E&O Risk Management: Meeting the Challenge of Change

Slides:



Advertisements
Similar presentations
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Advertisements

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
Springfield Technical Community College Security Awareness Training.
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
New Data Regulation Law 201 CMR TJX Video.
Protecting Sensitive Information PA Turnpike Commission.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
General Awareness Training
Defining Security Issues
Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
PCI COMPLIANCE Compliance is mandatory for all organizations that accept credit cards.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.
Cyber Risk Insurance. Some Statistics Privacy Rights Clearinghouse o From 2005 – February 19, 2013 = 607,118,029 records reported breached. Ponemon Institute.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
CYBER INSURANCE Luxury or necessary protection?. What is a data breach? A breach is defined as an event in which an individual’s name plus personal information.
Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,
Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.
CONTROLLING INFORMATION SYSTEMS
BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 3 OTHER DAMAGING THREATS.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Data Security Survival Skills for 21 st Century Evaluators Teresa Doksum & Sean Owen October 17, 2013.
The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.
PCI COMPLIANCE Compliance is mandatory for all organizations that accept credit cards.
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Information Security and Privacy in HRIS
Cyber Insurance - Risk Exposures and Strategic Solutions
Cyber Liability Insurance for an unsecure world
Cyber Insurance Risk Transfer Alternatives
Securing Information Systems
Breaking Down Cyber Liability
Protection of CONSUMER information
Managing a Cyber Event Steven P. Gibson President
E&O Risk Management: Meeting the Challenge of Change
Current ‘Hot Topics’ in Information Security Governance Auditing
Lecture 14: Business Information Systems - ICT Security
Securing Information Systems
Chapter 3: IRS and FTC Data Security Rules
Protecting Personal Information Guidance for Business.
Cyber Issues Facing Medical Practice Managers
Chapter 1: Information Security Fundamentals
Cyber Trends and Market Update
CompTIA Security+ Study Guide (SY0-401)
Chapter 1: Information Security Fundamentals
Forensic and Investigative Accounting
Security week 1 Introductions Class website Syllabus review
Cyber Security: What the Head & Board Need to Know
Move this to online module slides 11-56
Presentation transcript:

E&O Risk Management: Meeting the Challenge of Change Limiting Exposures to Data Breaches

INTRODUCTION Insurance agents collect, use, and store personally identifiable information on a daily basis Agents face exposure to both regulatory penalties and potential first and third party liability for breaches of data. Liability from cyber-attacks is on the rise and the media is constantly reporting on companies being hacked, exposing protected personal information. Additional information can be found on the VU web site and the Legal Advocacy area of the main Big I web site. Limiting Exposures to Data Breaches

INTRODUCTION Risks include physical risks, such as:   Discarding protected personal information without it being properly shredded Computers, fax machines and printers being discarded without thoroughly removing stored personal information; Physical agency break-ins where the entire agency server is stolen. Additional information can be found on the VU web site and the Legal Advocacy area of the main Big I web site. Limiting Exposures to Data Breaches

INTRODUCTION Perhaps the largest security risk arises from employee mistakes that often result from the failure to properly train them on agency procedures to protect the privacy of protected personal information. Additional information can be found on the VU web site and the Legal Advocacy area of the main Big I web site. Limiting Exposures to Data Breaches

GOOD BUSINESS & THE LAW Agencies have an obligation to secure protected personal information whether it is in electronic or paper form and to dispose of it appropriately Additional information can be found on the VU web site and the Legal Advocacy area of the main Big I web site. Limiting Exposures to Data Breaches

Data Breach Exposures Legal Responsibilities Fair Credit Reporting Act (FCRA) Gramm-Leach-Bliley Act (GLBA) Health Insurance Portability and Accountability Act (HIPAA) Various state laws (at least 29 states) require reporting of security breaches…“Security Breach Notification Chart”: http://www.perkinscoie.com/statebreachchart/ These laws effectively require agencies to implement security plans, conduct training, and do security audits Additional information can be found on the VU web site and the Legal Advocacy area of the main Big I web site. Limiting Exposures to Data Breaches

Data Breach Exposures Data Breach Costs Average cost estimated to be $214 per record, or about $250K for the average agency Direct Costs Cost to handle breach…legal fees, consultants, implementing new technology and training Cost to notify and remediate affected parties Indirect Costs Loss of trust of customers Damage to reputation in the community Cost to notify and remediate affected parties Nashville Election Commission laptops stolen in burglary and the cost was $1 million to notify registered voters and pay for identity theft protection for them Limiting Exposures to Data Breaches

Data Breach Exposures Identify Data at Risk Paper files in cabinets and on desks in premises Archived files (paper and electronic) outside premises Computer hard drives, laptops, cell phones, CDs, USB drives, agency management system providers, carriers, call centers, etc. Limiting Exposures to Data Breaches

Data Breach Exposures Identify Physical Threats Majority of breaches occur from stolen or lost devices Secure the building, server room, and file cabinets Screen cleaning crews Immediately prevent access to data when employees leave Practice sound password security Limit personal information on mobile devices Limiting Exposures to Data Breaches

Data Breach Exposures Identify Virtual Threats Firewall Secure WiFi connections Virus and malware protection Secure data backups and archived files Connect remotely via SSL/VPN connections Use secure SSL connections (https) to collect data Secure email with Transport Layer Security (TLS) Limiting Exposures to Data Breaches

LIMIT YOUR RISK Only keep the data you need and for only the length of time that you need it Have written guidelines and training regarding employee use of all protected consumer information Have written mandatory procedures in place for the proper disposal of sensitive information.  Physical damage to host computer equipment and network equipment  Breaches of security by employees, former employees or contract professionals  Breaches of security by outsiders (hackers)  Destruction of information technology assets by employees, former employees or contract employees  Destruction of information technology assets by outsiders (hackers)  Disruption of computer networks due to computer viruses, e.g., Melissa virus  Destruction of credit card or other credit information from customers leading to lost sales  Credit injury to customers whose credit card numbers may be misused by unauthorized parties  Lost revenues due to technological disruption (including telephone, data or internet service disruption on or off premises), particularly for time-sensitive industries like on-line brokerage firms  Lost advertising revenues due to website disruption  Disruption of eCommerce due to "smurf" or "spam" attacks or incidents  Lost new customers due to various forms of disruption (given Internet firm valuations based on number of customers, this can have a severe impact on valuations)  Non-repudiation for various forms of disruption of time-sensitive E-Commerce  Theft of intellectual property, trade secrets and other confidential information on company networks  Cost of litigating against those who have infringed on company intellectual property  Cost to restore damaged websites or networks  Cost to repair or upgrade security systems/firewalls in the aftermath of a breach of security  Extra expenses arising out of disruptions to Intranets and Extranets Limiting Exposures to Data Breaches