SlideShare a Scribd company logo

CYBER LIABILITY FACTS AND PREVENTION: Protect Your Business with the Right Insurance

Download as PPT, PDF
-
-Gianino Gino Prieto -Dynamic Connector -Insurance Strategist

Cyber liability insurance covers losses from data breaches and privacy violations that are typically not covered by other business insurance policies. Examples of cyber breaches in 2013 include those at Target, LivingSocial, and various government agencies, where millions of customer records containing sensitive personal and financial information were compromised. Federal and state laws require companies to notify individuals affected by a breach. Cyber liability insurance can help cover the costs of forensic investigations, notifying affected parties, credit monitoring services, legal defense, fines and penalties, and public relations in the event of a breach. Premiums for cyber liability insurance start at $1,500 and the average costs of a legal defense and settlement from a breach are $500,000 and $1 million, respectively

1 of 8
CYBER LIABILITY FACTS AND PREVENTION
WHAT GOES THROUGH YOUR MIND?
What is Cyber Liability? “Liability for loss of customer or employee data is not typically covered under a corporate insurance policy. Some existing business insurance policies that offer general liability and directors and officers liability may provide a measure of coverage for those areas; however, most CEOs discover significant gaps in what is and what isn’t covered after an attack. Unfortunately, by then it’s too late.” Forbes 10/18/2012 Examples: transactions for many goods and services are conducted online, including money transfers, bill/invoice payments, and even payments for many services such as insurance coverage, for example.
• CYBER BREACHES 2013 • Target says 40 million credit, debit cards possibly breached Through remote access to two websites used by employees and suppliers • LivingSocial Daily-deal website LivingSocial confirmed that its computer systems were hacked, resulting in “unauthorized access.” The company updated its password encryption method after the breach impacted more than 50 million users. Names, email addresses, dates of birth, and salted passwords were stolen. • Washington state Administrative Office of the Courts After the public website of the Washington state Administrative Office of the Courts was hacked, sensitive data of individuals whose cases were making their way through the state court system was compromised. Names, Social Security numbers, and driver’s license numbers were accessed. • Evernote The popular notetaking software service Evernote had to reset the passwords of all of its 50 million users following a network breach. The company did not find any indication that content or payment information was stolen. Usernames, email addresses, and encrypted passwords of users were accessed. • Drupal.org The servers of the open source content management platform were hacked, and the sensitive information of close to one million accounts was stolen. As a safety measure, the company reset all passwords. Usernames, email addresses, country information, and hashed passwords were all exposed. • Federal Reserve internal site The Fed admitted that hacking collective Anonymous breached one of its internal websites, accessing the personal data of 4,000 bank executives. Mailing addresses, phone numbers, business emails and fax numbers were accessed and published by the hackers online.
Catagories of Losses • “In 2010, the U.S. Secret Service and Verizon Communication Inc.’s forensic analysis unit, which investigates cyber attacks, reported 761 data breach cases, up from 141 in 2009.Of those, 482, or 63%, were at companies with 100 employees or fewer. Visa also estimates that about 95% of the credit-card data breaches it discovers are on its smallest business customers.”1 » Negligence » • Breach of warranty » • Failure to protect data » • Failure to disclose defects in products or services regarding capabilities of protecting data » • Unreasonable delay in remedying suspension of service or loss of data » • Violations of various applicable state/federal laws » • False advertising » • Unfair or deceptive trade practices • Consumer claims are typically filed as class action lawsuits, but tend to have limited success given the difficulty in proving injury in the absence of actual identity theft. However, new legal theories continue to evolve and so may the outcome of such claims. While it is uncertain whether consumers may successfully prove damages, it is certain that the breached company will face significant costs in hiring legal counsel to defend itself
Federal & State Cyber Liability Requirements • S.B. 46 Adds Notification Requirements for Breaches of an Individual’s User Name or Email Address in Combination with a Password or Security Question and Answer that Permit • Access to an Online Account that expands the coverage of California’s existing breach law to include breaches of individuals’ online user names and email addresses, when acquired in combination with passwords or a security question and answer that would permit access to their online accounts. The bill passed the California legislature unanimously, by a final vote of 38-0 in the Senate on September 4, 2013, following final passage of an amended bill by the Assembly (77-0) on September 3, 2013. Governor Brown signed the bill on September 27th 2013. • Provisions of the Existing and Amended California Breach Notification Law • The new law amends the existing California data breach notification law, California Civil Code Section 1798.82, which has been in effect in California since July 1, 2003. That law already requires businesses and governmental agencies to notify consumers when a security breach occurs involving “an individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (1) Social security number. (2) Driver’s license number or California Identification Card number. (3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account. (4) Medical information. (5) Health insurance information.” Cal. Civ. Code Section 1798.82(h).
Products Available for Cyber Liability • Forensic Examination – The cost of obtaining a third party forensics firm is covered under most network risk policies. • Notification of Affected Third-parties – Covered by most network risk insurance policies. • Call Centers – Typically covered under a network risk policy. • Credit/Identity Monitoring – Identity Monitoring and Identity Restoration are covered by a limited number of policies in the market. • Public Relations – The direct cost of obtaining a PR firm is covered under most network risk policies • Coverage for Legal Defense costs and Indemnity payments to third parties – is available under Cyber Risk policies • Fines and Penalties from Regulatory Proceedings and PCI DSS violations Coverage for general Fines and Penalties – is available from some markets, however, insurability varies depending on jurisdiction and circumstances. Defense of a regulatory investigation/proceeding is typically covered under most policies. • Comprehensive Written Information Security Program – Typically not covered by cyber policies
Costs • They start at $1,500 and up • The average cost for legal defense was $500,000 while the average legal settlement was $1 million. Zurich Study

Recommended

Hacker Hunters Case Study
Hacker Hunters Case StudyHacker Hunters Case Study
Hacker Hunters Case StudyFableeha Choudhury
 
Recent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology GroupRecent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology GroupAccellis Technology Group
 
Takeaways from 2019's Biggest Information Security Incidents
Takeaways from 2019's Biggest Information Security IncidentsTakeaways from 2019's Biggest Information Security Incidents
Takeaways from 2019's Biggest Information Security IncidentsCBIZ, Inc.
 
Cybercrime issue
Cybercrime issueCybercrime issue
Cybercrime issueLhara Batacandolo
 
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceColombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceDulanja Liyanage
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeRaja Farhan Saeed
 
Cyber law
Cyber lawCyber law
Cyber lawabiabel
 
2014: The Year of the Data Breach
2014: The Year of the Data Breach2014: The Year of the Data Breach
2014: The Year of the Data BreachObserveIT
 

Recommended

Hacker Hunters Case Study
Hacker Hunters Case StudyHacker Hunters Case Study
Hacker Hunters Case StudyFableeha Choudhury
 
Recent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology GroupRecent Legal Cyber Attacks Presented by Accellis Technology Group
Recent Legal Cyber Attacks Presented by Accellis Technology GroupAccellis Technology Group
 
Takeaways from 2019's Biggest Information Security Incidents
Takeaways from 2019's Biggest Information Security IncidentsTakeaways from 2019's Biggest Information Security Incidents
Takeaways from 2019's Biggest Information Security IncidentsCBIZ, Inc.
 
Cybercrime issue
Cybercrime issueCybercrime issue
Cybercrime issueLhara Batacandolo
 
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceColombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceDulanja Liyanage
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeRaja Farhan Saeed
 
Cyber law
Cyber lawCyber law
Cyber lawabiabel
 
2014: The Year of the Data Breach
2014: The Year of the Data Breach2014: The Year of the Data Breach
2014: The Year of the Data BreachObserveIT
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
8 Nastiest Data Breaches In 2015
8 Nastiest Data Breaches In 20158 Nastiest Data Breaches In 2015
8 Nastiest Data Breaches In 2015Identacor
 
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsProtecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsBlake A. Klinkner
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowAct-On Software
 
Cloud Privacy
Cloud PrivacyCloud Privacy
Cloud PrivacyAct-On Software
 
Cyber Laws In Pakistan
Cyber Laws In PakistanCyber Laws In Pakistan
Cyber Laws In PakistanTaha Mehmood
 
Cyber liability and public entities infographic
Cyber liability and public entities infographic Cyber liability and public entities infographic
Cyber liability and public entities infographic Glatfelter Public Practice Insurance
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crimefiza209
 
Nascio who areyoue-authbrief122104
Nascio who areyoue-authbrief122104Nascio who areyoue-authbrief122104
Nascio who areyoue-authbrief122104Hai Nguyen
 
Identity theft pp presentation
Identity theft pp presentationIdentity theft pp presentation
Identity theft pp presentationYusuf Qadir
 
Cyber Governemace In Pakistan
Cyber Governemace In PakistanCyber Governemace In Pakistan
Cyber Governemace In PakistanShakeel Ahmed
 
iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?Hayden McCall
 
Govt authentication brief ca v
Govt authentication brief ca vGovt authentication brief ca v
Govt authentication brief ca vMike Kuhn
 
Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetHacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetLexisNexis
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
1.03 ethics and_security_review_ppt (1)
1.03 ethics and_security_review_ppt (1)1.03 ethics and_security_review_ppt (1)
1.03 ethics and_security_review_ppt (1)wright1908
 
Threats to online security and data
Threats to online security and dataThreats to online security and data
Threats to online security and dataAnthonywheeler
 
TBG Security Mgl93 H 201 CMR17.00 Compliance Service
TBG Security Mgl93 H 201 CMR17.00 Compliance ServiceTBG Security Mgl93 H 201 CMR17.00 Compliance Service
TBG Security Mgl93 H 201 CMR17.00 Compliance Servicegorsline
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
 
달라스할인항공권
달라스할인항공권달라스할인항공권
달라스할인항공권jeryeryf
 
Ticonzero news n. 65
Ticonzero news n. 65Ticonzero news n. 65
Ticonzero news n. 65PierLuigi Albini
 

More Related Content

What's hot

Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
8 Nastiest Data Breaches In 2015
8 Nastiest Data Breaches In 20158 Nastiest Data Breaches In 2015
8 Nastiest Data Breaches In 2015Identacor
 
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsProtecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsBlake A. Klinkner
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowAct-On Software
 
Cyber Laws In Pakistan
Cyber Laws In PakistanCyber Laws In Pakistan
Cyber Laws In PakistanTaha Mehmood
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crimefiza209
 
Nascio who areyoue-authbrief122104
Nascio who areyoue-authbrief122104Nascio who areyoue-authbrief122104
Nascio who areyoue-authbrief122104Hai Nguyen
 
Identity theft pp presentation
Identity theft pp presentationIdentity theft pp presentation
Identity theft pp presentationYusuf Qadir
 
Cyber Governemace In Pakistan
Cyber Governemace In PakistanCyber Governemace In Pakistan
Cyber Governemace In PakistanShakeel Ahmed
 
iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?Hayden McCall
 
Govt authentication brief ca v
Govt authentication brief ca vGovt authentication brief ca v
Govt authentication brief ca vMike Kuhn
 
Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetHacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetLexisNexis
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
1.03 ethics and_security_review_ppt (1)
1.03 ethics and_security_review_ppt (1)1.03 ethics and_security_review_ppt (1)
1.03 ethics and_security_review_ppt (1)wright1908
 
Threats to online security and data
Threats to online security and dataThreats to online security and data
Threats to online security and dataAnthonywheeler
 
TBG Security Mgl93 H 201 CMR17.00 Compliance Service
TBG Security Mgl93 H 201 CMR17.00 Compliance ServiceTBG Security Mgl93 H 201 CMR17.00 Compliance Service
TBG Security Mgl93 H 201 CMR17.00 Compliance Servicegorsline
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
 

What's hot (20)

Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information Security
 
8 Nastiest Data Breaches In 2015
8 Nastiest Data Breaches In 20158 Nastiest Data Breaches In 2015
8 Nastiest Data Breaches In 2015
 
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber ThreatsProtecting Your Law Office Against Data Breaches and Other Cyber Threats
Protecting Your Law Office Against Data Breaches and Other Cyber Threats
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to Know
 
Cloud Privacy
Cloud PrivacyCloud Privacy
Cloud Privacy
 
Cyber Laws In Pakistan
Cyber Laws In PakistanCyber Laws In Pakistan
Cyber Laws In Pakistan
 
Cyber liability and public entities infographic
Cyber liability and public entities infographic Cyber liability and public entities infographic
Cyber liability and public entities infographic
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Nascio who areyoue-authbrief122104
Nascio who areyoue-authbrief122104Nascio who areyoue-authbrief122104
Nascio who areyoue-authbrief122104
 
Identity theft pp presentation
Identity theft pp presentationIdentity theft pp presentation
Identity theft pp presentation
 
Cyber Governemace In Pakistan
Cyber Governemace In PakistanCyber Governemace In Pakistan
Cyber Governemace In Pakistan
 
iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?iStart feature: Protect and serve how safe is your personal data?
iStart feature: Protect and serve how safe is your personal data?
 
Govt authentication brief ca v
Govt authentication brief ca vGovt authentication brief ca v
Govt authentication brief ca v
 
Hacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder TargetHacker Defense: How to Make Your Law Firm a Harder Target
Hacker Defense: How to Make Your Law Firm a Harder Target
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
 
1.03 ethics and_security_review_ppt (1)
1.03 ethics and_security_review_ppt (1)1.03 ethics and_security_review_ppt (1)
1.03 ethics and_security_review_ppt (1)
 
Threats to online security and data
Threats to online security and dataThreats to online security and data
Threats to online security and data
 
TBG Security Mgl93 H 201 CMR17.00 Compliance Service
TBG Security Mgl93 H 201 CMR17.00 Compliance ServiceTBG Security Mgl93 H 201 CMR17.00 Compliance Service
TBG Security Mgl93 H 201 CMR17.00 Compliance Service
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
 

Viewers also liked

달라스할인항공권
달라스할인항공권달라스할인항공권
달라스할인항공권jeryeryf
 
James (mike) allison resume 4.25.16
James (mike) allison resume 4.25.16James (mike) allison resume 4.25.16
James (mike) allison resume 4.25.16Mike Allison
 
Efectoinvernadero 110318141523-phpapp02
Efectoinvernadero 110318141523-phpapp02Efectoinvernadero 110318141523-phpapp02
Efectoinvernadero 110318141523-phpapp02CINTHYA ZAMBRANO
 
Portfólio Danilo Lima
Portfólio Danilo LimaPortfólio Danilo Lima
Portfólio Danilo LimaDanilo Lima
 
Brochure AFM houd rekening met rentestijgingen
Brochure AFM houd rekening met rentestijgingenBrochure AFM houd rekening met rentestijgingen
Brochure AFM houd rekening met rentestijgingenJeroen Oversteegen
 
Gradinita bocsa in proiectul eco voluntariatul
Gradinita bocsa in proiectul eco voluntariatulGradinita bocsa in proiectul eco voluntariatul
Gradinita bocsa in proiectul eco voluntariatulvorbedeverde11
 
Clase 9 1 Cuat 2009 Redes sociales
Clase 9 1 Cuat 2009 Redes socialesClase 9 1 Cuat 2009 Redes sociales
Clase 9 1 Cuat 2009 Redes socialesAlejandro Piscitelli
 
Oferate voluntar schimba ceva
Oferate voluntar schimba cevaOferate voluntar schimba ceva
Oferate voluntar schimba cevavorbedeverde11
 
Cenarioreferencia1
Cenarioreferencia1Cenarioreferencia1
Cenarioreferencia1maracesar
 
Curriculum_PVA
Curriculum_PVACurriculum_PVA
Curriculum_PVAsamgomdor
 
Parcul , loc de vis şi sănătate
Parcul , loc de vis şi sănătateParcul , loc de vis şi sănătate
Parcul , loc de vis şi sănătatevorbedeverde11
 
Métodos de recuento microbiano
Métodos de recuento microbianoMétodos de recuento microbiano
Métodos de recuento microbianoandres sabogal
 

Viewers also liked (18)

달라스할인항공권
달라스할인항공권달라스할인항공권
달라스할인항공권
 
Ticonzero news n. 65
Ticonzero news n. 65Ticonzero news n. 65
Ticonzero news n. 65
 
James (mike) allison resume 4.25.16
James (mike) allison resume 4.25.16James (mike) allison resume 4.25.16
James (mike) allison resume 4.25.16
 
Efectoinvernadero 110318141523-phpapp02
Efectoinvernadero 110318141523-phpapp02Efectoinvernadero 110318141523-phpapp02
Efectoinvernadero 110318141523-phpapp02
 
Portfólio Danilo Lima
Portfólio Danilo LimaPortfólio Danilo Lima
Portfólio Danilo Lima
 
Ticonzero news n. 69
Ticonzero news n. 69Ticonzero news n. 69
Ticonzero news n. 69
 
Brochure AFM houd rekening met rentestijgingen
Brochure AFM houd rekening met rentestijgingenBrochure AFM houd rekening met rentestijgingen
Brochure AFM houd rekening met rentestijgingen
 
DevolucióN
DevolucióNDevolucióN
DevolucióN
 
Gradinita bocsa in proiectul eco voluntariatul
Gradinita bocsa in proiectul eco voluntariatulGradinita bocsa in proiectul eco voluntariatul
Gradinita bocsa in proiectul eco voluntariatul
 
Toyin Josephine Peters. - Updated
Toyin Josephine Peters. - UpdatedToyin Josephine Peters. - Updated
Toyin Josephine Peters. - Updated
 
Clase 9 1 Cuat 2009 Redes sociales
Clase 9 1 Cuat 2009 Redes socialesClase 9 1 Cuat 2009 Redes sociales
Clase 9 1 Cuat 2009 Redes sociales
 
Oferate voluntar schimba ceva
Oferate voluntar schimba cevaOferate voluntar schimba ceva
Oferate voluntar schimba ceva
 
Cenarioreferencia1
Cenarioreferencia1Cenarioreferencia1
Cenarioreferencia1
 
Curriculum_PVA
Curriculum_PVACurriculum_PVA
Curriculum_PVA
 
Ticonzero news n. 70
Ticonzero news n. 70Ticonzero news n. 70
Ticonzero news n. 70
 
Proiect didactic
Proiect didacticProiect didactic
Proiect didactic
 
Parcul , loc de vis şi sănătate
Parcul , loc de vis şi sănătateParcul , loc de vis şi sănătate
Parcul , loc de vis şi sănătate
 
Métodos de recuento microbiano
Métodos de recuento microbianoMétodos de recuento microbiano
Métodos de recuento microbiano
 

Similar to CYBER LIABILITY FACTS AND PREVENTION: Protect Your Business with the Right Insurance

George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarDon Grauel
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsOilPriceInformationService
 
The Rise of California Cybercrime
The Rise of California Cybercrime The Rise of California Cybercrime
The Rise of California Cybercrime SecureAuth
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsBen Graybar
 
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...Jim Brashear
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryHNI Risk Services
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTCompliancy Group
 
Cyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionCyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionJoe Nathans
 
Privacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesPrivacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesArt Hall
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia LunaAviva Spectrum™
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilityDFickett
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Michael C. Keeling, Esq.
 

Similar to CYBER LIABILITY FACTS AND PREVENTION: Protect Your Business with the Right Insurance (20)

George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
 
The Rise of California Cybercrime
The Rise of California Cybercrime The Rise of California Cybercrime
The Rise of California Cybercrime
 
Updated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools TacticsUpdated Cyber Security and Fraud Prevention Tools Tactics
Updated Cyber Security and Fraud Prevention Tools Tactics
 
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...
Raising the Bar for Email Security: Confidentiality and Privacy Standards tha...
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation Industry
 
The Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOTThe Most Wonderful Time of the Year for Health-IT...NOT
The Most Wonderful Time of the Year for Health-IT...NOT
 
Cyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive DiscussionCyber security legal and regulatory environment - Executive Discussion
Cyber security legal and regulatory environment - Executive Discussion
 
Privacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service RepresentativesPrivacy Do's and Don'ts for Customer Service Representatives
Privacy Do's and Don'ts for Customer Service Representatives
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
 
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
2014 GRC Conference in West Palm Beach-Moderated by Sonia Luna
 
Captive Insurance and Cyber Risk
Captive Insurance and Cyber RiskCaptive Insurance and Cyber Risk
Captive Insurance and Cyber Risk
 
IDT Red Flags White Paper By Wrf
IDT Red Flags White Paper By WrfIDT Red Flags White Paper By Wrf
IDT Red Flags White Paper By Wrf
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Sept 2012 data security & cyber liability
Sept 2012 data security & cyber liabilitySept 2012 data security & cyber liability
Sept 2012 data security & cyber liability
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
Identity in the Internet Age
Identity in the Internet Age Identity in the Internet Age
Identity in the Internet Age
 

CYBER LIABILITY FACTS AND PREVENTION: Protect Your Business with the Right Insurance

  • 2. WHAT GOES THROUGH YOUR MIND?
  • 3. What is Cyber Liability? “Liability for loss of customer or employee data is not typically covered under a corporate insurance policy. Some existing business insurance policies that offer general liability and directors and officers liability may provide a measure of coverage for those areas; however, most CEOs discover significant gaps in what is and what isn’t covered after an attack. Unfortunately, by then it’s too late.” Forbes 10/18/2012 Examples: transactions for many goods and services are conducted online, including money transfers, bill/invoice payments, and even payments for many services such as insurance coverage, for example.
  • 4. • CYBER BREACHES 2013 • Target says 40 million credit, debit cards possibly breached Through remote access to two websites used by employees and suppliers • LivingSocial Daily-deal website LivingSocial confirmed that its computer systems were hacked, resulting in “unauthorized access.” The company updated its password encryption method after the breach impacted more than 50 million users. Names, email addresses, dates of birth, and salted passwords were stolen. • Washington state Administrative Office of the Courts After the public website of the Washington state Administrative Office of the Courts was hacked, sensitive data of individuals whose cases were making their way through the state court system was compromised. Names, Social Security numbers, and driver’s license numbers were accessed. • Evernote The popular notetaking software service Evernote had to reset the passwords of all of its 50 million users following a network breach. The company did not find any indication that content or payment information was stolen. Usernames, email addresses, and encrypted passwords of users were accessed. • Drupal.org The servers of the open source content management platform were hacked, and the sensitive information of close to one million accounts was stolen. As a safety measure, the company reset all passwords. Usernames, email addresses, country information, and hashed passwords were all exposed. • Federal Reserve internal site The Fed admitted that hacking collective Anonymous breached one of its internal websites, accessing the personal data of 4,000 bank executives. Mailing addresses, phone numbers, business emails and fax numbers were accessed and published by the hackers online.
  • 5. Catagories of Losses • “In 2010, the U.S. Secret Service and Verizon Communication Inc.’s forensic analysis unit, which investigates cyber attacks, reported 761 data breach cases, up from 141 in 2009.Of those, 482, or 63%, were at companies with 100 employees or fewer. Visa also estimates that about 95% of the credit-card data breaches it discovers are on its smallest business customers.”1 » Negligence » • Breach of warranty » • Failure to protect data » • Failure to disclose defects in products or services regarding capabilities of protecting data » • Unreasonable delay in remedying suspension of service or loss of data » • Violations of various applicable state/federal laws » • False advertising » • Unfair or deceptive trade practices • Consumer claims are typically filed as class action lawsuits, but tend to have limited success given the difficulty in proving injury in the absence of actual identity theft. However, new legal theories continue to evolve and so may the outcome of such claims. While it is uncertain whether consumers may successfully prove damages, it is certain that the breached company will face significant costs in hiring legal counsel to defend itself
  • 6. Federal & State Cyber Liability Requirements • S.B. 46 Adds Notification Requirements for Breaches of an Individual’s User Name or Email Address in Combination with a Password or Security Question and Answer that Permit • Access to an Online Account that expands the coverage of California’s existing breach law to include breaches of individuals’ online user names and email addresses, when acquired in combination with passwords or a security question and answer that would permit access to their online accounts. The bill passed the California legislature unanimously, by a final vote of 38-0 in the Senate on September 4, 2013, following final passage of an amended bill by the Assembly (77-0) on September 3, 2013. Governor Brown signed the bill on September 27th 2013. • Provisions of the Existing and Amended California Breach Notification Law • The new law amends the existing California data breach notification law, California Civil Code Section 1798.82, which has been in effect in California since July 1, 2003. That law already requires businesses and governmental agencies to notify consumers when a security breach occurs involving “an individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (1) Social security number. (2) Driver’s license number or California Identification Card number. (3) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account. (4) Medical information. (5) Health insurance information.” Cal. Civ. Code Section 1798.82(h).
  • 7. Products Available for Cyber Liability • Forensic Examination – The cost of obtaining a third party forensics firm is covered under most network risk policies. • Notification of Affected Third-parties – Covered by most network risk insurance policies. • Call Centers – Typically covered under a network risk policy. • Credit/Identity Monitoring – Identity Monitoring and Identity Restoration are covered by a limited number of policies in the market. • Public Relations – The direct cost of obtaining a PR firm is covered under most network risk policies • Coverage for Legal Defense costs and Indemnity payments to third parties – is available under Cyber Risk policies • Fines and Penalties from Regulatory Proceedings and PCI DSS violations Coverage for general Fines and Penalties – is available from some markets, however, insurability varies depending on jurisdiction and circumstances. Defense of a regulatory investigation/proceeding is typically covered under most policies. • Comprehensive Written Information Security Program – Typically not covered by cyber policies
  • 8. Costs • They start at $1,500 and up • The average cost for legal defense was $500,000 while the average legal settlement was $1 million. Zurich Study