This document summarizes a presentation on cyber risks in the energy industry. It discusses regulatory responses to cyber threats, examples of corporate cybersecurity policies from major energy companies, and key questions insurers have about how companies manage cyber risk. Recent cyberattack trends and litigation are also reviewed. The presentation covers technical vulnerabilities, preventative measures, and the growing legal and financial implications of data breaches for energy companies.
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
Companies are under increasing risks of breaches, theft of intellectual property and erosion of customer trust. CIOs and CISOs need to be able to explain to executive management what's being done to shore up their company's security strategy and defenses.
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
In response to the rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of today’s cyber threats and how they might adversely affect their business. However, most executives are nonetheless limited in their knowledge of security and do not know what to ask their security teams.
It is therefore up to security professionals to help their executives become more cyber security literate and thereby assist in framing security considerations as an integral part of any risk/opportunity discussion, as well as a wider enterprise risk management strategy.
Acknowledging this responsibility on the part of information security personnel, Tripwire has asked a number of prominent experts in the field how security teams can improve their executives’ cyber security literacy.
Convince your board - cyber attack prevention is better than cureDave James
The business case for cyber attack prevention for organisations concerned about the rise in cyber crime and the risk to their data. Includes cyber security tips and resources.
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
The New York State Department of Financial Services has been closely monitoring this ever-growing threat and has proposed regulations that would require financial services companies to adopt a cybersecurity program to protect their customers, employees, data and operations. Its proposed changes are expected to take effect on March 1, 2017. Financial services companies would have until Feb. 15, 2018, to submit a certificate of compliance with the program. Components of New York's proposed cybersecurity program are outlined in this article.
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
Companies are under increasing risks of breaches, theft of intellectual property and erosion of customer trust. CIOs and CISOs need to be able to explain to executive management what's being done to shore up their company's security strategy and defenses.
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
In response to the rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of today’s cyber threats and how they might adversely affect their business. However, most executives are nonetheless limited in their knowledge of security and do not know what to ask their security teams.
It is therefore up to security professionals to help their executives become more cyber security literate and thereby assist in framing security considerations as an integral part of any risk/opportunity discussion, as well as a wider enterprise risk management strategy.
Acknowledging this responsibility on the part of information security personnel, Tripwire has asked a number of prominent experts in the field how security teams can improve their executives’ cyber security literacy.
Convince your board - cyber attack prevention is better than cureDave James
The business case for cyber attack prevention for organisations concerned about the rise in cyber crime and the risk to their data. Includes cyber security tips and resources.
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
The New York State Department of Financial Services has been closely monitoring this ever-growing threat and has proposed regulations that would require financial services companies to adopt a cybersecurity program to protect their customers, employees, data and operations. Its proposed changes are expected to take effect on March 1, 2017. Financial services companies would have until Feb. 15, 2018, to submit a certificate of compliance with the program. Components of New York's proposed cybersecurity program are outlined in this article.
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
This paper discusses the emerging issue of Board of Directors Governance and Cybersecurity. Originally presented to the Boards of Directors of the IRC http://www.isorto.org/Pages/Home in May 2014. The paper is in a continuous improvement mode ultimately targeting being a resource for Boards of Directors in the energy (electricity and natural gas) industry. Suggested updates and improvements are welcome at PaulFeldman@Gmail.com The current copy is always at http://www.EnergyCollection.us/456.pdf
Sans 20 CSC: Connecting Security to the Business MissionTripwire
You know the old break-up line, “it’s not you, it’s me….”? As a CISO, what if when you get your few minutes to discuss security with the C-suite, board of directors or mission leadership, it really turns out to be you not them who failed in the communication?
Lack of success in communicating with your C-suite could lead to a breakup sooner or later. I’ve had hundreds of conversations with and about CISOs communicating – - on topics ranging from security breach information, status, performance metrics, risk, visualizations, or overall security posture with their executive leadership.
And largely, it turns out to be no surprise that communicating security information is incredibly difficult, especially with non-technical, disinterested, or time-constrained C-suite executives.
Success with SANS
The initial UMASS Security Program was based on the ISO/IEC 27002 controls framework, then starting in 2011, the SANS 20 CSC were added. Today’s program includes both. The ISO controls focus on program management, compliance and process from an IT auditor’s perspective, while the SANS controls focus on technology means they are better aligned with IT operations.
Prior to 2011, Wilson was having difficulty communicating with executive management (CIOs and others) – it was difficult to translate the purchase and implementation issues surrounding firewalls, anti-virus, and vulnerability scanning into easily familiar business terms and concepts relevant to management and process.
However, when he ditched trying to explain the ISO/IEC 27002 security controls framework in favor of using the SANS 20 CSC, he was able to communicate much more effectively with his C-suite for the first time in a way they could absorb and support.
In addition, he and his team have been able to map out a measurable and actionable security program based on SANS that he regularly succeeds in communicating to his executive team.
This paper introduces the concept of Supply Chain Risk
Management. It identifies various risks and explains the process of managing these risks. With technology in place, automation of some of the processes brings down the risks involved. Sadly, many companies are not adequately automated to address these issues. The paper also highlights how information technology can be adopted in certain areas in supply chain to ensure visibility and reduce risk occurrence.
This deck aims to layout a feasible groundwork for companies that have experienced cyber attacks. In this deck, we used an insurance company known as InsureGlobal for our analysis on the possible cyber-security response framework.
Learn from the experts! Tune into this webinar to hear Doug Copley, Deputy CISO/Security & Privacy Strategist for Forcepoint, talk about What It Takes to be a CISO in 2017: expectations, challenges, partnerships, the roadmap,critical activities and more.
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemEric Vanderburg
Malware is an ailment many companies suffer from but the prescription for protection is simpler than you think. In this presentation, Vanderburg and Salamakha apply the five rights for avoiding drug errors to the malware problem at the Advanced Persistent Threats Summit.
1) Right client – Authentication
2) Right route – Gaps and strategies
3) Right drug – Security controls
4) Right dose – Security/business balance
5) Right time – Staying up to date.
Stay healthy, stay safe.
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
Fredrik Forslund, Director of Cloud & Data Center Erasure Solutions at Blancco Technology Group explores cloud storage compliance challenges and solutions with seasoned security and compliance experts, Giulio Coraggio, Partner at DLA Piper, and Eric Vanderburg, Director of Information Systems & Security at Jurinnov LLC.
What You’ll Learn:
Common pain points associated with storing, managing and protecting data in the private cloud
Key scenarios when cloud security may be compromised
Regulatory requirements that must be met whenever data is stored in the cloud
Best practices to minimize data security risks and regulatory compliance violations
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
This paper discusses the emerging issue of Board of Directors Governance and Cybersecurity. Originally presented to the Boards of Directors of the IRC http://www.isorto.org/Pages/Home in May 2014. The paper is in a continuous improvement mode ultimately targeting being a resource for Boards of Directors in the energy (electricity and natural gas) industry. Suggested updates and improvements are welcome at PaulFeldman@Gmail.com The current copy is always at http://www.EnergyCollection.us/456.pdf
Sans 20 CSC: Connecting Security to the Business MissionTripwire
You know the old break-up line, “it’s not you, it’s me….”? As a CISO, what if when you get your few minutes to discuss security with the C-suite, board of directors or mission leadership, it really turns out to be you not them who failed in the communication?
Lack of success in communicating with your C-suite could lead to a breakup sooner or later. I’ve had hundreds of conversations with and about CISOs communicating – - on topics ranging from security breach information, status, performance metrics, risk, visualizations, or overall security posture with their executive leadership.
And largely, it turns out to be no surprise that communicating security information is incredibly difficult, especially with non-technical, disinterested, or time-constrained C-suite executives.
Success with SANS
The initial UMASS Security Program was based on the ISO/IEC 27002 controls framework, then starting in 2011, the SANS 20 CSC were added. Today’s program includes both. The ISO controls focus on program management, compliance and process from an IT auditor’s perspective, while the SANS controls focus on technology means they are better aligned with IT operations.
Prior to 2011, Wilson was having difficulty communicating with executive management (CIOs and others) – it was difficult to translate the purchase and implementation issues surrounding firewalls, anti-virus, and vulnerability scanning into easily familiar business terms and concepts relevant to management and process.
However, when he ditched trying to explain the ISO/IEC 27002 security controls framework in favor of using the SANS 20 CSC, he was able to communicate much more effectively with his C-suite for the first time in a way they could absorb and support.
In addition, he and his team have been able to map out a measurable and actionable security program based on SANS that he regularly succeeds in communicating to his executive team.
This paper introduces the concept of Supply Chain Risk
Management. It identifies various risks and explains the process of managing these risks. With technology in place, automation of some of the processes brings down the risks involved. Sadly, many companies are not adequately automated to address these issues. The paper also highlights how information technology can be adopted in certain areas in supply chain to ensure visibility and reduce risk occurrence.
This deck aims to layout a feasible groundwork for companies that have experienced cyber attacks. In this deck, we used an insurance company known as InsureGlobal for our analysis on the possible cyber-security response framework.
Learn from the experts! Tune into this webinar to hear Doug Copley, Deputy CISO/Security & Privacy Strategist for Forcepoint, talk about What It Takes to be a CISO in 2017: expectations, challenges, partnerships, the roadmap,critical activities and more.
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemEric Vanderburg
Malware is an ailment many companies suffer from but the prescription for protection is simpler than you think. In this presentation, Vanderburg and Salamakha apply the five rights for avoiding drug errors to the malware problem at the Advanced Persistent Threats Summit.
1) Right client – Authentication
2) Right route – Gaps and strategies
3) Right drug – Security controls
4) Right dose – Security/business balance
5) Right time – Staying up to date.
Stay healthy, stay safe.
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
Fredrik Forslund, Director of Cloud & Data Center Erasure Solutions at Blancco Technology Group explores cloud storage compliance challenges and solutions with seasoned security and compliance experts, Giulio Coraggio, Partner at DLA Piper, and Eric Vanderburg, Director of Information Systems & Security at Jurinnov LLC.
What You’ll Learn:
Common pain points associated with storing, managing and protecting data in the private cloud
Key scenarios when cloud security may be compromised
Regulatory requirements that must be met whenever data is stored in the cloud
Best practices to minimize data security risks and regulatory compliance violations
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftOSIsoft, LLC
As the need for facility equipment and asset data grows, serious cybersecurity risk are revealed, including inadequate security architecture, lack of process and controls the use of contractors and vendors. We need to be able to to identify risks and develop mitigation strategy. This presentation will provide insights, answers and tips. It will identify the value of IT/OT integration in solving facilities cybersecurity threats.
Cybersecurity mitigation strategies webinar AIG ecoDa FERMA 24 March 2016FERMA
PART II – Cyber Security: the mitigation strategies – how to identify, assess and mitigate cyber risks
The Risk Manager must be responsible, as for others risks, for the quantification aspect of cyber security. It is a necessary step towards understanding and managing the exposure of the company. He/she should act as a facilitator between the Board and the operational department (IT, Finance, Legal and other functions).
A key subject to unlock the cyber insurance development and to support the economic growth the Digital world is bringing to Europe.
Companies involved in the maritime industry have experienced the possibilities and efficiencies technology provides in an increasingly digitised, interconnected world. With that opportunity comes challenge, in the form of cyber risk.
2015 Energy Industry Cybersecurity Research UpdateGridCyberSec
ScottMadden, Inc., one of North America’s leading energy consulting firms, has released a report on cybersecurity within the energy sector. This new report helps utilities understand how their cybersecurity practices and perceptions compare to those of industry peers. It is a resource for utility executives evaluating their cybersecurity capabilities. Additional industry cybersecurity information can be found on ScottMadden’s sponsored website: GridCyberSec.com.
Secrets to managing your Duty of Care in an ever- changing world.
How well do you know your risks?
Are you keeping up with your responsibilities to provide Duty of Care?
How well are you prioritising Cybersecurity initiatives?
Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives.
Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello.
The seminar will cover:
• Fiduciary responsibility
• How to efficiently deal with personal liability and the threat of court action
• The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making
• How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action
Business Law Training: Market Turmoil in D&O Insurance and Is Your Company Pr...Quarles & Brady
This lively discussion focused on the market turmoil in the current public and private D&O markets. Additionally, the professionals explained the scope of Cyber Insurance for tradition exposures, operational risk and regulatory compliance.
Decades of mergers and acquisitions have taken their toll on security maturity, making it inconsistent. Read how you can achieve cyber resilience in soncumer goods and services.
Decades of mergers and acquisitions have taken their toll on security maturity, making it inconsistent. Read how you can achieve cyber resilience in soncumer goods and services.
Cyber risk has become a leading issue for many organisations as awareness of cloud computing, social media, corporate Bring Your Own Device (BYOD) policies and big data has grown, especially in light of the recent malicious cyber attacks experienced by companies across the European Union (EU). In an increasingly punitive legal and regulatory environment, and in the face of more frequent contractual insurance requirements specifying cyber liability, forward-thinking companies are taking proactive steps to explore and transfer cyber risk.
This course discusses professional tips/tricks to leverage LinkedIn for prospecting, top of sales funnel activities, building relationships, branding/marketing, and closing new business.
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptxanvithaav
These slides helps the student of international law to understand what is the nature of international law? and how international law was originated and developed?.
The slides was well structured along with the highlighted points for better understanding .
A "File Trademark" is a legal term referring to the registration of a unique symbol, logo, or name used to identify and distinguish products or services. This process provides legal protection, granting exclusive rights to the trademark owner, and helps prevent unauthorized use by competitors.
Visit Now: https://www.tumblr.com/trademark-quick/751620857551634432/ensure-legal-protection-file-your-trademark-with?source=share
In 2020, the Ministry of Home Affairs established a committee led by Prof. (Dr.) Ranbir Singh, former Vice Chancellor of National Law University (NLU), Delhi. This committee was tasked with reviewing the three codes of criminal law. The primary objective of the committee was to propose comprehensive reforms to the country’s criminal laws in a manner that is both principled and effective.
The committee’s focus was on ensuring the safety and security of individuals, communities, and the nation as a whole. Throughout its deliberations, the committee aimed to uphold constitutional values such as justice, dignity, and the intrinsic value of each individual. Their goal was to recommend amendments to the criminal laws that align with these values and priorities.
Subsequently, in February, the committee successfully submitted its recommendations regarding amendments to the criminal law. These recommendations are intended to serve as a foundation for enhancing the current legal framework, promoting safety and security, and upholding the constitutional principles of justice, dignity, and the inherent worth of every individual.
Responsibilities of the office bearers while registering multi-state cooperat...Finlaw Consultancy Pvt Ltd
Introduction-
The process of register multi-state cooperative society in India is governed by the Multi-State Co-operative Societies Act, 2002. This process requires the office bearers to undertake several crucial responsibilities to ensure compliance with legal and regulatory frameworks. The key office bearers typically include the President, Secretary, and Treasurer, along with other elected members of the managing committee. Their responsibilities encompass administrative, legal, and financial duties essential for the successful registration and operation of the society.
Car Accident Injury Do I Have a Case....Knowyourright
Every year, thousands of Minnesotans are injured in car accidents. These injuries can be severe – even life-changing. Under Minnesota law, you can pursue compensation through a personal injury lawsuit.
How to Obtain Permanent Residency in the NetherlandsBridgeWest.eu
You can rely on our assistance if you are ready to apply for permanent residency. Find out more at: https://immigration-netherlands.com/obtain-a-permanent-residence-permit-in-the-netherlands/.
WINDING UP of COMPANY, Modes of DissolutionKHURRAMWALI
Winding up, also known as liquidation, refers to the legal and financial process of dissolving a company. It involves ceasing operations, selling assets, settling debts, and ultimately removing the company from the official business registry.
Here's a breakdown of the key aspects of winding up:
Reasons for Winding Up:
Insolvency: This is the most common reason, where the company cannot pay its debts. Creditors may initiate a compulsory winding up to recover their dues.
Voluntary Closure: The owners may decide to close the company due to reasons like reaching business goals, facing losses, or merging with another company.
Deadlock: If shareholders or directors cannot agree on how to run the company, a court may order a winding up.
Types of Winding Up:
Voluntary Winding Up: This is initiated by the company's shareholders through a resolution passed by a majority vote. There are two main types:
Members' Voluntary Winding Up: The company is solvent (has enough assets to pay off its debts) and shareholders will receive any remaining assets after debts are settled.
Creditors' Voluntary Winding Up: The company is insolvent and creditors will be prioritized in receiving payment from the sale of assets.
Compulsory Winding Up: This is initiated by a court order, typically at the request of creditors, government agencies, or even by the company itself if it's insolvent.
Process of Winding Up:
Appointment of Liquidator: A qualified professional is appointed to oversee the winding-up process. They are responsible for selling assets, paying off debts, and distributing any remaining funds.
Cease Trading: The company stops its regular business operations.
Notification of Creditors: Creditors are informed about the winding up and invited to submit their claims.
Sale of Assets: The company's assets are sold to generate cash to pay off creditors.
Payment of Debts: Creditors are paid according to a set order of priority, with secured creditors receiving payment before unsecured creditors.
Distribution to Shareholders: If there are any remaining funds after all debts are settled, they are distributed to shareholders according to their ownership stake.
Dissolution: Once all claims are settled and distributions made, the company is officially dissolved and removed from the business register.
Impact of Winding Up:
Employees: Employees will likely lose their jobs during the winding-up process.
Creditors: Creditors may not recover their debts in full, especially if the company is insolvent.
Shareholders: Shareholders may not receive any payout if the company's debts exceed its assets.
Winding up is a complex legal and financial process that can have significant consequences for all parties involved. It's important to seek professional legal and financial advice when considering winding up a company.
Military Commissions details LtCol Thomas Jasper as Detailed Defense CounselThomas (Tom) Jasper
Military Commissions Trial Judiciary, Guantanamo Bay, Cuba. Notice of the Chief Defense Counsel's detailing of LtCol Thomas F. Jasper, Jr. USMC, as Detailed Defense Counsel for Abd Al Hadi Al-Iraqi on 6 August 2014 in the case of United States v. Hadi al Iraqi (10026)
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Cyber Risk in the Energy Industry
1. Cyber Risks in the
Energy Industry
Presented By:
Lori Nugent, Shareholder
Greenberg Traurig
Jerry Bessette, Associate Director
Navigant Consulting
Tim Christ, VP
Cogent Analytics
#IRMI2018
2. Outline
• Brief overview of Historical and Current Situation
• Regulatory Responses to date
• Corporate Responses to date
• Key Insurer Questions
• Recent Highlights in Investigation
• Recent Case Law/Litigation Trends
• What’s Next?
#IRMI2018
8. Regulations
• National Institute of Standards and Technology (NIST) Framework for
Improving Critical Infrastructure Cybersecurity
• US Department of Energy
• NERC CIP standards
• North American Energy Standards Board (NAESB)
• International Atomic Energy Agency (IAEA)
• World Nuclear Association (WNA)
• World Institute for Nuclear Security
#IRMI2018
9. Royal Dutch/Shell
• Our IT systems are increasingly concentrated in terms of geography, number of systems, and key contractors supporting
the delivery of IT services. Shell, like many other multinational companies, is the target of attempts to gain unauthorized
access to our IT systems and our data through various channels, including more sophisticated and coordinated attempts
often referred to as advanced persistent threats. Timely detection is becoming increasingly complex but we seek to detect
and investigate all such security incidents, aiming to prevent their reoccurrence. Disruption of critical IT services, or
breaches of information security, could harm our reputation and have a material adverse effect on our earnings, cash
flows and financial condition.
• Data protection laws apply to Shell and its joint ventures and associates in the vast majority of countries in which we do
business. Over 100 countries have data protection laws and regulations. Additionally, the EU General Data Protection
Regulation, which will be applicable from May 2018, increases penalties up to a maximum of 4% of global annual turnover
for breach of the regulation. Non-compliance with data protection laws could expose us to regulatory investigations, which
could result in fines and penalties. Regulators may also issue orders to stop processing personal data in addition to
imposing fines, which could disrupt operations. We could also be subject to litigation from persons or corporations
allegedly affected by data protection violations. Violation of data protection laws is a criminal offence in some countries,
and individuals can be imprisoned or fined. Any violation of these laws or harm to our reputation could have a material
adverse effect on our earnings, cash flows and financial condition.
• Our insurance subsidiaries provide hazard insurance coverage to other Shell entities and only reinsure a portion of their
risk exposures. Such reinsurance would not provide any material coverage in the event of a large-scale safety and
environmental incident. Similarly, in the event of a material safety and environmental incident, there would be no material
proceeds available from third-party insurance companies to meet our obligations. Therefore, we may incur significant
losses from different types of risks that are not covered by insurance from third-party insurers, potentially resulting in a
material adverse effect on our earnings, cash flows and financial condition.
#IRMI2018
10. Royal Dutch/Shell
SELF-INSURANCE
• Shell mainly relies on self-insurance for many of its risk exposures and capital is set aside
to meet self-insurance obligations (see “Risk factors” on page 15). We seek to ensure
that the capital held to support the self-insurance obligations is at a level at least
equivalent to what would be held in the third-party insurance market. Periodically,
surveys of key assets are undertaken that provide riskengineering knowledge and best
practices to Shell subsidiaries with the aim to reduce their exposure to hazard risks.
Actions identified during these surveys are monitored to completion.
INFORMATION TECHNOLOGY
• Given our reliance on information technology systems for our operations, we
continuously monitor external developments and share information on threats and
security incidents. Shell employees and contract staff are subject to mandatory courses
and regular awareness campaigns, aimed at protecting us against cyber threats. We
periodically review and adapt our disaster recovery plans and security response
processes, and seek to enhance our security monitoring capability. See “Risk factors” on
page 12.
#IRMI2018
11. Valero
• A significant interruption related to our information technology
systems could adversely affect our business.
• Our information technology systems and network infrastructure may
be subject to unauthorized access or attack, which could result in a
loss of sensitive business information, systems interruption, or the
disruption of our business operations. There can be no assurance that
our infrastructure protection technologies and disaster recovery plans
can prevent a technology systems breach or systems failure, which
could have a material adverse effect on our financial position or
results of operations.
#IRMI2018
14. Key Questions for Insurers
• Is an independent party reviewing, minimum annually, the effectiveness of
the technical and organizational security controls and related processes?
• Does the company have an overview of the critical information? Is the
information adequately protected from end-to-end?
• Does the company have organizational and technical controls in place to
detect, respond, and react to a cyber-attack promptly, including cross-
functional incident response structures and processes?
• Does the company have regular security awareness activities and training
to make employees aware of cyber risks and how to protect critical
information?
• Does the company have a governance structure in place that ensures the
security controls are regularly assessed against the rapidly changing threat
environment, and that the controls are adapted accordingly?
#IRMI2018
16. Technical Investigator’s Perspective
#IRMI2018
Attack Vectors
• Phishing, Metasploit, WannaCry, Cloud Services, RDPs
Vulnerabilities
• Patching, SCADA Systems, Information Control Systems, Internet of Things
Preventive Measures
• Assessments
• Plans, Policies, and Procedures
• Exercise
17. Legal Perspective
#IRMI2018
Tipping Point
• Regulation and Litigation
Responding Well Matters
• Reputation, Perception of Decision Makers, Recovery
Are You Prepared Financially?
• $225/Record, $7.35 Million/Breach, Your Maximum Probable Loss = ?
What are Your Proof Points?
• Negligence, Fraud, Unfair Trade Practices, Breach of D&O Duties