Presentation is loading. Please wait.

Presentation is loading. Please wait.

Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.

Published byLewis Joseph Modified over 9 years ago

Similar presentations

Presentation on theme: "Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance."— Presentation transcript:

1 Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance

2 Question What industry makes up the highest percentage of investigations?

3 Answer Source: Trustwave 2013 Global Security Report

4 Question What is the average timeframe from an initial breach to detection?

5 Answer 210 days Source: Trustwave 2013 Global Security Report

6 Question What are the most common methods of detection?

7 Answer Source: Trustwave 2013 Global Security Report

8 Question From which country do most attacks originate?

9 Answer Source: Trustwave 2013 Global Security Report

10 Question What percentage of breaches involve a third party responsible for system support, development or maintenance?

11 Answer Source: Trustwave 2013 Global Security Report

12 Question What is the average cost per compromised record after a data breach?

13 Answer Source: 2013 Cost of Data Breach Study, Ponemon Institute

14 Question What is the average cost per data breach incident?

15 Answer $3.14 million (£2.05 million) in the UK Source: 2013 Cost of Data Breach Study, Ponemon Institute

16 Question Which industries have the highest breach costs?

17 Answer Hospitality: £68 per record Public services: £48 per record Source: 2013 Cost of Data Breach Study, Ponemon Institute

18 Question What is the most common cause of data breaches?

19 Answer Source: 2013 Cost of Data Breach Study, Ponemon Institute

20 Guess who? 20

21 Management of a data breach

22 Breakfast with Malcolm Team training Coffee with Alan from Barclays Call Jenna Murray re: licensing Lunch with Board Review outsourcing agreement and call with the lawyers Meeting with Arnold re: finance (do not miss!) Conference call with Heads of Department Discuss conference call with FD Tom’s appraisal

23 Management of a data breach Importance of Incident Response Plans – Containment and recovery – Assessment of ongoing risk – Notification of breach – Evaluation and response These are not linear activities, following one another in orderly sequence.......

24 Breakfast with Malcolm Team training Coffee with Alan from Barclays Call Jenna Murray re: licensing Lunch with Board Review outsourcing agreement and call with the lewyers Meeting with Arnold re: finance (do not miss!) Conference call with Heads of Department Discuss conference call with FD Tom’s appraisal Re-arrange for Friday Jill – rearramge this please Handover to John Move to tomorrow (pm)

25 Management of a data breach Containment and recovery – Decide who is to take the lead in investigating – Establish who needs to be informed (internally and externally – separately from any formal notifications) – Identify actions to recover loss and/or limit damage – Consider whether appropriate to inform the police

26 Breakfast with Malcolm Team training Coffee with Alan from Barclays Call Jenna Murray re: licensing Lunch with Board Review outsourcing agreement and call with the lawyers Meeting with Arnold re: finance (do not miss!) Conference call with Heads of Department Discuss conference call with FD Tom’s appraisal Re-arrange for Friday Jill – rearrange this please Handover to John Jill – send my apologies Move to tomorrow (pm) Move to Monday – tell HR July Send apologies!!

27 Management of a data breach Risk Assessment – What sort of data is involved? – What level of sensitivity is it? – What is your best assessment of what has happened to the data (in terms of unauthorised parties who have access to it, and for how long they have had access)? – What is its value to the unauthorised party? what harm could come to the affected individuals? – How much data is involved? – Are there wider consequences e.g. risk to public health? – Should passwords be changed or banks contacted?

28 Anniversary today!! Jill – can you rearrange dinner for tomorrow and please send Trudy some flowers? Data protection training (until 12.30) Lunch with Tom Lunch with Arnold re: finance Meeting with Jenna Murray Oursourcing Agreement! Pick up kids (Trudy at hairdressers ) JILL CANCEL EVERYTHING!!!

29 Management of a data breach Notification – ICO notification: telecoms sector and public bodies must notify. Other sectors currently voluntary regime – FCA and other regulators: sector-specific rules apply – Individuals: "will notification help them?" is the ICO's overriding concern Conclusion: notification is not an end in itself

30 Management of a data breach Notification Content – “How and when" details and overview – Affected data, affected number of individuals – Breach response so far, mitigation steps taken so far – Security measures in place – Whether individuals have been informed – Whether there has been media coverage – Whether investigation is being carried out, and if so, when is it due and in what format – Whether other regulators or the police have been informed – What future preventive measures you plan – Is there any other information that would be useful?

31 Thank you

Download ppt "Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance."

Similar presentations

© Caveon, 2006 Under Lock and Key: Conducting a Physical Security Audit John Fremer, Ph.D – President, Caveon Jamie Mulkey, Ed.D. – Sr. Director Caveon.

© Caveon, 2006 Under Lock and Key: Conducting a Physical Security Audit John Fremer, Ph.D – President, Caveon Jamie Mulkey, Ed.D. – Sr. Director Caveon.
Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.

Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
London Metropolitan University Business Continuity Management Seminar Friday June 27 th 2008 The Henry Thomas Room LUNCH.

London Metropolitan University Business Continuity Management Seminar Friday June 27 th 2008 The Henry Thomas Room LUNCH.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
WHAT ELSE? Education is your main focus. But with children in your care for seven hours a day comes the added responsibility of health and safety.

WHAT ELSE? Education is your main focus. But with children in your care for seven hours a day comes the added responsibility of health and safety.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Introduction Definition Advantages for employees and employers

Introduction Definition Advantages for employees and employers
INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.

INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.
Developing Plans and Procedures

Developing Plans and Procedures
A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.
Preparing for the worst,

Preparing for the worst,
What Keeps Your Board Up at Night? Sylvia Kerrigan, Exec. VP, General Counsel & Secretary – Marathon Oil Sean Gorman, Partner – Bracewell & Giuliani.

What Keeps Your Board Up at Night? Sylvia Kerrigan, Exec. VP, General Counsel & Secretary – Marathon Oil Sean Gorman, Partner – Bracewell & Giuliani.
FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.

FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.
Session 7 Compliance failure policy. 1 Contents Part 1: COLP and COFA duties Part 2: What do we have to comply with and why does it matter? Part 3: Compliance.

Session 7 Compliance failure policy. 1 Contents Part 1: COLP and COFA duties Part 2: What do we have to comply with and why does it matter? Part 3: Compliance.
AIMS To raise awareness of some of the issues To offer advice on solutions To identify what might be considered as ‘best practice’ To launch new Policies.

AIMS To raise awareness of some of the issues To offer advice on solutions To identify what might be considered as ‘best practice’ To launch new Policies.
Strengthening Mobility and Promoting Regional Integration of Professional Engineers in APEC Economies – An Overview Basil Wakelin.

Strengthening Mobility and Promoting Regional Integration of Professional Engineers in APEC Economies – An Overview Basil Wakelin.

Similar presentations

Ads by Google