SlideShare a Scribd company logo

Mark Singer, 2nd Cyber Insurance & Incident Response Conference

Starttech Ventures
Starttech Ventures

Ομιλία - Παρουσίαση: “Ransomware Incident Response” Mark Singer, Cyber and Tech E&O Claims Manager, Beazley

Presentations & Public Speaking
1 of 20
Download to read offline
The Role of Cyber Insurance in Ransomware Incidents CYBER INSURANCE & INCIDENT RESPONSE CONFERENCE THURSDAY 5TH NOVEMBER 2020 1
Agenda Introduction Trends Pre-Incident Breach Recovery 2
Global Incidents by Cause of Loss 2017 - 2019 3
The Rise of Ransomware 4
Pre-Breach: “When” Not “If” In the field of observation, chance favors the prepared mind. Louis Pasteur (Translated) 5
Pre-Breach: “When” Not “If” Incident Response Plan: Test… • Plan • People • Technology Preparation Detection Containment Eradication Recovery Post- Incident 6
Life Cycle of a Breach Phase 1: Discovery Theft, loss, or unauthorized disclosure of: Personally Identifiable Information (PII) or Protected Health Information (PHI) that is in the care, custody or control of an organization, or a third party for whom the organization is legally liable. Phase 2: Investigation Legal and Forensic Investigation Phase 3: Response Notification, Call Center, and Credit Monitoring Public Relations Crisis Management Phase 4: Defense Class Actions Lawsuits Regulatory Investigations Reputational Damage Income Loss 7
Legal and Forensic Investigation Life Cycle of a Breach: The Claim Process Phase 1: Discovery Theft, loss, or unauthorized disclosure of: Personally Identifiable Information (PII) or Protected Health Information (PHI) that is in the care, custody or control of an organization, or a third party for whom the organization is legally liable. Phase 2: Investigation Legal and Forensic Investigation Phase 3: Response Notification, Call Center, and Credit Monitoring Public Relations Crisis Management Phase 4: Defense Class Actions Lawsuits Regulatory Investigations Reputational Damage Income Loss Phase 1: Discovery Theft, loss, or unauthorized disclosure of: Personally Identifiable Information (PII) or Protected Health Information (PHI) that is in the care, custody or control of an organization, or a third party for whom the organization is legally liable. Notification, Call Center, and Credit Monitoring Public Relations Crisis Management Phase 2: Investigation Phase 3: Response Phase 4: Defense Class Actions Lawsuits Income Loss Regulatory Investigations Reputational Damage Notice the Carrier Coverage Analysis Legal – Forensic – Vendor Consent Settlement and Recovery 8
Phase 1: Discovering the Breach Theft, loss, or unauthorized disclosure of: Personally Identifiable Information (PII) or Protected Health Information (PHI) that is in the care, custody or control of an organization, or a third party for whom the organization is legally liable. 9
Phase 1: Discovering the Breach Notice Your Carrier • Identify the Policy • (Brief) Description of Incident • Status • Contact Information Acknowledgment • Identifies Key Decision Makers • Questions to Insured/Requests a Call • Begin Facilitating Engagements with Legal, Forensics, and Vendors 10
Life Cycle of a Breach Phase 1: Discovery Theft, loss, or unauthorized disclosure of: Personally Identifiable Information (PII) or Protected Health Information (PHI) that is in the care, custody or control of an organization, or a third party for whom the organization is legally liable. Phase 2: Investigation Legal and Forensic Investigation Phase 3: Response Notification, Call Center, and Credit Monitoring Phase 4: Defense Class Actions Lawsuits Income Loss Regulatory Investigations Reputational Damage Regulatory Investigations Reputational Damage Regulatory Investigations Reputational Damage Notice the Carrier Coverage Analysis Legal – Forensic – Vendor Management Settlement and Recovery 11
Phase 2: Investigating the Breach Ransomware Analysis • Vendor engagement • Threat actor communications • Backups • Data exfiltration • Settlement 12
Phase 2: Investigating the Breach Legal Investigation: • Notification Obligations for Individuals and Regulators Forensic Investigation: • Who, What, Where, When, Why and How of Affected Systems, Data, and Persons 13
Phase 2: Investigating the Breach Coverage Analysis • Recitation of Known Facts • Identify Unknown Facts that Might be Relevant • Facilitate Legal, Forensics, Call Center, Mailing Service, Credit Monitoring 14
Life Cycle of a Breach Phase 1: Discovery Theft, loss, or unauthorized disclosure of: Personally Identifiable Information (PII) or Protected Health Information (PHI) that is in the care, custody or control of an organization, or a third party for whom the organization is legally liable. Phase 2: Investigation Legal and Forensic Investigationv Phase 4: Defense Class Actions Lawsuits Regulatory Investigations Reputational Damage Income Loss Phase 3: Response Notification, Call Center, and Credit Monitoring Public Relations Crisis Management Regulatory Investigations Reputational Damage Regulatory Investigations Reputational Damage Regulatory Investigations Reputational Damage Notice the Carrier Coverage Analysis Legal – Forensic – Vendor Management Settlement and Recovery 15
Phase 3: Responding to the Breach Defensible Notice: • Affected Individuals • Notification • Call Center • Credit Monitoring • Government Entities • Public Relations • Crisis Management 16
Life Cycle of a Breach Phase 1: Discovery Theft, loss, or unauthorized disclosure of: Personally Identifiable Information (PII) or Protected Health Information (PHI) that is in the care, custody or control of an organization, or a third party for whom the organization is legally liable. Phase 3: Response Notification, Call Center, and Credit Monitoring Public Relations Crisis Management Phase 4: Defense Class Actions Lawsuits Regulatory Investigations Reputational Damage Income Loss Phase 2: Investigation Legal and Forensic Investigation Regulatory Investigations Reputational Damage Public Relations Crisis Management Regulatory Investigations Reputational Damage Regulatory Investigations Reputational Damage Regulatory Investigations Reputational Damage Notice the Carrier Coverage Analysis Legal – Forensic – Vendor Management Settlement and Recovery 17
Phase 4: Defending The Response Third-Party and Regulatory Defense: • Class Action(s) by Affected Individuals • Business Partners • Regulatory Investigations • Payment Card Industry (PCI) Investigation 18
Phase 4: Defending The Response Claims Support • Timely Consent for Potential Settlement • Retention/Limit Analysis • Co-ordinate Various “Fronts” (Third-Party, Regulatory, and PCI) 19
Recovery: Cyber Business Interruption • Make the Insured “Whole” • Proof of Loss: An Evolving Process • Betterment Issues: An Evolving Coverage 20

Recommended

Jason Anthony Smith - thesis short summary v1.0
Jason Anthony Smith - thesis short summary v1.0Jason Anthony Smith - thesis short summary v1.0
Jason Anthony Smith - thesis short summary v1.0
Jason Smith
 
Powerpoint v7
Powerpoint v7Powerpoint v7
Powerpoint v7
Veronica Pereira
 
Insider Threat
Insider ThreatInsider Threat
Insider Threat
Andy Thompson
 
Insider threat
Insider threatInsider threat
Insider threat
ARCON TECHSOLUTIONS
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
Marc Crudgington, MBA
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat Awareness
Eric Schiowitz
 
Phishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAMPhishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAM
Courion Corporation
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
Sean Graham
 

Recommended

Jason Anthony Smith - thesis short summary v1.0
Jason Anthony Smith - thesis short summary v1.0Jason Anthony Smith - thesis short summary v1.0
Jason Anthony Smith - thesis short summary v1.0
Jason Smith
 
Powerpoint v7
Powerpoint v7Powerpoint v7
Powerpoint v7
Veronica Pereira
 
Insider Threat
Insider ThreatInsider Threat
Insider Threat
Andy Thompson
 
Insider threat
Insider threatInsider threat
Insider threat
ARCON TECHSOLUTIONS
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
Marc Crudgington, MBA
 
Expert FSO Insider Threat Awareness
Expert FSO Insider Threat AwarenessExpert FSO Insider Threat Awareness
Expert FSO Insider Threat Awareness
Eric Schiowitz
 
Phishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAMPhishing: How to get off the hook using Intelligent IAM
Phishing: How to get off the hook using Intelligent IAM
Courion Corporation
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
Sean Graham
 
Three strategies for organizations to follow to disrupt cybercriminals sellin...
Three strategies for organizations to follow to disrupt cybercriminals sellin...Three strategies for organizations to follow to disrupt cybercriminals sellin...
Three strategies for organizations to follow to disrupt cybercriminals sellin...
Anushree
 
Pro CERT
Pro CERT Pro CERT
Pro CERT
Dragos Lungu
 
Insider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoInsider Threats Webinar Final_Tyco
Insider Threats Webinar Final_Tyco
Matt Frowert
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
Resilient Systems
 
Moving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionMoving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting Introduction
Blackbaud
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
Lancope, Inc.
 
HHS Ransomware and Breach Guidance - Brad Nigh
HHS Ransomware and Breach Guidance - Brad NighHHS Ransomware and Breach Guidance - Brad Nigh
HHS Ransomware and Breach Guidance - Brad Nigh
FRSecure
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
BeyondTrust
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
Lancope, Inc.
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insiders
gjohansen
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law Firm
Next Dimension Inc.
 
HIPAA – Where’s the Harm? Final Rule Update
HIPAA – Where’s the Harm? Final Rule Update HIPAA – Where’s the Harm? Final Rule Update
HIPAA – Where’s the Harm? Final Rule Update
Resilient Systems
 
Case study on forensic audit
Case study on forensic auditCase study on forensic audit
Case study on forensic audit
SBS AND COMPANY LLP, CHARTERED ACCOUNTANTS
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Law
guest8b10a3
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Casey Ellis
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
bugcrowd
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
Casey Ellis
 
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)
Kroll
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
Quarles & Brady
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breach
Gowling WLG
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
Glenn E. Davis
 
Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013
Amy Purcell
 

More Related Content

What's hot

Insider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoInsider Threats Webinar Final_Tyco
Insider Threats Webinar Final_Tyco
Matt Frowert
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
Resilient Systems
 
Moving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionMoving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting Introduction
Blackbaud
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
Lancope, Inc.
 

What's hot (10)

Three strategies for organizations to follow to disrupt cybercriminals sellin...
Three strategies for organizations to follow to disrupt cybercriminals sellin...Three strategies for organizations to follow to disrupt cybercriminals sellin...
Three strategies for organizations to follow to disrupt cybercriminals sellin...
 
Pro CERT
Pro CERT Pro CERT
Pro CERT
 
Insider Threats Webinar Final_Tyco
Insider Threats Webinar Final_TycoInsider Threats Webinar Final_Tyco
Insider Threats Webinar Final_Tyco
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
 
Moving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting IntroductionMoving to the Cloud: A Security and Hosting Introduction
Moving to the Cloud: A Security and Hosting Introduction
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
HHS Ransomware and Breach Guidance - Brad Nigh
HHS Ransomware and Breach Guidance - Brad NighHHS Ransomware and Breach Guidance - Brad Nigh
HHS Ransomware and Breach Guidance - Brad Nigh
 
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce RiskThe Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
The Hacker Playbook: How to Think like a Cybercriminal to Reduce Risk
 
Insider threat v3
Insider threat v3Insider threat v3
Insider threat v3
 
Malicious Insiders
Malicious InsidersMalicious Insiders
Malicious Insiders
 

Similar to Mark Singer, 2nd Cyber Insurance & Incident Response Conference

HIPAA – Where’s the Harm? Final Rule Update
HIPAA – Where’s the Harm? Final Rule Update HIPAA – Where’s the Harm? Final Rule Update
HIPAA – Where’s the Harm? Final Rule Update
Resilient Systems
 
Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013
Amy Purcell
 
CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15
E Andrew Keeney
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industry
Numaan Huq
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
IJNSA Journal
 

Similar to Mark Singer, 2nd Cyber Insurance & Incident Response Conference (20)

Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law Firm
 
HIPAA – Where’s the Harm? Final Rule Update
HIPAA – Where’s the Harm? Final Rule Update HIPAA – Where’s the Harm? Final Rule Update
HIPAA – Where’s the Harm? Final Rule Update
 
Case study on forensic audit
Case study on forensic auditCase study on forensic audit
Case study on forensic audit
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Law
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal CounselBug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
Bug Bounties, Ransomware, and Other Cyber Hype for Legal Counsel
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)The Science and Art of Cyber Incident Response (with Case Studies)
The Science and Art of Cyber Incident Response (with Case Studies)
 
Data Breach Response is a Team Sport
Data Breach Response is a Team SportData Breach Response is a Team Sport
Data Breach Response is a Team Sport
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breach
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013Cyber-Security: A Shared Responsibility -- November 2013
Cyber-Security: A Shared Responsibility -- November 2013
 
Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015Cybersecurity Seminar March 2015
Cybersecurity Seminar March 2015
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...
 
reserach paper on Study Of Digital Forensics Process.docx
reserach paper on Study Of Digital Forensics Process.docxreserach paper on Study Of Digital Forensics Process.docx
reserach paper on Study Of Digital Forensics Process.docx
 
Cybersecurity Workshop
Cybersecurity Workshop Cybersecurity Workshop
Cybersecurity Workshop
 
CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15CULCT Cybersecurity Workshop 2.10.15
CULCT Cybersecurity Workshop 2.10.15
 
wp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industrywp-analyzing-breaches-by-industry
wp-analyzing-breaches-by-industry
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
 
HIPAA 2015 webinar
HIPAA 2015 webinarHIPAA 2015 webinar
HIPAA 2015 webinar
 

More from Starttech Ventures

More from Starttech Ventures (20)

Γιάννης Χονδρέλης, 11th Clinical Research Conference
Γιάννης Χονδρέλης, 11th Clinical Research ConferenceΓιάννης Χονδρέλης, 11th Clinical Research Conference
Γιάννης Χονδρέλης, 11th Clinical Research Conference
 
Γιώργος Βαρδαμίδης, 11th Clinical Research Conference
Γιώργος Βαρδαμίδης, 11th Clinical Research ConferenceΓιώργος Βαρδαμίδης, 11th Clinical Research Conference
Γιώργος Βαρδαμίδης, 11th Clinical Research Conference
 
Θανάσης Κώτσανης, 11th Clinical Research Conference
Θανάσης Κώτσανης, 11th Clinical Research ConferenceΘανάσης Κώτσανης, 11th Clinical Research Conference
Θανάσης Κώτσανης, 11th Clinical Research Conference
 
Παναγιώτης Παπαναγιώτου, 8th MedTech Conference
Παναγιώτης Παπαναγιώτου, 8th MedTech ConferenceΠαναγιώτης Παπαναγιώτου, 8th MedTech Conference
Παναγιώτης Παπαναγιώτου, 8th MedTech Conference
 
Θεοδόσιος Μπίσδας, 8th MedTech Conference
Θεοδόσιος Μπίσδας, 8th MedTech ConferenceΘεοδόσιος Μπίσδας, 8th MedTech Conference
Θεοδόσιος Μπίσδας, 8th MedTech Conference
 
Γιώργος Μοσχοβάκης, 8th MedTech Conference
Γιώργος Μοσχοβάκης, 8th MedTech ConferenceΓιώργος Μοσχοβάκης, 8th MedTech Conference
Γιώργος Μοσχοβάκης, 8th MedTech Conference
 
Θανάσης Πετμεζάς, 8th MedTech Conference
Θανάσης Πετμεζάς, 8th MedTech ConferenceΘανάσης Πετμεζάς, 8th MedTech Conference
Θανάσης Πετμεζάς, 8th MedTech Conference
 
Λεωνίδας Βαλάσας, 8th MedTech Conference
Λεωνίδας Βαλάσας, 8th MedTech ConferenceΛεωνίδας Βαλάσας, 8th MedTech Conference
Λεωνίδας Βαλάσας, 8th MedTech Conference
 
Νικόλαος Κουρεντζής, 8th MedTech Conference
Νικόλαος Κουρεντζής, 8th MedTech ConferenceΝικόλαος Κουρεντζής, 8th MedTech Conference
Νικόλαος Κουρεντζής, 8th MedTech Conference
 
Στέργιος Μπακάλης & Γεώργιος Μπήτρος, 4o Συνέδριο Επαγγελματικής Ασφάλισης
Στέργιος Μπακάλης & Γεώργιος Μπήτρος, 4o Συνέδριο Επαγγελματικής ΑσφάλισηςΣτέργιος Μπακάλης & Γεώργιος Μπήτρος, 4o Συνέδριο Επαγγελματικής Ασφάλισης
Στέργιος Μπακάλης & Γεώργιος Μπήτρος, 4o Συνέδριο Επαγγελματικής Ασφάλισης
 
Ηλίας Γεωργουλέας, 4o Συνέδριο Επαγγελματικής Ασφάλισης
Ηλίας Γεωργουλέας, 4o Συνέδριο Επαγγελματικής ΑσφάλισηςΗλίας Γεωργουλέας, 4o Συνέδριο Επαγγελματικής Ασφάλισης
Ηλίας Γεωργουλέας, 4o Συνέδριο Επαγγελματικής Ασφάλισης
 
Ηλίας Λεκκός, 4o Συνέδριο Επαγγελματικής Ασφάλισης
Ηλίας Λεκκός, 4o Συνέδριο Επαγγελματικής ΑσφάλισηςΗλίας Λεκκός, 4o Συνέδριο Επαγγελματικής Ασφάλισης
Ηλίας Λεκκός, 4o Συνέδριο Επαγγελματικής Ασφάλισης
 
Ανδρέας Χατζηκύρου, 4o Συνέδριο Επαγγελματικής Ασφάλισης
Ανδρέας Χατζηκύρου, 4o Συνέδριο Επαγγελματικής ΑσφάλισηςΑνδρέας Χατζηκύρου, 4o Συνέδριο Επαγγελματικής Ασφάλισης
Ανδρέας Χατζηκύρου, 4o Συνέδριο Επαγγελματικής Ασφάλισης
 
Dr. Thorsten Guthke, 4o Συνέδριο Επαγγελματικής Ασφάλισης
Dr. Thorsten Guthke, 4o Συνέδριο Επαγγελματικής ΑσφάλισηςDr. Thorsten Guthke, 4o Συνέδριο Επαγγελματικής Ασφάλισης
Dr. Thorsten Guthke, 4o Συνέδριο Επαγγελματικής Ασφάλισης
 
Μάνος Δροσατάκης, 4o Συνέδριο Επαγγελματικής Ασφάλισης
Μάνος Δροσατάκης, 4o Συνέδριο Επαγγελματικής ΑσφάλισηςΜάνος Δροσατάκης, 4o Συνέδριο Επαγγελματικής Ασφάλισης
Μάνος Δροσατάκης, 4o Συνέδριο Επαγγελματικής Ασφάλισης
 
Βύρων Κοτζαμάνης, 4o Συνέδριο Επαγγελματικής Ασφάλισης
Βύρων Κοτζαμάνης, 4o Συνέδριο Επαγγελματικής ΑσφάλισηςΒύρων Κοτζαμάνης, 4o Συνέδριο Επαγγελματικής Ασφάλισης
Βύρων Κοτζαμάνης, 4o Συνέδριο Επαγγελματικής Ασφάλισης
 
Tim Currell, 4o Συνέδριο Επαγγελματικής Ασφάλισης
Tim Currell, 4o Συνέδριο Επαγγελματικής ΑσφάλισηςTim Currell, 4o Συνέδριο Επαγγελματικής Ασφάλισης
Tim Currell, 4o Συνέδριο Επαγγελματικής Ασφάλισης
 
Ilias E. Xirouhakis
Ilias E. XirouhakisIlias E. Xirouhakis
Ilias E. Xirouhakis
 
Δημήτρης Αλεξάνδρου
Δημήτρης ΑλεξάνδρουΔημήτρης Αλεξάνδρου
Δημήτρης Αλεξάνδρου
 
Δημήτριος Τσεκούρας
Δημήτριος ΤσεκούραςΔημήτριος Τσεκούρας
Δημήτριος Τσεκούρας
 

Recently uploaded

The Concession of Asaba International Airport: Balancing Politics and Policy ...
The Concession of Asaba International Airport: Balancing Politics and Policy ...The Concession of Asaba International Airport: Balancing Politics and Policy ...
The Concession of Asaba International Airport: Balancing Politics and Policy ...
Kayode Fayemi
 
"I hear you": Moving beyond empathy in UXR
"I hear you": Moving beyond empathy in UXR"I hear you": Moving beyond empathy in UXR
"I hear you": Moving beyond empathy in UXR
Megan Campos
 
ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdf
ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdfACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdf
ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdf
Kinben Innovation Private Limited
 

Recently uploaded (12)

Using AI to boost productivity for developers
Using AI to boost productivity for developersUsing AI to boost productivity for developers
Using AI to boost productivity for developers
 
TSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptx
TSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptxTSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptx
TSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptx
 
SaaStr Workshop Wednesday with CEO of Guru
SaaStr Workshop Wednesday with CEO of GuruSaaStr Workshop Wednesday with CEO of Guru
SaaStr Workshop Wednesday with CEO of Guru
 
The Concession of Asaba International Airport: Balancing Politics and Policy ...
The Concession of Asaba International Airport: Balancing Politics and Policy ...The Concession of Asaba International Airport: Balancing Politics and Policy ...
The Concession of Asaba International Airport: Balancing Politics and Policy ...
 
"I hear you": Moving beyond empathy in UXR
"I hear you": Moving beyond empathy in UXR"I hear you": Moving beyond empathy in UXR
"I hear you": Moving beyond empathy in UXR
 
ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdf
ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdfACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdf
ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdf
 
Microsoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdf
Microsoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdfMicrosoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdf
Microsoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdf
 
DAY 0 8 A Revelation 05-19-2024 PPT.pptx
DAY 0 8 A Revelation 05-19-2024 PPT.pptxDAY 0 8 A Revelation 05-19-2024 PPT.pptx
DAY 0 8 A Revelation 05-19-2024 PPT.pptx
 
2024-05-15-Surat Meetup-Hyperautomation.pptx
2024-05-15-Surat Meetup-Hyperautomation.pptx2024-05-15-Surat Meetup-Hyperautomation.pptx
2024-05-15-Surat Meetup-Hyperautomation.pptx
 
2024 mega trends for the digital workplace - FINAL.pdf
2024 mega trends for the digital workplace - FINAL.pdf2024 mega trends for the digital workplace - FINAL.pdf
2024 mega trends for the digital workplace - FINAL.pdf
 
STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...
STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...
STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...
 
Databricks Machine Learning Associate Exam Dumps 2024.pdf
Databricks Machine Learning Associate Exam Dumps 2024.pdfDatabricks Machine Learning Associate Exam Dumps 2024.pdf
Databricks Machine Learning Associate Exam Dumps 2024.pdf
 

Mark Singer, 2nd Cyber Insurance & Incident Response Conference

  • 1. The Role of Cyber Insurance in Ransomware Incidents CYBER INSURANCE & INCIDENT RESPONSE CONFERENCE THURSDAY 5TH NOVEMBER 2020 1
  • 3. Global Incidents by Cause of Loss 2017 - 2019 3
  • 4. The Rise of Ransomware 4
  • 5. Pre-Breach: “When” Not “If” In the field of observation, chance favors the prepared mind. Louis Pasteur (Translated) 5
  • 6. Pre-Breach: “When” Not “If” Incident Response Plan: Test… • Plan • People • Technology Preparation Detection Containment Eradication Recovery Post- Incident 6
  • 7. Life Cycle of a Breach Phase 1: Discovery Theft, loss, or unauthorized disclosure of: Personally Identifiable Information (PII) or Protected Health Information (PHI) that is in the care, custody or control of an organization, or a third party for whom the organization is legally liable. Phase 2: Investigation Legal and Forensic Investigation Phase 3: Response Notification, Call Center, and Credit Monitoring Public Relations Crisis Management Phase 4: Defense Class Actions Lawsuits Regulatory Investigations Reputational Damage Income Loss 7
  • 8. Legal and Forensic Investigation Life Cycle of a Breach: The Claim Process Phase 1: Discovery Theft, loss, or unauthorized disclosure of: Personally Identifiable Information (PII) or Protected Health Information (PHI) that is in the care, custody or control of an organization, or a third party for whom the organization is legally liable. Phase 2: Investigation Legal and Forensic Investigation Phase 3: Response Notification, Call Center, and Credit Monitoring Public Relations Crisis Management Phase 4: Defense Class Actions Lawsuits Regulatory Investigations Reputational Damage Income Loss Phase 1: Discovery Theft, loss, or unauthorized disclosure of: Personally Identifiable Information (PII) or Protected Health Information (PHI) that is in the care, custody or control of an organization, or a third party for whom the organization is legally liable. Notification, Call Center, and Credit Monitoring Public Relations Crisis Management Phase 2: Investigation Phase 3: Response Phase 4: Defense Class Actions Lawsuits Income Loss Regulatory Investigations Reputational Damage Notice the Carrier Coverage Analysis Legal – Forensic – Vendor Consent Settlement and Recovery 8
  • 9. Phase 1: Discovering the Breach Theft, loss, or unauthorized disclosure of: Personally Identifiable Information (PII) or Protected Health Information (PHI) that is in the care, custody or control of an organization, or a third party for whom the organization is legally liable. 9
  • 10. Phase 1: Discovering the Breach Notice Your Carrier • Identify the Policy • (Brief) Description of Incident • Status • Contact Information Acknowledgment • Identifies Key Decision Makers • Questions to Insured/Requests a Call • Begin Facilitating Engagements with Legal, Forensics, and Vendors 10
  • 11. Life Cycle of a Breach Phase 1: Discovery Theft, loss, or unauthorized disclosure of: Personally Identifiable Information (PII) or Protected Health Information (PHI) that is in the care, custody or control of an organization, or a third party for whom the organization is legally liable. Phase 2: Investigation Legal and Forensic Investigation Phase 3: Response Notification, Call Center, and Credit Monitoring Phase 4: Defense Class Actions Lawsuits Income Loss Regulatory Investigations Reputational Damage Regulatory Investigations Reputational Damage Regulatory Investigations Reputational Damage Notice the Carrier Coverage Analysis Legal – Forensic – Vendor Management Settlement and Recovery 11
  • 12. Phase 2: Investigating the Breach Ransomware Analysis • Vendor engagement • Threat actor communications • Backups • Data exfiltration • Settlement 12
  • 13. Phase 2: Investigating the Breach Legal Investigation: • Notification Obligations for Individuals and Regulators Forensic Investigation: • Who, What, Where, When, Why and How of Affected Systems, Data, and Persons 13
  • 14. Phase 2: Investigating the Breach Coverage Analysis • Recitation of Known Facts • Identify Unknown Facts that Might be Relevant • Facilitate Legal, Forensics, Call Center, Mailing Service, Credit Monitoring 14
  • 15. Life Cycle of a Breach Phase 1: Discovery Theft, loss, or unauthorized disclosure of: Personally Identifiable Information (PII) or Protected Health Information (PHI) that is in the care, custody or control of an organization, or a third party for whom the organization is legally liable. Phase 2: Investigation Legal and Forensic Investigationv Phase 4: Defense Class Actions Lawsuits Regulatory Investigations Reputational Damage Income Loss Phase 3: Response Notification, Call Center, and Credit Monitoring Public Relations Crisis Management Regulatory Investigations Reputational Damage Regulatory Investigations Reputational Damage Regulatory Investigations Reputational Damage Notice the Carrier Coverage Analysis Legal – Forensic – Vendor Management Settlement and Recovery 15
  • 16. Phase 3: Responding to the Breach Defensible Notice: • Affected Individuals • Notification • Call Center • Credit Monitoring • Government Entities • Public Relations • Crisis Management 16
  • 17. Life Cycle of a Breach Phase 1: Discovery Theft, loss, or unauthorized disclosure of: Personally Identifiable Information (PII) or Protected Health Information (PHI) that is in the care, custody or control of an organization, or a third party for whom the organization is legally liable. Phase 3: Response Notification, Call Center, and Credit Monitoring Public Relations Crisis Management Phase 4: Defense Class Actions Lawsuits Regulatory Investigations Reputational Damage Income Loss Phase 2: Investigation Legal and Forensic Investigation Regulatory Investigations Reputational Damage Public Relations Crisis Management Regulatory Investigations Reputational Damage Regulatory Investigations Reputational Damage Regulatory Investigations Reputational Damage Notice the Carrier Coverage Analysis Legal – Forensic – Vendor Management Settlement and Recovery 17
  • 18. Phase 4: Defending The Response Third-Party and Regulatory Defense: • Class Action(s) by Affected Individuals • Business Partners • Regulatory Investigations • Payment Card Industry (PCI) Investigation 18
  • 19. Phase 4: Defending The Response Claims Support • Timely Consent for Potential Settlement • Retention/Limit Analysis • Co-ordinate Various “Fronts” (Third-Party, Regulatory, and PCI) 19
  • 20. Recovery: Cyber Business Interruption • Make the Insured “Whole” • Proof of Loss: An Evolving Process • Betterment Issues: An Evolving Coverage 20