SlideShare a Scribd company logo

Webinar: Don’t Be a Victim to Cyber Liability Risks

K
KeenanSolutions

Data is everywhere within our organizations. Not protecting the data puts your organization at risk of lawsuits and other regulatory fines. Cyber liability is one of the newest emerging risks that schools, public agencies, and healthcare organizations must manage on a daily basis. Don’t become one of the almost 4,500 organizations across the United States who were victims of a data breach within the last 10 years. -

Education
1 of 32
Download to read offline
License No. 045127 Thank you for joining us. We have a great many participants in today’s call. Your phone is currently muted so that the noise level can be kept to a minimum. If you have not yet joined the audio portion of this webinar, please click on Communicate at the top of your screen, and then Join Teleconference. The dial- in information will appear. If you have any questions, you can send them to the host using the Chat feature in the bottom right corner during the webinar. The webinar will start momentarily. © 2014 Keenan & Associates Don’t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks
License No. 045127License No. 045127 Protecting Your Organization From Data Breach and Privacy Risks 2 Brad Keenan Cyber Specialist Keenan Kyle McKibbin Cyber Specialist Keenan Presented by:
License No. 045127 Cyber Summary • Cyber Risk and Data Breaches – Overview – Where are the exposures? – How much of a financial impact do they have? • Data breach examples • Cyber Risk Management – Risk retention – Risk control – Risk transfer 3
License No. 045127 Myths about Cyber Security • ALL Cyber Breaches are Preventable • “The IT Team is on top of it” • Cyber Theft/Data Breach is about credit cards • Big Corporate Companies are most at-risk • External hackers are the biggest security risk 4
License No. 045127 5
License No. 045127 40 Million Individuals; $148 Million Loss 24 States; 51 Stores $4.8 Million HIPAA Fine 350,000 credit cards; $4.1 Million Loss National Headlines 6 56 million credit cards; Unknown Loss
License No. 045127 7
License No. 045127 School Districts 8
License No. 045127 Healthcare Organizations 9
License No. 045127 Municipalities 10
License No. 045127 11
License No. 045127 Data Breach A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so 12
License No. 045127 Important Records • Student records • Employee records • Credit card information • Financial aid records • Job applicant records • Tax ID information • Utility payment records • Citation payment records • Patient records • Health plan records and ID numbers 13
License No. 045127 Exposures INTERNAL • Lost or stolen laptops, computers, flash drives or other storage devices • Backup tapes misplaced or lost in transit • Rogue employees • Inadequate computer-use policies • Weak IT Infrastructure • Employee Negligence EXTERNAL • IT consultants/vendors • Internet and network access points • Sale, donation or disposal of old office equipment (desks, file cabinets, copiers) that contain employee records • Viruses or Malware • “Dumpster diving” 14
License No. 045127 Why are Organizations at Risk • Resource Size – Less sophisticated safeguards – Less dedicated manpower may lead to delayed or no detection – Less resources to use to recover vs. big business • Ability to React – Detect/report a breach – Notify/assist affected individuals – Reimburse individuals for actual losses 15
License No. 045127 Regulation & Notification Laws • Federal guidelines – HIPAA – Payment Card Industry Data Security Standard (PCI-DSS) – Drivers Privacy Protection Act (DPPA) • Notification and consumer protection laws vary from state as to who must be notified and the manner of notification • 47 states (including California) and D.C. have separate breach laws in place as of 2/6/12 – AB 1149 (effective January 1, 2014) – SB 46 (effective January 1, 2014) 16
License No. 045127 Media Management 17 Response to a Breach
License No. 045127 Per Person Cost of a Breach 18 $316 $286 $259 $237 $236 $223 $219 $209 $204 $196 $183 $181 $172 $125 $93 $73 $0 $50 $100 $150 $200 $250 $300 $350 Healthcare Transportation Education Energy Financial Services Communications Pharmaceutical Industrial Consumer Media Technology Public Retail Hospitality Research According to 2014 Ponemon Institute Study
License No. 045127 Real Life Example #1 • Healthcare industry • Children’s health system • 1.6 million patients and employees effected • Lost three unencrypted computer backup tapes during a building remodeling project – Patient billing – Employee payroll • $316 x 1.6M = Could you absorb this loss? 19
License No. 045127 • Local Community College • Confidential records for 35,212 students were mistakenly emailed to an unknown account • The employee used a personal email account to send the data to the researcher’s personal email address because the data file was too large to go through the district’s secure, encrypted email server • The incident is costing about $290,000 20 Real Life Example #2
License No. 045127 Real Life Example #3 • Southern California City • CalPERS payment document was accidentally posted to the Water District’s website • Document contained personal information, including names and SSNs • Information of employees and former employees who were enrolled in CalPERS during July 1986- October 2011 21
License No. 045127 Risk Management Strategies Risk Transfer • Cyber Liability Insurance (Data Breach/Privacy) – A risk management option that reduces the out-of-pocket cost related to data breaches • Vendor Management – Cloud/Data management provider – Data is held by a 3rd party vendor 22
License No. 045127 Cyber Liability: First-Party Coverage Loss of Data – Costs for repair and restoration of computer programs and electronic data Cyber Extortion – Covers extortion threats to commit an intentional computer attack against the insured Crisis Management – Costs for hiring a public relations firm to mitigate negative publicity – Security experts to come in and assess the scope of the breach and determine a plan of action – Costs to comply with multiple state breach notice laws  Notification requirements  Credit monitoring for detecting fraud 23
License No. 045127 Cyber Liability: Third-Party Coverage Network and Information Security Liability – To defend and indemnify claims for breach of security and access to protected information Regulatory Defense Expenses – Defense costs and claims expenses involved with the regulatory action taken against you resulting from a data breach. 24
License No. 045127 Policy Benefits Loss Prevention Services • In-depth knowledge of the risk and specific exposures • Training and compliance solutions • IT Security Assessment services • Consultations • Proactive computer security services 25
License No. 045127 3rd Party Contractual Language 1) Seek defense/indemnity for breach of information security 2) Seek proof of insurance and adequate limits, perhaps even contract specific limits 3) Beware of limitation of liability provisions, limiting to amount of the contract 26
License No. 045127 Risk Management Strategy • Risk retention 27
License No. 045127 Risk Management Strategy Risk Control • Insider misuse • Physical theft/loss • Miscellaneous errors 28
License No. 045127 29
License No. 045127 Protect Your Organization • Privacy/Breach Mitigation Program: – network authentication – credit card security – data back-up – complex passwords & physical security controls – encrypted laptops/access – file purging • Assess your exposures, including employees, students, parents/guardians, volunteers, vendors, contractors, residents, customers, and patients • Evaluate your potential costs and liabilities in connection with a breach – Identify and track the life cycle of information in your organization 30
License No. 045127 31 Questions? Disclaimer – Keenan & Associates is an insurance brokerage and consulting firm. It is not a law firm or an accounting firm. We do not give legal advice or tax advice and neither this presentation, the answers provided during the Question and Answer period, nor the documents accompanying this presentation constitutes or should be construed as legal or tax advice. You are advised to follow up with your own legal counsel and/or tax advisor to discuss how this information affects you. 31
License No. 045127 Innovative Solutions. Enduring Principles. 32 Thank you for your participation!

Recommended

Webinar: Employment Practices Liability – Avoiding Retaliation Claims
Webinar: Employment Practices Liability – Avoiding Retaliation ClaimsWebinar: Employment Practices Liability – Avoiding Retaliation Claims
Webinar: Employment Practices Liability – Avoiding Retaliation ClaimsKeenanSolutions
 
Webinar: ACA “Notice of Coverage Options” Requirement – Are you Ready?
Webinar: ACA “Notice of Coverage Options” Requirement – Are you Ready?Webinar: ACA “Notice of Coverage Options” Requirement – Are you Ready?
Webinar: ACA “Notice of Coverage Options” Requirement – Are you Ready?KeenanSolutions
 
1588245852 epdf
1588245852 epdf1588245852 epdf
1588245852 epdfSaadiaMobeen1
 
30 Law Practice Management Tips
30 Law Practice Management Tips30 Law Practice Management Tips
30 Law Practice Management Tipslgladm59
 
Software Contract and Liability
Software Contract and LiabilitySoftware Contract and Liability
Software Contract and LiabilityMohamad Sani
 
Records Tracking and Congestion - ALA
Records Tracking and Congestion - ALARecords Tracking and Congestion - ALA
Records Tracking and Congestion - ALANoel Mijares
 
Law Office Administration & Organization
Law Office Administration & OrganizationLaw Office Administration & Organization
Law Office Administration & OrganizationMarie Tucker
 
Risky business strategies for managing the unsatisfa... sparke helmore
Risky business strategies for managing the unsatisfa... sparke helmoreRisky business strategies for managing the unsatisfa... sparke helmore
Risky business strategies for managing the unsatisfa... sparke helmoreAustralian Institute of Health & Safety
 

Recommended

Webinar: Employment Practices Liability – Avoiding Retaliation Claims
Webinar: Employment Practices Liability – Avoiding Retaliation ClaimsWebinar: Employment Practices Liability – Avoiding Retaliation Claims
Webinar: Employment Practices Liability – Avoiding Retaliation ClaimsKeenanSolutions
 
Webinar: ACA “Notice of Coverage Options” Requirement – Are you Ready?
Webinar: ACA “Notice of Coverage Options” Requirement – Are you Ready?Webinar: ACA “Notice of Coverage Options” Requirement – Are you Ready?
Webinar: ACA “Notice of Coverage Options” Requirement – Are you Ready?KeenanSolutions
 
1588245852 epdf
1588245852 epdf1588245852 epdf
1588245852 epdfSaadiaMobeen1
 
30 Law Practice Management Tips
30 Law Practice Management Tips30 Law Practice Management Tips
30 Law Practice Management Tipslgladm59
 
Software Contract and Liability
Software Contract and LiabilitySoftware Contract and Liability
Software Contract and LiabilityMohamad Sani
 
Records Tracking and Congestion - ALA
Records Tracking and Congestion - ALARecords Tracking and Congestion - ALA
Records Tracking and Congestion - ALANoel Mijares
 
Law Office Administration & Organization
Law Office Administration & OrganizationLaw Office Administration & Organization
Law Office Administration & OrganizationMarie Tucker
 
Risky business strategies for managing the unsatisfa... sparke helmore
Risky business strategies for managing the unsatisfa... sparke helmoreRisky business strategies for managing the unsatisfa... sparke helmore
Risky business strategies for managing the unsatisfa... sparke helmoreAustralian Institute of Health & Safety
 
Terminating Employees in California
Terminating Employees in CaliforniaTerminating Employees in California
Terminating Employees in CaliforniaDiana Maier
 
BYOD: Advice for Employers and Employees
BYOD: Advice for Employers and EmployeesBYOD: Advice for Employers and Employees
BYOD: Advice for Employers and EmployeesCassie McGarvey, JD
 
Fenwick SHP0412
Fenwick SHP0412Fenwick SHP0412
Fenwick SHP0412Paul Fenwick CMIOSH RMaPS
 
Small Law Office Management for the Legal Professional
Small Law Office Management for the Legal ProfessionalSmall Law Office Management for the Legal Professional
Small Law Office Management for the Legal ProfessionalShawn J. Roberts
 
Legal Administration And Technology
Legal Administration And TechnologyLegal Administration And Technology
Legal Administration And Technologylgladm59
 
Insurance Risk
Insurance RiskInsurance Risk
Insurance RiskHafeez Farooq
 
Utah_OSHA_Workplace_Accidents_Investigations_Citations
Utah_OSHA_Workplace_Accidents_Investigations_CitationsUtah_OSHA_Workplace_Accidents_Investigations_Citations
Utah_OSHA_Workplace_Accidents_Investigations_CitationsParsons Behle & Latimer
 
Employment Presentation
Employment PresentationEmployment Presentation
Employment PresentationLevenfeld Pearlstein, LLC
 
Conducting an Effective Internal Investigation
Conducting an Effective Internal InvestigationConducting an Effective Internal Investigation
Conducting an Effective Internal InvestigationParsons Behle & Latimer
 
Top7ReasonsPreventativeMaintenanceCity
Top7ReasonsPreventativeMaintenanceCityTop7ReasonsPreventativeMaintenanceCity
Top7ReasonsPreventativeMaintenanceCityAlecia Flahiff
 
Top 5 issues employment law breakfast (k0227996 2)
Top 5 issues employment law breakfast (k0227996 2)Top 5 issues employment law breakfast (k0227996 2)
Top 5 issues employment law breakfast (k0227996 2)Jonathan Hyman
 
Labor Markets Core Course 2013: Severance Payments and Labor Market Performance
Labor Markets Core Course 2013: Severance Payments and Labor Market PerformanceLabor Markets Core Course 2013: Severance Payments and Labor Market Performance
Labor Markets Core Course 2013: Severance Payments and Labor Market PerformanceHealth, Education, Social Protection and Labor World Bank
 
Ethics - Duty of Competency & Technology
Ethics - Duty of Competency & TechnologyEthics - Duty of Competency & Technology
Ethics - Duty of Competency & TechnologyMichael Cole
 
White Paper - HSE Fee For Intervention
White Paper - HSE Fee For InterventionWhite Paper - HSE Fee For Intervention
White Paper - HSE Fee For InterventionRoger Hart MSc CMIOSH CSHP (OSHCR)
 
Back to the Office, Back to the Basics
Back to the Office, Back to the BasicsBack to the Office, Back to the Basics
Back to the Office, Back to the BasicsParsons Behle & Latimer
 
Contractor's guide, effective h&s programs
Contractor's guide, effective h&s programsContractor's guide, effective h&s programs
Contractor's guide, effective h&s programsajidajang
 
MediRevv_Coding_Denials_7_Strategies_Maximize_Cash
MediRevv_Coding_Denials_7_Strategies_Maximize_CashMediRevv_Coding_Denials_7_Strategies_Maximize_Cash
MediRevv_Coding_Denials_7_Strategies_Maximize_CashRobb Rood
 
I 9 Services
I 9 ServicesI 9 Services
I 9 Servicestessamiller1
 
Michigan Alsp 2009(3)
Michigan Alsp 2009(3)Michigan Alsp 2009(3)
Michigan Alsp 2009(3)Diversified Legal Staffing, LLC
 
Update on the new sentencing guidance on health and safety breaches
Update on the new sentencing guidance on health and safety breachesUpdate on the new sentencing guidance on health and safety breaches
Update on the new sentencing guidance on health and safety breachesChartered Institute for the Management of Sport and Physical Activity
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Asad Zaman
 
Cyber Liability Insurance And Protecting SMEs
Cyber Liability Insurance And Protecting SMEsCyber Liability Insurance And Protecting SMEs
Cyber Liability Insurance And Protecting SMEsE Radar
 

More Related Content

What's hot

Terminating Employees in California
Terminating Employees in CaliforniaTerminating Employees in California
Terminating Employees in CaliforniaDiana Maier
 
BYOD: Advice for Employers and Employees
BYOD: Advice for Employers and EmployeesBYOD: Advice for Employers and Employees
BYOD: Advice for Employers and EmployeesCassie McGarvey, JD
 
Small Law Office Management for the Legal Professional
Small Law Office Management for the Legal ProfessionalSmall Law Office Management for the Legal Professional
Small Law Office Management for the Legal ProfessionalShawn J. Roberts
 
Legal Administration And Technology
Legal Administration And TechnologyLegal Administration And Technology
Legal Administration And Technologylgladm59
 
Utah_OSHA_Workplace_Accidents_Investigations_Citations
Utah_OSHA_Workplace_Accidents_Investigations_CitationsUtah_OSHA_Workplace_Accidents_Investigations_Citations
Utah_OSHA_Workplace_Accidents_Investigations_CitationsParsons Behle & Latimer
 
Conducting an Effective Internal Investigation
Conducting an Effective Internal InvestigationConducting an Effective Internal Investigation
Conducting an Effective Internal InvestigationParsons Behle & Latimer
 
Top7ReasonsPreventativeMaintenanceCity
Top7ReasonsPreventativeMaintenanceCityTop7ReasonsPreventativeMaintenanceCity
Top7ReasonsPreventativeMaintenanceCityAlecia Flahiff
 
Top 5 issues employment law breakfast (k0227996 2)
Top 5 issues employment law breakfast (k0227996 2)Top 5 issues employment law breakfast (k0227996 2)
Top 5 issues employment law breakfast (k0227996 2)Jonathan Hyman
 
Ethics - Duty of Competency & Technology
Ethics - Duty of Competency & TechnologyEthics - Duty of Competency & Technology
Ethics - Duty of Competency & TechnologyMichael Cole
 
Contractor's guide, effective h&s programs
Contractor's guide, effective h&s programsContractor's guide, effective h&s programs
Contractor's guide, effective h&s programsajidajang
 
MediRevv_Coding_Denials_7_Strategies_Maximize_Cash
MediRevv_Coding_Denials_7_Strategies_Maximize_CashMediRevv_Coding_Denials_7_Strategies_Maximize_Cash
MediRevv_Coding_Denials_7_Strategies_Maximize_CashRobb Rood
 

What's hot (20)

Terminating Employees in California
Terminating Employees in CaliforniaTerminating Employees in California
Terminating Employees in California
 
BYOD: Advice for Employers and Employees
BYOD: Advice for Employers and EmployeesBYOD: Advice for Employers and Employees
BYOD: Advice for Employers and Employees
 
Fenwick SHP0412
Fenwick SHP0412Fenwick SHP0412
Fenwick SHP0412
 
Small Law Office Management for the Legal Professional
Small Law Office Management for the Legal ProfessionalSmall Law Office Management for the Legal Professional
Small Law Office Management for the Legal Professional
 
Legal Administration And Technology
Legal Administration And TechnologyLegal Administration And Technology
Legal Administration And Technology
 
Insurance Risk
Insurance RiskInsurance Risk
Insurance Risk
 
Utah_OSHA_Workplace_Accidents_Investigations_Citations
Utah_OSHA_Workplace_Accidents_Investigations_CitationsUtah_OSHA_Workplace_Accidents_Investigations_Citations
Utah_OSHA_Workplace_Accidents_Investigations_Citations
 
Employment Presentation
Employment PresentationEmployment Presentation
Employment Presentation
 
Conducting an Effective Internal Investigation
Conducting an Effective Internal InvestigationConducting an Effective Internal Investigation
Conducting an Effective Internal Investigation
 
Top7ReasonsPreventativeMaintenanceCity
Top7ReasonsPreventativeMaintenanceCityTop7ReasonsPreventativeMaintenanceCity
Top7ReasonsPreventativeMaintenanceCity
 
Top 5 issues employment law breakfast (k0227996 2)
Top 5 issues employment law breakfast (k0227996 2)Top 5 issues employment law breakfast (k0227996 2)
Top 5 issues employment law breakfast (k0227996 2)
 
Labor Markets Core Course 2013: Severance Payments and Labor Market Performance
Labor Markets Core Course 2013: Severance Payments and Labor Market PerformanceLabor Markets Core Course 2013: Severance Payments and Labor Market Performance
Labor Markets Core Course 2013: Severance Payments and Labor Market Performance
 
Ethics - Duty of Competency & Technology
Ethics - Duty of Competency & TechnologyEthics - Duty of Competency & Technology
Ethics - Duty of Competency & Technology
 
White Paper - HSE Fee For Intervention
White Paper - HSE Fee For InterventionWhite Paper - HSE Fee For Intervention
White Paper - HSE Fee For Intervention
 
Back to the Office, Back to the Basics
Back to the Office, Back to the BasicsBack to the Office, Back to the Basics
Back to the Office, Back to the Basics
 
Contractor's guide, effective h&s programs
Contractor's guide, effective h&s programsContractor's guide, effective h&s programs
Contractor's guide, effective h&s programs
 
MediRevv_Coding_Denials_7_Strategies_Maximize_Cash
MediRevv_Coding_Denials_7_Strategies_Maximize_CashMediRevv_Coding_Denials_7_Strategies_Maximize_Cash
MediRevv_Coding_Denials_7_Strategies_Maximize_Cash
 
I 9 Services
I 9 ServicesI 9 Services
I 9 Services
 
Michigan Alsp 2009(3)
Michigan Alsp 2009(3)Michigan Alsp 2009(3)
Michigan Alsp 2009(3)
 
Update on the new sentencing guidance on health and safety breaches
Update on the new sentencing guidance on health and safety breachesUpdate on the new sentencing guidance on health and safety breaches
Update on the new sentencing guidance on health and safety breaches
 

Similar to Webinar: Don’t Be a Victim to Cyber Liability Risks

Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Asad Zaman
 
Cyber Liability Insurance And Protecting SMEs
Cyber Liability Insurance And Protecting SMEsCyber Liability Insurance And Protecting SMEs
Cyber Liability Insurance And Protecting SMEsE Radar
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Paul C. Van Slyke
 
An information management update for in house counsel
An information management update for in house counselAn information management update for in house counsel
An information management update for in house counselDan Michaluk
 
ACEDS-Zylab 4-3-15 Webcast
ACEDS-Zylab 4-3-15 Webcast ACEDS-Zylab 4-3-15 Webcast
ACEDS-Zylab 4-3-15 Webcast Logikcull.com
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentationRodonoghue72
 
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...Edge Pereira
 
C01 office 365, DLP data loss preventions, privacy, compliance, regulations
C01 office 365, DLP data loss preventions, privacy, compliance, regulationsC01 office 365, DLP data loss preventions, privacy, compliance, regulations
C01 office 365, DLP data loss preventions, privacy, compliance, regulationsEdge Pereira
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Staying Safe In A Quickly Evolving World
Staying Safe In A Quickly Evolving WorldStaying Safe In A Quickly Evolving World
Staying Safe In A Quickly Evolving Worldbrian andrews
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artJames Mulhern
 
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...infoLock Technologies
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPRJessvin Thomas
 
Kaseya Kaspersky Breaches
Kaseya Kaspersky BreachesKaseya Kaspersky Breaches
Kaseya Kaspersky BreachesKaseya
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Bianca Mueller, LL.M.
 
Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOAPeter Henley
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19Citrin Cooperman
 
Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilitiesPeter Henley
 

Similar to Webinar: Don’t Be a Victim to Cyber Liability Risks (20)

Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
 
Cyber Liability Insurance And Protecting SMEs
Cyber Liability Insurance And Protecting SMEsCyber Liability Insurance And Protecting SMEs
Cyber Liability Insurance And Protecting SMEs
 
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
Corporate Data Secruity Best Practices and Legal Compliance (00969538xBF97D)
 
An information management update for in house counsel
An information management update for in house counselAn information management update for in house counsel
An information management update for in house counsel
 
ACEDS-Zylab 4-3-15 Webcast
ACEDS-Zylab 4-3-15 Webcast ACEDS-Zylab 4-3-15 Webcast
ACEDS-Zylab 4-3-15 Webcast
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentation
 
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
Office 365 Data Leakage Protection, DLP, Data Loss Prevention, Privacy, Comp...
 
C01 office 365, DLP data loss preventions, privacy, compliance, regulations
C01 office 365, DLP data loss preventions, privacy, compliance, regulationsC01 office 365, DLP data loss preventions, privacy, compliance, regulations
C01 office 365, DLP data loss preventions, privacy, compliance, regulations
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Staying Safe In A Quickly Evolving World
Staying Safe In A Quickly Evolving WorldStaying Safe In A Quickly Evolving World
Staying Safe In A Quickly Evolving World
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
 
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
(Slides) What's Yours Is Mine: How Employess Are Putting Your Sensitive Data ...
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPR
 
Kaseya Kaspersky Breaches
Kaseya Kaspersky BreachesKaseya Kaspersky Breaches
Kaseya Kaspersky Breaches
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data?
 
Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOA
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
Fraud and Security in Uncharted Territory: Considerations in the Age of COVID-19
 
Identity theft and data responsibilities
Identity theft and data responsibilitiesIdentity theft and data responsibilities
Identity theft and data responsibilities
 

Recently uploaded

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 

Recently uploaded (20)

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 

Webinar: Don’t Be a Victim to Cyber Liability Risks

  • 1. License No. 045127 Thank you for joining us. We have a great many participants in today’s call. Your phone is currently muted so that the noise level can be kept to a minimum. If you have not yet joined the audio portion of this webinar, please click on Communicate at the top of your screen, and then Join Teleconference. The dial- in information will appear. If you have any questions, you can send them to the host using the Chat feature in the bottom right corner during the webinar. The webinar will start momentarily. © 2014 Keenan & Associates Don’t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks
  • 2. License No. 045127License No. 045127 Protecting Your Organization From Data Breach and Privacy Risks 2 Brad Keenan Cyber Specialist Keenan Kyle McKibbin Cyber Specialist Keenan Presented by:
  • 3. License No. 045127 Cyber Summary • Cyber Risk and Data Breaches – Overview – Where are the exposures? – How much of a financial impact do they have? • Data breach examples • Cyber Risk Management – Risk retention – Risk control – Risk transfer 3
  • 4. License No. 045127 Myths about Cyber Security • ALL Cyber Breaches are Preventable • “The IT Team is on top of it” • Cyber Theft/Data Breach is about credit cards • Big Corporate Companies are most at-risk • External hackers are the biggest security risk 4
  • 6. License No. 045127 40 Million Individuals; $148 Million Loss 24 States; 51 Stores $4.8 Million HIPAA Fine 350,000 credit cards; $4.1 Million Loss National Headlines 6 56 million credit cards; Unknown Loss
  • 12. License No. 045127 Data Breach A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so 12
  • 13. License No. 045127 Important Records • Student records • Employee records • Credit card information • Financial aid records • Job applicant records • Tax ID information • Utility payment records • Citation payment records • Patient records • Health plan records and ID numbers 13
  • 14. License No. 045127 Exposures INTERNAL • Lost or stolen laptops, computers, flash drives or other storage devices • Backup tapes misplaced or lost in transit • Rogue employees • Inadequate computer-use policies • Weak IT Infrastructure • Employee Negligence EXTERNAL • IT consultants/vendors • Internet and network access points • Sale, donation or disposal of old office equipment (desks, file cabinets, copiers) that contain employee records • Viruses or Malware • “Dumpster diving” 14
  • 15. License No. 045127 Why are Organizations at Risk • Resource Size – Less sophisticated safeguards – Less dedicated manpower may lead to delayed or no detection – Less resources to use to recover vs. big business • Ability to React – Detect/report a breach – Notify/assist affected individuals – Reimburse individuals for actual losses 15
  • 16. License No. 045127 Regulation & Notification Laws • Federal guidelines – HIPAA – Payment Card Industry Data Security Standard (PCI-DSS) – Drivers Privacy Protection Act (DPPA) • Notification and consumer protection laws vary from state as to who must be notified and the manner of notification • 47 states (including California) and D.C. have separate breach laws in place as of 2/6/12 – AB 1149 (effective January 1, 2014) – SB 46 (effective January 1, 2014) 16
  • 17. License No. 045127 Media Management 17 Response to a Breach
  • 18. License No. 045127 Per Person Cost of a Breach 18 $316 $286 $259 $237 $236 $223 $219 $209 $204 $196 $183 $181 $172 $125 $93 $73 $0 $50 $100 $150 $200 $250 $300 $350 Healthcare Transportation Education Energy Financial Services Communications Pharmaceutical Industrial Consumer Media Technology Public Retail Hospitality Research According to 2014 Ponemon Institute Study
  • 19. License No. 045127 Real Life Example #1 • Healthcare industry • Children’s health system • 1.6 million patients and employees effected • Lost three unencrypted computer backup tapes during a building remodeling project – Patient billing – Employee payroll • $316 x 1.6M = Could you absorb this loss? 19
  • 20. License No. 045127 • Local Community College • Confidential records for 35,212 students were mistakenly emailed to an unknown account • The employee used a personal email account to send the data to the researcher’s personal email address because the data file was too large to go through the district’s secure, encrypted email server • The incident is costing about $290,000 20 Real Life Example #2
  • 21. License No. 045127 Real Life Example #3 • Southern California City • CalPERS payment document was accidentally posted to the Water District’s website • Document contained personal information, including names and SSNs • Information of employees and former employees who were enrolled in CalPERS during July 1986- October 2011 21
  • 22. License No. 045127 Risk Management Strategies Risk Transfer • Cyber Liability Insurance (Data Breach/Privacy) – A risk management option that reduces the out-of-pocket cost related to data breaches • Vendor Management – Cloud/Data management provider – Data is held by a 3rd party vendor 22
  • 23. License No. 045127 Cyber Liability: First-Party Coverage Loss of Data – Costs for repair and restoration of computer programs and electronic data Cyber Extortion – Covers extortion threats to commit an intentional computer attack against the insured Crisis Management – Costs for hiring a public relations firm to mitigate negative publicity – Security experts to come in and assess the scope of the breach and determine a plan of action – Costs to comply with multiple state breach notice laws  Notification requirements  Credit monitoring for detecting fraud 23
  • 24. License No. 045127 Cyber Liability: Third-Party Coverage Network and Information Security Liability – To defend and indemnify claims for breach of security and access to protected information Regulatory Defense Expenses – Defense costs and claims expenses involved with the regulatory action taken against you resulting from a data breach. 24
  • 25. License No. 045127 Policy Benefits Loss Prevention Services • In-depth knowledge of the risk and specific exposures • Training and compliance solutions • IT Security Assessment services • Consultations • Proactive computer security services 25
  • 26. License No. 045127 3rd Party Contractual Language 1) Seek defense/indemnity for breach of information security 2) Seek proof of insurance and adequate limits, perhaps even contract specific limits 3) Beware of limitation of liability provisions, limiting to amount of the contract 26
  • 27. License No. 045127 Risk Management Strategy • Risk retention 27
  • 28. License No. 045127 Risk Management Strategy Risk Control • Insider misuse • Physical theft/loss • Miscellaneous errors 28
  • 30. License No. 045127 Protect Your Organization • Privacy/Breach Mitigation Program: – network authentication – credit card security – data back-up – complex passwords & physical security controls – encrypted laptops/access – file purging • Assess your exposures, including employees, students, parents/guardians, volunteers, vendors, contractors, residents, customers, and patients • Evaluate your potential costs and liabilities in connection with a breach – Identify and track the life cycle of information in your organization 30
  • 31. License No. 045127 31 Questions? Disclaimer – Keenan & Associates is an insurance brokerage and consulting firm. It is not a law firm or an accounting firm. We do not give legal advice or tax advice and neither this presentation, the answers provided during the Question and Answer period, nor the documents accompanying this presentation constitutes or should be construed as legal or tax advice. You are advised to follow up with your own legal counsel and/or tax advisor to discuss how this information affects you. 31
  • 32. License No. 045127 Innovative Solutions. Enduring Principles. 32 Thank you for your participation!