Business Continuity from an Insurance Perspective Presented by Jim Carter Manager, Risk & Insurance.

Slides:

Advertisements

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Red Flag Rules: What they are? & What you need to do

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

IT Security Challenges In Higher Education Steve Schuster Cornell University.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.

Overview of Cybercrime

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

1 General Awareness Training Security Awareness Module 1 Overview and Requirements.

THE CLOUD Risks and Benefits from the Business, Legal and Technology Perspective September 11, 2013 KEVIN M. LEVY, ESQ. GUNSTER YOAKLEY.

Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

STANDARD 5.3 Objective 3 Students will explain and understand the need for confidentiality.

CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited © 2014 CUNA Mutual Group, All Rights Reserved. Understanding Cyber Insurance.

AUGUST 25, 2015 Cyber Insurance:

Florida Information Protection Act of 2014 (FIPA).

 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.

Robert W. Carruth, CSP, ARM-P Risk Control Manager NCACC Risk Management Services.

Important points and activities.  The objective is to secure life, property, information in the event of a disaster and to facilitate business continuity.

© Copyright 2011, Vorys, Sater, Seymour and Pease LLP. All Rights Reserved. Higher standards make better lawyers. ® CISO Executive Network Executive Breakfast.

Cyber Risk Insurance. Some Statistics Privacy Rights Clearinghouse o From 2005 – February 19, 2013 = 607,118,029 records reported breached. Ponemon Institute.

Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

CYBER INSURANCE Luxury or necessary protection?. What is a data breach? A breach is defined as an event in which an individual’s name plus personal information.

IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.

SECURITY OF DATA By: ADRIAN PERHAM. Issues of privacy; Threats to IT systems; Data integrity; Standard clerical procedures; Security measures taken to.

Prepared by Dept. of Information Technology & Telecommunications, November 19, 2015 Application Security Business Risk and Data Protection Gregory Neuhaus.

Data Breach: How to Get Your Campus on the Front Page of the Chronicle?

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

15 years of Web Security © 2015 WhiteHat Security, Inc. Jeremiah Grossman Founder WhiteHat Security, Inc. The Rebellious Teenage Years.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

CYBER SECURITY & ITS IMPACT ON FINANCIAL STATEMENTS AUDITS BOB WAGNER TUESDAY, NOVEMBER FLORIDA SCHOOL FINANCE OFFICERS ASSOCIATION CONFERENCE.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

What lessons can we learn from other data breaches? Target Sentry Insurance Dynacare Laboratories 1 INTRODUCTION.

The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.

Cyber Liability: New Exposures Presented by: Henriott Group © 2007, , Zywave Inc. All rights reserved.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.

HIPAA PRIVACY & SECURITY TRAINING

Financial Institutions – Cyber Risk

E&O Risk Management: Meeting the Challenge of Change

Data Compromises: A Tax Practitioners “Nightmare”

Chapter 3: IRS and FTC Data Security Rules

Agenda Consumer ID theft issues Data breach trends Laws and regulations Assessing and mitigating your risk.

Cyber Trends and Market Update

Cyber Security: What the Head & Board Need to Know

Anthem Data Breach Group 2: Jing Jiang, Dongjie Wang, Haitao Huang, Binju Gaire, Parneet Toor.

Anatomy of a Common Cyber Attack

School of Medicine Orientation Information Security Training

Presentation transcript:

Business Continuity from an Insurance Perspective Presented by Jim Carter Manager, Risk & Insurance

Overview 1.Disaster Planning Gone Wrong 2.Disaster Recovery and Protecting your Insurance Claim 3.Cyber Liability – NKOTB Page 2 of 20

Disaster Planning Gone Wrong

Emergency Power 4

Transportation

Redundancy of Info Services 6

Redundancy of Resources

Disaster Recovery and Protecting your Insurance Claim

What to do Before the Loss 1.Know Who to Call Insurance Agent/Company Recovery and Restoration Companies Industrial Hygienist 2.Have Crisis and Claim Management Teams in Place Facilities/Construction Team Resources Finance Risk Management/Insurance Real Estate 3.Have a Segregated Insurance Recovery Account in Place to Track Expenses 4.Have a Panel Adjustor in Place if You Have a Layered Insurance Program 9

What to Do After the Loss 1.Stop/Mitigate the Damage (Duty to Do So) 2.Call your insurance agent/company as soon as possible (immediately). 3.Secure the Site 4.Implement Incident Command and Initiate Your Crisis and Claim Teams 5.Document Damages (Photos/Records) 6.Keep Everything (Insurer’s Right to Salvage) 7.Don’t forget about employee and customer safety 10

Settling the Claim What to Claim 1.Property Damage Building Furniture, Fixtures and Equipment Inventory 2.Extra Expenses/Increased Cost of Working Overtime Expenses to Reduce Business Interruption 3.Business Interruption/Loss of Profits 4.Other Coverages Debris removal / Decontamination Costs / Demolition Expediting Costs / Professional Fees / Protection of Property 11

Cyber Risks The Newest Kid on the Block

World's Top Data Breaches Source: InformationisBeautiful.net 13

Target Corp. said that the huge data breach it suffered late 2013 happened after an intruder stole a vendor’s user ID and password and used them to gain access to the company’s computer system. What was stolen: 40 Million Customer Credit and Debit Card Numbers, Security Code Root Cause: Malware Source: DataBreachToday.Com; StarTribune.com 14

February 2014: Hackers obtained user ID and password from “a small number” of employees. Hackers then accessed a database containing all users records and copied “a large part” of those credentials. What was stolen: 145 Million Users Credentials Root Cause: Cyber Attack Source: New York Times 15

Home Depot: April 2014 Malware installed on cash register system across 2,200 stores. Home Depot said that criminals used a third-party vendor's user ID and password to enter the perimeter of its network. What was stolen: 56 Million Credit Card Information Other Personal Data s Root Cause: Malware Source: Associated Press 16

August 2014: Community Health Systems, which operates 203 hospitals across the United States, announced that hackers broke into its computers and stole data on 4.5 million patients. What was stolen: 4.5 Million Names, DOB, Addresses, Phone Numbers, SSN Root Cause: Cyber Attack Source: Modern Healthcare 17

February 2015: Anthem, American’s second-largest health insurer in the US. Attacker obtained user ID and password of five IT personnel. The data was exfiltrated using public external web storage. What was stolen: 78.8 Million Names, DOB, SSN, Addresses, Phone Numbers, Employment info Root Cause: Phishing / Malware Keyboard Logger Source: CNN Money, USA Today 18

Why Data is a Target... What Stolen Data is Worth Social Security Number $3.00 Credit Card Info $1.50 Date of Birth $3.00 Medical Record Data $50.00

What’s the Exposure Average Cost of a Data Breach is $3 - 4MM or $150 to $180 for Every Lost or Stolen Record What Does This Pay For: Audit and consulting services Legal services for defense and compliance Services to Victims / Identity Protection 1.Loss Reputation / Lost Business / Loss Productivity 2.Only 51% of RIMS Members Buy Privacy/Cyber Liability Insurance 20

Root Causes of Data Breaches

Federal & Statutory Requirements Following a Breach 1.There is no uniform federal law on data breaches. HIPAA Health Insurance Portability and Accountability Act HITECH established encryption and destruction protocols for PHI Gramm-Leach-Bliley Act (GLBA) for Financial Institutions The Payment Card Industry Data Security Standards (PCI-DSS Office of Management and Budget (OMB) “Breach Notification Policy” For Federal Agencies 2.State security breach notification laws generally follow a similar framework: Delineating who must comply with the law; Defining the terms “personal information” and “breach of security”; Adopting requirements for notice; Creating penalties, enforcement authorities, and remedies. 3.Florida Statutes , , (2)(i)

Q&A Jim Carter Manager, Risk & Insurances Services BayCare Health System, Inc Drew St. Clearwater, FL Tel