Beazley Group | Beazley Breach Response

A data breach isn’t always a disasterMishandling it is.

Sheer carelessness Withvastamountsofdatastorableonsmallerandsmallerdevices,theriskofdatabreachesdueto theftorsheercarelessnessishuge.Between2005 and2016,portabledevicescarryingmorethan279millionpersonallyidentifiablerecordswerelostorstolen,accordingtothePrivacyRightsClearinghouse.

A world of risk

81%The percentage of Canadians who would choose to do business with a company specifically because it has a good reputation for privacy practices.1

69%The proportion of breaches attributable to malware or hacking since 20052

3.5bNumber of people in the world who are online (approximately 47% of the world’s population)3

1.378 million*

data records compromised in 2016source: www.breachlevelindex.com

1,792*

The number of data breaches that occurred globally in 2016 source: www.breachlevelindex.com

50%Nearly 50% of users open emails and click on phishing links within the first hour4

Notes1 www.priv.gc.ca2 www.privacyrights.orgasofDec31,20163 InternationalTelecommunicationUnion42015VerizonDataBreachInvestigationsReport

* Information collected from public sources only. Figure does not include

unreported data breach incidents.

Not if, but when.Any business handling customer data will, sooner or later, be confronted with the challenge of a data breach. It’s not a matter of “if” but “when”.

The incidence of data breaches is massive. According to a Lloyd’s June 2017 report, Closing the gap, Insuring your business against evolving cyber threats, the estimated global cost of cyber crime is $400b a year.

Tensofthousandsofbusinesseshavelearnedthehardwaythatthere’snosuchthingasperfectcybersecurity.

Andthestakesarehigh.Youholdpersonaldataontrustforyourcustomers.Iftheydon’tthinkyourbusiness canbetrusted,theveryfutureofyourcompanymay beatrisk.Adatabreachisnotalearningopportunity–youhavetoomuchtolosetoriskmishandlingit.

1 www.privacyrights.orgasofDecember31,2016

The case for focusing on responseManycompaniesfocusexclusivelyondatabreachprotection–andfailtopayattentiontowhathappenswhenthewallsarebreached.Firewalls,encryptionandotherdefencesgettheattention. ThewarisfoughtonITturf.Butthetrulydangeroustimeisafteryou’vebeenbreached.

Afterabreachyou’refightingtoprotectyourreputation.It’swhenyourcustomersbegintoleave.AstudyconductedbytheEconomistIntelligenceUnit in2013foundthatmorethanathirdofcustomers ofcompaniesthathadsufferedadatabreachnolongerdidbusinesswiththecompaniesinquestion“becauseofthebreach.”Thewayyoumanageadatabreachtomaintaincustomertrustiscritical.

Thatdoesn’tmeanyoushouldn’tprotectyoursystem;itdoesmeanyouneedplansforyourresponse. Andthegoodnewsisthatthere’sagreatdealyou cando.Cyber-attacksarebeyondyourcontrol;breachresponseissomethingyoucanplanfor.

Records breached1

Total

917m

Hacking or malware HackingormalwareElectronicentrybyanoutsideparty

69%

Unintended disclosure UnintendeddisclosureSensitiveinformationpostedpubliclyonawebsite,mishandledorsenttothewrongpartyviaemail,faxormail

4%

Portable device PortabledeviceLost,discardedorstolenlaptop,PDA,smartphone,portablememorydevice,CD,harddrive,datatape,etc

20%

Insider Someonewithlegitimateaccess intentionallybreachesinformation –suchasanemployeeorcontractor

5%

Stationary device Lost,discardedorstolenstationary electronicdevicesuchasacomputer orservernotdesignedformobility

1%

Payment card fraud Fraudinvolvingdebitandcreditcards thatisnotaccomplishedviahacking. Forexample,skimmingdevices

<1%

Unknown or other <1%

Physical loss Lost,discardedorstolennon-electronicrecords,suchaspaperdocuments

<1%

BBR Services – a dedicated team of experts Beazley is unique among insurers in having a dedicated business unit, BBR Services, that focuses exclusively on helping clients manage data breaches successfully.

Theriskofreputationaldamagefromamishandled breachishigh.OurBBRServicesteamfocuses onthecoordinationoftheexpertforensic,legal,notificationandcreditmonitoringservicesthatclientsneedtosatisfyalllegalrequirements andmaintaincustomerconfidence.

Our experienceIn managing a data breach, you want to make the calls. It’s your reputation that’s on the line. But it’s also smart to have a partner who’s been there before. Things happen too quickly; there’s too much to learn.

That’swhypeopleturntoBeazley.Wepioneeredtheconceptofdatabreachinsurancethatfocusesfirstandforemostonresponse.WecoordinatetheITexpertsandspecialisedlawyerstohelpyouestablishwhat’sbeencompromised;assessyourresponsibility;andnotifythoseyouhaveto.Inaddition,wecoordinatecreditoridentitymonitoringforyourcustomersandPRadvicetohelpyousafeguardyourreputation.Wealso,ofcourse,indemnifyyourlossesfromlawsuitsorregulatoryactions,theriskofwhichmaybereducedbyawell-coordinatedbreachresponsebutcanneverbecompletelyeliminated.Beazleyhasbeenattheforefrontofdefendingclientsinthedevelopingandevolvinglegalarenaoflitigationandregulatoryinvestigationsarisingfromdatabreaches. Beazleyinventedthiscomprehensiveapproach. Wedomoreofitthananybodyelse.Todatewe havehelpedmorethan7,000clientsmanagedatabreachesswiftlyandsuccessfully.Wecan’tguaranteeyourcybersecurity:noonecan.Butwecanputyou incontrolofyourresponse.

InMarch2012,datacartridgescontaining800,000socialsecurityrecordswerelost intransittoastoragedepot. Itwasbynomeansan isolatedincident.

Beazley Breach Response A comprehensive serviceBeazley Breach Response is a unique insurance, loss control and risk mitigation service that provides a comprehensive service to notify and protect the customers of policyholders that have suffered a data breach.

Coverage includes:• Response to breach events:

• Notificationservicesforuptofivemillionaffectedindividualsincludingforeignnotificationwhereapplicable

• Callcentreservices• Breachresolutionandmitigationservices• Publicrelationsandcrisis managementexpenses

• Thirdpartyliability,includingcoverageforregulatoryactionsandpaymentcardindustry(PCI)coverageforcreditcardbreaches

• Assistanceateverystageoftheinvestigationof,andresponseto,adatabreachincidentfromBeazley’sin-houseBBRServicesteam ofdataprivacyattorneysandtechnicalexperts

• Initialbreachinvestigationandconsulting:• Legalservices• Computerforensicservices

Thousandsofhospitalpatientsrequirenotificationafterpaperrecordscontainingpersonalfinancialdata–includingcreditcarddetails–arefoundblowingthroughafieldseveralmilesfromthehospital.

Beazley GroupPlantationPlaceSouth60GreatTowerStreetLondonEC3R5ADUnitedKingdomT+44(0)2076670623F+44(0)2076747100

Beazley Canada550-55UniversityAvenueToronto OntarioM5J2H7T(416)6012155F(416)6012166

310–1130SherbrookeStreetWestMontrealQuebecH3A2M8T(514)3504848F(514)3500843

1511–701WestGeorgiaStreetVancouverBritishColumbiaV7Y1C6T(778)3734432

Visitourwebsitewww.beazley.ca

Followustwitter.com/breachsolutions

Thedescriptionscontainedinthisbrochureareforpreliminaryinformationalpurposesanddoesnotconstituteaninsurancepolicy.ThecoveragesdescribedareunderwrittenbyunderwritersatLloyd’sofLondonissuedthroughBeazleyCanadaLimitedandmaybeunavailableorvarydependingonapplicablejurisdictionalrequirements.Theexactcoverageaffordedbytheproduct(s)describedinthisbrochurearesubjecttoandgovernedbythe termsandconditionsofeachpolicyas issued.Thepublicationanddisseminationof the informationcontainedherein isnot intendedasasolicitation, negotiation, offer or advice relative to thepurchaseof insuranceonanyCanadian risk, andmoreparticularly is not a solicitation,negotiation,offeroradviceforthesaleofinsuranceinNunavut,theYukonorNorthwestTerritories.

CBSL330_CA_01/18