Presentation is loading. Please wait.

Presentation is loading. Please wait.

Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.

Similar presentations


Presentation on theme: "Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance."— Presentation transcript:

1 Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance

2 Question What industry makes up the highest percentage of investigations?

3 Answer Source: Trustwave 2013 Global Security Report

4 Question What is the average timeframe from an initial breach to detection?

5 Answer 210 days Source: Trustwave 2013 Global Security Report

6 Question What are the most common methods of detection?

7 Answer Source: Trustwave 2013 Global Security Report

8 Question From which country do most attacks originate?

9 Answer Source: Trustwave 2013 Global Security Report

10 Question What percentage of breaches involve a third party responsible for system support, development or maintenance?

11 Answer Source: Trustwave 2013 Global Security Report

12 Question What is the average cost per compromised record after a data breach?

13 Answer Source: 2013 Cost of Data Breach Study, Ponemon Institute

14 Question What is the average cost per data breach incident?

15 Answer $3.14 million (£2.05 million) in the UK Source: 2013 Cost of Data Breach Study, Ponemon Institute

16 Question Which industries have the highest breach costs?

17 Answer Hospitality: £68 per record Public services: £48 per record Source: 2013 Cost of Data Breach Study, Ponemon Institute

18 Question What is the most common cause of data breaches?

19 Answer Source: 2013 Cost of Data Breach Study, Ponemon Institute

20 Guess who? 20

21 Management of a data breach

22 Breakfast with Malcolm Team training Coffee with Alan from Barclays Call Jenna Murray re: licensing Lunch with Board Review outsourcing agreement and call with the lawyers Meeting with Arnold re: finance (do not miss!) Conference call with Heads of Department Discuss conference call with FD Tom’s appraisal

23 Management of a data breach Importance of Incident Response Plans – Containment and recovery – Assessment of ongoing risk – Notification of breach – Evaluation and response These are not linear activities, following one another in orderly sequence.......

24 Breakfast with Malcolm Team training Coffee with Alan from Barclays Call Jenna Murray re: licensing Lunch with Board Review outsourcing agreement and call with the lewyers Meeting with Arnold re: finance (do not miss!) Conference call with Heads of Department Discuss conference call with FD Tom’s appraisal Re-arrange for Friday Jill – rearramge this please Handover to John Move to tomorrow (pm)

25 Management of a data breach Containment and recovery – Decide who is to take the lead in investigating – Establish who needs to be informed (internally and externally – separately from any formal notifications) – Identify actions to recover loss and/or limit damage – Consider whether appropriate to inform the police

26 Breakfast with Malcolm Team training Coffee with Alan from Barclays Call Jenna Murray re: licensing Lunch with Board Review outsourcing agreement and call with the lawyers Meeting with Arnold re: finance (do not miss!) Conference call with Heads of Department Discuss conference call with FD Tom’s appraisal Re-arrange for Friday Jill – rearrange this please Handover to John Jill – send my apologies Move to tomorrow (pm) Move to Monday – tell HR July Send apologies!!

27 Management of a data breach Risk Assessment – What sort of data is involved? – What level of sensitivity is it? – What is your best assessment of what has happened to the data (in terms of unauthorised parties who have access to it, and for how long they have had access)? – What is its value to the unauthorised party? what harm could come to the affected individuals? – How much data is involved? – Are there wider consequences e.g. risk to public health? – Should passwords be changed or banks contacted?

28 Anniversary today!! Jill – can you rearrange dinner for tomorrow and please send Trudy some flowers? Data protection training (until 12.30) Lunch with Tom Lunch with Arnold re: finance Meeting with Jenna Murray Oursourcing Agreement! Pick up kids (Trudy at hairdressers ) JILL CANCEL EVERYTHING!!!

29 Management of a data breach Notification – ICO notification: telecoms sector and public bodies must notify. Other sectors currently voluntary regime – FCA and other regulators: sector-specific rules apply – Individuals: "will notification help them?" is the ICO's overriding concern Conclusion: notification is not an end in itself

30 Management of a data breach Notification Content – “How and when" details and overview – Affected data, affected number of individuals – Breach response so far, mitigation steps taken so far – Security measures in place – Whether individuals have been informed – Whether there has been media coverage – Whether investigation is being carried out, and if so, when is it due and in what format – Whether other regulators or the police have been informed – What future preventive measures you plan – Is there any other information that would be useful?

31 Thank you


Download ppt "Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance."

Similar presentations


Ads by Google