Cyber threat reality check GLOBAL TECHNOLOGY S RISK ADVISOR SERIES TURN RISK INTO ADVANTAGE THE THREAT IS GROWING IGNORING IT CAN BE COSTLY
|
|
- Raymond Reeves
- 8 years ago
- Views:
Transcription
1 GLOBAL TECHNOLOGY S RISK ADVISOR SERIES TURN RISK INTO ADVANTAGE WHY COMPLACENCY IS UNWARRANTED > WHERE CYBER THREATS COME FROM > THREE STEPS TO MANAGING CYBER THREATS > Cyber threat reality check THE THREAT IS GROWING IGNORING IT CAN BE COSTLY
2 Stay ahead of risk to turn it to your advantage A story of business success is often told using words like bold, daring and visionary. Industry heros are those who have forged ahead despite being surrounded by naysayers with cautionary advice. When they come out on top, the role model of a fearless risk taker becomes an inspiration for other business leaders. Ignoring risks, however, more often results in something far less heroic: lost revenue, costly mitigation and potential liability. This is especially true when it comes to cybercrime, a threat that is expanding rapidly as more and more business activity goes digital. Data breaches have become so common that few make headlines except when they involve millions of people or afflict renowned companies. Business leaders are well aware of cybercrime our report, The Finance View of Non-Financial Risk for Technology Companies, points to data security as a top concern (/techcforeport). Yet many companies believe they are not likely to be targeted. Our author, Kirstin Simonson Information Technology Insurance Practice Leader, shares her expertise to guide technology companies toward adopting a more expansive view of the new reality of cyber threats than they might already have. Topics covered: Why complacency is unwarranted Where the exposure to cyber threats comes from The costs of complacency Effective strategies for managing cyber risks Often companies that are really successful are not ignoring risk. They are turning it into advantage. Mike Thoma Chief Underwriting Officer of Global Technology at Travelers PAGE 1
3 Complacency is unwarranted Cybercrime is increasing. That fact seems indisputable, although the statistics offered by different experts often do not match because of different reporting sources and definitions. The Privacy Rights Clearinghouse, for example, reported 272 data breaches affecting at least 18.5 million records during the first six months of However, datalossdb.org reported 1,621 breaches in That number comes close to the annual totals logged by datalossdb.org for both 2009 and 2010 combined. At 1,621 breaches, 2012 far exceeded the 1,091 breaches datalossdb.org tracked in Similarly, different experts offer varying cost estimates for the damage to businesses from data breaches. A data breach can cost your business time, money and your reputation. In fact, a recent study revealed that the cost of a data breach per record is $188, which can add up quickly. For example, a breach involving 10,000 records could cost nearly $2 million Ponemon Institute Research Report: U.S. Cost of a Data Breach Study, The underlying message is clear. Cybercrime is on the upswing and when it happens, it can be costly. Nonetheless, insurance brokers who talk to clients about cybercrime tell us the reaction is often a denial that their companies are at risk: Our systems for protecting our data are state of the art. Only large organizations are targets of cybercrime. We ve transferred our cyber threats to the firms that store our data. We ve never had an issue. In other words, despite widespread recognition that cybercrime occurs, business leaders seem to believe it will happen to other companies and not theirs. Unfortunately, all of the evidence points to this complacency as unwarranted. For example, as technology rapidly changes, new opportunities open up for cyber intrusions to occur. Data protection solutions that are state of the art when implemented may be completely ineffective against new threats that emerge. Business leaders who believe their companies are protected from cyber threats should consider that many of the largest companies have suffered a data breach at some point. These companies, with their billions of dollars in revenues and the ability to spend whatever is needed to defend their digital assets, have not been able to eliminate the risk of cybercrime. There are pitfalls to the idea that a firm can effectively transfer all of its cyber threats to another company. For example: You probably still have some private information on your computers/networks You still have employees with access to, and use of the data that s being hosted for you. And often it s the employees themselves who are involved with the breach Plaintiffs could allege that you contributed to the breach, or didn t do appropriate due diligence on the vendor Plaintiffs could allege that you didn t have a right to even store certain sensitive data in the first place, let alone entrust it to another company Data hosting vendors may not have the legal or financial capacity to effectively protect your firm Many data hosting firms will provide hold harmless or indemnification agreements for certain types of data breaches, such as those that result from their own sole negligence; but most of those contracts have a lot of exceptions for which the firm accepts no liability You re still likely to be named in a suit, even if a data hosting firm is a co-defendant. And whether or not the co-defendant ends up paying for much or any of the liability, is your firm ready to deal with the time, complexity, and defense of the legal battles? WHY COMPLACENCY IS UNWARRANTED PAGE 2
4 Can a company take comfort in the thought that most data breaches occur at very large businesses where cyber criminals know they can hit a jackpot of millions of personal financial records? Not according to statistics. As the chart below shows, 31 percent of data breaches in 2012 took place in companies with 1 to 250 employees. In fact, Symantec s Internet Security Threat Report released in April 2013 found a threefold increase in small business attacks from 11 percent of attacks in More than half of the data breach targets were organizations with fewer than 2,500 employees. Security breaches happen at companies of all sizes. Attackers hone in on small businesses that may often lack adequate security practices and infrastructure. Finally, the fact that a company has not yet had an issue with data theft does not mean one will not occur in the future. As one expert from the University of Pennsylvania s Wharton School noted, information security has been an issue ever since computers started storing data. With the rise of electronic commerce over the past 15 years, there is both far more data to steal and far more ways to steal it, says legal studies and business ethics professor Kevin Werbach. As the Internet becomes more pervasive in daily life and the value of digital transactions increases, the scope of security threats will keep growing. Most companies have not had their building burn to the ground yet they recognize the danger, take safety precautions that are appropriate for their circumstances, install automatic sprinklers and fire extinguishers, educate employees about evacuation procedures, and carry adequate insurance to cover any loss if a fire occurs. Similarly, business leaders need to understand the threat of cybercrime, the risks that their operations are exposed to, and the appropriate steps they can take to protect their assets. Large breaches Zappos, 24 million records accessed by hackers Global Payment Systems, 7 million records hacked LinkedIn, 6.5 million records hacked University of Nebraska, 654,000 records stolen from database University of North Carolina, 350,000 records exposed inadvertently South Carolina Health and Human Services, 228,435 records taken by an insider Adobe, 3 million records breached Figure 4: Organizational size by percent of breaches (number of employees) Over 2, to 2,500 1 to 250 WHY COMPLACENCY IS UNWARRANTED PAGE 3
5 Where cyber threats come from At one time, hacking may have been dominated by young technology hot shots and thrill seekers, but today cyber intrusions are more likely to be the work of criminals seeking financial gain. Companies that believe their information would not be of interest to criminals should be aware that a black market exists that makes bulk data valuable. As the illustration below shows, the more specific a data file is, the greater its value but even selling a few thousand unverified credit card numbers will be profitable for a thief. The value of stolen data $800 $50,000 laptops or paper reports that were lost or stolen in transit. Employee theft of data was the third largest cause (13 percent). Similarly, the 2013 Verizon Data Breach Investigations Report found that worldwide, the majority of breaches had external sources. But as the chart below indicates, almost half involved internal people and 10 percent involved business partners. Note: Figures add up to more than 100 percent because breaches can involve both internal and external parties. Threat agents by percentages of breaches 86% $3.00 Complete replicable identity $1.00 Verified bank account with $100,000 $0.20 Accompanying account information Credit: pcpro.co.uk Verified active credit card with owner s city Unverified credit card number 10% 14% The common perception that data breaches are the work of remote hackers who use technology to invade a company s database is only partially correct. Data can be lost in any number of ways, including lost portable storage devices, stolen laptops, inadvertent posting of material online, computer malware infections and improper data disposal. All too often, human error such as misplacing an unencrypted thumb drive or posting information on a Facebook account can be the cause of a breach rather than actual criminal intent, although the data may still find its way into the hands of those who want to misuse it. The Identity Theft Resource Center identified hack attacks as the most common cause (26 percent) for data breaches in the United States. The second largest cause (18 percent) was what they called data on the move data storage devices, Partner Internal External Source: The Verizon report also concluded that most cyber theft (78 percent) does not involve difficult techniques, and 96 percent of breaches are avoidable through simple or intermediate controls. In fact, the Ponemon Institute has reported that negligence accounted for 41 percent of breaches in the United States. Similarly, Ponemon s 2011 Cost of Data Breach Study identified employee or contractor negligence as responsible for 39 percent of data breaches. The bottom line is that anyone who stores information digitally, as almost all businesses today do, may lose data through theft or human error. WHERE CYBER THREATS COME FROM PAGE 4
6 The cost of complacency The incidence of cybercrime is growing, and companies that suffer data losses may see a direct disruption to their business operations and cash flow, but there are also many other costs associated with a breach. Almost all states now have breach laws that require companies to take specific actions, such as notifying customers, paying for credit monitoring services and/or covering costs for reissuing new credit cards. In addition, there are a variety of other laws about protecting data that may carry financial penalties. These include the Health Insurance Portability and Accountability Act, the Health Information Technology for Economic and Clinical Health Act, the Payment Card Industry Data Security Standard, Sarbanes- Oxley and the Federal Information Security Management Act. In fact, the potential cost of having a data breach is so widely recognized as a risk to businesses that the Securities and Exchange Commission has now issued guidance describing when public companies are required to disclose their cyber security risks and cyber incidents that have occurred. The cost of compliance can be expensive. As noted earlier, most studies such as the one from the Ponemon Institute, cite an average cost per record lost in the $200 range. As the illustration indicates, that means the costs can multiply rapidly. Of course costs don t necessarily increase in a linear fashion as represented by this graphic. While the average cost per record may be around $200, it s possible on some breaches of a specific nature, the cost per record could be exponentially higher than that - especially on a breach that involves a lower number of total records - or lower when more records are involved. Among the expenses are: An investigation by a forensics expert to determine the cause of the breach, the extent and the persons who are impacted by the loss of personal data Legal fees to determine the applicable laws, develop materials and defend the company from liability claims Notifying victims of the data breach, which may include mail, and/or phone calls, depending on applicable laws and the extent of the breach. A call center may need to be set up to answer inquiries Providing credit monitoring services, either required by law or as a public relations effort to restore the company s reputation with customers Compliance with Security Breach Laws is expensive when a breach occurs $200 $2,000 $20, customers 1 customer Number of impacted customers $200, customers $2,000,000 1,000 customers Total Cost 10,000 customers Source: Ponemon Institute WHERE CYBER THREATS COME FROM PAGE 5
7 Three steps for managing cyber threats Most companies undoubtedly have thought about data protection and have put solutions in place. But managing cyber threats is not a one-and-done process. Over time, a business may grow and change; its data may represent new categories of information; its technology hardware and software may be updated or replaced by something entirely new. Even its workforce both the people who use the data and the IT team that is responsible for protecting it may change. The following are three steps that all companies should take annually: 1. Identify your cybercrime exposures. Take an inventory that covers the following aspects: a. Whose sensitive information do you have control of? Data regarding customers, employees, other businesses? b. How sensitive is this data? Does it include Social Security numbers, credit card numbers, health information or other very specific data about individuals? Is there intellectual property or proprietary information that you need to protect? c. How is the data collected, protected, used, shared and destroyed? At each step, who has access to it you, your partners and vendors, or others? d. What sources of cyber infiltration are possible? Virus/malware transmission, social media activities? 2. Create strong policies and procedures and then enforce them. Every company should have written information services policy and procedures that limit internal access to data, block external access and clearly delineate employee responsibility for safeguarding data. These policies should be linked to consequences that are imposed when a violation occurs. A person or department should be charged with responsibility for information security, including the resources necessary to perform audits, monitor data usage and make recommendations about effective data protection solutions. 3. Transfer risk with appropriate insurance. Despite the best protections, a breach may still occur. In that case, you will want to have insurance in place that will cover any liability costs and the expense associated with mitigating the breach. Work closely with a knowledgeable broker to make sure your insurance gives you the coverage you want. In many instances, a cyber endorsement on a general liability policy may be too limited to address the costs you will face. Almost everyone has heard about cybercrime, and all too many companies have had first-hand experience with it. The reality is that the chances of having a data breach is a risk that should be assessed and managed. By understanding your exposures, taking active steps to address them and transferring risk with the appropriate insurance, you can protect your business even when your data goes missing. Cyber insurance coverage options are wide ranging Many cyber insurance policies provide coverage for: Communications and media liability Network and information security liability Expense reimbursement including: Data restoration expense Network impairment/business income (losses to electronic vandalism and denial of service to third parties) Computer fraud Funds transfer fraud Notification expenses Crisis management services Cyber extortion Telecom theft Cyber insurance policies are not standardized. Coverage proposals should be reviewed carefully. THREE STEPS FOR MANAGING CYBER THREATS PAGE 6
8 THE FOLLOWING ARE SOME ADDITIONAL RESOURCES THAT ARE CITED IN THIS REPORT: The 2014 Data Breach Investigations Report, Verizon Ponemon Institute Research Report: 2013 Cost of Data Breach Study: Global Analysis Privacy Rights Clearinghouse Internet Security Threat Report, Symantec Computer Security Institute National Conference of State Legislatures The Travelers Indemnity Company and its property casualty affiliates. One Tower Square, Hartford, CT This material is for informational purposes only. All statements herein are subject to the provisions, exclusions and conditions of the applicable policy. For an actual description of all coverages, terms and conditions, refer to the insurance policy. Coverages are subject to individual insureds meeting our underwriting qualifications and to state availability The Travelers Indemnity Company. All rights reserved. Travelers and the Travelers Umbrella logo are registered trademarks of The Travelers Indemnity Company in the U.S. and other countries. CP-8202 New 7-14
Insuring Innovation. CyberFirst Coverage for Technology Companies
Insuring Innovation. CyberFirst for Technology Companies TECHNOLOGY IS EVERYWHERE. SO ARE THE THREATS. protection that goes well beyond a traditional general liability policy. CyberFirst CyberFirst is
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationPrivacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014
Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Nikos Georgopoulos Privacy Liability & Data Breach Management wwww.privacyrisksadvisors.com October 2014
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationYour good name. Protecting your reputation in an age of cyber breaches GLOBAL TECHNOLOGY S RISK ADVISOR SERIES HELPING COMPANIES MANAGE RISK
GLOBAL TECHNOLOGY S RISK ADVISOR SERIES LETTER FROM MIKE THOMA CHIEF UNDERWRITING OFFICER GLOBAL TECHNOLOGY Your good name WHY REPUTATION MATTERS ARE DATA BREACHES A RISK FOR YOUR COMPANY? MAKING HEADLINES
More informationWHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR
KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST Protecting Identities. Enhancing Reputations. IDT911 1 DATA BREACHES AND SUBSEQUENT IDENTITY THEFT AND FRAUD THREATEN YOUR ORGANIZATION
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More informationData breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
More informationManaging Cyber Security as a Business Risk: Cyber Insurance in the Digital Age
Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013
More informationHow To Cover A Data Breach In The European Market
SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE Businesses today rely heavily on computer networks. Using computers, and logging on to public and private networks has become second nature to
More informationNine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity
Nine recommendations for alternative funds battling cyber crime kpmg.ca/cybersecurity Cyber criminals steal user names and passwords and use it to conduct financial trading activity illicitly. Hackers
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationInsurance Considerations Related to Data Security and Breach in Outsourcing Agreements
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
More informationCybercrime: risks, penalties and prevention
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
More informationAftermath of a Data Breach Study
Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath
More informationManaging Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec
Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Jeremy Ong Divisional Vice-President Great American Insurance Company November 13, 2010 1 Agenda Overview of data breach statistics
More informationCyber/ Network Security. FINEX Global
Cyber/ Network Security FINEX Global ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over
More informationCyber Risk: Global Warning? by Cinzia Altomare, Gen Re
Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationManaging Cyber & Privacy Risks
Managing Cyber & Privacy Risks NAATP Conference 2013 NSM Insurance Group Sean Conaboy Rich Willetts SEAN CONABOY INSURANCE BROKER NSM INSURANCE GROUP o Sean has been with NSM Insurance Group for the past
More informationCYBER/ NETWORK SECURITY
CYBER/ NETWORK SECURITY FINEX AUSTRALIA ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over
More informationCYBERSECURITY: Is Your Business Ready?
CYBERSECURITY: Is Your Business Ready? Cybersecurity: Is your business ready? Cyber risk is just like any other corporate risk and it must be managed from the top. An organization will spend time monitoring
More informationDon t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks
Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Thank you for joining us. We have a great many participants in today s call. Your phone is currently
More informationData breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
More informationCyber Liability. What School Districts Need to Know
Cyber Liability What School Districts Need to Know Data Breaches Growing In Number Between January 1, 2008 and April 4, 2012 314,216,842 reported records containing sensitive personal information have
More informationProtecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks
Protecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks Hacks, breaches, stolen data, trade secrets hijacked, privacy violated, ransom demands made; how can you protect your data
More informationInternet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler
Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Pam Townley, AVP / Eastern Zonal Manager AIG Professional Liability Division Jennifer Bolling, Account Executive Gallagher Management Liability Division
More informationCYBER RISK SECURITY, NETWORK & PRIVACY
CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread
More informationCoverage is subject to a Deductible
Frank Cowan Company Limited 75 Main Street North, Princeton, ON N0J 1V0 Phone: 519-458-4331 Fax: 519-458-4366 Toll Free: 1-800-265-4000 www.frankcowan.com CYBER RISK INSURANCE DETAILED APPLICATION Notes:
More informationJoe A. Ramirez Catherine Crane
RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract
More informationCyber and Privacy Risk What Are the Trends? Is Insurance the Answer?
Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information
More informationProactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation. By Marc Ostryniec, vice president, CSID
Proactive Credential Monitoring as a Method of Fraud Prevention and Risk Mitigation By Marc Ostryniec, vice president, CSID The increase in volume, severity, publicity and fallout of recent data breaches
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationHow to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised
ACE USA Podcast Released June 24, 2010 How to Respond When Sensitive Customer and Employee Data is Breached, Stolen or Compromised Moderator: Richard Tallo Senior Vice President, ACE North America Marketing
More informationImplementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind
Page1 Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind The use of electronic medical records (EMRs) to maintain patient information is encouraged today and
More informationCYBER SECURITY SPECIALREPORT
CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber
More informationData Security Incident Response Plan. [Insert Organization Name]
Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security
More informationCSG & Cyberoam Endpoint Data Protection. Ubiquitous USBs - Leaving Millions on the Table
CSG & Cyberoam Endpoint Data Protection Ubiquitous USBs - Leaving Millions on the Table Contents USBs Making Data Movement Easy Yet Leaky 3 Exposing Endpoints to the Wild. 3 Data Breach a Very Expensive
More informationPrivacy Rights Clearing House
10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights
More informationCyber Liability Insurance Data Security, Privacy and Multimedia Protection
Page 1 of 5 Cyber Liability Insurance Data Security, Privacy and Multimedia Protection What is a Cyber Risk? Technology is advancing at such an alarming rate and business is more and more reliant on IT
More information2015 Travelers Business Risk Index. Findings from a survey of U.S. business risk decision makers May 2015
2015 Travelers Business Risk Index Findings from a survey of U.S. business risk decision makers May 2015 Contents executive summary 2 Rising medical and benefit costs 3 Cyber risks 3 Legal liability 4
More informationPCI Compliance for Healthcare
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
More informationAPIP - Cyber Liability Insurance Coverages, Limits, and FAQ
APIP - Cyber Liability Insurance Coverages, Limits, and FAQ The state of Washington purchases property insurance from Alliant Insurance Services through the Alliant Property Insurance Program (APIP). APIP
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationWhite Paper. Data Breach Mitigation in the Healthcare Industry
White Paper Data Breach Mitigation in the Healthcare Industry Thursday, October 08, 2015 Table of contents 1 Executive Summary 3 2 Personally Identifiable Information & Protected Health Information 4 2.1
More informationCyber Liability. AlaHA Annual Meeting 2013
Cyber Liability AlaHA Annual Meeting 2013 Disclaimer We are not providing legal advise. This Presentation is a broad overview of health care cyber loss exposures, the process in the event of loss and coverages
More informationRISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION
RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION October 23, 2015 THREAT ENVIRONMENT Growing incentive for insiders to abuse access to sensitive data for financial gain Disgruntled current and former
More informationReducing Risk. Raising Expectations. CyberRisk and Professional Liability
Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today
More informationWHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.
WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY. A guide for IT security from BIOS The Problem SME s, Enterprises and government agencies are under virtually constant attack today. There
More informationCyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor
Cyber Risks Management Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor 1 Contents Corporate Assets Data Breach Costs Time from Earliest Evidence of Compromise to Discovery of Compromise The Data Protection
More informationCyber Liability Insurance Data Security, Privacy and Multimedia Protection
Page 1 of 5 Cyber Liability Insurance Data Security, Privacy and Multimedia Protection What is a Cyber Risk? Technology is advancing at such an alarming rate and business is more and more reliant on IT
More informationAPPLICATION FOR TECHNOLOGY & PRIVACY PROFESSIONAL LIABILITY
APPLICATION FOR TECHNOLOGY & PRIVACY PROFESSIONAL LIABILITY GENERAL INFORMATION 1. APPLICANT NAME: 2. PHONE: 3. MAILING ADDRESS: 4. WEB ADDRESS: 5. The following officer of the Applicant is designated
More informationDATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET
DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET 2014 NSGA Management Conference John Webb Jr., CIC Emery & Webb, Inc. Inga Goddijn, CIPP/US Risk Based Security, Inc. Not just a big business problem
More informationFinding a Cure for Medical Identity Theft
Finding a Cure for Medical Identity Theft A look at the rise of medical identity theft and what small healthcare organizations are doing to address threats October 2014 www.csid.com TABLE OF CONTENTS SUMMARY
More informationNZI LIABILITY CYBER. Are you protected?
NZI LIABILITY CYBER Are you protected? Any business that operates online is vulnerable to cyber attacks and data breaches. From viruses and hackers to employee error and system damage, your business is
More informationCYBER & PRIVACY LIABILITY INSURANCE GUIDE
CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,
More informationCYBER LIABILITY. Bring on tomorrow. Network Security and Privacy. May 15, 2014
CYBER LIABILITY Network Security and Privacy Bring on tomorrow May 15, 2014 1 AGENDA I. Identify Exposures II. Identify how a breach can occur III. The Coverage (Third Party Liability + First Party Losses)
More informationCyber Risk Insurance for Agents. Frequently Asked Questions
Cyber Risk Insurance for Agents Frequently Asked Questions 1 Cyber Risk Insurance About Great American Insurance Great American Insurance Group s roots go back to 1872 with the founding of its flagship
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationWhy Lawyers? Why Now?
TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report
More informationWRITTEN TESTIMONY BEFORE THE HEARING ON FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN TARGET
WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON THE JUDICIARY HEARING ON PRIVACY IN THE DIGITAL AGE: PREVENTING DATA BREACHES AND COMBATING CYBERCRIME FEBRUARY 4, 2014 TESTIMONY OF JOHN MULLIGAN EXECUTIVE
More informationTHE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK
THE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK SECURITY AND THEFT OF DATA COVERAGE APPLICATION Name of Insurance Company to which application is made NOTICE: THIS POLICY PROVIDES CLAIMS MADE COVERAGE.
More informationCYBER EXPOSURES OF SMALL AND MIDSIZE BUSINESSES A DIGITAL PANDEMIC. October 2014. Sponsored by:
CYBER EXPOSURES OF SMALL AND MIDSIZE BUSINESSES A DIGITAL PANDEMIC October 2014 Cyber Exposures of Small and Midsize Businesses A digital pandemic Executive Summary Gone are the days when data breaches,
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report
More informationCyber-Crime Protection
Cyber-Crime Protection A program of cyber-crime prevention, data breach remedies and data risk liability insurance for houses of worship, camps, schools, denominational/association offices and senior living
More informationCybersecurity Workshop
Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153
More informationTransforming the Customer Experience When Fraud Attacks
Transforming the Customer Experience When Fraud Attacks About the Presenters Mike Young, VP, Product Team, Everbank Manages consumers and business banking products, as well as online and mobile banking
More informationPCL2\13991300\1 CYBER RISKS: RISK MANAGEMENT STRATEGIES
PCL2\13991300\1 CYBER RISKS: RISK MANAGEMENT STRATEGIES Cyber Attacks: How prepared are you? With barely a day passing without a reported breach of corporate information security, the threat to financial
More information$194 per record lost* 3/15/2013. Global Economic Crime Survey. Data Breach Costs. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP
David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Global Cyber Crime is the fastest growing economic crime Cyber Crime is more lucrative than trafficking drugs!
More informationStandard: Information Security Incident Management
Standard: Information Security Incident Management Page 1 Executive Summary California State University Information Security Policy 8075.00 states security incidents involving loss, damage or misuse of
More informationManaging Cyber Risk through Insurance
Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes
More informationNetwork Security and Data Privacy Insurance for Physician Groups
Network Security and Data Privacy Insurance for Physician Groups February 2014 Lockton Companies While exposure to medical malpractice remains a principal risk MIKE EGAN, CPCU Senior Vice President Unit
More informationCyber Exposure for Credit Unions
Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of
More informationStay ahead of insiderthreats with predictive,intelligent security
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
More information2012 雲 端 資 安 報 告. 黃 建 榮 資 深 顧 問 - Verizon Taiwan. August 2012
2012 雲 端 資 安 報 告 黃 建 榮 資 深 顧 問 - Verizon Taiwan August 2012 1 It s All About Security Protecting assets from threats that could impact the business Protecting Assets... Stationary data Data in transit
More informationBelmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.
Belmont Savings Bank Are there Hackers at the gate? 2013 Wolf & Company, P.C. MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2013 Wolf & Company, P.C. About Wolf & Company, P.C.
More informationWHAT YOU NEED TO KNOW ABOUT CYBER SECURITY
SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes
More informationCards at School. Why Banks View Campuses as High Risk Customers. Payments
Cards at School Why Banks View Campuses as High Risk Customers Dennis W. Reedy, CTP, Managing Director, Treasury Operations, Indiana University Walter Conway, Walter Conway Associates, LLC Accepting credit
More informationBrief. The BakerHostetler Data Security Incident Response Report 2015
Brief The BakerHostetler Data Security Incident Response Report 2015 The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 the year of the
More informationCyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029
Cyber Liability Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group 877-337-3200 Ext. 7029 Today s Agenda What is Cyber Liability? What are the exposures? Reality of a
More informationISO? ISO? ISO? LTD ISO?
Property NetProtect 360 SM and NetProtect Essential SM Which one is right for your client? Do your clients Use e-mail? Rely on networks, computers and electronic data to conduct business? Browse the Internet
More informationBeazley Group Beazley Breach Response. A data breach isn t always a disaster Mishandling it is.
Beazley Group Beazley Breach Response A data breach isn t always a disaster Mishandling it is. A world of risk 932.7m Personal records breached in the U.S. since 2005 3 51% The proportion of breaches attributable
More informationTHE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS
THE CHANGING FACE OF CYBERCRIME AND WHAT IT MEANS FOR BANKS David Glockner, Managing Director strozfriedberg.com Overview The big picture: what does cybercrime look like today and how is it evolving? What
More informationCyber Insurance Presentation
Cyber Insurance Presentation Presentation Outline Introduction General overview of Insurance About us Cyber loss statistics Cyber Insurance product coverage Loss examples Q & A About Us A- Rated reinsurance
More informationCyber and Data Security. Proposal form
Cyber and Data Security Proposal form This proposal form must be completed and signed by a principal, director or a partner of the proposed insured. Cover and Quotation requirements Please indicate which
More informationPrivacy Insurance. Avoiding the HMO Experience. cyber. More Differences. By Toby Merrill
Privacy Insurance Avoiding the HMO Experience By Toby Merrill Privacy, as it relates to an individual s personally identifiable information, such as Social Security numbers, credit card and healthcare
More informationCyberSecurity for Law Firms
CyberSecurity for Law Firms Cracking the Cyber Code: Recent Headlines, Reinforcing the Need and Response Planning July 16, 2013 Making the Case Matthew Magner Senior Underwriting Officer Chubb & Son, a
More informationDATA SECURITY HACKS, HIPAA AND HUMAN RISKS
DATA SECURITY HACKS, HIPAA AND HUMAN RISKS MSCPA HEALTH CARE SERVICES SEMINAR Ken Miller, CPA, CIA, CRMA, CHC, CISA Senior Manager, Healthcare HORNE LLP September 25, 2015 AGENDA 2015 The Year of the Healthcare
More informationCyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?
Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies
More informationExercising Your Enterprise Cyber Response Crisis Management Capabilities
Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.
More informationINFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE. I. GENERAL INFORMATION Full Name:
INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE NOTICE: COVERAGE UNDER THIS POLICY IS PROVIDED ON A CLAIMS MADE AND REPORTED BASIS AND APPLIES ONLY TO CLAIMS FIRST MADE
More informationIs Your Company Ready for a Big Data Breach?
Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication
More informationWhite Paper #6. Privacy and Security
The Complexity of America s Health Care Industry White Paper #6 Privacy and Security www.nextwavehealthadvisors.com 2015 Next Wave Health Advisors and Lynn Harold Vogel, Ph.D. The Complexity of America
More informationCyber Threats: Exposures and Breach Costs
Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals
More information