2015 DATA BREACH RESPONSE READINESS Is Your Organization Prepared? Peter Sloan Pete Enko Jeff Jensen Deborah Juhnke The data security imperatives of Prevention, Detection, and Response do not
More informationCyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor
Cyber Risks Management Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor 1 Contents Corporate Assets Data Breach Costs Time from Earliest Evidence of Compromise to Discovery of Compromise The Data Protection
More informationPrivacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014
Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Nikos Georgopoulos Privacy Liability & Data Breach Management wwww.privacyrisksadvisors.com October 2014
More informationCloudy With a Chance Of Risk Management
Proudly presents Cloudy With a Chance Of Risk Management Toby Merrill, ACE USA John Mullen, Nelson Levine de Luca & Hamilton Shawn Melito, Immersion Ltd. Michael Trendler, ACE INA Canada What is Cloud
More informationCyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?
Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies
More informationAnatomy of a Hotel Breach
Page 1 of 6 Anatomy of a Hotel Breach Written by Sandy B. Garfinkel Monday, 09 June 2014 15:22 Like 0 Tweet 0 0 Data breach incidents have dominated the news in 2014, and they are only becoming more frequent
More informationOctober 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches
October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title
More informationData breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
More informationCyber Insurance Presentation
Cyber Insurance Presentation Presentation Outline Introduction General overview of Insurance About us Cyber loss statistics Cyber Insurance product coverage Loss examples Q & A About Us A- Rated reinsurance
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationBrief. The BakerHostetler Data Security Incident Response Report 2015
Brief The BakerHostetler Data Security Incident Response Report 2015 The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 the year of the
More informationCYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison
CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison Gary Solway* Bennett Jones LLP The August release of the purported names and other details of over 35 million customers
More informationAftermath of a Data Breach Study
Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath
More informationCyber/ Network Security. FINEX Global
Cyber/ Network Security FINEX Global ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over
More informationCyber Exposure for Credit Unions
Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of
More informationCyber Liability. What School Districts Need to Know
Cyber Liability What School Districts Need to Know Data Breaches Growing In Number Between January 1, 2008 and April 4, 2012 314,216,842 reported records containing sensitive personal information have
More informationDATA BREACH COVERAGE
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000
More informationCoverage is subject to a Deductible
Frank Cowan Company Limited 75 Main Street North, Princeton, ON N0J 1V0 Phone: 519-458-4331 Fax: 519-458-4366 Toll Free: 1-800-265-4000 www.frankcowan.com CYBER RISK INSURANCE DETAILED APPLICATION Notes:
More informationStandard: Information Security Incident Management
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
More informationPrivacy Insurance. Avoiding the HMO Experience. cyber. More Differences. By Toby Merrill
Privacy Insurance Avoiding the HMO Experience By Toby Merrill Privacy, as it relates to an individual s personally identifiable information, such as Social Security numbers, credit card and healthcare
More informationCyber Liability. AlaHA Annual Meeting 2013
Cyber Liability AlaHA Annual Meeting 2013 Disclaimer We are not providing legal advise. This Presentation is a broad overview of health care cyber loss exposures, the process in the event of loss and coverages
More informationDATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE
DATA SECURITY BREACH: THE NEW THIRD CERTAINTY OF LIFE ACC-Charlotte February 4, 2015 THIS WILL NEVER HAPPEN TO ME! Death, Taxes & Data Breach Not just Home Depot, Target or Sony Do you employ the next
More informationManaging Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec
Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Jeremy Ong Divisional Vice-President Great American Insurance Company November 13, 2010 1 Agenda Overview of data breach statistics
More informationT H E R E A L C O S T O F A D ATA B R E A C H
T H E R E A L C O S T O F A D ATA B R E A C H Hosted by AllClear ID www.allclearid.com/business WELCOME // QUICK NOTES Presentation is being recorded and will be available within 2-3 business days at www.allclearid.com/business
More informationCybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015
Cybersecurity: A Growing Concern for All Businesses RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015 RLI Design Professionals is a Registered Provider with The American
More informationCyber and Privacy Risk What Are the Trends? Is Insurance the Answer?
Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information
More informationNeed for Cyberliability Insurance Continues to Grow
Need for Cyberliability Insurance Continues to Grow 14 benefits magazine may 2015 MAGAZINE Reproduced with permission from Benefits Magazine, Volume 52, No. 5, May 2015, pages 14-19, published by the International
More informationPresentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy
Presentation for : The New England Board of Higher Education Hot Topics in IT Security and Data Privacy October 22, 2010 Rocco Grillo, CISSP Managing Director Protiviti Inc. Quote of the Day "It takes
More informationDATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT
Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationCorporate Incident Response. Why You Can t Afford to Ignore It
Corporate Incident Response Why You Can t Afford to Ignore It Whether your company needs to comply with new legislation, defend against financial loss, protect its corporate reputation or a combination
More informationDiscussion on Network Security & Privacy Liability Exposures and Insurance
Discussion on Network Security & Privacy Liability Exposures and Insurance Presented By: Kevin Violette Errors & Omissions Senior Broker, R.T. Specialty, LLC February, 25 2014 HFMA Washington-Alaska Chapter
More informationCyber Risk A Serious Threat Facing Public Entities
Cyber Risk A Serious Threat Facing Public Entities by Mark Greisiger, NetDiligence John Mullen, Nelson, Levine, deluca & Horst Joseph DePaepe, McGriff, Seibels & Williams, Inc. Cyber Risk A Serious Threat
More informationCyber Risk: Global Warning? by Cinzia Altomare, Gen Re
Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in
More informationProtecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks
Protecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks Hacks, breaches, stolen data, trade secrets hijacked, privacy violated, ransom demands made; how can you protect your data
More informationIdentity Theft Prevention Program Red Flag Rules Policy P093.00 Issued: May 2009
Identity Theft Prevention Program Red Flag Rules Policy P093.00 Issued: May 2009 The Federal Trade Commission has issued a final rule (the Red Flag Rule) under the Fair and Accurate Credit Transactions
More informationManaging Cyber & Privacy Risks
Managing Cyber & Privacy Risks NAATP Conference 2013 NSM Insurance Group Sean Conaboy Rich Willetts SEAN CONABOY INSURANCE BROKER NSM INSURANCE GROUP o Sean has been with NSM Insurance Group for the past
More informationData breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
More informationHit ratios are still very low for Security & Privacy coverage: What are companies waiting for?
Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations
More informationCybersecurity Workshop
Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153
More information2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security
2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009
More informationAre Data Breaches a Real Concern? Protecting Your Sensitive Information. Phillips Auction House NY- 03/24/2015
Are Data Breaches a Real Concern? Protecting Your Sensitive Information Phillips Auction House NY- 03/24/2015 1 Agenda Current Data Breach Issues & Legal Implications Data Breach Case Study Risk Management
More informationFinding a Cure for Medical Identity Theft
Finding a Cure for Medical Identity Theft A look at the rise of medical identity theft and what small healthcare organizations are doing to address threats October 2014 www.csid.com TABLE OF CONTENTS SUMMARY
More informationGuidance on data security breach management
ICO lo Guidance on data security breach management Data Protection Act Contents... 1 Data Protection Act... 1 Overview... 1 Containment and recovery... 2 Assessing the risks... 3 Notification of breaches...
More informationGuidance on data security breach management
Guidance on data security breach management Organisations which process personal data must take appropriate measures against unauthorised or unlawful processing and against accidental loss, destruction
More informationInsurance Considerations Related to Data Security and Breach in Outsourcing Agreements
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
More informationData Breach Readiness
Data Breach Readiness 877.983.9850 Partner@Intersections.com www.intersections.com Introduction Few events can damage a company s reputation more than losing the personal confidential information entrusted
More informationCyber and data Policy wording
Please read the schedule to see whether Breach costs, Cyber business interruption, Hacker damage, Cyber extortion, Privacy protection or Media liability are covered by this section. The General terms and
More informationPrivacy Liability & Data Breach Management Nikos Georgopoulos 1 st Athens Privacy & Data Breach Management Conference
Privacy Liability & Data Breach Management Nikos Georgopoulos 1 st Athens Privacy & Data Breach Management Conference N.G. Privacy Liability Insurance Presentation to Athens 1 st Privacy & Data Breach
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationIDENTIFYING AND RESPONDING TO DATA BREACHES
IDENTIFYING AND RESPONDING TO DATA BREACHES Michael P. Hindelang Honigman Miller Schwartz and Cohn LLP October 14, 2015 Merit Security Summit DATA SECURITY RISKS, THREATS & REAL WORLD EXAMPLES OVERVIEW
More informationCYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP
www.willis.com CYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP INSIDE THIS EDITION... CYBER CLAIMS LANDSCAPE A SAMPLING OF LARGE CYBER SETTLEMENTS LEGAL SPOTLIGHT, PRIVILEGE
More informationDon t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks
Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Thank you for joining us. We have a great many participants in today s call. Your phone is currently
More informationCyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029
Cyber Liability Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Today s Agenda What is Cyber Liability? What are the exposures? Reality of a
More informationNonprofit risk management
Nonprofit risk management Mary Mancuso Nonprofit organizations face unique risk management challenges. They are often held to the same standards as for-profit organizations but do not have the same resources
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationSMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015
SMB Data Breach Risk Management Best Practices By Mark Pribish February 19, 2015 Presentation Agenda About Mark Pribish Information Governance The Threat Landscape Data Breach Trends Legislative and Regulatory
More informationDATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET
DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET 2014 NSGA Management Conference John Webb Jr., CIC Emery & Webb, Inc. Inga Goddijn, CIPP/US Risk Based Security, Inc. Not just a big business problem
More informationWHAT YOU NEED TO KNOW ABOUT CYBER SECURITY
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
More informationDon t Wait Until It s Too Late: Top 10 Recommendations for Negotiating Your Cyber Insurance Policy
Privacy, Data Security & Information Use Insurance Recovery & Advisory Cyber Insurance June 17, 2015 Don t Wait Until It s Too Late: Top 10 Recommendations for Negotiating Your Cyber Insurance Policy By
More informationThe New Crisis Communication Challenge: Data Breach
The New Crisis Communication Challenge: Data Breach By Lisa MacKenzie When a data breach occurs, how an organization responds and communicates to its customer, patients or stakeholders can be the difference
More informationData Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked
Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked Linda Vincent, R.N., P.I., CITRMS Vincent & Associates Founder The Identity Advocate San Pedro, California The opinions expressed
More informationCYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131
CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations
More informationDATA BREACH: hy you should care!
DATA BREACH: hy you should care! Bob Gregg CEO Bob.gregg@idexpertscorp.com 1 Overview Defining the cyber security and Data breach problem The threat source- surprising Potential business impact No one
More informationPrivacy / Network Security Liability Insurance Discussion. January 30, 2013. Kevin Violette RT ProExec
Privacy / Network Security Liability Insurance Discussion January 30, 2013 Kevin Violette RT ProExec 1 Irrefutable Laws of Information Security 1) Information wants to be free People want to talk, post,
More informationSmall businesses: What you need to know about cyber security
Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...
More informationNew Developments in Cyber Security & Data Breaches San Diego, California May 2014
New Developments in Cyber Security & Data Breaches San Diego, California May 2014 Sharon Lyon John Mullen NetDiligence Lewis Brisbois Bisgaard & Smith Claire Lee Reiss NLC-RISC John F. Mullen, Sr. John
More informationYOUR TRUSTED PARTNER IN A DIGITAL AGE. A guide to Hiscox Cyber and Data Insurance
YOUR TRUSTED PARTNER IN A DIGITAL AGE A guide to Hiscox Cyber and Data Insurance 2 THE CYBER AND DATA RISK TO YOUR BUSINESS This digital guide will help you find out more about the potential cyber and
More informationCyber/Information Security Insurance. Pros / Cons and Facts to Consider
1 Cyber/Information Security Insurance Pros / Cons and Facts to Consider 2 Presenters Calvin Rhodes, Georgia Chief Information Officer Ron Baldwin, Montana Chief Information Officer Ted Kobus, Partner
More informationActorcard Prepaid Visa Card Terms & Conditions
Actorcard Prepaid Visa Card Terms & Conditions These Terms & Conditions apply to your Actorcard prepaid Visa debit card. Please read them carefully. In these Terms & Conditions: "Account" means the prepaid
More informationWorking with the Federal Government on Cybersecurity
O B S I D I A N C Y B E R S E C U R I T Y O C C A S I O N A L P A P E R Working with the Federal Government on Cybersecurity Preparation is Key to Success December 5, 2013 Table of Contents CONSIDER THIS...
More informationJoe A. Ramirez Catherine Crane
RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract
More informationerisks Policyholder s Guide to Privacy & Security Breach Response Planning
erisks Policyholder s Guide to Privacy & Security Breach Response Planning Professional Indemnity Financial Institutions Directors & Officers Management Liability Medical Malpractice Media Liability Level
More informationResponding to Data Breaches. March 25, 2015
Better breach response how to be good when things go bad Ian Dick Dan Michaluk Better breach response The Rules of Professional Conduct The basis for good breach response Incident response planning Notification,
More informationBOARD OF GOVERNORS MEETING JUNE 25, 2014
CYBER RISK UPDATE BOARD OF GOVERNORS MEETING JUNE 25, 2014 EXECUTIVE SUMMARY Cyber risk has become a major threat to organizations around the world, as highlighted in several well-publicized data breaches
More informationUnderstanding the Business Risk
AAPA Cybersecurity Seminar Andaz Savannah Hotel March 11, 2015 10:30 am Noon Understanding the Business Risk Presenter: Joshua Gold, Esq. (212) 278-1886 jgold@andersonkill.com Disclaimer The views expressed
More informationData Security Breach Management - A Guide
DATA PROTECTION (JERSEY) LAW 2005 GUIDANCE ON DATA SECURITY BREACH MANAGEMENT GD21 2 DATA PROTECTION (JERSEY) LAW 2005: GUIDANCE ON DATA SECURITY BREACH MANAGEMENT Introduction Organisations which process
More information