SlideShare a Scribd company logo

Cyber Risks Looming in the Transportation Industry

•
•
HNI Risk Services
HNI Risk Services

Cyber risk related to information security is growing. A potentially huge exposure for transportation companies is the personal data of their current and prospective drivers.

Business
1 of 51
Download to read offline
CYBER RISKS LOOMING IN THE TRANSPORTATION INDUSTRY September 2014 1
HOUSEKEEPING •Slide deck will be posted on hni.com •Q&A at the end, but feel free to ask questions throughout •Tweet @HNIRisk or using the hashtag #hniu to win some HNI swag! 2
Thanks to our sponsors!
WHO’S ON THE LINE 4 MODERATORAndrea Tarrell Director of Marketing HNI atarrell@hni.com SUBJECT MATTER EXPERTKevin Zinter Senior Vice President AmWINS Kevin.Zinter@amwins.com
Outline Summary •Review of exposures •Review of Wisconsin and state laws, and other Federal Laws •Explanation of Insuring Agreements •Brokering Challenges •Stats •Underwriting Questions •Sample Transportation Industry claims / incidents •Risk Management Services •Why AmWINS
Cyber/Privacy Exposures facing the Transportation Industry •Collection of sensitive personal information •Exchanging information with vendors, providers, outsourced firms, etc. •Use of network to provide services to others •Holding confidential business information (your own or third parties •Outsourcing services to third parties –i.e. logistics firms, freight brokers, data processing, billing and collections, etc. •Disseminating information and media online
Federal Laws •Consumer notification of potential loss of data is required in 47 states, Puerto Rico, and DC. •Personally identifiable information (PII) and protected health information (PHI), is currently governed by a patchwork of federal and state laws: –The Family Educational Rights Privacy Act (FERPA) –HIPAA –Children’s Online Privacy Protection Act –Gramm Leach Bliley Act (GLBA) –Fair Credit Reporting Act –Sarbanes-Oxley (SOX) –Federal Privacy Act –HITECH Act –Red Flags Rule –President Obama’s Cybersecurity Executive Order, among others.
Wisconsin Notification Requirements Security Breach Definition When an Entity whose principal place of business is located in WI or an Entity that maintains or licenses PI in WI knows that PI in the Entity’s possession has been acquired by a person whom the Entity has not authorized to acquire the PI, or, in the case of an Entity whose principal place of business is not located in WI, when it knows that PI pertaining to a resident of WI has been acquired by a person whom the Entity has not authorized to acquire the PI.
Wisconsin Notification Requirements Notification Obligation Any Entity to which the statute applies shall make reasonable effortsto notify each subject of the PI. An Entity is not required to provide notice of the acquisition of PI if the acquisition of PI does not create a material riskof identity theft or fraud to the subject of the PI or if the PI was acquired in good faith by an employee or agent of the Entity, if the PI is used for a lawful purpose of the Entity. An Entity shall provide the notice within a reasonable time, not to exceed 45 daysafter the Entity learns of the acquisition of PI. A determination as to reasonableness shall include consideration of the number of notices that an Entity must provide and the methods of communication available to the Entity.
Wisconsin Notification Requirements Penalties No penalties defined or outlined. Considerations •Wisconsin does not require automatic offer of free credit-monitoring to breached individuals. •Wisconsin does not require entities to notify the state Attorney General or any other governmental agencies, but it does require notice to all consumer reporting agencies and credit bureaus if more than 1,000 residents are to be notified. •Additional notification obligations apply pending the state where the consumer (affected individual) is located. http://www.beazley.com/business_lines/technology_media__business/data_breach_map.aspx
What is the difference between 1stParty Risk and 3rdParty Risk in a Cyber Liability Policy? 1stParty Risks 3rdParty Risks Direct loss incurred by our insured because of “injury” to electronic data or systems resulting from acts of others: Liability for financial losses or costs sustained by others resulting from internet or other electronic activities: •Costs of fixing the problem •Expenses to protect customers (including notification and credit monitoring costs) •Other expenses to mitigate loss (including PR and publicity costs) •Theft of data & intangible property •Loss of future income •Cyber extortion •Defense expenses •Damages resulting from customer suits and suits from others for personal/content injury, intellectual property claims, professional services, and injury from a security or privacy breach, or Regulatory fines/penalties.
Basic Insuring Agreements Found in Most Forms 1. Privacy/Security Liability Third party claims alleging failure to protectan individuals PII, whether through a network & information security failure, unauthorized access & unauthorized use, etc etc.
Basic Insuring Agreements Found in Most Forms 2. Notification Costs The hot button sublimit, and main premium driver within a Cyber Liability policy. When private/confidential information is lost, this insuring agreement covers the cost to notifythose individuals/victims that their private information was lost or stolen. 47/50 states have laws outlining the requirements to notify, usually described as a short period of time. Credit Monitoring is also often included with the Notification limit. Some forms will include Credit Repair/Remediation Services –the actual cost to repair a victim’s credit history if their information was used fraudulently.
Basic Insuring Agreements Found in Most Forms 3. Crisis Management & Forensic Expenses Costs of hiring an outside PR / consulting firmto handle media inquiries, restore insured’s brand image in the media, assist with the drafting of notification letters to breached individuals, and provide expert strategies/solutions in regards to the exact claim scenario. Forensic Expenses covers the costs for an outside expert to help determine the scope of the breach, what was exposed, and possibly eradicate the intrusion.
Basic Insuring Agreements Found in Most Forms 4. Regulatory Defense & Penalties The costs to handle inquiries & investigations, and the possible resulting fines/penaltieslevied against the insured by a regulatory or governmental body. An increasing number of regulations exist related to the protection of confidential data, and all signs point towards increased enforcement (FTC, State Attorney Generals, etc).
Basic Insuring Agreements Found in Most Forms 5. Extortion/Threat Expenses If the insured is contacted by an individual threatening to hack the system, shut down the system, and which might include a demand for payment
Basic Insuring Agreements Found in Most Forms 6. Business Interruption Interruptions in business due to breaches of a company’s network (i.e. denial of service attack).
Basic Insuring Agreements Found in Most Forms 7. Media/Content Covers libel, slander, and other forms of disparagementwith respect to display of material, as well as copyright infringement. A well written Media insuring agreement will also respond to SocialMedia exposures, such as disparaging statements made via a company’s official Twitter/Facebook page which may result in a suit brought by a 3rdparty vendor/partner or an offended individual.
Basic Insuring Agreements Found in Most Forms 8. Hacker Damage Covers the cost to repair/replace/restore damaged or destroyed data the insured had in their possession, to the state it was in previously, as a result of a hack/incident.
Basic Insuring Agreements Found in Most Forms 9. PCI Fines/Penalties Covers violations of the Payment Card Industry Data Security Standard, as levied against the insured. Generally brought as a fine or penalty, and cited as a violation of a PCI Standard as defined under Payment Card Company Rules. PCI governs the safeguarding of sensitive payment card information, by merchants.
Brokering Challenges: Why It’s Not Covered Elsewhere •General Liabilitycovers bodily injury and property damage, not stolen identities. •Property Insurancedoes not consider data as property •E&Opolicies are covering services for others for a fee. The primary intent of an E&O policy is covering a mistake/error/omission in the course of an individual’s professional service. While there is limited invasion of privacy coverage in an E&O form, the intent is only to cover errors in the course of professional services. You won’t get notification expense coverage or credit monitoring services coverage on an E&O policy, which are your primary 1stparty sublimits.
Brokering Challenges: Why It’s Not Covered Elsewhere [Cont’d] •Directors & Officers Coveragedoes not cover the key 1stparty expenses that are provided on a Cyber form. D&O is primarily for the directors’ & officers’ fiduciary duty in running the company, and will not extend coverage for 1stparty expenses associated with a breach situation. •Media Liabilitypolicies are only covering content for libel, slander and copyright, and don’t fully respond to the interrelated nature of a breach incident that turns into a Media claim. •Crime Insurancecovers employee theft of money, securities and property. A data record can be stolen, but you may not see a financial loss for many years. In the absence of the privacy/security policy, there wouldn’t be coverage for the notification and credit monitoring, which are your primary 1stparty sublimits. There can be some overlap though, at least for financial institutions, and some carriers are now offering a combo Cyber-Crime policy
Brokering Challenges: Non-Standard Policy Language COVERAGE TYPE AIG CHUBB TRAVELERS Security Security & Privacy Liability Cyber Liability Network and Information Security Liability Privacy Security & Privacy Liability Cyber Liability Network and Information Security Liability Media/Content Media Content Insurance Content Injury and Reputational injury Communications and Media Liability Regulatory Regulatory Action Regulatory Defense Regulatory Defense Business Interruption Network Interruption E-Business Interruption Business Interruption Breach Response Costs Event Management Privacy Notification Expenses and Crisis Management Expenses Crisis Management Event Expenses and Security Breach Remediation and Notification Expenses Extortion/Threat Cyber/Extortion E-Threat Expenses E-Commerce Extortion Carriers use different language, and it can be difficult to decipher. Just a few examples from various carriers:
Brokering Challenges: Exclusions to Watch For •Losses arising out of unencrypted portable devices •Notice of Claim Timing –are you required to report a claim within a certain number of days of the event/incident •Limitation of expenses paid out to within a certain number of days of the event •Stacking of Retentions •Failure, interruption, or outage to internet accessservice provided by the internet service provider that hosts the insured’s website •Failure / Requirement to update antivirusand maintain security levels referenced on the application
Brokering Challenges: Exclusions to Watch For •Failure to continuously implement the procedures and risk controls identified in the application, whether orally or in writing •Failure to follow in whole or in part, the Minimum Required Practices as listed by Endorsement •Failure to meet any service levels, performance standards, or metrics •Failure to use best efforts to install commercially available software product updates and releases, or to apply software patches •Inability to use or inadequate performance of softwareprograms due to the expiration or withdrawal of technical support by the software vendor, or that are in development or otherwise not authorized for general commercial release
Brokering Challenges: Exclusions to Watch For (cont) •Inability to use or inadequate performance of software programs due to the expiration or withdrawal of technical support by the software vendor, or that are in development or otherwise not authorized for general commercial release •Wear and tear, drop in performance, progressive deterioration, or aging of electronic equipment and other property or computer hardware being used by the insured •Malfunction or defectof any hardware, component or equipment •Involving wireless networks that are not under your control, or information exchanged over unsecured wireless networks •Does Regulatory coverage include coverage for fines/penaltiesor just the Defense? •Does Media coverage cover all forms of Media, or just online Media?
Privacy: Historical Data Breach Info http://datalossdb.org
Privacy Incidents by Breach Type –All Time http://datalossdb.org
Privacy Incidents by Breach Type –2013 http://datalossdb.org
Privacy Incidents –Inside vs. Outside –2013 http://datalossdb.org
Privacy: Costs of an Incident $3.5m* Average total cost per reporting company. Of that figure, Defense ($575k) and Settlement ($300k) continue to be a huge portion. *NetDiligence June 2013 study
Privacy: Costs of an Incident $737K Average cost for Crisis Services (forensics, notification, credit monitoring) $50K The average PCI fine. $150,000 The average Regulatory fine. $3.94 Average per-record Notification Cost of a data breach. Per-record notification estimates range from $2-$400, pending the sample size and claims studied. Other factors include vendors used in the Notification process, and whether defense costs, PR costs, and other expenses are lumped into the per-record estimates. *NetDiligence June 2013 study
Privacy: Costs of an Incident Breaches involving malware or spyware are 4.5xmore costly than breaches involving unintended/accidental disclosure** **Beazley Analysis Findings 2014
Questions to consider: •Do you hold any personally confidential data of any employees, customers, clients, etc? If so how many individual records? •Do you hold any corporate information or trade secrets, for any of your clients? •Are you aware of the notice requirements in each state if you lose control of that data? •What steps would you take/who would you call if you lost those private records? •Do you have a corporate wide privacy policy? •Do you have a disaster plan specific to data breaches? •Are your records stored electronically? Paper? Are the records secure? Do you shred?
Questions to consider: •Do any employees have access to private client records? Do you allow use of USB drives on computers with access to private data? •Are any records ever handled by a third party? •Are all of your laptops, mobile devices, and wireless connections encrypted? •Are you confident your antivirus and firewall systems are 100% effective? •How would your clients respond if you lost their private records? Do your contracts promise to do the notification if you lose their records –or will they do the notification process? •If your network was damaged or disabled by a virus or hacker attack, would it be material to your revenues/income? Do you have a backup system? How long would it take you to recover?
Additional Underwriting Questions that go into quoting a risk: Review of controls & protocols on portable devices: •How many portable computers are in circulation and what % are encrypted? •Are users able to store data to the hard drive? •Is the actual data on the portable device encrypted? •Is tracking software installed on portable devices? •Have workstations been configured to prevent the storage of data to USB dvices? •Do you have back up tapes, and if so, are they stored offsite? How are they transported? •Are the back up tapes encrypted? •Do you issue company smart phones to employees? Are they encrypted? •Do employees access confidential information on their smart phones? •Is all data backed up on a daily basis? •In the event of a breach, do your contracts put the requirement to do notification on the vendor who lost your information, or are you doing the notification?
The Biggest Breaches of All Time Heartland Payment Systems 134m records lost Target110m records lost eBay Inc. 145m records lost Adobe152m records lost TJ Maxx 94m records lost Home Depot 56m records lost Epsilon 60m records lost RSA Security 40m records lost Stuxnet Attack on Iran’s nuclear power program Department of Veterans Affairs 26.5m records lost Sony’s PlayStation 77m records lost ESTsoft 35m records lost Gawker Media 1.3m records lost Google Chinese govt infiltrated systems & stole intellectual property VeriSign Not disclosed CardSystems 40m records lost AOL 650k records lost SC Dept of Revenue4m records lost WikiLeaks Ongoing… Advocate Medical Group 4m records lost
Trucking/Transportation Claims Examples CorporateCarOnline 11/4/13 –Kirkwood, MO. Hackers stole and stored information online related to customers who used limousine and other ground transportation. The online information included plain text archives of credit card numbers, expiration dates, names, and addresses. Many of the customers were wealthy and used credit cards that would be attractive to identity thieves. Records from this breach: 850,000 Source: www.Privacyrights.org
Trucking/Transportation Claims Examples Yusen Logistics 10/25/13 –Secaucus, NJ An unencrypted laptop was stolen from an employee's vehicle sometime around September 23. It contained a spreadsheet with payroll deduction information for former and current Yusen Logistics Americas employees. It contained names, Social Security numbers, addresses, and payroll benefit deduction amounts from the period of July 2013 to September 2013. Records from this breach: unknown Source: www.Privacyrights.org
Trucking/Transportation Claims Examples US Department of Transportation 8/9/06 –Washington, DC The DOT's Office of the Inspector General reported a special agent's laptop was stolen on July 27 from a government-owned vehicle in Miami, FL, parked in a restaurant parking lot. It contained names, addresses, SSNs, and dates of birth for 80,670 persons issued commercial drivers licenses in Miami-Dade County, 42,800 persons in FL with FAA pilot certificates and 9,000 persons with FL driver's licenses. A suspect was arrested in the same parking lot where the theft occurred, but the laptop has not been recovered. Investigators found a theft ring operating in the vicinity of the restaurant parking lot. Records from this breach: 132,470 Source: www.Privacyrights.org
Trucking/Transportation Claims Examples Allied Waste 4/12/08 –Boston, MA. A strap on a garage truck snapped and sent reams of intact financial reports over downtown Boston streets. Records from this breach: unknown. Source: www.Privacyrights.org
Trucking/Transportation Claims Examples Laboratory Corporation of America 3/27/10 –Burlington, VT. Thousands of medical documents fell out of a truck bed while in transit. The scattered documents contained billing information and possibly medical records from 1993 or later. Records from this breach: unknown Source: www.Privacyrights.org
Trucking/Transportation Claims Examples Federal Reserve Bank of Dallas 8/9/05 –Dallas, TX A truck driver lost thousands of Federal Reserve Bank checks headed to Houston. It seems that the back door of the truck was not closed when the driver left the loading area. Paid and canceled checks with Social Security numbers, names, addresses and signatures were scattered on the highway between Dallas and Houston. Most of the checks were not recovered. Records from this breach: unknown Source: www.Privacyrights.org
Trucking/Transportation Claims Examples Various Taxi Cab Companies in Chicago 3/13/14 –Chicago, IL. In an unprecedented move, First American Bank made a public announcement regarding fraudulent activity they were seeing on both credit and debit cards of customers with their bank specifically related to cab rides in the city of Chicago. The bank is urging both residents and tourists to avoid paying for their cab rides with either debit or credit cards. The ongoing breach appears to be related to the card processing systems used by a significant amount of taxis in the city of Chicago. The bank has reported the breach to MasterCard. They have also reached out to Banc of America Merchant Services and Bank of America, the payment processors for the affected payment systems within the affected taxi cab companies. First American Bank is urging that Banc of America Merchant Services and Bank of America discontinue payment processing for the taxi companies who have been targeted in this breach. So far, neither entity is commenting on the breach or appear to be halting the processing services. Records from this breach: 500+ Source: www.Privacyrights.org
Trucking/Transportation Claims Examples Various Trucking firms October 2008 A group of Russian immigrants used their hacking skills to effectively run a trucking company that didn't exist. They would hack into a Department of Transportation website (Safersys.org) that listed licensed trucking firms to change the contact info (temporarily) on certain firms to their own address and phone number. Then, they would go to another online site that listed cargo in need of transportation. They'd pose as the firm whose contact info they'd replaced, get the deal, and then go find another trucking firm to actually deliver the cargo. The cargo itself would get delivered, and the scammers would contact the original cargo owners to get paid. Then, the company that actuallydelivered the cargo would contact the company these scammers pretended to be working for, and discover that it had no clue what they were talking about. This scam was effective enough to net the scammers over a half-million dollars. The scammers were eventually arrested. Source: www.Privacyrights.org
Trucking/Transportation Claims Examples ZombieZero July 2014 Logistics firms that purchase a handheld scanner used to track shipments as they are loaded and unloaded from ships, trucks, and airplanes are being warned the scanners may be infected with malware. The inventory scanners are made in China, and are allegedly being implanted with the malware purposely by the manufacturer, in an attempt to steal corporate data as well as the ‘manifests’ – what’s on the particular load and where is it going. This could in turn be used to re-route or steal the inventories/loads. Source: www.Privacyrights.org
Cyber Summary Security Failure of network and information security Privacy Failure to protect private or confidential information Media Libel, slander, and other forms of disparagement with respect to display of material, or infringement of a copyright / trademark Regulatory Coverage Fines/penalties and defense costs incurred during an investigation from a governmental or regulatory agency First Party Coverages Privacy Notification & Credit Monitoring Expenses Crisis Management / PR Expenses Forensic Expenses Extortion/Threat Expenses PCI Fines & Penalties Business Interruption
Risk Management is the Key •eRiskHub -http://eriskhub.com/ •Beazley –www.nodatabreach.com-Q&A sections, incident examples, white papers on security ‘best practices’, etc. Access to security professionals who only work with Beazley policyholders in answering questions and dealing with incidents. •Expect the unexpected •Need expertise and experience immediately •Know what vendors and partners to call
50
WHO’S ON THE LINE 51 MODERATORAndrea Tarrell Director of Marketing HNI atarrell@hni.com SUBJECT MATTER EXPERTKevin Zinter Senior Vice President AmWINS Kevin.Zinter@amwins.com

Recommended

Cyber for Beginners v2
Cyber for Beginners v2Cyber for Beginners v2
Cyber for Beginners v2Kenny Boddye
 
IDT 2015
IDT 2015IDT 2015
IDT 2015Paul Kennedy
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationBradley Arant Boult Cummings LLP
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationBradley Arant Boult Cummings LLP
 
Vendor Contracts & Cyber Risks
Vendor Contracts & Cyber RisksVendor Contracts & Cyber Risks
Vendor Contracts & Cyber RisksHB Litigation Conferences
 
Cyber Threats and Insurance
Cyber Threats and InsuranceCyber Threats and Insurance
Cyber Threats and InsuranceEric Dean
 
Adrs Flip Chart With Red Flags Rev4
Adrs Flip Chart With Red Flags Rev4Adrs Flip Chart With Red Flags Rev4
Adrs Flip Chart With Red Flags Rev4danc752
 
IIAC Young Agents - Protecting Your Insureds\' Private Information
IIAC Young Agents - Protecting Your Insureds\' Private InformationIIAC Young Agents - Protecting Your Insureds\' Private Information
IIAC Young Agents - Protecting Your Insureds\' Private InformationJason Hoeppner
 

Recommended

Cyber for Beginners v2
Cyber for Beginners v2Cyber for Beginners v2
Cyber for Beginners v2Kenny Boddye
 
IDT 2015
IDT 2015IDT 2015
IDT 2015Paul Kennedy
 
Hot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationHot Topics in Data Breach Litigation
Hot Topics in Data Breach LitigationBradley Arant Boult Cummings LLP
 
Data Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationData Breach Response: Realtime Cyber Incident Simulation
Data Breach Response: Realtime Cyber Incident SimulationBradley Arant Boult Cummings LLP
 
Vendor Contracts & Cyber Risks
Vendor Contracts & Cyber RisksVendor Contracts & Cyber Risks
Vendor Contracts & Cyber RisksHB Litigation Conferences
 
Cyber Threats and Insurance
Cyber Threats and InsuranceCyber Threats and Insurance
Cyber Threats and InsuranceEric Dean
 
Adrs Flip Chart With Red Flags Rev4
Adrs Flip Chart With Red Flags Rev4Adrs Flip Chart With Red Flags Rev4
Adrs Flip Chart With Red Flags Rev4danc752
 
IIAC Young Agents - Protecting Your Insureds\' Private Information
IIAC Young Agents - Protecting Your Insureds\' Private InformationIIAC Young Agents - Protecting Your Insureds\' Private Information
IIAC Young Agents - Protecting Your Insureds\' Private InformationJason Hoeppner
 
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud SummitThe Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud SummitShawn Tuma
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Shawn Tuma
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Lawtravismd
 
Idt
IdtIdt
IdtSpringboard
 
Powerpoint mack jackson
Powerpoint mack jacksonPowerpoint mack jackson
Powerpoint mack jacksonaiimnevada
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Responding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachResponding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachCBIZ, Inc.
 
201 CMR 17.00
201 CMR 17.00201 CMR 17.00
201 CMR 17.00bob carroll
 
Navigating Risk In Data & Technology Transactions
Navigating Risk In Data & Technology TransactionsNavigating Risk In Data & Technology Transactions
Navigating Risk In Data & Technology TransactionsMMMTechLaw
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Lawguest8b10a3
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics7wounders
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013- Mark - Fullbright
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityRachel Hamilton
 
Downey Law Group - Legal Ethics and Innovations - May 2017
Downey Law Group - Legal Ethics and Innovations - May 2017Downey Law Group - Legal Ethics and Innovations - May 2017
Downey Law Group - Legal Ethics and Innovations - May 2017Downey Law Group LLC
 
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesTech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesEvents2018
 
Key Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends ReportKey Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends ReportClio - Cloud-Based Legal Technology
 
How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?Clio - Cloud-Based Legal Technology
 
Transportation Industry Roundtable
Transportation Industry RoundtableTransportation Industry Roundtable
Transportation Industry RoundtableNew York Public Transit Association
 
Cyber insurance (linked in) the basics (tcic)
Cyber insurance (linked in) the basics (tcic)Cyber insurance (linked in) the basics (tcic)
Cyber insurance (linked in) the basics (tcic)Chris Stallard
 

More Related Content

What's hot

The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud SummitThe Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud SummitShawn Tuma
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Shawn Tuma
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Lawtravismd
 
Powerpoint mack jackson
Powerpoint mack jacksonPowerpoint mack jackson
Powerpoint mack jacksonaiimnevada
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Responding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachResponding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachCBIZ, Inc.
 
201 CMR 17.00
201 CMR 17.00201 CMR 17.00
201 CMR 17.00bob carroll
 
Navigating Risk In Data & Technology Transactions
Navigating Risk In Data & Technology TransactionsNavigating Risk In Data & Technology Transactions
Navigating Risk In Data & Technology TransactionsMMMTechLaw
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Lawguest8b10a3
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics7wounders
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013- Mark - Fullbright
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityRachel Hamilton
 
Downey Law Group - Legal Ethics and Innovations - May 2017
Downey Law Group - Legal Ethics and Innovations - May 2017Downey Law Group - Legal Ethics and Innovations - May 2017
Downey Law Group - Legal Ethics and Innovations - May 2017Downey Law Group LLC
 
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesTech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesEvents2018
 

What's hot (20)

The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud SummitThe Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
 
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
Above Compliance – Navigating the Cybersecurity Landscape and Officer & Direc...
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
 
MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Law
 
Idt
IdtIdt
Idt
 
Powerpoint mack jackson
Powerpoint mack jacksonPowerpoint mack jackson
Powerpoint mack jackson
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
Responding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachResponding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data Breach
 
201 CMR 17.00
201 CMR 17.00201 CMR 17.00
201 CMR 17.00
 
Navigating Risk In Data & Technology Transactions
Navigating Risk In Data & Technology TransactionsNavigating Risk In Data & Technology Transactions
Navigating Risk In Data & Technology Transactions
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Law
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
 
SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013SECURITY BREACH NOTIFICATION CHART 2013
SECURITY BREACH NOTIFICATION CHART 2013
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber Liability
 
Downey Law Group - Legal Ethics and Innovations - May 2017
Downey Law Group - Legal Ethics and Innovations - May 2017Downey Law Group - Legal Ethics and Innovations - May 2017
Downey Law Group - Legal Ethics and Innovations - May 2017
 
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesTech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
 
Key Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends ReportKey Insights from the 2019 Legal Trends Report
Key Insights from the 2019 Legal Trends Report
 
How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?How can you improve cybersecurity at your law firm?
How can you improve cybersecurity at your law firm?
 

Viewers also liked

Cyber insurance (linked in) the basics (tcic)
Cyber insurance (linked in) the basics (tcic)Cyber insurance (linked in) the basics (tcic)
Cyber insurance (linked in) the basics (tcic)Chris Stallard
 
Card_Processing_Deck 11032015
Card_Processing_Deck 11032015Card_Processing_Deck 11032015
Card_Processing_Deck 11032015Hannah Murray Duncan
 
Cyber Insurance - The Basics
Cyber Insurance - The Basics Cyber Insurance - The Basics
Cyber Insurance - The Basics Chris Stallard
 
Logistics & transportation industry in india
Logistics & transportation industry in indiaLogistics & transportation industry in india
Logistics & transportation industry in indiaShubham Ahirwar
 
Market Research Report : Shipping and port market in india 2014 - Sample
Market Research Report : Shipping and port market in india 2014 - SampleMarket Research Report : Shipping and port market in india 2014 - Sample
Market Research Report : Shipping and port market in india 2014 - SampleNetscribes, Inc.
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e businessRahul Kumar
 
6. Security Threats with E-Commerce
6. Security Threats with E-Commerce6. Security Threats with E-Commerce
6. Security Threats with E-CommerceJitendra Tomar
 
Best topics for seminar
Best topics for seminarBest topics for seminar
Best topics for seminarshilpi nagpal
 

Viewers also liked (10)

Transportation Industry Roundtable
Transportation Industry RoundtableTransportation Industry Roundtable
Transportation Industry Roundtable
 
Cyber insurance (linked in) the basics (tcic)
Cyber insurance (linked in) the basics (tcic)Cyber insurance (linked in) the basics (tcic)
Cyber insurance (linked in) the basics (tcic)
 
Heartland 2014 power point
Heartland 2014 power point Heartland 2014 power point
Heartland 2014 power point
 
Card_Processing_Deck 11032015
Card_Processing_Deck 11032015Card_Processing_Deck 11032015
Card_Processing_Deck 11032015
 
Cyber Insurance - The Basics
Cyber Insurance - The Basics Cyber Insurance - The Basics
Cyber Insurance - The Basics
 
Logistics & transportation industry in india
Logistics & transportation industry in indiaLogistics & transportation industry in india
Logistics & transportation industry in india
 
Market Research Report : Shipping and port market in india 2014 - Sample
Market Research Report : Shipping and port market in india 2014 - SampleMarket Research Report : Shipping and port market in india 2014 - Sample
Market Research Report : Shipping and port market in india 2014 - Sample
 
Security issues in e business
Security issues in e businessSecurity issues in e business
Security issues in e business
 
6. Security Threats with E-Commerce
6. Security Threats with E-Commerce6. Security Threats with E-Commerce
6. Security Threats with E-Commerce
 
Best topics for seminar
Best topics for seminarBest topics for seminar
Best topics for seminar
 

Similar to Cyber Risks Looming in the Transportation Industry

Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarDon Grauel
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers BDO_Consulting
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Michael C. Keeling, Esq.
 
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance PresentationFTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance PresentationBrent Hillyer
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
 
TBG Security Mgl93 H 201 CMR17.00 Compliance Service
TBG Security Mgl93 H 201 CMR17.00 Compliance ServiceTBG Security Mgl93 H 201 CMR17.00 Compliance Service
TBG Security Mgl93 H 201 CMR17.00 Compliance Servicegorsline
 
Construction Cyber Risks
Construction Cyber RisksConstruction Cyber Risks
Construction Cyber RisksGraeme Cross
 
ComplianceOnline PPT Format 2015 SEC’s New Whistleblower Rules 5.12.2015
ComplianceOnline PPT Format 2015 SEC’s New Whistleblower Rules 5.12.2015ComplianceOnline PPT Format 2015 SEC’s New Whistleblower Rules 5.12.2015
ComplianceOnline PPT Format 2015 SEC’s New Whistleblower Rules 5.12.2015Craig Taggart MBA
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)Financial Poise
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditCyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditNationalUnderwriter
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideJoAnna Cheshire
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Intermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial RisksIntermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial RisksDavid Chase
 
Protect your clients from fraud - CPA's
Protect your clients from fraud - CPA'sProtect your clients from fraud - CPA's
Protect your clients from fraud - CPA'stwhiteman
 
Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Usersjyates
 

Similar to Cyber Risks Looming in the Transportation Industry (20)

Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?
 
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance PresentationFTC overview on glba final rule on safeguards 2010 Compliance Presentation
FTC overview on glba final rule on safeguards 2010 Compliance Presentation
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
TBG Security Mgl93 H 201 CMR17.00 Compliance Service
TBG Security Mgl93 H 201 CMR17.00 Compliance ServiceTBG Security Mgl93 H 201 CMR17.00 Compliance Service
TBG Security Mgl93 H 201 CMR17.00 Compliance Service
 
Construction Cyber Risks
Construction Cyber RisksConstruction Cyber Risks
Construction Cyber Risks
 
ComplianceOnline PPT Format 2015 SEC’s New Whistleblower Rules 5.12.2015
ComplianceOnline PPT Format 2015 SEC’s New Whistleblower Rules 5.12.2015ComplianceOnline PPT Format 2015 SEC’s New Whistleblower Rules 5.12.2015
ComplianceOnline PPT Format 2015 SEC’s New Whistleblower Rules 5.12.2015
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
 
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditCyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
 
Cybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guideCybersecurity crisis management a prep guide
Cybersecurity crisis management a prep guide
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Intermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial RisksIntermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial Risks
 
Protect your clients from fraud - CPA's
Protect your clients from fraud - CPA'sProtect your clients from fraud - CPA's
Protect your clients from fraud - CPA's
 
Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Users
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
 

More from HNI Risk Services

The Health Care Challenges Employers Will Face In 2020
The Health Care Challenges Employers Will Face In 2020The Health Care Challenges Employers Will Face In 2020
The Health Care Challenges Employers Will Face In 2020HNI Risk Services
 
The State of Risk in the Transportation Industry
The State of Risk in the Transportation IndustryThe State of Risk in the Transportation Industry
The State of Risk in the Transportation IndustryHNI Risk Services
 
HNI U Managing Employee Leave
HNI U Managing Employee LeaveHNI U Managing Employee Leave
HNI U Managing Employee LeaveHNI Risk Services
 
An 11th Hour Plan for the FSMA
An 11th Hour Plan for the FSMAAn 11th Hour Plan for the FSMA
An 11th Hour Plan for the FSMAHNI Risk Services
 
Build Your ELD Strategy
Build Your ELD StrategyBuild Your ELD Strategy
Build Your ELD StrategyHNI Risk Services
 
DOT Compliance for Trucking Entities
DOT Compliance for Trucking EntitiesDOT Compliance for Trucking Entities
DOT Compliance for Trucking EntitiesHNI Risk Services
 
HNI U: Group Captive Overview
HNI U: Group Captive Overview HNI U: Group Captive Overview
HNI U: Group Captive Overview HNI Risk Services
 
DOT Compliance Presentation 2017
DOT Compliance Presentation 2017DOT Compliance Presentation 2017
DOT Compliance Presentation 2017HNI Risk Services
 
Train the Trainer: Forklift Safety
Train the Trainer: Forklift SafetyTrain the Trainer: Forklift Safety
Train the Trainer: Forklift SafetyHNI Risk Services
 
Your Compliance Manual to OSHA's 300 and 300A Forms
Your Compliance Manual to OSHA's 300 and 300A FormsYour Compliance Manual to OSHA's 300 and 300A Forms
Your Compliance Manual to OSHA's 300 and 300A FormsHNI Risk Services
 
Building Your ELD Strategy
Building Your ELD StrategyBuilding Your ELD Strategy
Building Your ELD StrategyHNI Risk Services
 
FMCSA & Wisconsin State Patrol Update 2016
FMCSA & Wisconsin State Patrol Update 2016FMCSA & Wisconsin State Patrol Update 2016
FMCSA & Wisconsin State Patrol Update 2016HNI Risk Services
 
An Employer Guide: DOL's New Overtime Exemption Rules
An Employer Guide: DOL's New Overtime Exemption RulesAn Employer Guide: DOL's New Overtime Exemption Rules
An Employer Guide: DOL's New Overtime Exemption RulesHNI Risk Services
 
HNI U: HIPAA Essentials
HNI U: HIPAA EssentialsHNI U: HIPAA Essentials
HNI U: HIPAA EssentialsHNI Risk Services
 
HNI U - Captivate Your Employee Benefits
HNI U - Captivate Your Employee BenefitsHNI U - Captivate Your Employee Benefits
HNI U - Captivate Your Employee BenefitsHNI Risk Services
 
HNI U - Brace Yourself: Fall Protection and Safety Strategies to Prevent Work...
HNI U - Brace Yourself: Fall Protection and Safety Strategies to Prevent Work...HNI U - Brace Yourself: Fall Protection and Safety Strategies to Prevent Work...
HNI U - Brace Yourself: Fall Protection and Safety Strategies to Prevent Work...HNI Risk Services
 
OSHA Initiatives Emphasis Programs and Fall Hazards
OSHA Initiatives Emphasis Programs and Fall HazardsOSHA Initiatives Emphasis Programs and Fall Hazards
OSHA Initiatives Emphasis Programs and Fall HazardsHNI Risk Services
 

More from HNI Risk Services (20)

The Health Care Challenges Employers Will Face In 2020
The Health Care Challenges Employers Will Face In 2020The Health Care Challenges Employers Will Face In 2020
The Health Care Challenges Employers Will Face In 2020
 
The State of Risk in the Transportation Industry
The State of Risk in the Transportation IndustryThe State of Risk in the Transportation Industry
The State of Risk in the Transportation Industry
 
HNI U Managing Employee Leave
HNI U Managing Employee LeaveHNI U Managing Employee Leave
HNI U Managing Employee Leave
 
HR Bootcamp
HR BootcampHR Bootcamp
HR Bootcamp
 
An 11th Hour Plan for the FSMA
An 11th Hour Plan for the FSMAAn 11th Hour Plan for the FSMA
An 11th Hour Plan for the FSMA
 
Build Your ELD Strategy
Build Your ELD StrategyBuild Your ELD Strategy
Build Your ELD Strategy
 
DOT Compliance for Trucking Entities
DOT Compliance for Trucking EntitiesDOT Compliance for Trucking Entities
DOT Compliance for Trucking Entities
 
HNI U: Group Captive Overview
HNI U: Group Captive Overview HNI U: Group Captive Overview
HNI U: Group Captive Overview
 
DOT Compliance Presentation 2017
DOT Compliance Presentation 2017DOT Compliance Presentation 2017
DOT Compliance Presentation 2017
 
Train the Trainer: Forklift Safety
Train the Trainer: Forklift SafetyTrain the Trainer: Forklift Safety
Train the Trainer: Forklift Safety
 
Your Compliance Manual to OSHA's 300 and 300A Forms
Your Compliance Manual to OSHA's 300 and 300A FormsYour Compliance Manual to OSHA's 300 and 300A Forms
Your Compliance Manual to OSHA's 300 and 300A Forms
 
Building Your ELD Strategy
Building Your ELD StrategyBuilding Your ELD Strategy
Building Your ELD Strategy
 
FMCSA & Wisconsin State Patrol Update 2016
FMCSA & Wisconsin State Patrol Update 2016FMCSA & Wisconsin State Patrol Update 2016
FMCSA & Wisconsin State Patrol Update 2016
 
HNI U: ACA Update
HNI U: ACA Update HNI U: ACA Update
HNI U: ACA Update
 
An Employer Guide: DOL's New Overtime Exemption Rules
An Employer Guide: DOL's New Overtime Exemption RulesAn Employer Guide: DOL's New Overtime Exemption Rules
An Employer Guide: DOL's New Overtime Exemption Rules
 
HNI U: HIPAA Essentials
HNI U: HIPAA EssentialsHNI U: HIPAA Essentials
HNI U: HIPAA Essentials
 
HNI U - Captivate Your Employee Benefits
HNI U - Captivate Your Employee BenefitsHNI U - Captivate Your Employee Benefits
HNI U - Captivate Your Employee Benefits
 
HNI U - Brace Yourself: Fall Protection and Safety Strategies to Prevent Work...
HNI U - Brace Yourself: Fall Protection and Safety Strategies to Prevent Work...HNI U - Brace Yourself: Fall Protection and Safety Strategies to Prevent Work...
HNI U - Brace Yourself: Fall Protection and Safety Strategies to Prevent Work...
 
OSHA Initiatives Emphasis Programs and Fall Hazards
OSHA Initiatives Emphasis Programs and Fall HazardsOSHA Initiatives Emphasis Programs and Fall Hazards
OSHA Initiatives Emphasis Programs and Fall Hazards
 
Safety Stand Down
Safety Stand DownSafety Stand Down
Safety Stand Down
 

Recently uploaded

Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfOnline Income Engine
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insightsseri bangash
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitHolger Mueller
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 DelhiCall Girls in Delhi
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876dlhescort
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...Suhani Kapoor
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...lizamodels9
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 

Recently uploaded (20)

Unlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdfUnlocking the Secrets of Affiliate Marketing.pdf
Unlocking the Secrets of Affiliate Marketing.pdf
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Understanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key InsightsUnderstanding the Pakistan Budgeting Process: Basics and Key Insights
Understanding the Pakistan Budgeting Process: Basics and Key Insights
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Progress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst SummitProgress Report - Oracle Database Analyst Summit
Progress Report - Oracle Database Analyst Summit
 
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
VIP Call Girls Gandi Maisamma ( Hyderabad ) Phone 8250192130 | ₹5k To 25k Wit...
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
Call Girls In Holiday Inn Express Gurugram➥99902@11544 ( Best price)100% Genu...
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 

Cyber Risks Looming in the Transportation Industry

  • 1. CYBER RISKS LOOMING IN THE TRANSPORTATION INDUSTRY September 2014 1
  • 2. HOUSEKEEPING •Slide deck will be posted on hni.com •Q&A at the end, but feel free to ask questions throughout •Tweet @HNIRisk or using the hashtag #hniu to win some HNI swag! 2
  • 3. Thanks to our sponsors!
  • 4. WHO’S ON THE LINE 4 MODERATORAndrea Tarrell Director of Marketing HNI atarrell@hni.com SUBJECT MATTER EXPERTKevin Zinter Senior Vice President AmWINS Kevin.Zinter@amwins.com
  • 5. Outline Summary •Review of exposures •Review of Wisconsin and state laws, and other Federal Laws •Explanation of Insuring Agreements •Brokering Challenges •Stats •Underwriting Questions •Sample Transportation Industry claims / incidents •Risk Management Services •Why AmWINS
  • 6. Cyber/Privacy Exposures facing the Transportation Industry •Collection of sensitive personal information •Exchanging information with vendors, providers, outsourced firms, etc. •Use of network to provide services to others •Holding confidential business information (your own or third parties •Outsourcing services to third parties –i.e. logistics firms, freight brokers, data processing, billing and collections, etc. •Disseminating information and media online
  • 7. Federal Laws •Consumer notification of potential loss of data is required in 47 states, Puerto Rico, and DC. •Personally identifiable information (PII) and protected health information (PHI), is currently governed by a patchwork of federal and state laws: –The Family Educational Rights Privacy Act (FERPA) –HIPAA –Children’s Online Privacy Protection Act –Gramm Leach Bliley Act (GLBA) –Fair Credit Reporting Act –Sarbanes-Oxley (SOX) –Federal Privacy Act –HITECH Act –Red Flags Rule –President Obama’s Cybersecurity Executive Order, among others.
  • 8. Wisconsin Notification Requirements Security Breach Definition When an Entity whose principal place of business is located in WI or an Entity that maintains or licenses PI in WI knows that PI in the Entity’s possession has been acquired by a person whom the Entity has not authorized to acquire the PI, or, in the case of an Entity whose principal place of business is not located in WI, when it knows that PI pertaining to a resident of WI has been acquired by a person whom the Entity has not authorized to acquire the PI.
  • 9. Wisconsin Notification Requirements Notification Obligation Any Entity to which the statute applies shall make reasonable effortsto notify each subject of the PI. An Entity is not required to provide notice of the acquisition of PI if the acquisition of PI does not create a material riskof identity theft or fraud to the subject of the PI or if the PI was acquired in good faith by an employee or agent of the Entity, if the PI is used for a lawful purpose of the Entity. An Entity shall provide the notice within a reasonable time, not to exceed 45 daysafter the Entity learns of the acquisition of PI. A determination as to reasonableness shall include consideration of the number of notices that an Entity must provide and the methods of communication available to the Entity.
  • 10. Wisconsin Notification Requirements Penalties No penalties defined or outlined. Considerations •Wisconsin does not require automatic offer of free credit-monitoring to breached individuals. •Wisconsin does not require entities to notify the state Attorney General or any other governmental agencies, but it does require notice to all consumer reporting agencies and credit bureaus if more than 1,000 residents are to be notified. •Additional notification obligations apply pending the state where the consumer (affected individual) is located. http://www.beazley.com/business_lines/technology_media__business/data_breach_map.aspx
  • 11. What is the difference between 1stParty Risk and 3rdParty Risk in a Cyber Liability Policy? 1stParty Risks 3rdParty Risks Direct loss incurred by our insured because of “injury” to electronic data or systems resulting from acts of others: Liability for financial losses or costs sustained by others resulting from internet or other electronic activities: •Costs of fixing the problem •Expenses to protect customers (including notification and credit monitoring costs) •Other expenses to mitigate loss (including PR and publicity costs) •Theft of data & intangible property •Loss of future income •Cyber extortion •Defense expenses •Damages resulting from customer suits and suits from others for personal/content injury, intellectual property claims, professional services, and injury from a security or privacy breach, or Regulatory fines/penalties.
  • 12. Basic Insuring Agreements Found in Most Forms 1. Privacy/Security Liability Third party claims alleging failure to protectan individuals PII, whether through a network & information security failure, unauthorized access & unauthorized use, etc etc.
  • 13. Basic Insuring Agreements Found in Most Forms 2. Notification Costs The hot button sublimit, and main premium driver within a Cyber Liability policy. When private/confidential information is lost, this insuring agreement covers the cost to notifythose individuals/victims that their private information was lost or stolen. 47/50 states have laws outlining the requirements to notify, usually described as a short period of time. Credit Monitoring is also often included with the Notification limit. Some forms will include Credit Repair/Remediation Services –the actual cost to repair a victim’s credit history if their information was used fraudulently.
  • 14. Basic Insuring Agreements Found in Most Forms 3. Crisis Management & Forensic Expenses Costs of hiring an outside PR / consulting firmto handle media inquiries, restore insured’s brand image in the media, assist with the drafting of notification letters to breached individuals, and provide expert strategies/solutions in regards to the exact claim scenario. Forensic Expenses covers the costs for an outside expert to help determine the scope of the breach, what was exposed, and possibly eradicate the intrusion.
  • 15. Basic Insuring Agreements Found in Most Forms 4. Regulatory Defense & Penalties The costs to handle inquiries & investigations, and the possible resulting fines/penaltieslevied against the insured by a regulatory or governmental body. An increasing number of regulations exist related to the protection of confidential data, and all signs point towards increased enforcement (FTC, State Attorney Generals, etc).
  • 16. Basic Insuring Agreements Found in Most Forms 5. Extortion/Threat Expenses If the insured is contacted by an individual threatening to hack the system, shut down the system, and which might include a demand for payment
  • 17. Basic Insuring Agreements Found in Most Forms 6. Business Interruption Interruptions in business due to breaches of a company’s network (i.e. denial of service attack).
  • 18. Basic Insuring Agreements Found in Most Forms 7. Media/Content Covers libel, slander, and other forms of disparagementwith respect to display of material, as well as copyright infringement. A well written Media insuring agreement will also respond to SocialMedia exposures, such as disparaging statements made via a company’s official Twitter/Facebook page which may result in a suit brought by a 3rdparty vendor/partner or an offended individual.
  • 19. Basic Insuring Agreements Found in Most Forms 8. Hacker Damage Covers the cost to repair/replace/restore damaged or destroyed data the insured had in their possession, to the state it was in previously, as a result of a hack/incident.
  • 20. Basic Insuring Agreements Found in Most Forms 9. PCI Fines/Penalties Covers violations of the Payment Card Industry Data Security Standard, as levied against the insured. Generally brought as a fine or penalty, and cited as a violation of a PCI Standard as defined under Payment Card Company Rules. PCI governs the safeguarding of sensitive payment card information, by merchants.
  • 21. Brokering Challenges: Why It’s Not Covered Elsewhere •General Liabilitycovers bodily injury and property damage, not stolen identities. •Property Insurancedoes not consider data as property •E&Opolicies are covering services for others for a fee. The primary intent of an E&O policy is covering a mistake/error/omission in the course of an individual’s professional service. While there is limited invasion of privacy coverage in an E&O form, the intent is only to cover errors in the course of professional services. You won’t get notification expense coverage or credit monitoring services coverage on an E&O policy, which are your primary 1stparty sublimits.
  • 22. Brokering Challenges: Why It’s Not Covered Elsewhere [Cont’d] •Directors & Officers Coveragedoes not cover the key 1stparty expenses that are provided on a Cyber form. D&O is primarily for the directors’ & officers’ fiduciary duty in running the company, and will not extend coverage for 1stparty expenses associated with a breach situation. •Media Liabilitypolicies are only covering content for libel, slander and copyright, and don’t fully respond to the interrelated nature of a breach incident that turns into a Media claim. •Crime Insurancecovers employee theft of money, securities and property. A data record can be stolen, but you may not see a financial loss for many years. In the absence of the privacy/security policy, there wouldn’t be coverage for the notification and credit monitoring, which are your primary 1stparty sublimits. There can be some overlap though, at least for financial institutions, and some carriers are now offering a combo Cyber-Crime policy
  • 23. Brokering Challenges: Non-Standard Policy Language COVERAGE TYPE AIG CHUBB TRAVELERS Security Security & Privacy Liability Cyber Liability Network and Information Security Liability Privacy Security & Privacy Liability Cyber Liability Network and Information Security Liability Media/Content Media Content Insurance Content Injury and Reputational injury Communications and Media Liability Regulatory Regulatory Action Regulatory Defense Regulatory Defense Business Interruption Network Interruption E-Business Interruption Business Interruption Breach Response Costs Event Management Privacy Notification Expenses and Crisis Management Expenses Crisis Management Event Expenses and Security Breach Remediation and Notification Expenses Extortion/Threat Cyber/Extortion E-Threat Expenses E-Commerce Extortion Carriers use different language, and it can be difficult to decipher. Just a few examples from various carriers:
  • 24. Brokering Challenges: Exclusions to Watch For •Losses arising out of unencrypted portable devices •Notice of Claim Timing –are you required to report a claim within a certain number of days of the event/incident •Limitation of expenses paid out to within a certain number of days of the event •Stacking of Retentions •Failure, interruption, or outage to internet accessservice provided by the internet service provider that hosts the insured’s website •Failure / Requirement to update antivirusand maintain security levels referenced on the application
  • 25. Brokering Challenges: Exclusions to Watch For •Failure to continuously implement the procedures and risk controls identified in the application, whether orally or in writing •Failure to follow in whole or in part, the Minimum Required Practices as listed by Endorsement •Failure to meet any service levels, performance standards, or metrics •Failure to use best efforts to install commercially available software product updates and releases, or to apply software patches •Inability to use or inadequate performance of softwareprograms due to the expiration or withdrawal of technical support by the software vendor, or that are in development or otherwise not authorized for general commercial release
  • 26. Brokering Challenges: Exclusions to Watch For (cont) •Inability to use or inadequate performance of software programs due to the expiration or withdrawal of technical support by the software vendor, or that are in development or otherwise not authorized for general commercial release •Wear and tear, drop in performance, progressive deterioration, or aging of electronic equipment and other property or computer hardware being used by the insured •Malfunction or defectof any hardware, component or equipment •Involving wireless networks that are not under your control, or information exchanged over unsecured wireless networks •Does Regulatory coverage include coverage for fines/penaltiesor just the Defense? •Does Media coverage cover all forms of Media, or just online Media?
  • 27. Privacy: Historical Data Breach Info http://datalossdb.org
  • 28. Privacy Incidents by Breach Type –All Time http://datalossdb.org
  • 29. Privacy Incidents by Breach Type –2013 http://datalossdb.org
  • 30. Privacy Incidents –Inside vs. Outside –2013 http://datalossdb.org
  • 31. Privacy: Costs of an Incident $3.5m* Average total cost per reporting company. Of that figure, Defense ($575k) and Settlement ($300k) continue to be a huge portion. *NetDiligence June 2013 study
  • 32. Privacy: Costs of an Incident $737K Average cost for Crisis Services (forensics, notification, credit monitoring) $50K The average PCI fine. $150,000 The average Regulatory fine. $3.94 Average per-record Notification Cost of a data breach. Per-record notification estimates range from $2-$400, pending the sample size and claims studied. Other factors include vendors used in the Notification process, and whether defense costs, PR costs, and other expenses are lumped into the per-record estimates. *NetDiligence June 2013 study
  • 33. Privacy: Costs of an Incident Breaches involving malware or spyware are 4.5xmore costly than breaches involving unintended/accidental disclosure** **Beazley Analysis Findings 2014
  • 34. Questions to consider: •Do you hold any personally confidential data of any employees, customers, clients, etc? If so how many individual records? •Do you hold any corporate information or trade secrets, for any of your clients? •Are you aware of the notice requirements in each state if you lose control of that data? •What steps would you take/who would you call if you lost those private records? •Do you have a corporate wide privacy policy? •Do you have a disaster plan specific to data breaches? •Are your records stored electronically? Paper? Are the records secure? Do you shred?
  • 35. Questions to consider: •Do any employees have access to private client records? Do you allow use of USB drives on computers with access to private data? •Are any records ever handled by a third party? •Are all of your laptops, mobile devices, and wireless connections encrypted? •Are you confident your antivirus and firewall systems are 100% effective? •How would your clients respond if you lost their private records? Do your contracts promise to do the notification if you lose their records –or will they do the notification process? •If your network was damaged or disabled by a virus or hacker attack, would it be material to your revenues/income? Do you have a backup system? How long would it take you to recover?
  • 36. Additional Underwriting Questions that go into quoting a risk: Review of controls & protocols on portable devices: •How many portable computers are in circulation and what % are encrypted? •Are users able to store data to the hard drive? •Is the actual data on the portable device encrypted? •Is tracking software installed on portable devices? •Have workstations been configured to prevent the storage of data to USB dvices? •Do you have back up tapes, and if so, are they stored offsite? How are they transported? •Are the back up tapes encrypted? •Do you issue company smart phones to employees? Are they encrypted? •Do employees access confidential information on their smart phones? •Is all data backed up on a daily basis? •In the event of a breach, do your contracts put the requirement to do notification on the vendor who lost your information, or are you doing the notification?
  • 37. The Biggest Breaches of All Time Heartland Payment Systems 134m records lost Target110m records lost eBay Inc. 145m records lost Adobe152m records lost TJ Maxx 94m records lost Home Depot 56m records lost Epsilon 60m records lost RSA Security 40m records lost Stuxnet Attack on Iran’s nuclear power program Department of Veterans Affairs 26.5m records lost Sony’s PlayStation 77m records lost ESTsoft 35m records lost Gawker Media 1.3m records lost Google Chinese govt infiltrated systems & stole intellectual property VeriSign Not disclosed CardSystems 40m records lost AOL 650k records lost SC Dept of Revenue4m records lost WikiLeaks Ongoing… Advocate Medical Group 4m records lost
  • 38. Trucking/Transportation Claims Examples CorporateCarOnline 11/4/13 –Kirkwood, MO. Hackers stole and stored information online related to customers who used limousine and other ground transportation. The online information included plain text archives of credit card numbers, expiration dates, names, and addresses. Many of the customers were wealthy and used credit cards that would be attractive to identity thieves. Records from this breach: 850,000 Source: www.Privacyrights.org
  • 39. Trucking/Transportation Claims Examples Yusen Logistics 10/25/13 –Secaucus, NJ An unencrypted laptop was stolen from an employee's vehicle sometime around September 23. It contained a spreadsheet with payroll deduction information for former and current Yusen Logistics Americas employees. It contained names, Social Security numbers, addresses, and payroll benefit deduction amounts from the period of July 2013 to September 2013. Records from this breach: unknown Source: www.Privacyrights.org
  • 40. Trucking/Transportation Claims Examples US Department of Transportation 8/9/06 –Washington, DC The DOT's Office of the Inspector General reported a special agent's laptop was stolen on July 27 from a government-owned vehicle in Miami, FL, parked in a restaurant parking lot. It contained names, addresses, SSNs, and dates of birth for 80,670 persons issued commercial drivers licenses in Miami-Dade County, 42,800 persons in FL with FAA pilot certificates and 9,000 persons with FL driver's licenses. A suspect was arrested in the same parking lot where the theft occurred, but the laptop has not been recovered. Investigators found a theft ring operating in the vicinity of the restaurant parking lot. Records from this breach: 132,470 Source: www.Privacyrights.org
  • 41. Trucking/Transportation Claims Examples Allied Waste 4/12/08 –Boston, MA. A strap on a garage truck snapped and sent reams of intact financial reports over downtown Boston streets. Records from this breach: unknown. Source: www.Privacyrights.org
  • 42. Trucking/Transportation Claims Examples Laboratory Corporation of America 3/27/10 –Burlington, VT. Thousands of medical documents fell out of a truck bed while in transit. The scattered documents contained billing information and possibly medical records from 1993 or later. Records from this breach: unknown Source: www.Privacyrights.org
  • 43. Trucking/Transportation Claims Examples Federal Reserve Bank of Dallas 8/9/05 –Dallas, TX A truck driver lost thousands of Federal Reserve Bank checks headed to Houston. It seems that the back door of the truck was not closed when the driver left the loading area. Paid and canceled checks with Social Security numbers, names, addresses and signatures were scattered on the highway between Dallas and Houston. Most of the checks were not recovered. Records from this breach: unknown Source: www.Privacyrights.org
  • 44. Trucking/Transportation Claims Examples Various Taxi Cab Companies in Chicago 3/13/14 –Chicago, IL. In an unprecedented move, First American Bank made a public announcement regarding fraudulent activity they were seeing on both credit and debit cards of customers with their bank specifically related to cab rides in the city of Chicago. The bank is urging both residents and tourists to avoid paying for their cab rides with either debit or credit cards. The ongoing breach appears to be related to the card processing systems used by a significant amount of taxis in the city of Chicago. The bank has reported the breach to MasterCard. They have also reached out to Banc of America Merchant Services and Bank of America, the payment processors for the affected payment systems within the affected taxi cab companies. First American Bank is urging that Banc of America Merchant Services and Bank of America discontinue payment processing for the taxi companies who have been targeted in this breach. So far, neither entity is commenting on the breach or appear to be halting the processing services. Records from this breach: 500+ Source: www.Privacyrights.org
  • 45. Trucking/Transportation Claims Examples Various Trucking firms October 2008 A group of Russian immigrants used their hacking skills to effectively run a trucking company that didn't exist. They would hack into a Department of Transportation website (Safersys.org) that listed licensed trucking firms to change the contact info (temporarily) on certain firms to their own address and phone number. Then, they would go to another online site that listed cargo in need of transportation. They'd pose as the firm whose contact info they'd replaced, get the deal, and then go find another trucking firm to actually deliver the cargo. The cargo itself would get delivered, and the scammers would contact the original cargo owners to get paid. Then, the company that actuallydelivered the cargo would contact the company these scammers pretended to be working for, and discover that it had no clue what they were talking about. This scam was effective enough to net the scammers over a half-million dollars. The scammers were eventually arrested. Source: www.Privacyrights.org
  • 46. Trucking/Transportation Claims Examples ZombieZero July 2014 Logistics firms that purchase a handheld scanner used to track shipments as they are loaded and unloaded from ships, trucks, and airplanes are being warned the scanners may be infected with malware. The inventory scanners are made in China, and are allegedly being implanted with the malware purposely by the manufacturer, in an attempt to steal corporate data as well as the ‘manifests’ – what’s on the particular load and where is it going. This could in turn be used to re-route or steal the inventories/loads. Source: www.Privacyrights.org
  • 47. Cyber Summary Security Failure of network and information security Privacy Failure to protect private or confidential information Media Libel, slander, and other forms of disparagement with respect to display of material, or infringement of a copyright / trademark Regulatory Coverage Fines/penalties and defense costs incurred during an investigation from a governmental or regulatory agency First Party Coverages Privacy Notification & Credit Monitoring Expenses Crisis Management / PR Expenses Forensic Expenses Extortion/Threat Expenses PCI Fines & Penalties Business Interruption
  • 48. Risk Management is the Key •eRiskHub -http://eriskhub.com/ •Beazley –www.nodatabreach.com-Q&A sections, incident examples, white papers on security ‘best practices’, etc. Access to security professionals who only work with Beazley policyholders in answering questions and dealing with incidents. •Expect the unexpected •Need expertise and experience immediately •Know what vendors and partners to call
  • 49.
  • 50. 50
  • 51. WHO’S ON THE LINE 51 MODERATORAndrea Tarrell Director of Marketing HNI atarrell@hni.com SUBJECT MATTER EXPERTKevin Zinter Senior Vice President AmWINS Kevin.Zinter@amwins.com