CYBER RISK MANAGEMENT IN THE BOATING INDUSTRY Carmelo Torraca, Esq. New Jersey Marine Trades Association March 2015
E-commerce has permanently transformed the way business-to-business and business-to-customer interactions occur.
The Benefits of ecommerce Online Services Research, Analytics and Management
The Benefits of ecommerce 84% New boat purchasers conducted online research National Marine Manufactures Association Recreation Boating Statistical Abstract
The Benefits of ecommerce 25% New boats purchased online National Marine Manufactures Association Recreation Boating Statistical Abstract
The Benefits of ecommerce $1,887,500,000 Estimated value of new boats purchased online in the U.S. National Marine Manufactures Association Recreation Boating Statistical Abstract
The Benefits of Online Services $121,500,000,000 Estimated economic value of recreational boating in the U.S. National Marine Manufactures Association Recreation Boating Statistical Abstract
The costs of protecting ecommerce benefits has been largely, and dangerously, ignored.
The Risks of Online Services Data breach in the marine trade and marina industries
The Risk of Online Services First Party Risks: Loss of a Portable Device Business Interruption Shut down from external / power outage Insider Threats
The Risk of Online Services Third Party Risks Man-in-the-Middle Attack Stolen Data Customer Personal Identifying Information (PII) Notice Credit reporting Fix the problem Regulations/fine Employee Liability (PII) Extortion Goodwill / Reputation Lawsuits Failure to Deliver Goods & Services Failure to Provide Obligatory Access Lack of Security Claims Federal and State Regulations creating Negligence Per Se Class Action Lawsuits
The Risks of Online Services $5,900,000 Average cost of data breach Ponemon Institute and IBM Cost of Data Breach Study: United States
The Risks of Online Services 27% Portion of all U.S. data breach cases occur in the retail, transportation and consumer services sectors Ponemon Institute and IBM Cost of Data Breach Study: United States
The Risks of Online Services $202 Average per record cost of data breach in retail, transportation and consumer services Ponemon Institute and IBM Cost of Data Breach Study: United States
Developing a Strategy Creating a Cyber Risk Management Policy 1. Identify Risk 2. Avoid Risk 3. Mitigate Risk 4. Crisis Management 5. Risk Monitoring
Cyber Risk Management 30% Reduction in cost of data breach for implementing cyber risk management plan and policies Ponemon Institute and IBM Cost of Data Breach Study: United States
Identifying Risk: Customer Personal Identifying Information Protected by statute in New Jersey N.J. Stat. Ann. 56:8-163 Any business that conducts business in New Jersey, or any public entity that compiles or maintains computerized records that include personal information, shall disclose any breach of security of those computerized records following discovery or notification of the breach to any customer who is a resident of New Jersey whose personal information was, or is reasonably believed to have been, accessed by an unauthorized person. The disclosure to a customer shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subsection c. of this section, or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
Identifying Risk: Customer Personal Identifying Information Liability for Failure to Comply: Penalties and Fines Law Enforcement Investigation State Prosecution Civil Litigation
Identifying Risk: Customer Personal Identifying Information $2,242,000 Average lost customer business for data breach Ponemon Institute and IBM Cost of Data Breach Study: United States
Identifying Risk: Business Operations Protection of Employee PII Communications and Scheduling Control of Online Presence Control of Real World Operations
Avoiding Risk: Employee Polices Terms of Employment Competence Training Computer Software Computer Monitoring
Avoiding Risk: Customer Policies Terms of Use Disclaimer Termination Policy
Mitigating Risk: Insurance Policies Data Privacy Insurance Technology Errors & Omissions Insurance General Commercial Liability w/ Cyber Rider Comprehensive Cyber Insurance
Crisis Management Pre-Planned Policies and Procedures On-Call Legal & Technical Assistance
Other Issues Downstream Impact: Contracts State Agencies Valuation Goodwill & Reputation