Technology Tangles: Cyber Risk Liability Coverage Considerations
|
|
- Shanon Lee
- 8 years ago
- Views:
Transcription
1 Technology Tangles: Cyber Risk Liability Coverage Considerations Issues Facing Public Entities NLC-RISC Trustees Conference May 10th, 2012 Dave Chatfield, NetDiligence
2 Why the concern? Malicious Threats Still Prevalent: Stealth Hackers, Malware, Extortionist; Rogue contractors; Disgruntled IT Staffer Non-Malicious (more often): Employee mistakes (lost laptop) Marketing mishap: innocent customer data leaks Application glitch Network Operation & Sharing Trends: Points of failure are multiplied due to trends of outsourcing computing needs Massive dependencies & data-sharing between business partners Where is YOUR data? A data breach: it s not a matter of if but when
3 Are the Risks Real? Some Anecdotal Evidence Verizon Security Consultants Forensics Study Some key findings 98% resulting external bad actors (hackers, malware) 92% of data breach discovered by 3rd parties, NOT by the company itself 97% of incidents were avoidable with simple controls (e.g., updated AV, patching, firewall rules, intrusion detection, effective user access control/password practices) Ponemon Institute (2011 study) Avg cost $5.5 Mil ($194 per record) Detection costs: $428k; Notice costs $561k Negligent insiders major cause 39% NetDiligence 2011 Cyber Insurance Loss Claims Survey Avg data breach insurance claim (paid) $2.4 Mil Crisis service avg cost, $800k (forensics, customer/employee notice, credit services) 2012 study underway now
4 Top perils that we often see Decentralized IT Operations Hacking (SQL injection) Laptop loss w/client data (very common) Backup tape loss (not my fault it was the shipper) Staff Mistakes: Data Leaks via , mailings or paper disposal Vendor & Biz Partner Breaches (VERY COMMON!)
5 How real? Sampling of live events Date Jan- 11 Dec- 11 Nov- 11 Oct- 11 Oct- 11 Oct- 11 Sep- 11 Sep- 11 Aug- 11 Aug- 11 Aug- 11 Jun- 11 Feb- 11 Feb- 11 Sep- 11 Aug- 11 Apr- 11 Jan- 11 Sep- 11 Aug- 11 Jun- 11 Company Pentagon Federal Credit Union Sovereign Bank AARP Ci=Bank State Farm Insurance Farmers Insurance Morgan Keegan & Company JP Morgan Chase Bank Aon Consul=ng Wachovia Bank MetLife Anthem Blue Cross, Wellpoint Equifax Ceridian Bernard Madoff Investors American Express Federal Reserve Bank of New York Heartland Payment Systems State Farm Insurance Countrywide United Healthcare Year Number Affected Companies ,000,000 Sony ,300,000 Educa=onal Credit Management ,000 Ci=group ,000,000 Heartland Payment Systems ,200,000 Hannaford Brothers Co ,000,000 TJX Companies Inc ,000,000 HM Customs and Revenue ,500,000 Fidelity Na=onal Informa=on Services ,300,000 TD Ameritrade ,500, ,000,000 U.S. Department of Veterans Affairs Visa, CardSystems, Mastercard, AMEX
6 What are the network emanating risks [from an insurance perspective] First Party Network Asset Exposures Data and software (modified, stolen, deleted) E-money (stolen, extorted) Information and trade secrets (modified, stolen) Business interruption (lost revenue and profits) Third Party Legal Liability Computer virus transmission (to customers, etc.) Privacy policy breach (leak of customer data) Attacks against 3 rd party sites (Zombie launch pad) Website activities: intellectual property infringement (trademark or copyright)
7 Regulator/Compliance Costs Breach Costs Forensics vendor Notification vendor Call centers PR vendor ID theft insurance Credit monitoring ID restoration Attorney oversight Planning and Data Management Breach planning (Mass.) ID Theft monitoring (Red Flags) PCI DSS (Nevada and merchants) HIPAA
8 Class Action Demands Legal liability? Minor damages for large groups equals a significant potential loss. $200 per year ($100 time; $100 monitoring / repair / insurance) x 10,000 (claimants) $2,000,000 (per year) x 20 years (FTC) $40,000,000
9 Why the problem? The Internet s open network Most orgs often collect/ store/share private data on people and: More data often collected than needed Data often stored for too long (no records retention limits) Websites are very porous & need constant care (hardening & patching). IDS (detection) is very weak: no matter size many orgs learn of breach too late or not at all! 95% of all network intrusions could be avoided by keeping systems up-todate (CERT) Bad buys still rely on the prevalence of human error unchanged default settings missing patches wide open laptop customer records (paper) improperly disposed guessable access
10 Common Weak Spots PROBLEM 1) IDS or Intrusion Detection Software (bad guy alert sys) Studies show that 70% of actual breach events are NOT detected by the victim-company, but by 3 rd parties (and many more go undetected completely). FTC and plaintiff lawyers often cite failure to detect Vast Data: companies IDS can log millions events against their network each month False positives: 70% PROBLEM 2) Patch Mgmt - Challenges: All systems need constant care (patching) to keep bad guys out. Complexity of networking environments Lack of time: Gartner Group estimates that IT Managers spend an average of 2 hours per day managing patches. PROBLEM 3) - Encryption (of private data) Problem spans all sizes & sectors. ITRC (Identity Theft Resource Center): only 2.4% of all breaches had encryption Issues: budgets, complexities and partner systems Key soft spots: Data at rest for database & laptops (lesser extent) Benefits: safe harbor (usually)
11 Patch mgmt Challenges example monthly patch list Daun7ng process Research applicability to your OS Test in non- produc=on Deploy to live sys Some solu7ons we see - Patchlink - Shavlik - Microssoc WSUS/SCCM - Al=ris 11
12 State Notice Laws 46 states with notice reg in place. Approx 2/3 have a harm threshold analysis (reasonable risk of harm to victims) Forensics & Breach Coach (privacy lawyer) are VITAL to helping in crisis stage avoid noticing the world if you never triggered a reg Source: BI Magazine & Jon Neiditz, Esq., published in Mark Greisiger authored Whitepaper
13 Evolving Exposures CONNECTICUT: Insurance Department Bulletin IC-25 all licensees and registrants of the Department notify the Department [Commissioner] of any information security incident which affects any Connecticut residents as soon as the incident is identified, but no later than five (5) calendar days after the incident MASSACHUSETTS 201 CMR 17: Protection of Personal Info. All businesses that store Mass. Residents personal information must develop a written information security program (WISP) NEVADA Mandates that data collectors doing business in Nevada comply with Payment Card Industry Data Security Standards (PCI DSS) CALIFORNIA Augments federal HIPAA provisions Breach requires notice to California Department of Health and affected individuals within 5 days State can fine institution up to $250,000 per violation Allows private right of action
14 Including Government Agencies CALIFORNIA While there is a separate statute for state agencies, municipal corporations are excluded and appear to be subject to same statute as other businesses, including provision for private right of action LOUISIANA: LA. REV. STAT. 51:3071, et. seq. agency must notify any resident of the state whose electronic personal information is reasonably believed to have been acquired by an unauthorized person in the most expedient time possible and without unreasonable delay if risk of harm allows private right of action for actual damages NEW HAMPSHIRE: N.H. Rev. Stat. Ann. 359-C:20(a) agency must notify in the event of breach disclosing electronic personal information must promptly determine the likelihood that the information has been or will be misused. If misuse or likelihood of misuse is determined, or if determination, cannot be made, must notify the affected persons allows private right of action for actual damages and up to three times actual damage for willful and wanton violation
15 Governmental Immunity Only applies as a defense to tort claims for damages Thus, no impact on notice requirements, etc. Must to look to notice statutes to determine whether those obligations run to governmental entities, though many statutes have the same requirements for private and public actors A matter of state law, but more and more, immunity is the exception rather than the rule and courts have been creative in finding no immunity Statutes have been enacted in a substantial number of states imposing general liability in tort on local governmental entities with minor exceptions In many jurisdictions, the existence of liability insurance has been treated as a waiver of governmental immunity, at least to the extent of the insurance coverage.
16 Governmental Immunity (cont d) In any event, generally, immunity is only available for acts and omissions constituting The exercise of a legislative or judicial function or The exercise of an administrative function involving the determination of fundamental governmental policy Thus, immunity usually not available when a municipal corporation is performing non-governmental functions, such as Operating recreational facilities Operating Hospitals, etc. The result tort immunity likely unavailable for incidents involving data stored in connection with performing non-governmental functions when liability would otherwise attach
17 Strategies for Risk Managers Plan for the loss CFO must understand that data / network security is NEVER 100%... 4 Legs of Traditional Risk Mgmt: Eliminate: e.g. patch known exploits, encrypt laptops etc Mitigate: e.g. dedicated security staff; policies; IDS/ IPS; etc Accept: e.g. partner SLAs, capabilities (trusting their assurances) Cede: residual risk via privacy risk insurance Wide-Angle Assess Safeguard Controls Surrounding: People: they seem to get it Proper security budget and vigilant about their job! Processes/ Policies: enterprise ISO27002, HITECH ready; employee education/ training; change management processes, breach response plan etc. Technology: proven IDS/IPS capabilities, DLP solutions, hardened & patched servers (tested), full encryption of PII.
18 Example Process Remote Cyber Risk Assessment (common to insurance industry) Step 1: Self-assessment: completed mostly by client s IT security rep, this strives to gauge their industry security & privacy practices against a known standard (ISO 27002). Other privacy & media liability practices may be included here. key concept vigilance & layered safeguards Step 2: Phone calls interview: Purpose is to flush out any red flag areas identified.gather more details or to clarify a compensating control. Step 3 - Document Review: verify key security policies e.g. enterprise security, privacy, BC/DR and 3rd party vendor assurances. We also seek to peer review of any recent security audit materials such as PCI RoC. Step 4 - Network perimeter vulnerability scan test: ck SQL exploit in Web aps Step 5 Summary Report: These 4 tasks might be then pulled into composite report which strives to measure client s good faith practices to ISO adherence. Important here to mention strengths (good things found) along with weak spots and suggestions
19 Assessment Summary Purpose: Showcase Risk Mgmt Strengths Reaffirm reasonable safeguards Benchmark to standards Good faith effort towards compliance with Regs Lessons learned from past loss/ incidents (are they now battle ready?) Cyber Risk insurability assessment Process should be collaborative Educate Risk Mgr or CFO about their own IT operations Wide-Angle: people/process & tech Peer Review prior audits and then fill in the gaps.
20 Are you at risk? Ask your team: Has your org ever experienced a data breach or system attack event? Some studies show % of execs admitted to a recent breach incident Does your organization collect, store or transact any personal, financial or health data? Do you outsource any part of computer network operations to a third-party service provider? Your security is only as good as their practices and you are still responsible to your customers Do you allow outside contractors to manage your data or network in any way? The contractor is often the responsible party for data breach events Do you partner with entities and does this alliance involve the sharing or handling of their data? You may be liable for a future breach of your business partners Does your posted Privacy Policy align with your actual data management practices? If not you may be facing a deceptive trade practice allegation Has your organization had a recent cyber risk assessment of security/ privacy practices to ensure that they are reasonable and prudent and measure up with your peers? Doing nothing is a plaintiff lawyers dream.
21 NetDiligence Cyber Risk Claims Study About the Study Collect empirical data on actual data/privacy breach events based on following criteria The victimized organization had some form of cyber or privacy liability coverage A legitimate claim was filed Analyze data in terms of types of events and their associated costs 117 data breach claim events were submitted for our study
22 NetDiligence Cyber Risk Claims Study Insurers paid out losses. Highlights of Findings Data at Risk PII is the most frequently exposed data (37% of breaches), followed by PHI (21% of breaches) Credit card data/ accounts a whopping 88% of records exposed Cause of Loss Hackers are the most frequent cause of loss (32%), followed by rogue employees/contractors (19%) Sectors at Risk Healthcare is the sector most frequently breached (24%), followed by Financial Services (22%)
23 Highlights of Findings Costs Average cost* per breach was $2.4 million Average cost* per record was $5.00 Legal (Defense & Settlement) represents the largest portion of costs incurred Average Cost of Defense $500K Average Cost of Settlement $1 million Crisis services costs (forensics, notice & credit monitoring) avg $800k (combined) per event
24 % of Breaches by Data Type 5% 16% 21% 21% 37% PII PHI Credit Card Other Financial Other
25 % of Breaches by Cause of Loss 8% 19% 32% Hacker Rogue Employees 15% 7% 19% Staff Mistake Loss/Thec Business Interrup=on Other
26 Average Cost per Breach Hundred Thousands
27 What can be done Proactive Risk Manager Steps Empowered Senior Executive Talk to your IT Security folks. Gain an appreciation of the many challenges Not many Firms can say: how many records they have; what type of data is being collected, stored, shared, protected; where does all this data reside; when is it purged?? Assess & Test your own staff and operations Document your due care measures Insurance Red Flags, data security and breach response plans - affirmative duties Easier said than done
28 Closing thoughts Most public en==es will sustain a data breach event in the near term. AND many have already sustained breach but they failed to iden=fy it
CYBER RISK Threats, Loss Control, Liability & Claims
CYBER RISK Threats, Loss Control, Liability & Claims Mark Greisiger, NetDiligence Chris DiIenno, Esq., Nelson Levine MARK GREISIGER NETDILIGENCE Mark Greisiger leads NetDiligence, a Cyber Risk Management
More informationLEGAL AND REGULATORY RAMIFICATIONS OF A DATA BREACH
LEGAL AND REGULATORY RAMIFICATIONS OF A DATA BREACH NLC- RISC STAFF CONFERNCE Octobegffgfdadadddffffdfddfadr NLC- RISC STAFF CONFERENCE October 22nd, 2013 Portland, Oregon Jim Prendergast Partner, Data Privacy
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationT H E R E A L C O S T O F A D ATA B R E A C H
T H E R E A L C O S T O F A D ATA B R E A C H Hosted by AllClear ID www.allclearid.com/business WELCOME // QUICK NOTES Presentation is being recorded and will be available within 2-3 business days at www.allclearid.com/business
More informationAre Data Breaches a Real Concern? Protecting Your Sensitive Information. Phillips Auction House NY- 03/24/2015
Are Data Breaches a Real Concern? Protecting Your Sensitive Information Phillips Auction House NY- 03/24/2015 1 Agenda Current Data Breach Issues & Legal Implications Data Breach Case Study Risk Management
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationDATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT
Advisor Article DATA SECURITY: A CRUCIAL TOPIC FOR CORPORATE COUNSEL AND MANAGEMENT By James R. Carroll, David S. Clancy and Christopher G. Clark* Skadden, Arps, Slate, Meagher & Flom Customer data security
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationIncident Response. Proactive Incident Management. Sean Curran Director
Incident Response Proactive Incident Management Sean Curran Director Agenda Incident Response Overview 3 Drivers for Incident Response 5 Incident Response Approach 11 Proactive Incident Response 17 2 2013
More informationCyber Liability & Data Breach Insurance Claims
Cyber Liability & Data Breach Insurance Claims A Study of Actual Payouts for Covered Data Breaches Mark Greisiger President NetDiligence June 2011 Last year, privacy breaches ran about 1-2 per week. This
More informationCyber Exposure for Credit Unions
Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Pam Townley, AVP / Eastern Zonal Manager AIG Professional Liability Division Jennifer Bolling, Account Executive Gallagher Management Liability Division
More informationCybersecurity Workshop
Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153
More informationPrivacy & Data Security
Privacy & Data Security May 9, 2014 Presented at: SWBA 39 TH ANNUAL CONFERENCE by: James E. Prendergast, Esq. Overview Data Privacy Concerns: Unauthorized access, use, acquisition or disclosure of information
More informationCyber Insurance: How to Investigate the Right Coverage for Your Company
6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationPrivacy and Data Breach Protection Modular application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationThe Business Case for Security Information Management
The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un
More informationPrivacy Rights Clearing House
10/13/15 Cybersecurity in Education What you face as educational organizations How to Identify, Monitor and Protect Presented by Jamie Gershon Sr. Vice President Education Practice Group 1 Privacy Rights
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationCyber Threats: Exposures and Breach Costs
Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals
More information2015 PIAA Corporate Counsel Workshop October 22 23, 2015 Considerations in Cyber Liability Coverage
2015 PIAA Corporate Counsel Workshop October 22 23, 2015 Considerations in Cyber Liability Coverage Chris Reese Vice President, Director of Underwriting Connie Rivas Asst. Vice President, Contracts and
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationPrivacy Legislation and Industry Security Standards
Privacy Legislation and Issue No. 3 01010101 01010101 01010101 Information is generated about and collected from individuals at an unprecedented rate in the ordinary course of business. In most cases,
More informationDon t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks
Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks Thank you for joining us. We have a great many participants in today s call. Your phone is currently
More informationCyber-insurance: Understanding Your Risks
Cyber-insurance: Understanding Your Risks Cyber-insurance represents a complete paradigm shift. The assessment of real risks becomes a critical part of the analysis. This article will seek to provide some
More informationLessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd
Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual
More informationAnatomy of a Privacy and Data Breach
Anatomy of a Privacy and Data Breach Understanding the Risk and Managing a Crisis Adam Kardash: Partner, Heenan Blaikie LLP Robert Parisi: Senior Vice President, Marsh Leadership, Knowledge, Solutions
More informationCAGNY Spring 2015 Meeting Fundamentals of Cyber Risk. Brad Gow June 9th, 2015 Endurance
Fundamentals of Cyber Risk Brad Gow June 9th, 2015 Endurance But consider the kickoff chuckle to a speech given to the Wharton School in March 1977 by Sidney Homer of Salomon Brothers, the leading bond
More informationData breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
More informationNew Developments in Cyber Security & Data Breaches San Diego, California May 2014
New Developments in Cyber Security & Data Breaches San Diego, California May 2014 Sharon Lyon John Mullen NetDiligence Lewis Brisbois Bisgaard & Smith Claire Lee Reiss NLC-RISC John F. Mullen, Sr. John
More informationcyber invasions cyber risk insurance AFP Exchange
Cyber Risk With cyber invasions now a common place occurrence, insurance coverage isn t found in your liability policy. So many different types of computer invasions exist, but there is cyber risk insurance
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationHow To Buy Cyber Insurance
10-26-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationManaging Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec
Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec Jeremy Ong Divisional Vice-President Great American Insurance Company November 13, 2010 1 Agenda Overview of data breach statistics
More informationDATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET
DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET 2014 NSGA Management Conference John Webb Jr., CIC Emery & Webb, Inc. Inga Goddijn, CIPP/US Risk Based Security, Inc. Not just a big business problem
More informationCyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day
Lloyd s of London (Reuters) May 8, 2000 Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Rivers Casino, Pittsburgh November 17, 2014
More informationCompliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations
Enabling a HITECH & HIPAA Compliant Organization: Addressing Meaningful Use Mandates & Ensuring Audit Readiness Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard Compliance Mandates Increased
More informationTHE DATA BREACH: How to stay defensible before, during and after the incident. after the incident.
THE DATA BREACH: How to stay defensible before, during and after the incident. after the incident. September 22, 2015 Erica Ouellette Beazley Technology, Media & Business Services Alyson Newton, Executive
More informationManaging Cyber & Privacy Risks
Managing Cyber & Privacy Risks NAATP Conference 2013 NSM Insurance Group Sean Conaboy Rich Willetts SEAN CONABOY INSURANCE BROKER NSM INSURANCE GROUP o Sean has been with NSM Insurance Group for the past
More informationInsurance Considerations Related to Data Security and Breach in Outsourcing Agreements
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
More informationPCI Compliance for Healthcare
PCI Compliance for Healthcare Best practices for securing payment card data In just five years, criminal attacks on healthcare organizations are up by a stunning 125%. 1 Why are these data breaches happening?
More informationData breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP
More informationData Security: Risks, Compliance and How to be Prepared for a Breach
Data Security: Risks, Compliance and How to be Prepared for a Breach Presented by: Sandy B. Garfinkel, Esq. The Data Breach Reality: 2015 AshleyMadison.com (July 2015) Member site facilitating personal
More informationHIPAA & Costly Data Breaches. Healthcare: Evolving Claims, Exposures and Regulatory Enforcement
HIPAA & Costly Data Breaches Healthcare: Evolving Claims, Exposures and Regulatory Enforcement 2015 NLC- RISC Staff Conference October 19, 2015 Annapolis, MD Presenters Mark Greisiger, NetDiligence John
More informationWhat Data? I m A Trucking Company!
What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West
More informationSecurity Breaches and Vulnerability Experiences Overview of PCI DSS Initiative and CISP Payment Application Best Practices Questions and Comments
Security in the Payment Card Industry OWASP AppSec Seattle Oct 2006 Hap Huynh, Information Security Specialist, Visa USA hhuynh@visa.com Copyright 2006 - The OWASP Foundation Permission is granted to copy,
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationCyber and Privacy Risk What Are the Trends? Is Insurance the Answer?
Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information
More informationCyber/Information Security Insurance. Pros / Cons and Facts to Consider
1 Cyber/Information Security Insurance Pros / Cons and Facts to Consider 2 Presenters Calvin Rhodes, Georgia Chief Information Officer Ron Baldwin, Montana Chief Information Officer Ted Kobus, Partner
More informationTRENDS IN CYBER LIABILITY Presented by Chris DiIenno Data Privacy and Network Security Group Lewis Brisbois Bisgaard & Smith
TRENDS IN CYBER LIABILITY Presented by Chris DiIenno Data Privacy and Network Security Group Lewis Brisbois Bisgaard & Smith Types of Data at Stake Residents, constituents, employees PII Personally Identifiable
More informationLaw Firm Cyber Security & Compliance Risks
ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014
More information10 Smart Ideas for. Keeping Data Safe. From Hackers
0100101001001010010001010010101001010101001000000100101001010101010010101010010100 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000 0100101001001010010001010010101001010101001000000100101001010101010010101010010100000
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP A Note discussing written information security programs (WISPs)
More informationReducing Risk. Raising Expectations. CyberRisk and Professional Liability
Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today
More informationCyber-Crime Protection
Cyber-Crime Protection A program of cyber-crime prevention, data breach remedies and data risk liability insurance for houses of worship, camps, schools, denominational/association offices and senior living
More informationPrivacy Law Basics and Best Practices
Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?
More informationPrivacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014
Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Nikos Georgopoulos Privacy Liability & Data Breach Management wwww.privacyrisksadvisors.com October 2014
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP
More informationISO? ISO? ISO? LTD ISO?
Property NetProtect 360 SM and NetProtect Essential SM Which one is right for your client? Do your clients Use e-mail? Rely on networks, computers and electronic data to conduct business? Browse the Internet
More informationJefferson Glassie, FASAE Whiteford, Taylor & Preston
Jefferson Glassie, FASAE Whiteford, Taylor & Preston 2 * 3 PII = An individuals first name and last name or first initial and last name in combination with any one or more of the following data elements
More informationAnatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow
Anatomy of a Breach: A case study in how to protect your organization Presented By Greg Sparrow Agenda Background & Threat landscape Breach: A Case Study Incident Response Best Practices Lessons Learned
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationData security: A growing liability threat
Data security: A growing liability threat Data security breaches occur with alarming frequency in today s technology-laden world. Even a comparatively moderate breach can cost a company millions of dollars
More informationplantemoran.com What School Personnel Administrators Need to know
plantemoran.com Data Security and Privacy What School Personnel Administrators Need to know Tomorrow s Headline Let s hope not District posts confidential data online (Tech News, May 18, 2007) In one of
More informationCybersecurity. Threats to Nonprofits. Chris Debo Senior Manager, IT Audit. August 14, 2014
Cybersecurity Threats to Nonprofits Chris Debo Senior Manager, IT Audit August 14, 2014 What is Cybersecurity? NIST definition: The process of protecting information by preventing, detecting, and responding
More informationAPIP - Cyber Liability Insurance Coverages, Limits, and FAQ
APIP - Cyber Liability Insurance Coverages, Limits, and FAQ The state of Washington purchases property insurance from Alliant Insurance Services through the Alliant Property Insurance Program (APIP). APIP
More information3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.
Cybersecurity: Minimizing Risk & Responding to Breaches March 5, 2015 Andy Chambers Michael Kelly Jimmie Pursell Scope of Problem Data Breaches A Daily Phenomenon Anthem JP Morgan / Chase Sony Home Depot
More informationINFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES
INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES NOTICE: INSURING AGREEMENTS I.A., I.C. AND I.D. OF THIS POLICY PROVIDE COVERAGE ON A CLAIMS MADE AND REPORTED BASIS AND APPLY ONLY
More information2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.
The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million
More informationThe Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services
The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services What we are NOT doing today Providing Legal Advice o Informational Purposes
More informationHow-To Guide: Cyber Security. Content Provided by
How-To Guide: Cyber Security Content Provided by Who needs cyber security? Businesses that have, use, or support computers, smartphones, email, websites, social media, or cloudbased services. Businesses
More informationCyber Liability & Data Breach Insurance Claims
Cyber Liability & Data Breach Insurance Claims A Study of Actual Payouts for Covered Data Breaches Mark Greisiger President NetDiligence June 2011 Last year, privacy breaches ran about 1-2 per week. This
More informationCSR Breach Reporting Service Frequently Asked Questions
CSR Breach Reporting Service Frequently Asked Questions Quick and Complete Reporting is Critical after Data Loss Why do businesses need this service? If organizations don t have this service, what could
More informationI ve been breached! Now what?
I ve been breached! Now what? THE AFTERMATH OF A BREACH & STEPS TO REDUCE RISK The number of data breaches in the United States in 2014 hit a record high. And 2015 is not looking any better. There have
More informationMANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS
MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS RRD Donnelley SEC Hot Topics Institute May 21, 2014 1 MANAGING CYBERSECURITY RISK AND DISCLOSURE OBLIGATIONS Patrick J. Schultheis Partner Wilson
More informationThe 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance
Date: 07/19/2011 The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance PCI and HIPAA Compliance Defined Understand
More informationDATA BREACH COVERAGE
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000
More information9/13/2011. Miscellaneous Current Topics in Healthcare Professional Liability. Antitrust Notice. Table of Contents. Cyber Liability.
Miscellaneous Current Topics in Healthcare Professional Liability Josh Zirin, FCAS, MAAA Antitrust Notice The Casualty Actuarial Society is committed to adhering strictly to the letter and spirit of the
More informationCyber Liability. What School Districts Need to Know
Cyber Liability What School Districts Need to Know Data Breaches Growing In Number Between January 1, 2008 and April 4, 2012 314,216,842 reported records containing sensitive personal information have
More informationENTIRE CONTENTS COPYRIGHT CRAIN COMMUNICATIONS INC. ALL RIGHTS RESERVED.
ENTIRE CONTENTS COPYRIGHT CRAIN COMMUNICATIONS INC. ALL RIGHTS RESERVED. INTRODUCTION While cyber risks long have been associated with e-commerce firms, any firm that holds confidential information in
More informationPayment Card Industry Data Security Standard Training. Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc.
Payment Card Industry Data Security Standard Training Chris Harper Vice President of Technical Services Secure Enterprise Computing, Inc. March 27, 2012 Agenda Check-In 9:00-9:30 PCI Intro and History
More informationChecklist for Breach Readiness. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @
Checklist for Breach Readiness Enabling a Resilient Organization Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @ Agenda Facts about breach violation impact
More informationIDENTITY THEFT: DATA SECURITY FOR EMPLOYERS. Boston, MA 02110 Richmond, Virginia 23219 Tel. (617) 502.8238 Tel. (804) 783.7579
IDENTITY THEFT: DATA SECURITY FOR EMPLOYERS Daniel J. Blake, Esq. Vijay K. Mago, Esq. LeClairRyan, A Professional Corporation LeClairRyan, A Professional Corporation One International Place, Eleventh Floor
More informationThe Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services
The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services What we are NOT doing today Providing Legal Advice o Informational Purposes
More informationIntroduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide
Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com
More informationData Security Breaches: Learn more about two new regulations and how to help reduce your risks
Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches
More informationThe Age of Data Breaches:
The Age of Data Breaches: HOW TO AVOID BEING THE NEXT HEADLINE MARCH 24, 2015 2015 Epstein Becker & Green, P.C. All Rights Reserved. ebglaw.com This presentation has been provided for informational purposes
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationWhat would you do if your agency had a data breach?
What would you do if your agency had a data breach? 80% of businesses fail to recover from a breach because they do not know this answer. Responding to a breach is a complicated process that requires the
More informationChecklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security
Checklist for HIPAA/HITECH Compliance Best Practices for Healthcare Information Security Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) For Daily Compliance & Security Tips, Follow ecfirst @ Agenda Review the
More informationOvercoming PCI Compliance Challenges
Overcoming PCI Compliance Challenges Randy Rosenbaum - Security Services Exec. Alert Logic, CPISM Brian Anderson - Product Manager, Security Services, SunGard AS www.sungardas.com Goal: Understand the
More informationCyber Liability & Data Breach Insurance Claims
NetDiligence 2013 Cyber Liability & Data Breach Insurance Claims Authored by: Mark Greisiger Sponsored by: AllClear ID Faruki Ireland & Cox PLL Kivu Consulting Introduction The third annual NetDiligence
More informationNavigating the New MA Data Security Regulations
Navigating the New MA Data Security Regulations Robert A. Fisher, Esq. 2009 Foley Hoag LLP. All Rights Reserved. Presentation Title Data Security Law Chapter 93H Enacted after the TJX data breach became
More informationAnalyzing Security for Retailers An analysis of what retailers can do to improve their network security
Analyzing Security for Retailers An analysis of what retailers can do to improve their network security Clone Systems Business Security Intelligence Properly Secure Every Business Network Executive Summary
More informationInternet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler
Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in
More informationInformation Security Addressing Your Advanced Threats
Information Security Addressing Your Advanced Threats Where We are Going Information Security Landscape The Threats You Face How To Protect Yourself This Will Not Be Boring What Is Information Security?
More information