Jim Booth, profile picture
Uploaded byJim Booth
PPTX, PDF579 views

Bis EO Cyber presentation

The document discusses the increasing costs of data breaches, highlighting that the average breach cost was $5.9 million in 2014 and outlining the need for Errors and Omissions (E&O) insurance as general liability policies typically exclude coverage for data breaches. It emphasizes the critical coverage elements such as notification expenses, rogue employee protection, and fines, along with strategies for mitigating risks, including training and encryption. Furthermore, it provides guidance on handling breaches under a cyber policy and recommends consulting with experts for insurance assessment and compliance preparation.

Business
Related topics:
Data Breach Insights

Embed presentation

Downloaded 13 times
Insuring Data Breach Risk Errors and Omissions and Cyber Liability Insurance
From the Headlines
DATA BREACHES ARE VERY COSTLY • In 2014 cost of an average breach for an organization in 2014 Ponemon study increased to $5.9 million! • In 2014 the average per- record cost of a data breach increased from $188 to $201.
Why Do You Need E&O? • Your GL Policy specifically excludes data breaches • Effective May 1, 2014 CG 21 06 05 14 — excludes coverage, under Coverages A and B, for injury or damage arising out of any access to or disclosure of any person’s or organization’s confidential or personal information.
Regulatory Demands • HIPAA, FTC, GLB, and PCI DSS 3.0 ▫ establishes responsibility for handling confidential information • Property limitation of liability in UCC 7-204 does not apply to services • Fines are just the tip of the iceberg ▫ Notification costs can be very high ▫ Lawsuits (example – patients sue covered entity who seeks to recover losses from you)
HUGE RISK
HUGE MISUNDERSTANDING
Critical Coverage Elements • Privacy Wrongful Act • Notification & Credit Monitoring Expenses • Rogue Employee Protection • Crisis Management/Public Relations Expenses • Civil Fines & Penalties • Extortion • Bodily Injury • Hammer Clause • Limits/Sublimits
Critical Coverage Elements • Available Claims Resources
Claims: Perpetual Storage 2008 • Breach Costs without a Breach • ~1.5M Patient Billing Records Potentially Involved • Notification & Credit Monitoring Costs • Public Relations Costs • Client Costs (Univ of Utah - estimated at $3.3M) • Legal Costs
Claims: Recall 2007 • Vendor Outsourcing/General Liability Issues • ~500k Employee Potentially Involved • Notification & Credit Monitoring Costs • Public Relations Costs • Client Costs (IBM estimated at $6M) • Legal Costs
Claims: GRM - 2010 • Encryption and/or Employee Error Issue? • ~1.7M People Potentially Involved • Notification & Credit Monitoring Costs • Public Relations Costs • Client Costs (NYC HHC estimated at >$350M) • Legal Costs
Claims: Iron Mountain - 2006 • Employee Error Issue • 17,000 People Potentially Involved • Notification & Credit Monitoring Costs • Public Relations Costs • Client Costs (Long Island Railroad) • Legal Costs
How would a breach be handled under a cyber policy purchased through BIS? • Make sure you have breach response plan that includes insurance response info • Call data breach hotline • Activate incident response plan or DR/BCP • Confer with carrier’s breach response team • File incident data sheet with response team • Response team assists in drafting a breach notification letter • Law enforcement, regulators, client & management approve letter • Notification letter sent to impacted parties • Assistance provided in media relations and credit bureau notification if needed. • Response team handles calls from impacted individuals • Continued assistance with client claims, fines and litigation • *Note – this scenario assumes first-party and third-party coverage in the example provided.
Final thoughts: Ops mitigation • Best mitigation strategy is to avoid risk exposure ▫ Require encryption wherever possible ▫ Train employees completely ▫ Ensure third-party vendors provide equal protection & contract assurance • Invest in adequate policies and processes like those advocated by PRISM Privacy Plus ▫ Contact Brightstone Consulting for assistance in crafting an information security policy, conducting a risk assessment, or training employees.
For insurance assessment or E&O quote information please contact Brian Jungeberg at Brightstone Insurance 440.260.1002 - bjungeberg@brightstoneins.com For assistance with Privacy Plus preparation, compliance- related issues or other operational mitigation contact Jim Booth at Brightstone Consulting 919.696.7754 - jbooth@brightstoneconsulting.com

More Related Content

PPTX
Cybersecurity and the Law: Fasken Law Firm
byNext Dimension Inc.
 
PPTX
Mass 201 CMR 17 Data Privacy Law
byguest8b10a3
 
PDF
Challenges and co-ordination of leniency programmes – HONG KONG COMPETITION C...
byOECD Directorate for Financial and Enterprise Affairs
 
PDF
OECD cartel criminalisation-rosenberg-jun20
byOECD Directorate for Financial and Enterprise Affairs
 
PDF
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
byBrowne Jacobson LLP
 
PPTX
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
byDan Michaluk
 
PPTX
Cyber class action claims at an inflection point
byDan Michaluk
 
PPTX
Justin Chiarodo: Government Contracts & Insurance Issues: How Prepared is You...
byGovernment Technology and Services Coalition
 
Cybersecurity and the Law: Fasken Law Firm
byNext Dimension Inc.
 
Mass 201 CMR 17 Data Privacy Law
byguest8b10a3
 
Challenges and co-ordination of leniency programmes – HONG KONG COMPETITION C...
byOECD Directorate for Financial and Enterprise Affairs
 
OECD cartel criminalisation-rosenberg-jun20
byOECD Directorate for Financial and Enterprise Affairs
 
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
byBrowne Jacobson LLP
 
Cyber security for the regulator and regulated - Ontario Regulatory Authorit...
byDan Michaluk
 
Cyber class action claims at an inflection point
byDan Michaluk
 
Justin Chiarodo: Government Contracts & Insurance Issues: How Prepared is You...
byGovernment Technology and Services Coalition
 

What's hot

PPT
Presentation 4.2 Procurement and integrity pacts
byjohnabutterworth
 
PPTX
Protecting Fiduciaries: ERISA Insurance, Bonding, and More
byCarol Buckmann
 
PPTX
Legal vectors - Survey of Law, Regulation and Technology Risk
byWilliam Gamble
 
PDF
Implementing Anti Money Laundering and Fraud Rules in Banking
byTriVersa
 
PDF
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
byFinancial Poise
 
PPTX
The Role of Regulations in the Development of Digital Finance
byJohn Owens
 
PDF
Presentation: Cross-Border Anti-Corruption Programs
byethiXbase
 
PDF
Modern Slavery Supply Chain
byethiXbase
 
PDF
BC Cyber Select
byBrian Cushard
 
PDF
Cyber liability and the growing threat to emergency services
byVFIS
 
PPT
Insulating against insider fraud
byJoe Dahleen
 
PPTX
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
byGovernment Technology and Services Coalition
 
PPTX
Nelson&ward cyber presentation
byKatherineLobdell
 
PDF
Information Governance to Reduce Risk and Improve Compliance
byScott Swanson , CFE, CFCI
 
PDF
The Information Commissioner calls - what to expect and how to react, May 201...
byBrowne Jacobson LLP
 
PPTX
The pandemic and privacy
byDan Michaluk
 
PPTX
Charity Regulation Conference | NCVO
byNCVO - National Council for Voluntary Organisations
 
Presentation 4.2 Procurement and integrity pacts
byjohnabutterworth
 
Protecting Fiduciaries: ERISA Insurance, Bonding, and More
byCarol Buckmann
 
Legal vectors - Survey of Law, Regulation and Technology Risk
byWilliam Gamble
 
Implementing Anti Money Laundering and Fraud Rules in Banking
byTriVersa
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
byFinancial Poise
 
The Role of Regulations in the Development of Digital Finance
byJohn Owens
 
Presentation: Cross-Border Anti-Corruption Programs
byethiXbase
 
Modern Slavery Supply Chain
byethiXbase
 
BC Cyber Select
byBrian Cushard
 
Cyber liability and the growing threat to emergency services
byVFIS
 
Insulating against insider fraud
byJoe Dahleen
 
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
byGovernment Technology and Services Coalition
 
Nelson&ward cyber presentation
byKatherineLobdell
 
Information Governance to Reduce Risk and Improve Compliance
byScott Swanson , CFE, CFCI
 
The Information Commissioner calls - what to expect and how to react, May 201...
byBrowne Jacobson LLP
 
The pandemic and privacy
byDan Michaluk
 
Charity Regulation Conference | NCVO
byNCVO - National Council for Voluntary Organisations
 

Similar to Bis EO Cyber presentation

PDF
GDPR Cyber Insurance 11/1/2017
byisc2-hellenic
 
PPT
Statewide Insurance Brokers - Cyber Insurance 101
byStatewide Insurance Brokers
 
PDF
Experion Data Breach Response Excerpts
byPeter Henley
 
PPTX
Data Breach In The Hospitality Industry
byClarknuber
 
PDF
Cyber Insurance - What you need to know
byFitCEO, Inc. (FCI)
 
PDF
CyberSecurity Insurance - The Ugly Truth!
bytopseowebmaster
 
PPT
Cyber Risks
byRickWaldman
 
PPTX
Defensible cybersecurity-jan-25th-
byIT Strategy Group
 
PDF
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
byJames Fisher
 
PDF
Protecting Your Business From Cyber Risks
byThis account is closed
 
PPTX
Exeter - Cyber Security Breakfast Briefing
byPKF Francis Clark
 
PPTX
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
byDon Grauel
 
PDF
Using Real World Metrics to Calculate Today's Cost of a Data Breach
byTraceSecurity
 
PPTX
IT & Network Security Awareness
byThe Network Support Company
 
PDF
Network Security and Privacy Liability - Four Reasons Why You need This Cove...
byCBIZ, Inc.
 
PDF
Webinar: Don’t Be a Victim to Cyber Liability Risks
byKeenanSolutions
 
PDF
Rcs triumfant watchful_webinar_final
byPatrick Florer
 
PDF
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
byCitrin Cooperman
 
PDF
TechAssure Presentation PDF linkedin
byBrian D. Brown
 
PDF
84017
bySteven Browne
 
GDPR Cyber Insurance 11/1/2017
byisc2-hellenic
 
Statewide Insurance Brokers - Cyber Insurance 101
byStatewide Insurance Brokers
 
Experion Data Breach Response Excerpts
byPeter Henley
 
Data Breach In The Hospitality Industry
byClarknuber
 
Cyber Insurance - What you need to know
byFitCEO, Inc. (FCI)
 
CyberSecurity Insurance - The Ugly Truth!
bytopseowebmaster
 
Cyber Risks
byRickWaldman
 
Defensible cybersecurity-jan-25th-
byIT Strategy Group
 
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
byJames Fisher
 
Protecting Your Business From Cyber Risks
byThis account is closed
 
Exeter - Cyber Security Breakfast Briefing
byPKF Francis Clark
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
byDon Grauel
 
Using Real World Metrics to Calculate Today's Cost of a Data Breach
byTraceSecurity
 
IT & Network Security Awareness
byThe Network Support Company
 
Network Security and Privacy Liability - Four Reasons Why You need This Cove...
byCBIZ, Inc.
 
Webinar: Don’t Be a Victim to Cyber Liability Risks
byKeenanSolutions
 
Rcs triumfant watchful_webinar_final
byPatrick Florer
 
TRU Snacks Webinar Series - Navigating Cybersecurity Risk in the Age of COVID-19
byCitrin Cooperman
 
TechAssure Presentation PDF linkedin
byBrian D. Brown
 
84017
bySteven Browne
 

Recently uploaded

PDF
Where to Buy Verified Chime Accounts for Quick ....pdf
bykmn4gloa39pwajpujj
 
PDF
automatic-enrolment-review-2017-maintaining-the-momentum.PDF
byHenry Tapper
 
PDF
How to Buy Instagram accounts for professional brand ... (1).pdf
bykeb2bq5cegc6m2xa32ay
 
PDF
How to Buy Instagram accounts for professional brand ....pdf
bykeb2bq5cegc6m2xa32ay
 
DOCX
How to Buy Old Gmail Accounts Smartly_ 5 Easy Methods (2025) (1).docx
byusnewit shop
 
PDF
Mobile and Online Banking_ Open an Account Today.pdf
bykmn4gloa39pwajpujj
 
PDF
Buy Verified PayPal Accounts Search Intent Analysis for 2025–26.pdf
byUsaservicepoint
 
PDF
Juniper Research's Top 10 Trends for Fintech in 2026
byChris Skinner
 
PDF
Buy Twitter Accounts and Platforms account in 2026.,..pdf
byh3lfp4332e3gctbnm22w
 
PDF
Comprehensive consulting casebook from FMS Delhi (2023–24), covering framewor...
byAnshulchauhan866815
 
DOCX
Premium Aged Gmail Accounts – Instant Delivery.docx
byallsmmseo
 
PDF
How to Safely Buy Twitter Accounts A Complete Guide in ....pdf
byidc1w3adizw383go
 
PDF
How to Buy a USA Facebook Accounts Safely.pdf
byyl62ghphl9tyxn3q8lv5
 
PDF
How to Buy Twitter Accounts in 2026 (1).pdf
bywc0fr9qf43i5qo5kn3
 
PPTX
CMMI Consulting & Implementation Services.pptx
bySunil Yadav
 
PDF
How to buy Snapchat Accounts in usa first year 2026.pdf
bymdlaltukhan929
 
PDF
How to Buy Snapchat Accounts in 2026 first year .pdf
bywc0fr9qf43i5qo5kn3
 
PDF
Co-operative and Mutual Economy 2025.pdf
byHenry Tapper
 
PPTX
DeFi Passive Income: From definitions to practical examples
byAli Mohammad Saghiri
 
PDF
ASD SCO Introduction December 2025 (1).pdf
byHenry Tapper
 
Where to Buy Verified Chime Accounts for Quick ....pdf
bykmn4gloa39pwajpujj
 
automatic-enrolment-review-2017-maintaining-the-momentum.PDF
byHenry Tapper
 
How to Buy Instagram accounts for professional brand ... (1).pdf
bykeb2bq5cegc6m2xa32ay
 
How to Buy Instagram accounts for professional brand ....pdf
bykeb2bq5cegc6m2xa32ay
 
How to Buy Old Gmail Accounts Smartly_ 5 Easy Methods (2025) (1).docx
byusnewit shop
 
Mobile and Online Banking_ Open an Account Today.pdf
bykmn4gloa39pwajpujj
 
Buy Verified PayPal Accounts Search Intent Analysis for 2025–26.pdf
byUsaservicepoint
 
Juniper Research's Top 10 Trends for Fintech in 2026
byChris Skinner
 
Buy Twitter Accounts and Platforms account in 2026.,..pdf
byh3lfp4332e3gctbnm22w
 
Comprehensive consulting casebook from FMS Delhi (2023–24), covering framewor...
byAnshulchauhan866815
 
Premium Aged Gmail Accounts – Instant Delivery.docx
byallsmmseo
 
How to Safely Buy Twitter Accounts A Complete Guide in ....pdf
byidc1w3adizw383go
 
How to Buy a USA Facebook Accounts Safely.pdf
byyl62ghphl9tyxn3q8lv5
 
How to Buy Twitter Accounts in 2026 (1).pdf
bywc0fr9qf43i5qo5kn3
 
CMMI Consulting & Implementation Services.pptx
bySunil Yadav
 
How to buy Snapchat Accounts in usa first year 2026.pdf
bymdlaltukhan929
 
How to Buy Snapchat Accounts in 2026 first year .pdf
bywc0fr9qf43i5qo5kn3
 
Co-operative and Mutual Economy 2025.pdf
byHenry Tapper
 
DeFi Passive Income: From definitions to practical examples
byAli Mohammad Saghiri
 
ASD SCO Introduction December 2025 (1).pdf
byHenry Tapper
 

Bis EO Cyber presentation

  • 1.
    Insuring Data BreachRisk Errors and Omissions and Cyber Liability Insurance
  • 2.
  • 3.
    DATA BREACHES AREVERY COSTLY • In 2014 cost of an average breach for an organization in 2014 Ponemon study increased to $5.9 million! • In 2014 the average per- record cost of a data breach increased from $188 to $201.
  • 4.
    Why Do YouNeed E&O? • Your GL Policy specifically excludes data breaches • Effective May 1, 2014 CG 21 06 05 14 — excludes coverage, under Coverages A and B, for injury or damage arising out of any access to or disclosure of any person’s or organization’s confidential or personal information.
  • 5.
    Regulatory Demands • HIPAA,FTC, GLB, and PCI DSS 3.0 ▫ establishes responsibility for handling confidential information • Property limitation of liability in UCC 7-204 does not apply to services • Fines are just the tip of the iceberg ▫ Notification costs can be very high ▫ Lawsuits (example – patients sue covered entity who seeks to recover losses from you)
  • 6.
  • 7.
  • 8.
    Critical Coverage Elements •Privacy Wrongful Act • Notification & Credit Monitoring Expenses • Rogue Employee Protection • Crisis Management/Public Relations Expenses • Civil Fines & Penalties • Extortion • Bodily Injury • Hammer Clause • Limits/Sublimits
  • 9.
    Critical Coverage Elements •Available Claims Resources
  • 10.
    Claims: Perpetual Storage2008 • Breach Costs without a Breach • ~1.5M Patient Billing Records Potentially Involved • Notification & Credit Monitoring Costs • Public Relations Costs • Client Costs (Univ of Utah - estimated at $3.3M) • Legal Costs
  • 11.
    Claims: Recall 2007 •Vendor Outsourcing/General Liability Issues • ~500k Employee Potentially Involved • Notification & Credit Monitoring Costs • Public Relations Costs • Client Costs (IBM estimated at $6M) • Legal Costs
  • 12.
    Claims: GRM -2010 • Encryption and/or Employee Error Issue? • ~1.7M People Potentially Involved • Notification & Credit Monitoring Costs • Public Relations Costs • Client Costs (NYC HHC estimated at >$350M) • Legal Costs
  • 13.
    Claims: Iron Mountain- 2006 • Employee Error Issue • 17,000 People Potentially Involved • Notification & Credit Monitoring Costs • Public Relations Costs • Client Costs (Long Island Railroad) • Legal Costs
  • 14.
    How would abreach be handled under a cyber policy purchased through BIS? • Make sure you have breach response plan that includes insurance response info • Call data breach hotline • Activate incident response plan or DR/BCP • Confer with carrier’s breach response team • File incident data sheet with response team • Response team assists in drafting a breach notification letter • Law enforcement, regulators, client & management approve letter • Notification letter sent to impacted parties • Assistance provided in media relations and credit bureau notification if needed. • Response team handles calls from impacted individuals • Continued assistance with client claims, fines and litigation • *Note – this scenario assumes first-party and third-party coverage in the example provided.
  • 15.
    Final thoughts: Opsmitigation • Best mitigation strategy is to avoid risk exposure ▫ Require encryption wherever possible ▫ Train employees completely ▫ Ensure third-party vendors provide equal protection & contract assurance • Invest in adequate policies and processes like those advocated by PRISM Privacy Plus ▫ Contact Brightstone Consulting for assistance in crafting an information security policy, conducting a risk assessment, or training employees.
  • 16.
    For insurance assessmentor E&O quote information please contact Brian Jungeberg at Brightstone Insurance 440.260.1002 - bjungeberg@brightstoneins.com For assistance with Privacy Plus preparation, compliance- related issues or other operational mitigation contact Jim Booth at Brightstone Consulting 919.696.7754 - jbooth@brightstoneconsulting.com