SlideShare a Scribd company logo

Statewide Insurance Brokers - Cyber Insurance 101

Download as PPT, PDF
Statewide Insurance Brokers
Statewide Insurance Brokers

Statewide Insurance Brokers - Cyber Insurance 101

Small Business & Entrepreneurship
1 of 22
Cyber Insurance 101: Learn How Cyber Risk Insurance Can Help Small-Midsized Businesses Stay in Business Presented by: Christine Marciano, President, Cyber Data-Risk Managers, LLC -and- Richard Santalesa, Senior Counsel, InfoLawGroup LLP www.DataPrivacyInsurance.com ww.InfoLawGroup.com © 2013 by Cyber Data Risk Managers. All rights reserved
NEW “How SMBs Can Prepare for a Data Breach” Whitepaper Utilizing Cyber Insurance as One Component of a Data Breach Incident Response Plan *Request your Free Whitepaper – Email: Christine@DataPrivacyInsurance.com www.DataPrivacyInsurance.com www.InfoLawGroup.com
Outline • What is sensitive data? • Review of Key Findings from the National Cyber Security Alliance (NCSA) and Symantec SMB Survey • Review of recent data breaches • Costs associated with a Data Breach • How to contain and minimize risks • Define an Incident Response Plan • Legal issues surrounding Data Breach notification mandates • Risk Assessment and Risk Management • Cyber Insurance 101: Cyber Insurance Introduction and How an SMB can use cyber insurance as one component of an Incident Response Plan www.DataPrivacyInsurance.com www.InfoLawGroup.com
Know and protect your sensitive data What is sensitive data? – Personally Identifiable Information (PII) – Protected Health Information (PHI) – Credit Card Numbers and/or Financial Information – Intellectual property – copyrights, trademarks & patents – Trade secrets - business plans, customer lists, etc. www.DataPrivacyInsurance.com www.InfoLawGroup.com
Key Findings from the National Cyber Security Alliance (NCSA) And Symantec “National Small Business” survey show respondents cited : • 86% of the 1,015 businesses (250 employees or fewer) said they are "satisfied" with the level of security they have in place to defend customer or employee data, • 87% of respondents have not written a formal security policy for employees, • 83% lack any security blueprint at all and • 59% have no plan in place to respond to a security incident. Small Enterprises Don't Perceive They'll be Attacked www.DataPrivacyInsurance.com www.InfoLawGroup.com
A look at recent security and data breach incidents • Credit Card Data Breach at Barnes & Noble Stores • Hackers stole credit card information for customers who shopped at 63 Barnes & Noble stores across the country. • TD Bank Data Breach Hits 260,000 customers • Unencrypted backup data tapes including account information and Social Security numbers were misplaced in March. www.DataPrivacyInsurance.com www.InfoLawGroup.com
Costs associated with a data breach • Attorney Fees – Breach guidance – Investigation – Notification – Litigation prep – e-discovery – Contractual review – Defense • Fines – Federal – State • Plaintiff Demands – Fraud reimbursement – Credit card replacement – Credit monitoring/ repair/ insurance – Civil fines/ penalties – Time • Response Costs – Forensics vendor – Notification vendor – Call centers – PR vendor – ID theft insurance – Credit monitoring – Attorney oversight www.DataPrivacyInsurance.com www.InfoLawGroup.com
Risks and Liabilities www.DataPrivacyInsurance.com www.InfoLawGroup.com Hidden Costs of a Data Breach
How to contain and minimize risks • Take stock – Know what is PII & Other Sensitive Data – Where is it in your organization • Scale down – Only collect what you need • Lock it – Secure, encrypt, protect • Proper Disposal – Securely dispose of documents per your retention schedule –Plan ahead – Know your security incident response procedure www.DataPrivacyInsurance.com www.InfoLawGroup.com
Define an incident response plan • Management – Who takes the lead? • Reporting – Inform the proper channels (regulating bodies) • Customer Notification – Notify customers – Outline plan of action • Corrective Actions – How can it be corrected or minimized • Communication – Regular communication to keep customers and channels informed of actions and results www.DataPrivacyInsurance.com www.InfoLawGroup.com
Legal Issues surrounding Data Breach Notification Mandates www.DataPrivacyInsurance.com www.InfoLawGroup.com Responding to a Data Breach can be an overwhelming process for SMBs •46 U.S. State breach notification laws and numerous sectoral and federal laws •Class Action suits quite common •High legal defense costs and potential legal settlements
Risk Assessment and Risk Management Got Data? Now What? •Conduct a Risk Assessment Analysis •Identify the types of data your SMB collects – Are you collecting sensitive data? – Are you encrypting data at rest or in motion? •Learn what types of threats your SMB may be vulnerable to and the risk levels of your data •Take proactive steps to secure your data and manage and mitigate risks. www.DataPrivacyInsurance.com www.InfoLawGroup.com
Data Security Myths Held by Small-Midsized Businesses • Myth 1 - “A data breach or cyber attack could never happen to our SMB.” – Wrong. See, Infosecurity Magazine, “SMBs more vulnerable to data breaches than larger brethren,” Oct. 11, 2012, at http://bit.ly/TAOqKh • Myth 2 – “We will worry about how to pay for a data breach if one happens.” – With an average cost of $194 per record and an average organization cost of $5.5 million per data beach, according to the Ponemon Institute’s latest 2011 annual Data Breach Study, the average SMB may not have adequate fiscal resources on hand. • Myth 3 – “Small-midsized businesses are not a target for cyber attacks. Criminals only go after larger companies.” – Not so, unfortunately. Nearly 72 percent of data breaches investigated by Verizon Communications’ forensic analysis unit in 2011 occurred at companies with less than 100 employees. See, Combating Small Business Security Threats, McAffee Associates, at http://bit.ly/PPBSOI • Myth 4 – “We are covered under our existing CGL insurance policy.” www.DataPrivacyInsurance.com www.InfoLawGroup.com
Utilizing Cyber Insurance as One Component of an Incident Response Plan Every business that collects data should develop a written incident response plan. Cyber Insurance offers SMBs: •Help with managing the “aftermath” of a data breach/security incident •An incident response team •A “Data Breach Coach” •Help with discovery and reporting and notifying those affected of your data breach/security incident. www.DataPrivacyInsurance.com www.InfoLawGroup.com
Utilizing Cyber Insurance as One Component of an Incident Response Plan • Rule 1 – Risk management solutions don’t “eliminate” risk, but help minimize them to otherwise “acceptable” levels • Rule 2 – Insurance is, fundamentally, a “transfer” of identified risks A cyber risk insurance policy that includes incident response coverage (i.e., Data Breach Response Services) provides one golden arrow in the quiver of a comprehensive risk management solution that will hit the target when everything is moving very quickly during a data incident. By pro-actively detailing and enacting a range of benefits, payments and services in advance such a policy can uniquely serve as a valuable component of any incident response plan. www.DataPrivacyInsurance.com www.InfoLawGroup.com
Cyber Insurance can help Mitigate the Risk and Costs Associated with a Data Breach • By planning in advance, small-midsized businesses can minimize their risks, costs and the impact of a breach to their customers and the reputation of their company and brand. • Insurance carriers have already pre-negotiated associated costs with various pre-approved vendors, saving SMBs money and the hassle of scrambling around and trying to put together an Incident Response team at the time of an incident. www.DataPrivacyInsurance.com www.InfoLawGroup.com
How Can Cyber Insurance Help SMBs Stay in Business after a Security Incident? • Small-to-midsized businesses can utilize appropriate cyber risk insurance coverages to minimize the impact of a data incident on (i) the reputational damage to their companies and “brand,” as well as (ii) potentially crippling financial penalties and response expenses. • Cyber Insurance Policies with “Data Breach Response Service” coverage can help offload the uncertainty of managing a comprehensive and effective response - that complies fully with potentially numerous statutory requirements - in the aftermath of an actual or suspected data incident event. • May act to “save” the company from bankruptcy or liquidation in face of large regulatory penalties. www.DataPrivacyInsurance.com www.InfoLawGroup.com
Commonly Offered Cyber Insurance Coverages • Crisis management and customer notification expenses • Credit/identity theft monitoring • Privacy and security liability claims coverage • Expenses for data privacy security defense and regulatory penalties • Computer security expert services and forensic investigation • Costs of a “Data Breach Coach” (a/k/a “Privacy” and Infosec attorney) • Pre-incident planning services – selection of vetted, pre- approved partners and resources * Note: Not every policy will necessarily include all of the above coverages or items. www.DataPrivacyInsurance.com www.InfoLawGroup.com
Solutions Response Solutions: •Cyber Security Insurance with Data Breach Response – Coverage features may include privacy liability, computer information security, lost income coverage, electronic media liability and first party coverage for losses from network security breaches. •Data Breach Response Services – Coverage features may include breach notification and credit monitoring services, forensic investigation, legal assistance, crisis management help, regulatory civil action coverage, cyber extortion coverage and content liability. *This description is for preliminary informational purposes only. Please note that insurance policy coverage's vary by insurance carrier. In all cases, actual policy wording will determine the coverage and services provided. www.DataPrivacyInsurance.com www.InfoLawGroup.com
Solutions Legal Information Security Review and Preparation •Integrated Risk Assessment (IRA) – Comprehensively identify data and information security issues, risks and legal/compliance obligations. – Serves as a foundation for additional cost/benefit risk analysis to guide security programs, policies, systems and compliance obligations. – Insurance premiums may be higher in absence of demonstrating that an IRA has been conducted •Incident Response Plan (IRP) – Increasing required under many state and federal regulatory regimes, most notably HIPAA/HITECH for securing and protecting PHI. – IRPs serve as quick response road map in the event of a data incident or breach – There’s typically little time in a data event to “figure out” what needs to be done on the fly; missteps can prove costly (i.e., a well-meaning, but ill conceived forensic effort can, for example, modify meta data that would be helpful in “proving” whether data has been accessed, etc.) – Many resources available to guide creating an IRP, including aid from cyber risk insurance carriers (see, e.g., NIST SP 800-61, Computer Security Incident Handling Guide (Jan. 2012, rev. 2) - http://csrc.nist.gov/publications/drafts/800-61-rev2/draft-sp800-61rev2.pdf) •Comprehensive Legal Analyses – Rise of “legally defensible” security analysis by courts where info security professionals have to adequately defend security decisions in the legal context with the ultimate goal of reducing legal risk. *This description is for preliminary informational purposes only. Please note that insurance policy coverage's vary by insurance carrier. In all cases, actual policy wording will determine the coverage and services provided.
About Cyber Data Risk Managers LLC is an Independent Insurance Agency specializing in Data Privacy, Cyber Liability risk, D&O insurance and (IP) Intellectual Property protection. Web: www.DataPrivacyInsurance.com Phone: 1-(855) CUT-RISK InfoLawGroup LLP was established in October 2009 to provide efficient and high quality legal services. The firm concentrates on legal issues concerning privacy, data security, traditional and emerging media, advertising and promotions, consumer protection matters, information technology, e-commerce and intellectual property. InfoLawGroup addresses a broad spectrum of legal matters, including transactions and e-commerce, compliance, enforcement, breach notice, incident response and litigation. Web: www.InfoLawGroup.com Phone: 1-(203) 292-0667 www.DataPrivacyInsurance.com www.InfoLawGroup.com
Contact Information: Christine Marciano CIPP/US Cyber Data Risk Managers LLC Phone: (855) CUT-RISK Web: www.DataPrivacyInsurance.com Email: Christine@DataPrivacyInsurance.com Richard Santalesa, Esq. CIPP/US Information Law Group LLP Phone: (203) 292-0667 Web: www.InfoLawGroup.com Email: RSantalesa@InfoLawGroup.com www.DataPrivacyInsurance.com www.InfoLawGroup.com

Recommended

Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance Temp
Rohan Sehgal
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
HB Litigation Conferences
 
Managing and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesManaging and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policies
IISPEastMids
 
Cyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and PreparationCyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and Preparation
Eric Reehl
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentation
Ethan S. Burger
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Paige Rasid
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
Christopher Rieser
 
Cyber liaility insurance the basics
Cyber liaility insurance the basicsCyber liaility insurance the basics
Cyber liaility insurance the basics
Chandrasekar Koushik ACII®
 

Recommended

Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance Temp
Rohan Sehgal
 
The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
HB Litigation Conferences
 
Managing and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesManaging and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policies
IISPEastMids
 
Cyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and PreparationCyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and Preparation
Eric Reehl
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentation
Ethan S. Burger
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Paige Rasid
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
Christopher Rieser
 
Cyber liaility insurance the basics
Cyber liaility insurance the basicsCyber liaility insurance the basics
Cyber liaility insurance the basics
Chandrasekar Koushik ACII®
 
Cyber Insurance - The Basics
Cyber Insurance - The Basics Cyber Insurance - The Basics
Cyber Insurance - The Basics
Chris Stallard
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance
Hubbard Insurance Group
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?
Next Dimension Inc.
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
Sean Graham
 
Cyber Insurance Policy - Understanding the Premiums & Coverages
Cyber Insurance Policy - Understanding the Premiums & CoveragesCyber Insurance Policy - Understanding the Premiums & Coverages
Cyber Insurance Policy - Understanding the Premiums & Coverages
Bajaj Allianz General Insurance Company Limited
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE
Sarah Stogner
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity
Dawn Yankeelov
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Don Grauel
 
CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!
topseowebmaster
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity Regulations
Shawn Tuma
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
Paul Melson
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
This account is closed
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
Michael Solomon
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
padler01
 
Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & Executives
Tripwire
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
Shawn Tuma
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of Directors
Abdul-Hakeem Ajijola
 
CS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & FraudCS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & Fraud
Paige Rasid
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Government Technology and Services Coalition
 
Debunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsuranceDebunking Myths for Cyber-Insurance
Debunking Myths for Cyber-Insurance
Priyanka Aash
 
Federal Budget 2015 - A Snapshot for Business
Federal Budget 2015 - A Snapshot for BusinessFederal Budget 2015 - A Snapshot for Business
Federal Budget 2015 - A Snapshot for Business
Statewide Insurance Brokers
 
Stephen bowerman professional curriculum vitae 2016
Stephen bowerman professional curriculum vitae 2016Stephen bowerman professional curriculum vitae 2016
Stephen bowerman professional curriculum vitae 2016
Stephen Bowerman
 

More Related Content

What's hot

CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
Sean Graham
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity Regulations
Shawn Tuma
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
Michael Solomon
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
padler01
 
Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & Executives
Tripwire
 

What's hot (20)

Cyber Insurance - The Basics
Cyber Insurance - The Basics Cyber Insurance - The Basics
Cyber Insurance - The Basics
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance
 
Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
 
Cyber Insurance Policy - Understanding the Premiums & Coverages
Cyber Insurance Policy - Understanding the Premiums & CoveragesCyber Insurance Policy - Understanding the Premiums & Coverages
Cyber Insurance Policy - Understanding the Premiums & Coverages
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
 
CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity Regulations
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & Executives
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of Directors
 
CS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & FraudCS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & Fraud
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
 
Debunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsuranceDebunking Myths for Cyber-Insurance
Debunking Myths for Cyber-Insurance
 

Viewers also liked

Viewers also liked (17)

Federal Budget 2015 - A Snapshot for Business
Federal Budget 2015 - A Snapshot for BusinessFederal Budget 2015 - A Snapshot for Business
Federal Budget 2015 - A Snapshot for Business
 
Stephen bowerman professional curriculum vitae 2016
Stephen bowerman professional curriculum vitae 2016Stephen bowerman professional curriculum vitae 2016
Stephen bowerman professional curriculum vitae 2016
 
Abdul Khaliq CV
Abdul Khaliq CVAbdul Khaliq CV
Abdul Khaliq CV
 
Steadfast Investor Day Presentation - Statewide Insurance
Steadfast Investor Day Presentation - Statewide InsuranceSteadfast Investor Day Presentation - Statewide Insurance
Steadfast Investor Day Presentation - Statewide Insurance
 
Statewide - Allianz Introduction to D&O Insurance
Statewide - Allianz Introduction to D&O InsuranceStatewide - Allianz Introduction to D&O Insurance
Statewide - Allianz Introduction to D&O Insurance
 
Portfolio
PortfolioPortfolio
Portfolio
 
Pembuatan yogurt
Pembuatan yogurtPembuatan yogurt
Pembuatan yogurt
 
Vps hosting
Vps hostingVps hosting
Vps hosting
 
NIBS August 2015
NIBS August 2015NIBS August 2015
NIBS August 2015
 
Blog corporativo final
Blog corporativo finalBlog corporativo final
Blog corporativo final
 
Scoala incluziva
Scoala incluzivaScoala incluziva
Scoala incluziva
 
Benefits Of Constant Customer Contact
Benefits Of Constant Customer ContactBenefits Of Constant Customer Contact
Benefits Of Constant Customer Contact
 
Outlook ppt
Outlook pptOutlook ppt
Outlook ppt
 
CGU Business Pack Insurance Policy
CGU Business Pack Insurance PolicyCGU Business Pack Insurance Policy
CGU Business Pack Insurance Policy
 
Statewide Insurance - Niba Insurance Code 2014
Statewide Insurance - Niba Insurance Code 2014Statewide Insurance - Niba Insurance Code 2014
Statewide Insurance - Niba Insurance Code 2014
 
MegaNatural® Grape Seed Extracts And Their Role In Sports Nutrition
MegaNatural® Grape Seed Extracts And Their Role In Sports NutritionMegaNatural® Grape Seed Extracts And Their Role In Sports Nutrition
MegaNatural® Grape Seed Extracts And Their Role In Sports Nutrition
 
Senior Education
Senior EducationSenior Education
Senior Education
 

Similar to Statewide Insurance Brokers - Cyber Insurance 101

[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
CODE BLUE
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Shawn Tuma
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
Michael C. Keeling, Esq.
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to know
Nathan Desfontaines
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
Shawn Tuma
 
Cyber Insurance - What you need to know
Cyber Insurance - What you need to knowCyber Insurance - What you need to know
Cyber Insurance - What you need to know
FitCEO, Inc. (FCI)
 

Similar to Statewide Insurance Brokers - Cyber Insurance 101 (20)

Cyber Security and Data Protection
Cyber Security and Data ProtectionCyber Security and Data Protection
Cyber Security and Data Protection
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
 
CPA firm Cyber Insurance Specifics
CPA firm Cyber Insurance SpecificsCPA firm Cyber Insurance Specifics
CPA firm Cyber Insurance Specifics
 
The CPAs Guide to Buying Cyber Insurance
The CPAs Guide to Buying Cyber InsuranceThe CPAs Guide to Buying Cyber Insurance
The CPAs Guide to Buying Cyber Insurance
 
Cyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceCyber Security for the Small Business Experience
Cyber Security for the Small Business Experience
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
 
Small%20Business%20Presentation.pptx
Small%20Business%20Presentation.pptxSmall%20Business%20Presentation.pptx
Small%20Business%20Presentation.pptx
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
What Not-for-Profits Can Do To Prevent "Uninspired" Theft
What Not-for-Profits Can Do To Prevent "Uninspired" TheftWhat Not-for-Profits Can Do To Prevent "Uninspired" Theft
What Not-for-Profits Can Do To Prevent "Uninspired" Theft
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to know
 
Cybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to KnowCybersecurity: What the GC and CEO Need to Know
Cybersecurity: What the GC and CEO Need to Know
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate Perspective
 
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
Challenges in the Business and Law of Cybersecurity, CLEAR Cyber Conference, ...
 
IT & Network Security Awareness
IT & Network Security AwarenessIT & Network Security Awareness
IT & Network Security Awareness
 
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
SecureWorld Expo Dallas - Cybersecurity Law: What Business and IT Leaders Nee...
 
Cybersecurity Brief: Understanding Risk, Legal Framework, & Insurance
Cybersecurity Brief: Understanding Risk, Legal Framework, & InsuranceCybersecurity Brief: Understanding Risk, Legal Framework, & Insurance
Cybersecurity Brief: Understanding Risk, Legal Framework, & Insurance
 
Cyber Insurance - What you need to know
Cyber Insurance - What you need to knowCyber Insurance - What you need to know
Cyber Insurance - What you need to know
 

More from Statewide Insurance Brokers

More from Statewide Insurance Brokers (20)

Miramar Public Liability Claim Form
Miramar Public Liability Claim FormMiramar Public Liability Claim Form
Miramar Public Liability Claim Form
 
Chubb Corporate Travel PDS
Chubb Corporate Travel PDSChubb Corporate Travel PDS
Chubb Corporate Travel PDS
 
CGU Landlords Claim Form
CGU Landlords Claim FormCGU Landlords Claim Form
CGU Landlords Claim Form
 
Ansvar Education insurance proposal-form
Ansvar Education insurance proposal-formAnsvar Education insurance proposal-form
Ansvar Education insurance proposal-form
 
Business Package SalonCover
Business Package SalonCoverBusiness Package SalonCover
Business Package SalonCover
 
Insurance Forecasts for 2017 and beyond
Insurance Forecasts for 2017 and beyondInsurance Forecasts for 2017 and beyond
Insurance Forecasts for 2017 and beyond
 
Vero Management liability policy wording
Vero Management liability policy wording Vero Management liability policy wording
Vero Management liability policy wording
 
Sura Hospitality Liability Wording
Sura Hospitality Liability WordingSura Hospitality Liability Wording
Sura Hospitality Liability Wording
 
2017 Marketing Predictions
2017 Marketing Predictions2017 Marketing Predictions
2017 Marketing Predictions
 
Statewide Insurance Small Business Stories
Statewide Insurance Small Business StoriesStatewide Insurance Small Business Stories
Statewide Insurance Small Business Stories
 
Productivity Secrets of the Best Leaders
Productivity Secrets of the Best LeadersProductivity Secrets of the Best Leaders
Productivity Secrets of the Best Leaders
 
Fos Dispute Process
Fos Dispute ProcessFos Dispute Process
Fos Dispute Process
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
 
DFES Storm Preparedness
DFES Storm PreparednessDFES Storm Preparedness
DFES Storm Preparedness
 
Steadfast 2016 yearly results summary
Steadfast 2016 yearly results summarySteadfast 2016 yearly results summary
Steadfast 2016 yearly results summary
 
Statewide insurance Company Profile
Statewide insurance Company ProfileStatewide insurance Company Profile
Statewide insurance Company Profile
 
Cyber Insurance Types of Attacks
Cyber Insurance Types of AttacksCyber Insurance Types of Attacks
Cyber Insurance Types of Attacks
 
Youth Hold the Key - Building Your Workforce
Youth Hold the Key - Building Your WorkforceYouth Hold the Key - Building Your Workforce
Youth Hold the Key - Building Your Workforce
 
Steadfast QBE General and Products Liability Policy
Steadfast QBE General and Products Liability PolicySteadfast QBE General and Products Liability Policy
Steadfast QBE General and Products Liability Policy
 
AIG Corporate Travel PDS
AIG Corporate Travel PDSAIG Corporate Travel PDS
AIG Corporate Travel PDS
 

Recently uploaded

Enabling Business Users to Interpret Data Through Self-Service Analytics (2).pdf
Enabling Business Users to Interpret Data Through Self-Service Analytics (2).pdfEnabling Business Users to Interpret Data Through Self-Service Analytics (2).pdf
Enabling Business Users to Interpret Data Through Self-Service Analytics (2).pdf
Smartinfologiks
 
JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...
JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...
JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...
Escorts service
 
EV Electric Vehicle Startup Pitch Deck- StartupSprouts.in
EV Electric Vehicle Startup Pitch Deck- StartupSprouts.inEV Electric Vehicle Startup Pitch Deck- StartupSprouts.in
EV Electric Vehicle Startup Pitch Deck- StartupSprouts.in
StartupSprouts.in
 
Indian Call girl in Dubai 0508644382 Dubai Call girls
Indian Call girl in Dubai 0508644382 Dubai Call girlsIndian Call girl in Dubai 0508644382 Dubai Call girls
Indian Call girl in Dubai 0508644382 Dubai Call girls
Monica Sydney
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377087607
dollysharma2066
 
Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...
Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...
Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...
ZurliaSoop
 
Shareholders Agreement Template for Compulsorily Convertible Debt Funding- St...
Shareholders Agreement Template for Compulsorily Convertible Debt Funding- St...Shareholders Agreement Template for Compulsorily Convertible Debt Funding- St...
Shareholders Agreement Template for Compulsorily Convertible Debt Funding- St...
StartupSprouts.in
 

Recently uploaded (17)

Enabling Business Users to Interpret Data Through Self-Service Analytics (2).pdf
Enabling Business Users to Interpret Data Through Self-Service Analytics (2).pdfEnabling Business Users to Interpret Data Through Self-Service Analytics (2).pdf
Enabling Business Users to Interpret Data Through Self-Service Analytics (2).pdf
 
Famedesired Project portfolio1 . Fullsail
Famedesired Project portfolio1 . FullsailFamedesired Project portfolio1 . Fullsail
Famedesired Project portfolio1 . Fullsail
 
How Multicultural Toys Helps in Child Development.pptx
How Multicultural Toys Helps in Child Development.pptxHow Multicultural Toys Helps in Child Development.pptx
How Multicultural Toys Helps in Child Development.pptx
 
Amethyst Benifits and Healing Properties.pdf
Amethyst Benifits and Healing Properties.pdfAmethyst Benifits and Healing Properties.pdf
Amethyst Benifits and Healing Properties.pdf
 
JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...
JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...
JAIPUR CALL GIRLS SERVICE REAL HOT SEXY 👯 CALL GIRLS IN JAIPUR BOOK YOUR DREA...
 
MARKETING PLAN RESMI TDC IMUNO INDONESIA 2024
MARKETING PLAN RESMI TDC IMUNO INDONESIA 2024MARKETING PLAN RESMI TDC IMUNO INDONESIA 2024
MARKETING PLAN RESMI TDC IMUNO INDONESIA 2024
 
EV Electric Vehicle Startup Pitch Deck- StartupSprouts.in
EV Electric Vehicle Startup Pitch Deck- StartupSprouts.inEV Electric Vehicle Startup Pitch Deck- StartupSprouts.in
EV Electric Vehicle Startup Pitch Deck- StartupSprouts.in
 
Supply Chain Location Decision and Management
Supply Chain Location Decision and ManagementSupply Chain Location Decision and Management
Supply Chain Location Decision and Management
 
Indian Call girl in Dubai 0508644382 Dubai Call girls
Indian Call girl in Dubai 0508644382 Dubai Call girlsIndian Call girl in Dubai 0508644382 Dubai Call girls
Indian Call girl in Dubai 0508644382 Dubai Call girls
 
CARA BINA PENDAPATAN PASIF HARIAN RM9000 BERMODALKAN RM30 DI TDC
CARA BINA PENDAPATAN PASIF HARIAN RM9000 BERMODALKAN RM30 DI TDCCARA BINA PENDAPATAN PASIF HARIAN RM9000 BERMODALKAN RM30 DI TDC
CARA BINA PENDAPATAN PASIF HARIAN RM9000 BERMODALKAN RM30 DI TDC
 
How to structure your pitch - B4i template
How to structure your pitch - B4i templateHow to structure your pitch - B4i template
How to structure your pitch - B4i template
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377087607
 
Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...
Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...
Jual Obat Aborsi Bojonegoro ( Asli No.1 ) 085657271886 Obat Penggugur Kandung...
 
Bhavnagar Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girl
Bhavnagar Escorts 🥰 8617370543 Call Girls Offer VIP Hot GirlBhavnagar Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girl
Bhavnagar Escorts 🥰 8617370543 Call Girls Offer VIP Hot Girl
 
Dàni Velvet Personal Brand Exploration (1).pptx
Dàni Velvet Personal Brand Exploration (1).pptxDàni Velvet Personal Brand Exploration (1).pptx
Dàni Velvet Personal Brand Exploration (1).pptx
 
Shareholders Agreement Template for Compulsorily Convertible Debt Funding- St...
Shareholders Agreement Template for Compulsorily Convertible Debt Funding- St...Shareholders Agreement Template for Compulsorily Convertible Debt Funding- St...
Shareholders Agreement Template for Compulsorily Convertible Debt Funding- St...
 
EXPERIENCE THE FUTURE OF WORK FOR FUTURE OF BUSINESSES
EXPERIENCE THE FUTURE OF WORK FOR FUTURE OF BUSINESSESEXPERIENCE THE FUTURE OF WORK FOR FUTURE OF BUSINESSES
EXPERIENCE THE FUTURE OF WORK FOR FUTURE OF BUSINESSES
 

Statewide Insurance Brokers - Cyber Insurance 101

  • 1. Cyber Insurance 101: Learn How Cyber Risk Insurance Can Help Small-Midsized Businesses Stay in Business Presented by: Christine Marciano, President, Cyber Data-Risk Managers, LLC -and- Richard Santalesa, Senior Counsel, InfoLawGroup LLP www.DataPrivacyInsurance.com ww.InfoLawGroup.com © 2013 by Cyber Data Risk Managers. All rights reserved
  • 2. NEW “How SMBs Can Prepare for a Data Breach” Whitepaper Utilizing Cyber Insurance as One Component of a Data Breach Incident Response Plan *Request your Free Whitepaper – Email: Christine@DataPrivacyInsurance.com www.DataPrivacyInsurance.com www.InfoLawGroup.com
  • 3. Outline • What is sensitive data? • Review of Key Findings from the National Cyber Security Alliance (NCSA) and Symantec SMB Survey • Review of recent data breaches • Costs associated with a Data Breach • How to contain and minimize risks • Define an Incident Response Plan • Legal issues surrounding Data Breach notification mandates • Risk Assessment and Risk Management • Cyber Insurance 101: Cyber Insurance Introduction and How an SMB can use cyber insurance as one component of an Incident Response Plan www.DataPrivacyInsurance.com www.InfoLawGroup.com
  • 4. Know and protect your sensitive data What is sensitive data? – Personally Identifiable Information (PII) – Protected Health Information (PHI) – Credit Card Numbers and/or Financial Information – Intellectual property – copyrights, trademarks & patents – Trade secrets - business plans, customer lists, etc. www.DataPrivacyInsurance.com www.InfoLawGroup.com
  • 5. Key Findings from the National Cyber Security Alliance (NCSA) And Symantec “National Small Business” survey show respondents cited : • 86% of the 1,015 businesses (250 employees or fewer) said they are "satisfied" with the level of security they have in place to defend customer or employee data, • 87% of respondents have not written a formal security policy for employees, • 83% lack any security blueprint at all and • 59% have no plan in place to respond to a security incident. Small Enterprises Don't Perceive They'll be Attacked www.DataPrivacyInsurance.com www.InfoLawGroup.com
  • 6. A look at recent security and data breach incidents • Credit Card Data Breach at Barnes & Noble Stores • Hackers stole credit card information for customers who shopped at 63 Barnes & Noble stores across the country. • TD Bank Data Breach Hits 260,000 customers • Unencrypted backup data tapes including account information and Social Security numbers were misplaced in March. www.DataPrivacyInsurance.com www.InfoLawGroup.com
  • 7. Costs associated with a data breach • Attorney Fees – Breach guidance – Investigation – Notification – Litigation prep – e-discovery – Contractual review – Defense • Fines – Federal – State • Plaintiff Demands – Fraud reimbursement – Credit card replacement – Credit monitoring/ repair/ insurance – Civil fines/ penalties – Time • Response Costs – Forensics vendor – Notification vendor – Call centers – PR vendor – ID theft insurance – Credit monitoring – Attorney oversight www.DataPrivacyInsurance.com www.InfoLawGroup.com
  • 9. How to contain and minimize risks • Take stock – Know what is PII & Other Sensitive Data – Where is it in your organization • Scale down – Only collect what you need • Lock it – Secure, encrypt, protect • Proper Disposal – Securely dispose of documents per your retention schedule –Plan ahead – Know your security incident response procedure www.DataPrivacyInsurance.com www.InfoLawGroup.com
  • 10. Define an incident response plan • Management – Who takes the lead? • Reporting – Inform the proper channels (regulating bodies) • Customer Notification – Notify customers – Outline plan of action • Corrective Actions – How can it be corrected or minimized • Communication – Regular communication to keep customers and channels informed of actions and results www.DataPrivacyInsurance.com www.InfoLawGroup.com
  • 11. Legal Issues surrounding Data Breach Notification Mandates www.DataPrivacyInsurance.com www.InfoLawGroup.com Responding to a Data Breach can be an overwhelming process for SMBs •46 U.S. State breach notification laws and numerous sectoral and federal laws •Class Action suits quite common •High legal defense costs and potential legal settlements
  • 12. Risk Assessment and Risk Management Got Data? Now What? •Conduct a Risk Assessment Analysis •Identify the types of data your SMB collects – Are you collecting sensitive data? – Are you encrypting data at rest or in motion? •Learn what types of threats your SMB may be vulnerable to and the risk levels of your data •Take proactive steps to secure your data and manage and mitigate risks. www.DataPrivacyInsurance.com www.InfoLawGroup.com
  • 13. Data Security Myths Held by Small-Midsized Businesses • Myth 1 - “A data breach or cyber attack could never happen to our SMB.” – Wrong. See, Infosecurity Magazine, “SMBs more vulnerable to data breaches than larger brethren,” Oct. 11, 2012, at http://bit.ly/TAOqKh • Myth 2 – “We will worry about how to pay for a data breach if one happens.” – With an average cost of $194 per record and an average organization cost of $5.5 million per data beach, according to the Ponemon Institute’s latest 2011 annual Data Breach Study, the average SMB may not have adequate fiscal resources on hand. • Myth 3 – “Small-midsized businesses are not a target for cyber attacks. Criminals only go after larger companies.” – Not so, unfortunately. Nearly 72 percent of data breaches investigated by Verizon Communications’ forensic analysis unit in 2011 occurred at companies with less than 100 employees. See, Combating Small Business Security Threats, McAffee Associates, at http://bit.ly/PPBSOI • Myth 4 – “We are covered under our existing CGL insurance policy.” www.DataPrivacyInsurance.com www.InfoLawGroup.com
  • 14. Utilizing Cyber Insurance as One Component of an Incident Response Plan Every business that collects data should develop a written incident response plan. Cyber Insurance offers SMBs: •Help with managing the “aftermath” of a data breach/security incident •An incident response team •A “Data Breach Coach” •Help with discovery and reporting and notifying those affected of your data breach/security incident. www.DataPrivacyInsurance.com www.InfoLawGroup.com
  • 15. Utilizing Cyber Insurance as One Component of an Incident Response Plan • Rule 1 – Risk management solutions don’t “eliminate” risk, but help minimize them to otherwise “acceptable” levels • Rule 2 – Insurance is, fundamentally, a “transfer” of identified risks A cyber risk insurance policy that includes incident response coverage (i.e., Data Breach Response Services) provides one golden arrow in the quiver of a comprehensive risk management solution that will hit the target when everything is moving very quickly during a data incident. By pro-actively detailing and enacting a range of benefits, payments and services in advance such a policy can uniquely serve as a valuable component of any incident response plan. www.DataPrivacyInsurance.com www.InfoLawGroup.com
  • 16. Cyber Insurance can help Mitigate the Risk and Costs Associated with a Data Breach • By planning in advance, small-midsized businesses can minimize their risks, costs and the impact of a breach to their customers and the reputation of their company and brand. • Insurance carriers have already pre-negotiated associated costs with various pre-approved vendors, saving SMBs money and the hassle of scrambling around and trying to put together an Incident Response team at the time of an incident. www.DataPrivacyInsurance.com www.InfoLawGroup.com
  • 17. How Can Cyber Insurance Help SMBs Stay in Business after a Security Incident? • Small-to-midsized businesses can utilize appropriate cyber risk insurance coverages to minimize the impact of a data incident on (i) the reputational damage to their companies and “brand,” as well as (ii) potentially crippling financial penalties and response expenses. • Cyber Insurance Policies with “Data Breach Response Service” coverage can help offload the uncertainty of managing a comprehensive and effective response - that complies fully with potentially numerous statutory requirements - in the aftermath of an actual or suspected data incident event. • May act to “save” the company from bankruptcy or liquidation in face of large regulatory penalties. www.DataPrivacyInsurance.com www.InfoLawGroup.com
  • 18. Commonly Offered Cyber Insurance Coverages • Crisis management and customer notification expenses • Credit/identity theft monitoring • Privacy and security liability claims coverage • Expenses for data privacy security defense and regulatory penalties • Computer security expert services and forensic investigation • Costs of a “Data Breach Coach” (a/k/a “Privacy” and Infosec attorney) • Pre-incident planning services – selection of vetted, pre- approved partners and resources * Note: Not every policy will necessarily include all of the above coverages or items. www.DataPrivacyInsurance.com www.InfoLawGroup.com
  • 19. Solutions Response Solutions: •Cyber Security Insurance with Data Breach Response – Coverage features may include privacy liability, computer information security, lost income coverage, electronic media liability and first party coverage for losses from network security breaches. •Data Breach Response Services – Coverage features may include breach notification and credit monitoring services, forensic investigation, legal assistance, crisis management help, regulatory civil action coverage, cyber extortion coverage and content liability. *This description is for preliminary informational purposes only. Please note that insurance policy coverage's vary by insurance carrier. In all cases, actual policy wording will determine the coverage and services provided. www.DataPrivacyInsurance.com www.InfoLawGroup.com
  • 20. Solutions Legal Information Security Review and Preparation •Integrated Risk Assessment (IRA) – Comprehensively identify data and information security issues, risks and legal/compliance obligations. – Serves as a foundation for additional cost/benefit risk analysis to guide security programs, policies, systems and compliance obligations. – Insurance premiums may be higher in absence of demonstrating that an IRA has been conducted •Incident Response Plan (IRP) – Increasing required under many state and federal regulatory regimes, most notably HIPAA/HITECH for securing and protecting PHI. – IRPs serve as quick response road map in the event of a data incident or breach – There’s typically little time in a data event to “figure out” what needs to be done on the fly; missteps can prove costly (i.e., a well-meaning, but ill conceived forensic effort can, for example, modify meta data that would be helpful in “proving” whether data has been accessed, etc.) – Many resources available to guide creating an IRP, including aid from cyber risk insurance carriers (see, e.g., NIST SP 800-61, Computer Security Incident Handling Guide (Jan. 2012, rev. 2) - http://csrc.nist.gov/publications/drafts/800-61-rev2/draft-sp800-61rev2.pdf) •Comprehensive Legal Analyses – Rise of “legally defensible” security analysis by courts where info security professionals have to adequately defend security decisions in the legal context with the ultimate goal of reducing legal risk. *This description is for preliminary informational purposes only. Please note that insurance policy coverage's vary by insurance carrier. In all cases, actual policy wording will determine the coverage and services provided.
  • 21. About Cyber Data Risk Managers LLC is an Independent Insurance Agency specializing in Data Privacy, Cyber Liability risk, D&O insurance and (IP) Intellectual Property protection. Web: www.DataPrivacyInsurance.com Phone: 1-(855) CUT-RISK InfoLawGroup LLP was established in October 2009 to provide efficient and high quality legal services. The firm concentrates on legal issues concerning privacy, data security, traditional and emerging media, advertising and promotions, consumer protection matters, information technology, e-commerce and intellectual property. InfoLawGroup addresses a broad spectrum of legal matters, including transactions and e-commerce, compliance, enforcement, breach notice, incident response and litigation. Web: www.InfoLawGroup.com Phone: 1-(203) 292-0667 www.DataPrivacyInsurance.com www.InfoLawGroup.com
  • 22. Contact Information: Christine Marciano CIPP/US Cyber Data Risk Managers LLC Phone: (855) CUT-RISK Web: www.DataPrivacyInsurance.com Email: Christine@DataPrivacyInsurance.com Richard Santalesa, Esq. CIPP/US Information Law Group LLP Phone: (203) 292-0667 Web: www.InfoLawGroup.com Email: RSantalesa@InfoLawGroup.com www.DataPrivacyInsurance.com www.InfoLawGroup.com