Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Security: What the Head & Board Need to Know

Published byFrancisca Sevilla Modified over 5 years ago

Similar presentations

Presentation on theme: "Cyber Security: What the Head & Board Need to Know"— Presentation transcript:

1 Cyber Security: What the Head & Board Need to Know
.

2

3 . 250+ K-12 Clients 350+ Not-For-Profit Clients
Recognized “Best Practices” Agency Access to 100+ insurance carriers Largest provider of insurance programs to NYS Independent and Charter schools Serving NYSAIS member schools since 1974 Annual Written Premium= $100,000,000+ (top 2% of Agencies countrywide) Jay Kramer, CIPP / US Head of Cyber Resilience at Bristol-Myers Squibb Previously at Lewis Brisbois Bisgaard & Smith LLP in the Data Privacy & Cyber Security Practice 21 Years at the Federal Bureau of Investigation Attorney Special Agent Congressional Liaison Various leadership roles .

4 Cyber Financial Risks Cyber Coverage E-Commerce Extortion
Communications & Media Liability Computer Program & Electronic Data Restoration Expenses Security Breach Remediation and Notification Expense Business Interruption Regulatory Defense Expenses Network & Information Security Liability Crisis Management Event Expenses

5 Information at Risk Education Records
Financial Information of Students and Employees Health Information Personally Identifiable Information Any Other Information Considered to be Confidential

6 “Bad Day” Academy A school employee opened an attachment that contains Ransomware Soon after, staff noticed that files were no longer accessible as they were encrypted Each encrypted file contained instructions on how to pay the ransom to unlock them The school had to pay thousands of dollars to “unlock” the files They had previously declined to purchase a Cyber Liability policy

7 The Cost of a Cyber Claim
Computer & Software Restoration Forensic Costs Notification Expenses Ransomware Payments Defense & Settlement of Lawsuits Public Relations Credit Monitoring Services

8 Indirect Impact Student enrollment Reputation Board members
Operational dysfunction

9 Your Friends Can Get You In Trouble
Vendors, Suppliers, Payment Processors, Payment Services, Cloud The “Data Owner” is the entity who originally had the data School will Have Liability for the Breach no Matter where the Data is Compromised Outsourcing does not totally insulate a school from responsibility in the event of an attack The Liability for Breach no matter where the data is compromised

10 Notification Requirements
Requirements Vary By State – 50 data breach notification statutes New York State Information Security Breach and Notification Act NYS Law applies to breach of Private Information: Name in combination with: Social Security Number Driver’s License or Non-Driver Identification Account Number, Credit or Debit Card In conjunction with information that can be used to identity a natural person Notification to be made “in the most expedient time possible and without unreasonable delay.”

11 Components of an initial response
Recommended first steps: Follow/activate Incident Response Plan Notify insurance carrier – preserve rights pursuant to policy Contact “Breach Coach” – preserve attorney client privilege! Scoping call with forensic firm as needed Preparation and execution of forensic Statement of Work (SOW)/MSA Preparation of law firm engagement letter Other time-sensitive steps, as needed Procurement – hardware, software, Bitcoin/ransom payment Communications to employees/customers (“holding statement”) Notification to card brands (PCI) Law enforcement notification

12 Cyber Coverage Third Party First Party

13 Insurance Done Right Cyber insurance closes the gap between traditional coverage and cyber needs Offsets the expense of a data breach Provides resources in the event of a data breach response Pre-breach tools such as cyber security assessments, consultation with experts and training

14 Questions to Ask Your IT Department
Have sufficient resources been allocated to address cyber threats? Updated systems, firewalls etc. Are we in compliance with any regulatory requirements? Do we have a plan in the event of a cyber breach? Has it been tested? What training is needed for employees? Is all sensitive data secure and backed up on a regular basis? Have any third party providers with access to our network been property vetted?

15 Questions?

Download ppt "Cyber Security: What the Head & Board Need to Know"

Similar presentations

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.

Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.

Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Network security policy: best practices

Network security policy: best practices
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
** Deckplate training for Navy Sailors **.  On Thursday, 9 July, the Office of Personnel Management (OPM) announced a cyber incident exposed the federal.

** Deckplate training for Navy Sailors **.  On Thursday, 9 July, the Office of Personnel Management (OPM) announced a cyber incident exposed the federal.
1Copyright 2009. Jordan Lawrence. All rights reserved. Annual In-House Symposium Practical Steps to Minimize Privacy Risks: Understanding The Intersection.

1Copyright Jordan Lawrence. All rights reserved. Annual In-House Symposium Practical Steps to Minimize Privacy Risks: Understanding The Intersection.
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.
NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.

NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.
Overview of Cybercrime

Overview of Cybercrime
Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.

Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.
Privacy and Security Laws for Health Care Organizations www.ScottandScottllp.com Presented by Robert J. Scott Scott & Scott, LLP 800-596-6176.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
AUGUST 25, 2015 Cyber Insurance:

AUGUST 25, 2015 Cyber Insurance:

Similar presentations

Ads by Google