Presentation is loading. Please wait.

Presentation is loading. Please wait.

Business Continuity from an Insurance Perspective Presented by Jim Carter Manager, Risk & Insurance.

Published byGerald Peter McCarthy Modified over 9 years ago

Similar presentations

Presentation on theme: "Business Continuity from an Insurance Perspective Presented by Jim Carter Manager, Risk & Insurance."— Presentation transcript:

1 Business Continuity from an Insurance Perspective Presented by Jim Carter Manager, Risk & Insurance

2 Overview 1.Disaster Planning Gone Wrong 2.Disaster Recovery and Protecting your Insurance Claim 3.Cyber Liability – NKOTB Page 2 of 20

3 Disaster Planning Gone Wrong

4 Emergency Power 4

5 Transportation

6 Redundancy of Info Services 6

7 Redundancy of Resources

8 Disaster Recovery and Protecting your Insurance Claim

9 What to do Before the Loss 1.Know Who to Call Insurance Agent/Company Recovery and Restoration Companies Industrial Hygienist 2.Have Crisis and Claim Management Teams in Place Facilities/Construction Team Resources Finance Risk Management/Insurance Real Estate 3.Have a Segregated Insurance Recovery Account in Place to Track Expenses 4.Have a Panel Adjustor in Place if You Have a Layered Insurance Program 9

10 What to Do After the Loss 1.Stop/Mitigate the Damage (Duty to Do So) 2.Call your insurance agent/company as soon as possible (immediately). 3.Secure the Site 4.Implement Incident Command and Initiate Your Crisis and Claim Teams 5.Document Damages (Photos/Records) 6.Keep Everything (Insurer’s Right to Salvage) 7.Don’t forget about employee and customer safety 10

11 Settling the Claim What to Claim 1.Property Damage Building Furniture, Fixtures and Equipment Inventory 2.Extra Expenses/Increased Cost of Working Overtime Expenses to Reduce Business Interruption 3.Business Interruption/Loss of Profits 4.Other Coverages Debris removal / Decontamination Costs / Demolition Expediting Costs / Professional Fees / Protection of Property 11

12 Cyber Risks The Newest Kid on the Block

13 World's Top Data Breaches Source: InformationisBeautiful.net 13

14 Target Corp. said that the huge data breach it suffered late 2013 happened after an intruder stole a vendor’s user ID and password and used them to gain access to the company’s computer system. What was stolen: 40 Million Customer Credit and Debit Card Numbers, Security Code Root Cause: Malware Source: DataBreachToday.Com; StarTribune.com 14

15 February 2014: Hackers obtained user ID and password from “a small number” of employees. Hackers then accessed a database containing all users records and copied “a large part” of those credentials. What was stolen: 145 Million Users Credentials Root Cause: Cyber Attack Source: New York Times 15

16 Home Depot: April 2014 Malware installed on cash register system across 2,200 stores. Home Depot said that criminals used a third-party vendor's user ID and password to enter the perimeter of its network. What was stolen: 56 Million Credit Card Information Other Personal Data Emails Root Cause: Malware Source: Associated Press 16

17 August 2014: Community Health Systems, which operates 203 hospitals across the United States, announced that hackers broke into its computers and stole data on 4.5 million patients. What was stolen: 4.5 Million Names, DOB, Addresses, Phone Numbers, SSN Root Cause: Cyber Attack Source: Modern Healthcare 17

18 February 2015: Anthem, American’s second-largest health insurer in the US. Attacker obtained user ID and password of five IT personnel. The data was exfiltrated using public external web storage. What was stolen: 78.8 Million Names, DOB, SSN, Addresses, Phone Numbers, Employment info Root Cause: Phishing / Malware Keyboard Logger Source: CNN Money, USA Today 18

19 Why Data is a Target... What Stolen Data is Worth Social Security Number $3.00 Credit Card Info $1.50 Date of Birth $3.00 Medical Record Data $50.00

20 What’s the Exposure Average Cost of a Data Breach is $3 - 4MM or $150 to $180 for Every Lost or Stolen Record What Does This Pay For: Audit and consulting services Legal services for defense and compliance Services to Victims / Identity Protection 1.Loss Reputation / Lost Business / Loss Productivity 2.Only 51% of RIMS Members Buy Privacy/Cyber Liability Insurance 20

21 Root Causes of Data Breaches

22 Federal & Statutory Requirements Following a Breach 1.There is no uniform federal law on data breaches. HIPAA Health Insurance Portability and Accountability Act HITECH established encryption and destruction protocols for PHI Gramm-Leach-Bliley Act (GLBA) for Financial Institutions The Payment Card Industry Data Security Standards (PCI-DSS Office of Management and Budget (OMB) “Breach Notification Policy” For Federal Agencies 2.State security breach notification laws generally follow a similar framework: Delineating who must comply with the law; Defining the terms “personal information” and “breach of security”; Adopting requirements for notice; Creating penalties, enforcement authorities, and remedies. 3.Florida Statutes. 501.171, 282.0041, 282.318(2)(i)

23 Q&A Jim Carter Manager, Risk & Insurances Services BayCare Health System, Inc. 2985 Drew St. Clearwater, FL 33759 Tel. 727-754-9234 Email. jim.carter@baycare.org

Download ppt "Business Continuity from an Insurance Perspective Presented by Jim Carter Manager, Risk & Insurance."

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.

Professional Nursing Services.  Privacy and Security Training explains:  The requirements of the federal HIPAA/HITEC regulations, state privacy laws.
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.

Identity Theft: How to Protect Yourself. Identity Theft Identity theft defined:  the crime of obtaining the personal or financial information of another.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
IT Security Challenges In Higher Education Steve Schuster Cornell University.

IT Security Challenges In Higher Education Steve Schuster Cornell University.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.

External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.

Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Similar presentations

Ads by Google