Presentation is loading. Please wait.

Presentation is loading. Please wait.

The PIA Partnership Presents: Cyber 101

Published byErnest Horton Modified over 5 years ago

Similar presentations

Presentation on theme: "The PIA Partnership Presents: Cyber 101"— Presentation transcript:

1 The PIA Partnership Presents: Cyber 101
Essential Information You and Your Clients Need to Know About Cyber Fraudulent Funds Transfer Extortion/Ransomware Social Engineering Business Interruption Data Breach/Privacy Network Security Media Liability

2 Presented by ABA Insurance Services
David Rupnow, CPCU, RPLU Product Manager D: | E: Dave has over 25 years of experience in underwriting and managing professional liability insurance programs to the small-medium business niche. With a focus on improving the efficiency and agent experience to rate/quote/bind insurance, he was key in the development and implementation of ProCision®, a new, next generation, multi-product quoting platform available through ForAgentsOnly.com. Lisa Micciche, CPA Product Manager D: | E: With over 15 years of underwriting, financial and management experience, Lisa is responsible for product development and modifications to existing products, as well as sales, claims, and competitive analysis for both the Bank and Small Business Insurance Programs of ABA Insurance Services. She was instrumental in the development of the Bank Program’s cyber insurance product. ABA Insurance Services is a managing general agency, program administrator and wholesale brokerage that offers professional and management liability lines, financial institution bonds, surety bonds, property, and general liability insurance to banks, small businesses and nonprofit organizations.

3 What we will cover in this webinar
What is a Data Breach? Why Data Breaches Matter How Cyber Insurance Can Help Coverage Overview Policy Limits Additional Points to Consider Case Studies Q&A © 2018 ABA Insurance Services Inc. dba Cabins Insurance Services in CA, ABA Insurance Services of Kentucky Inc. in KY, and ABA Insurance Agency Inc. in MI. Notwithstanding any language to the contrary, nothing contained herein constitutes nor is intended to constitute an offer, inducement, promise, or contract of any kind. All coverage descriptions and claims examples are provided for informational and educational purposes only and are not a representation as to coverage for any particular claim and are not represented to be error free. Coverage for any claim is determined upon the specific facts of the claim, the terms and conditions of the policy and applicable law. For details on the coverage provided by your specific contract of insurance, please refer to your policy. Coverage is subject to underwriting guidelines and may not be available in all states. Limits may be capped for underwriting reasons. Any links to any sites which are not originated by ABA Insurance Services Inc. (ABAIS) are provided only as a courtesy and are not intended to nor do they constitute an endorsement by ABAIS of the linked materials. All rights reserved.

4 What is a Data Breach? A data breach is an incident in which information is stolen or taken from the owner without his or her knowledge or permission. If the stolen information includes the names and medical or financial records of individual persons, the owner of such information—in most states—has obligations under the law to address the breach and notify the impacted individuals.

5 Why Data Breaches Matter
1. It’s the law. All 50 states have data breach notification laws. Federal laws govern healthcare information (HIPAA). Under HIPAA, covered entities and individual executives or employees face criminal liability for knowingly obtaining or disclosing protected health information. New federal law proposed: “Data Security and Breach Notification Act.” Would require an organization subject to Federal Trade Commission (FTC) jurisdiction to notify each individual whose personal information is implicated in a data breach. Notice would be required within 30 days of the breach. Would require regulated entities to implement information security policies and procedures. Would hold anyone who willfully conceals a data breach criminally liable. The regulated entity may also be fined $1,000 per individual per day, up to $100,000 per day, for each day that the regulated entity is out of compliance.

6 Why Data Breaches Matter
2. It is expensive. It costs an average of $141 per record to rectify a data breach. This can add up to tens of thousands of dollars for even a small organization. Cyber attacks cost small businesses between $84,000 and $148,000. Inexperience and neglect will increase the costs; experience and containment will decrease the costs. Source: Cost of Data Breach Study, Ponemon Institute

7 Why Data Breaches Matter
3. You’re at risk. 61% of breaches hit smaller businesses. It’s not just hackers; system glitches and human error can cause disclosure of private data. 60% of small businesses go out of business within six months of an attack. Source: Cost of Data Breach Study, Ponemon Institute

8 How Cyber Insurance Can Help
Insurance pays for: Breach Response & Expertise Response plan IT security experts Legal fees PR consultants Customer notifications & credit monitoring Contractual and Statutory Obligations PCI fines and penalties Regulatory defense Data Restoration Litigation

9 Coverage Overview – Breach Response & Expertise
Incident Response Expert Most policies provide 24/7 access to a breach response expert who will guide in the critical first few hours after an incident Forensic Investigations IT experts to help contain the damage and evaluate the source and extent of damage Privacy Experts Legal guidance on state and federal laws applicable to your business Crisis Management and Public Relations Help containing reputational damage from adverse publicity surrounding a data breach Customer Notifications Costs to draft and mail notifications to impacted individuals as required by law Customer Credit Monitoring Costs to monitor the credit rating of impacted individuals Call Centers Costs to run a call center to address customer concerns and questions

10 Coverage Overview – Contractual and Statutory Obligations
PCI Noncompliance Fines The consequences of not being PCI compliant range from $5,000 to $500,000, which is levied by banks and credit card institutions. Insurance usually pays for: (1) fines and penalties assessed against the insured for failing to comply with Payment Card Industry Data Security Standards and (2) defense costs incurred, if the insured challenges the imposition of such penalties because the insured believes that it complied with requisite security standards. Regulatory Defense Federal regulators such as the Federal Trade Commission, the Office of Civil Rights in the Department of Health and Human Services, and the Securities and Exchange Commission aggressively enforce laws protecting consumer privacy. State attorneys general are also focused on cyber security issues Insurance usually pays for the loss a company sustains as a result of defending against or responding to regulatory investigations and claims.

11 Coverage Overview – Data Restoration
Cyber insurance is designed to help your business recover in the event of a data breach or cyber attack. This includes responding to the breach for the benefit of your customers but it also includes repairing your own system and data to keep your business running. Such “repairs” could lead to lost income and mounting recovery costs. Cyber liability insurance helps cover the costs associated with recovering data and restoring computers, as well as the expenses involved in third-party notification, monitoring, lawsuits, and PR nightmares.

12 Coverage Overview – Litigation
Insurance covers: The costs of defense, settlements and judgments for your failure to protect electronic or non-electronic NPPI in your custody or control. The costs of defense, settlements and judgments for your failure to protect electronic or non-electronic NPPI in the custody or control of your IT service provider.

13 Policy Limits Policies can vary in how they address limits.
Common structures: Everything falls within one limit (shared) Coverages fall under their own limit (separate)

14 Additional Points to Consider
Is there coverage for electronic and non- electronic NPPI? Are you covered for breaches of your data at 3rd party vendors/cloud providers? Are employees covered? Be aware of common exclusions: Intentional acts Utility or infrastructure failure Unencrypted information Wrongful collection War and terrorism

15 Data Breach: Case Study 1
Employees of an insurance agency have private data exposure. While moving offices, an employee threw away a box of HR files. The company later learned that the entire box – three years’ worth of employment records – were pulled out of the garbage by an unknown person.

16 Data Breach: Case Study 2
Hackers steal credit card information from 700 grocery store customers. A cyber criminal organization hacked into the computerized cash registers of a grocery store and stole credit card information of 700 customers. The card data was used to purchase electronics and small luxury goods around the world.

17 Questions The PIA Partnership Presents: Cyber 101
Available now at Join us for the next Cyber 101 webinar: Network Security Tuesday, June 5, 2018 at 2:00 p.m. Eastern

Download ppt "The PIA Partnership Presents: Cyber 101"

Similar presentations

A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.

A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Department of Information Systems Brigham and Womens Hospital Laptop Encryption Catherine McGoldrick Schroeder Corp. Mgr, BWH IS Management & Planning.

Department of Information Systems Brigham and Womens Hospital Laptop Encryption Catherine McGoldrick Schroeder Corp. Mgr, BWH IS Management & Planning.
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.

Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.

Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.
NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.

NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.
Overview of Cybercrime

Overview of Cybercrime
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

Similar presentations

Ads by Google