The State of Cybersecurity and

Slides:

Advertisements

Similar presentations

Freshfields Bruckhaus Deringer LLP Global investigations What to advise your board Marius Berenbrok Edward Braham Matthew Herman Melissa Thomas 29 February.

Advertisements

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Corporate Ethics Compliance *

Are you ready for a recall? Medical Device Regulatory, Reimbursement and Compliance Congress March 28, 2007 Willie R. Bryant, Jr. Consultant Stericycle,

In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.

Navigating a Corporate Crisis © 2012 Fox Rothschild LLP Navigating a Corporate Crisis Pre-Crisis Phase September 20, 2012 Presented by Dori K. Stibolt.

©2008, Promega Corporation. All rights reserved. ©2007, Promega Corporation. All rights reserved. Global Financial Crisis -- Practical Implications for.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Internal Investigations: A primer Bob Cooper May 30, 2007.

Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

For broker-dealer use only. Not for use with the public. PROCU 2012 ANNUAL MEETING REGULATORY UPDATE Michael D. Burns Chief Compliance Officer October.

INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.

The Impact of Privacy on HP’s Customer Relationship Management Solution Mike Overly Vice President, Marketing © 2003 Hewlett-Packard Development Company,

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

DOJ Perspectives on Effective Compliance and Investigations Maxwell Carr-Howard Husch Blackwell, LLP October 8, 2012.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Chris Apgar, CISSP President, Apgar & Associates, LLC December 12, 2007.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

Compliance, Defensibility & Usability of Information on a Global Stage Monday, October 19, :00 – 10:30 AM Global Legal Issues 1.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

Data Security in the Cloud and Data Breaches: Lawyer’s Perspective Dino Tsibouris Mehmet Munur

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

2 United States Department of Education, Privacy Technical Assistance Center 1 Western Suffolk BOCES Data Breach Exercise.

The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.

RISK MANAGEMENT AND CRISIS RESPONSE WORKSHOP Lawrence E. Ritchie November 25, 2014.

Overview of Tampa Electric’s Compliance Program APPA Reliability Standards and Compliance Program January 10, 2007.

Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.

Law Firm Data Security: What In-house Counsel Need to Know

Incident Response Comes of Age

The Executive Office of the President

Hot Topics in the Financial Industry: Cybersecurity

New A.M. Best Cyber Questionnaire

CPA Gilberto Rivera, VP Compliance and Operational Risk

Data Minimization Framework

Protection of CONSUMER information

Regulatory Compliance

Responding to a Data Breach 360° of IT Compliance

Microsoft 365 Get help with regulatory compliance

Decrypting Data Compliance in China

California Cybersecurity Integration Center (Cal-CSIC)

The Focus on Compliance and Ethical Conduct

Wyoming association of sheriffs and chiefs of police

Cyber Game Plan: a tabletop exercise in defending a ransomware attack

ACC 561 TUTORIAL Education Your Life- -

ACC 561 TUTORIAL Lessons in Excellence--acc561tutorial.com.

ACC 561 GENIUS Lessons in Excellence-- acc561genius.com.

UOPACC561 Lessons in Excellence--uopacc561.com

Managing a Successful Investigation

Bob Siegel President Privacy Ref, Inc.

Protect your Business February 2018

General Counsel and Chief Privacy Officer

Rogers Enterprise Security Solutions

Cybersecurity compliance for attorneys

How we’ll prepare for the General Data Protection Regulation (GDPR)

Bonnie Weiss McLeod Cooley LLP

Risk Management: why and how to protect your health center

GDPR enforcement begins

Detecting, reporting & investigating data breaches under GDPR

Are you GDPR ready? Get help with regulatory compliance

 GDPR Readiness Quiz Quick Insight: Quick Insight: Quick Insight:

Neil Kirton and Zoë Newman

Cyber Security: What the Head & Board Need to Know

GDPR is here – are you ready?

Anatomy of a Common Cyber Attack

Presentation transcript:

The State of Cybersecurity and Worst Case Scenario The State of Cybersecurity and Lessons Learned 2016 ACC Mid-Year Meeting

Program Agenda Highlights from the State of Cybersecurity Report Managing risk, privilege and the investigation process Best practices for information sharing and working with regulators Incident response planning and what to do now Who should be on your go-to list Cybersecurity insurance and why most organizations don’t have enough Mistakes to avoid when communicating with the media

Speakers Charles Kallenbach, Chief Legal Officer and General Counsel, Heartland Payment Systems Edward J. McAndrew, Partner, Ballard Spahr LLP Stewart A. Pomerantz, Senior Vice President & Associated General Counsel, Jefferies LLC Phil N. Yanella, Partner, Ballard Spahr LLP

Why the ACC Foundation Conducted This Important Study Cybersecurity is a leading concern among in-house counsel Expanding role of in-house counsel 53% allocating more of their budget to cybersecurity

About the Report Data breaches by industry and region Top cybersecurity causes and concerns worldwide Company and legal department budgets Cybersecurity insurance Lessons learned Managing vendors and outside risk Detailed glossary of information security terms Self assessment tool for benchmarking And much more………..

How Would You Characterize Your Responsibilities Regarding Cybersecurity in Your Company?

in-house counsel experienced a data breach 31% of in-house counsel experienced a data breach

Most GC/CLOs and other in-house counsel do not know what standards their organization uses to address cybersecurity

Member of the Legal Department on a Data Breach Team?

How Was the System Breached?

Ranking of Immediate Concerns Related to Data Breach

Mandatory Cybersecurity Training for All Employees

How Does Your Organization Evaluate Company Preparedness at the Employee Level?

Portion of law department’s budget specifically dedicated to cybersecurity or related cyber issues

The Legal and Regulatory Landscape Class action litigation Consumer Financial Protection Bureau (CFPB) Cybersecurity Information Sharing Act (CISA) European Union (EU) Federal Trade Commission UK Financial Conduct Authority (FCA) US Securities & Exchange Commission (SEC)

What challenges did you face in preserving lawyer-client privilege after the data breach, and how did you navigate these?

Less than half of the respondents say their company has cybersecurity insurance

Did Insurance Cover the Damages Incurred From the Breach?

General Counsel and Lessons Learned “No firewall can give 100% protection” “How much time is involved in responding to a breach” “Act fast and get out ahead of the news and the regulators” “Some employees working from home are on their own unencrypted devices”

Crisis Management Dos Prepare a three-tiered incident response plan Test the plan quarterly for vulnerabilities Identify a centralized decision maker (in legal) Join an industry based ISAC (Information sharing and analysis center) Select and media train a spokesperson Stay ahead of the news curve

Crisis Management Don’ts Assume cybersecurity is an IT issue Provide lost record numbers and breach details to media prematurely Rely on text book incident response plans Limit response to only US state law or other regulatory notification requirements Select and media train a spokesperson

What Resource Was Most Helpful? An outside call center In-house privacy counsel Having an established incident response team Chief privacy officer and local law enforcement Subject matter experts and a single center point of contact Retaining outside counsel and experts Office of Australian Information Commissioner Guidelines

“Act as if you’ve already been breached”

For addition information: Derede McAlpin ACC, Vice President & Chief Communications Officer mcalpin@acc.com ACC FOUNDATION: THE STATE OF CYBERSECURITY REPORT Price: Members - $475 Non-Members - $595 www.acc.com/cybersecurity Underwritten by: