Today’s customers are demanding more real-time interaction. Yet, in this digital world, data vulnerability and cyber-attacks against insurers and financial institutions are becoming an increasingly frequent and sophisticated reality. This webinar shares key insights needed to implement modern solutions that improve your customer’s experience while reducing the risk of cyber threats - protecting your company and your customers from attacks.

1. Unlock Customer Engagement Potential
Without Compromising Data Security

2. .
Welcome!
Holding a Bachelor of Technology degree from
Ryerson University, Chelsea leverages 5+ years
experience of marketing, as well as improving
customer loyalty and advocacy.
Marketing Specialist
SPLICE Software Inc.

3.  The top cyber threats & the actionable ways to defend against them
 Questions to ask vendors to ensure they keep your data safe
 Methods for improving & securing customer experiences
You will walk away with…
House Keeping
• Please submit questions through Q&A sidebar
• Time allotted for Q&A at the end of the presentation
• Winner announcement for the prize draw tomorrow
• Webinar is being recorded and will be sent to all registrants

4. THE MVP
SUCCESS FACTOR
Accelerating your ability
to consult with the best of
the insurance industry

5.  Senior Executives
 Sustainable solutions – not projects
 Perpetuation of the strategy for every engagement
 We look at everything through a business lens…
so you can be sure that client decisions are not
made in a technology vacuum
 Clear plans of action
 No consultant speak
Relationships you can Trust!
What Makes MVP Different?
www.mvpadvisorygroup.com | Copyright @2015 mvp

6. Who Is Laszlo Gonc
. Laszlo is a recognized senior executive with over 20+
years of progressive experience in business and
information technology.
He leads the IT Risk, Security and Compliance
practice area for MVP Advisory Group. He is
responsible for helping organizations navigate the
new digital frontier, advising on cyber security issues,
mitigate organizational IT risk and build cyber
strategies that protect business assets.
Laszlo is an invited speaker at universities and
conferences, local and national, providing thought
leadership on the state of cyber security, technology
risk management, digital careers of the future and
project management leadership.
Partner, CISSP
MVP Advisory Group

7. Who Is SPLICE Software Inc.
Privately owned Canadian company founded in 2006.
Headquartered in Canada with offices located in the United
States & Germany.
Using data-driven human voiced messaging, we improve customer
experiences and engagement. SPLICE voice experiences are linguistically
optimized, easily automated, and sent to preferred channels.
Some Recent Accolades…

8. .
Who Is Andrew Hamill
Andrew is the Founder of PAU Audio, holds a
Bachelor of Applied Science in Electrical
Engineering, and is the Solutions Architect at
SPLICE Software.
As a professional engineer with over 13 years
of experience, Andrew specializes in data
storage, communication, and workflows.
Having worked in the capacity of data and
systems, Andrew Hamill brings together his
unique passion for audio and solving
business problems to create customer
engagement and data security solutions.
Solutions Architect
SPLICE Software Inc.

9. Looking Ahead
Source: McAfee Labs 2016 Threats Predictions

10. Why Insurers?
In addition to the banking, financial and healthcare
sectors, insurers are increasingly attractive targets for
cybercriminals because of:
 the richness of credit card, banking, medical, underwriting and
other sensitive customer information,
 the large volumes of data housed in legacy systems and
applications lacking sophisticated encryption and access control,
 the larger attack surface as a result of increased data sharing
with business associates, third-party carriers and vendors,
 the ease of social engineering.
Portions © Copyright 2015-2016. MVP Advisory Group, LLC. All rights reserved.

11. 23% of recipients now open
phishing messages and
11% click on attachments*
Top Cyber Threats
1. Denial-of-Service, Ransomware and Malware
2. Spear Phishing and Social Engineering
3. Infrastructure Vulnerabilities
4. Laptops, Mobile Devices and Smartphones
5. Physical and Facility Security
Source: Verizon 2015 PCI Compliance Report*

12. More Cyber Threats
6. Payment Systems
7. Attacks through Employee Systems
8. Integrity Attacks
9. Insider Threats
10. Cloud Services.
Source: 2015 Global Megatrends in Cybersecurity, Raytheon & Ponemon Institute, February 2015
78% said their boards had not been
briefed even once on their cybersecurity
strategy over the past 12 months*

13. Current State
 Existing systems
 Existing partnerships and integrations
 Growth of connected devices and integrations
 Movement to cloud systems & computing
 Highly regulated companies moving to the cloud.
Portions © Copyright 2015-2016. SPLICE Software Inc. All rights reserved.

14. Future State
 Dramatic growth of connected devices & customer data
 Increased cyber threats
 Changing laws and regulatory landscape
 Increased regulator and auditor scrutiny
 Rise of class action and derivative suits.
Portions © Copyright 2015-2016. MVP Advisory Group, LLC. All rights reserved.

15. Regulatory & Real Risk
 Regulatory standards and real risk
 Appetite for risk and understanding therefore
 Access and data management
 Third party vetting of security and access
 Third party data management
 Anecdotal examples.
Portions © Copyright 2015-2016. SPLICE Software Inc. All rights reserved.

16. Cyber Aggressor, circa 1990
The details?
• Small Size Company
• New Employee Hired
• Passed Background Check
• Walked Away With Thousands…
Portions © Copyright 2015-2016. SPLICE Software Inc. All rights reserved.

17. Where Do You Start?
Key Areas For Improvement
1. Risk Measurement
2. Business Engagement
3. Controls Assessments
4. Third Party Risk Assessments
5. Threat Detection.
Source: RSA/EMC, “Security for Business Innovation Council Report”

18. Security in the Boardroom
1. Understand fiduciary responsibilities
2. Embrace education and awareness
3. Determine your risk profile
4. Define your risk appetite
5. Take reasonable steps to show due diligence
6. Instill a culture of monitoring, reporting & accountability
7. Confirm appropriate resource allocation
8. Know your regulator, know your industry.
Portions © Copyright 2015-2016. MVP Advisory Group, LLC. All rights reserved.

19. Build Your Program
Strategic elements to build a successful InfoSec program:
 Develop a ‘need to know’ culture regarding information
 Establish an information security team
 Understand your regulatory and compliance landscape
 Assess your threats, vulnerabilities and risks
 Create a risk mitigation strategy, develop a plan
 Manage & secure third-party business relationships.
Portions © Copyright 2015-2016. MVP Advisory Group, LLC. All rights reserved.

20. Build Your Program
Operational elements to build a successful InfoSec program:
 Manage information assets and protect the crown jewels
 Secure your computing technologies
 Manage access and user ID life cycle
 Implement security controls and audit them
 Build user awareness and conduct ongoing training
 Create an incident response plan and practice it.
Portions © Copyright 2015-2016. MVP Advisory Group, LLC. All rights reserved.

21. Customer & Vendor Experience
 It starts with exposure
 What is asked of the client by the vendor
 Up-to-date integration techniques
 SFTP, SOAP, REST, API
 Maturity in system, process, testing, documents & support
 Antiquated vs. Current vs. Bleeding Edge.
Portions © Copyright 2015-2016. SPLICE Software Inc. All rights reserved.

22. Recommendations
1. Shift focus from technical assets to critical business processes
2. Institute business estimates of cybersecurity risks
3. Establish a business-centric risk assessment process
4. Focus on evidence-based controls assurance
5. Develop informed data collection methods.
Source: RSA/EMC, “Security for Business Innovation Council Report”

23. Q & A