Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Summit 2016 Data Bytes and Frights Presented by: President and CEO Peter J. Elliott, CPCU.

Published byAlexandrina George Modified over 8 years ago

Similar presentations

Presentation on theme: "Cyber Summit 2016 Data Bytes and Frights Presented by: President and CEO Peter J. Elliott, CPCU."— Presentation transcript:

1 Cyber Summit 2016 Data Bytes and Frights Presented by: President and CEO Peter J. Elliott, CPCU

2 “You have to learn the rules of the game. And then you have to play better than anyone else.” -Albert Einstein

3 Data Breach Trends Drawing Attention 2014 Record High for Breaches-783 2014 Records Exposed- 176 Million The Average Cost of a Stolen Record-$200+ The average total cost of a single data breach rose 23% to $3.79 million Moody’s Considers Cyber Exposure a Stress Factor

4

5 Claim Example from the News November 2013- $8.22 per record a bargain from Target 40 Million Credit Cards Compromised Direct Cost $290 Million with $90 Million Paid by Insurance New Settlement Indirect Cost of $39 Million with Banks and Credit Unions

6 Breaches? Yes! Employee steals 100 files with customer data Hacker releases 2,400 members information as a protest Laptop stolen with 97,000 data records Coding error leads to 2,950 medical forms mailed to the wrong addresses.

7 Anatomy of a Breach Incident: Malicious attack, employee error, or theft are the most common Discovery: Victims are typically the last ones to know. Usually discovered within months. Forensics Analysis: What, Where, and How. Response: Compliance to regulatory requirements for notification. Damage Control: Offering credit monitoring/fraud monitoring to the impacted parties. Possible Lawsuits from victims and fines/penalties from regulatory agencies.

8 Data Liability Key Term Defined: li·a·bil·i·ty, noun: …the state of being responsible for something, especially by law

9 Data Breach State Notification Laws: In 47 states (all but AL, NM, SD) Subject to statutory fines and penalties—more than just CPNI, but that is a good example HIPAA/HITECH Laws: (health care rules-includes personal insurance/GHP information) For entities that keep patient health info or do data-back up which contains HIPPA protected information Enforced by Dept. of Health & Human Services

10 Red Flags Rule: Requires Identity theft protection programs or be subject to fines/penalties Applies to most businesses-Utilities specifically named as an example (requires CPNI/Red Flags training of employees and reporting to the Board Annually)

11 Who is Held Accountable? Management is responsible for implementation of data breach process, procedures, and employee training. The Board is responsible (remember for CPNI/Red Flags, the Board must be given a report each year and it must be part of the Board minutes) Example Palkon v Holmes: The Board of Wyndham hotels was sued because they had several cyber attacks and the allegation was that they had not done enough to prevent them from re-occurring after the 1 st one

12 Eliminate or Avoid Minimize Transfer to a 3 rd Party Retain Management of Risk

13 Physical Controls Locked Doors Alarms Surveillance Biometrics-fingerprint recognition or eye recognition to enter the area where data is stored Badges Guests sign-in and are escorted throughout the building Turn CSR’s monitors so that others can not see that data on them while they wait in line or go through the drive-through Minimize Risk

14 Cyber Controls Restores operational functionality as soon as possible Focuses on ability to preserve and sustain its operations in the event of a cyber-related loss Address the effects on customers Public relations component (reputation, customer relationship preservation) Monitoring the cyber risk security plan and ensuring compliance Continually evaluate and revise its risk control measures Minimize Risk

15 Insurance: Obtaining a cyber risk insurance policy –pretty inexpensive and thorough Contracts: Contractual requirements with 3 rd parties (Hold Harmless Agreements) -Are they accepting liability or transferring that back to you ? -Do you have the proper insurance requirements for your vendors whom you share your data with ? -Data centers/cloud providers - do you accept liability in the service agreements? -Who is responsible if the data center has a breach and your customers’ customer’s data is breached? -Does your customer even know their data is shared with a data center or will they blame you? Transfer of Risk

16 Insurance Policy Website publishing/Media Liability – “wrongful acts” posted on insured website, like copyright infringement Security Breach-costs to notify affected individuals, call-center for ?s, and credit monitoring Replacement/restoration of electronic data – replace/restore data or programs damaged form an E-commerce incident Extortion threats-reimbursement/ransom payments from direct cyber extortion Transfer of Risk

17 Insurance Policy Business Income/Extra Expenses (not triggered under a regular BI/EE policy) – insured’s loss of income as a direct result of e-commerce incident to disrupt insureds system Public Relations (what if the competition finds out that you’ve had a breach, might they use that to “lure” your customers) Fines/Penalties/Defense costs from regulatory proceedings-where allowed by law Telecom E&O—Errors and Omissions and Financial Damage Allegations Transfer of Risk

18 Claims Examples from Additional Coverage Client is sued for allegedly using digital image on its website without the permission of the owner. An organization’s systems were hacked and its data encrypted by cyber criminals who demanded that a ransom is paid to release the encryption keys. Data was corrupted after a thumb-drive containing malware was inserted to the organization’s systems.

19 Transfer of Risk Contracts Get a good one to avoid this…

20 ?

21 Thank You Peter J Elliott-President and CEO

Download ppt "Cyber Summit 2016 Data Bytes and Frights Presented by: President and CEO Peter J. Elliott, CPCU."

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.

Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
Best Practices for Insuring Medical Practices from Cyber Risk.

Best Practices for Insuring Medical Practices from Cyber Risk.
Basics of Liability Liability Issues and Coverage.

Basics of Liability Liability Issues and Coverage.
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A. 2618 Centennial.

Time to Wave the White Flag – Compliance with the FTC’s Identity Theft Red Flags Rule William P. Dillon, Esq. Messer, Caparello & Self, P.A Centennial.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance October 6, 2009.

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance October 6, 2009.
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
© Chery F. Kendrick & Kendrick Technical Services.

© Chery F. Kendrick & Kendrick Technical Services.
Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Similar presentations

Ads by Google