Download presentation
Presentation is loading. Please wait.
Published byLewis Joseph Modified over 9 years ago
1
Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance
2
Question What industry makes up the highest percentage of investigations?
3
Answer Source: Trustwave 2013 Global Security Report
4
Question What is the average timeframe from an initial breach to detection?
5
Answer 210 days Source: Trustwave 2013 Global Security Report
6
Question What are the most common methods of detection?
7
Answer Source: Trustwave 2013 Global Security Report
8
Question From which country do most attacks originate?
9
Answer Source: Trustwave 2013 Global Security Report
10
Question What percentage of breaches involve a third party responsible for system support, development or maintenance?
11
Answer Source: Trustwave 2013 Global Security Report
12
Question What is the average cost per compromised record after a data breach?
13
Answer Source: 2013 Cost of Data Breach Study, Ponemon Institute
14
Question What is the average cost per data breach incident?
15
Answer $3.14 million (£2.05 million) in the UK Source: 2013 Cost of Data Breach Study, Ponemon Institute
16
Question Which industries have the highest breach costs?
17
Answer Hospitality: £68 per record Public services: £48 per record Source: 2013 Cost of Data Breach Study, Ponemon Institute
18
Question What is the most common cause of data breaches?
19
Answer Source: 2013 Cost of Data Breach Study, Ponemon Institute
20
Guess who? 20
21
Management of a data breach
22
Breakfast with Malcolm Team training Coffee with Alan from Barclays Call Jenna Murray re: licensing Lunch with Board Review outsourcing agreement and call with the lawyers Meeting with Arnold re: finance (do not miss!) Conference call with Heads of Department Discuss conference call with FD Tom’s appraisal
23
Management of a data breach Importance of Incident Response Plans – Containment and recovery – Assessment of ongoing risk – Notification of breach – Evaluation and response These are not linear activities, following one another in orderly sequence.......
24
Breakfast with Malcolm Team training Coffee with Alan from Barclays Call Jenna Murray re: licensing Lunch with Board Review outsourcing agreement and call with the lewyers Meeting with Arnold re: finance (do not miss!) Conference call with Heads of Department Discuss conference call with FD Tom’s appraisal Re-arrange for Friday Jill – rearramge this please Handover to John Move to tomorrow (pm)
25
Management of a data breach Containment and recovery – Decide who is to take the lead in investigating – Establish who needs to be informed (internally and externally – separately from any formal notifications) – Identify actions to recover loss and/or limit damage – Consider whether appropriate to inform the police
26
Breakfast with Malcolm Team training Coffee with Alan from Barclays Call Jenna Murray re: licensing Lunch with Board Review outsourcing agreement and call with the lawyers Meeting with Arnold re: finance (do not miss!) Conference call with Heads of Department Discuss conference call with FD Tom’s appraisal Re-arrange for Friday Jill – rearrange this please Handover to John Jill – send my apologies Move to tomorrow (pm) Move to Monday – tell HR July Send apologies!!
27
Management of a data breach Risk Assessment – What sort of data is involved? – What level of sensitivity is it? – What is your best assessment of what has happened to the data (in terms of unauthorised parties who have access to it, and for how long they have had access)? – What is its value to the unauthorised party? what harm could come to the affected individuals? – How much data is involved? – Are there wider consequences e.g. risk to public health? – Should passwords be changed or banks contacted?
28
Anniversary today!! Jill – can you rearrange dinner for tomorrow and please send Trudy some flowers? Data protection training (until 12.30) Lunch with Tom Lunch with Arnold re: finance Meeting with Jenna Murray Oursourcing Agreement! Pick up kids (Trudy at hairdressers ) JILL CANCEL EVERYTHING!!!
29
Management of a data breach Notification – ICO notification: telecoms sector and public bodies must notify. Other sectors currently voluntary regime – FCA and other regulators: sector-specific rules apply – Individuals: "will notification help them?" is the ICO's overriding concern Conclusion: notification is not an end in itself
30
Management of a data breach Notification Content – “How and when" details and overview – Affected data, affected number of individuals – Breach response so far, mitigation steps taken so far – Security measures in place – Whether individuals have been informed – Whether there has been media coverage – Whether investigation is being carried out, and if so, when is it due and in what format – Whether other regulators or the police have been informed – What future preventive measures you plan – Is there any other information that would be useful?
31
Thank you
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.