webinar: don’t be a victim to cyber liability risks
TRANSCRIPT
![Page 1: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/1.jpg)
License No. 045127
Thank you for joining us. We have a great many participants in today’s call. Your phone is currently muted so that the noise level can be kept to a minimum. If you have not yet joined the audio portion of this webinar, please click on Communicate at the top of your screen, and then Join Teleconference. The dial-in information will appear. If you have any questions, you can send them to the host using the Chat feature in the bottom right corner during the webinar. The webinar will start momentarily. © 2014 Keenan & Associates
Don’t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks
![Page 2: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/2.jpg)
License No. 045127 License No. 045127
Protecting Your Organization From Data Breach and Privacy Risks
2
Brad Keenan Cyber Specialist Keenan
Kyle McKibbin Cyber Specialist Keenan
Presented by:
![Page 3: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/3.jpg)
License No. 045127
Cyber Summary
• Cyber Risk and Data Breaches – Overview – Where are the exposures? – How much of a financial impact do they have?
• Data breach examples • Cyber Risk Management
– Risk retention – Risk control – Risk transfer
3
![Page 4: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/4.jpg)
License No. 045127
Myths about Cyber Security
• ALL Cyber Breaches are Preventable • “The IT Team is on top of it” • Cyber Theft/Data Breach is about credit cards • Big Corporate Companies are most at-risk • External hackers are the biggest security risk
4
![Page 5: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/5.jpg)
License No. 045127 5
![Page 6: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/6.jpg)
License No. 045127
40 Million Individuals; $148 Million Loss 24 States; 51 Stores
$4.8 Million HIPAA Fine
350,000 credit cards; $4.1 Million Loss
National Headlines
6
56 million credit cards; Unknown Loss
![Page 7: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/7.jpg)
License No. 045127 7
![Page 8: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/8.jpg)
License No. 045127
School Districts
8
![Page 9: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/9.jpg)
License No. 045127
Healthcare Organizations
9
![Page 10: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/10.jpg)
License No. 045127
Municipalities
10
![Page 11: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/11.jpg)
License No. 045127 11
![Page 12: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/12.jpg)
License No. 045127
Data Breach
A data breach is an incident in which sensitive,
protected or confidential data has potentially been
viewed, stolen or used by an individual unauthorized
to do so
12
![Page 13: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/13.jpg)
License No. 045127
Important Records
• Student records • Employee records • Credit card information • Financial aid records • Job applicant records • Tax ID information
• Utility payment records • Citation payment records • Patient records • Health plan records and
ID numbers
13
![Page 14: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/14.jpg)
License No. 045127
Exposures
INTERNAL • Lost or stolen laptops,
computers, flash drives or other storage devices
• Backup tapes misplaced or lost in transit
• Rogue employees • Inadequate computer-use
policies • Weak IT Infrastructure • Employee Negligence
EXTERNAL • IT consultants/vendors • Internet and network access
points • Sale, donation or disposal of
old office equipment (desks, file cabinets, copiers) that contain employee records
• Viruses or Malware • “Dumpster diving”
14
![Page 15: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/15.jpg)
License No. 045127
Why are Organizations at Risk
• Resource Size – Less sophisticated safeguards – Less dedicated manpower may lead to delayed or no detection – Less resources to use to recover vs. big business
• Ability to React – Detect/report a breach – Notify/assist affected individuals – Reimburse individuals for actual losses
15
![Page 16: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/16.jpg)
License No. 045127
Regulation & Notification Laws
• Federal guidelines – HIPAA – Payment Card Industry Data Security Standard (PCI-DSS) – Drivers Privacy Protection Act (DPPA)
• Notification and consumer protection laws vary from state as to who must be notified and the manner of notification
• 47 states (including California) and D.C. have separate breach
laws in place as of 2/6/12 – AB 1149 (effective January 1, 2014) – SB 46 (effective January 1, 2014)
16
![Page 17: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/17.jpg)
License No. 045127
Media Management
17
Response to a Breach
![Page 18: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/18.jpg)
License No. 045127
Per Person Cost of a Breach
18
$316 $286
$259 $237 $236
$223 $219
$209 $204
$196 $183 $181
$172 $125
$93 $73
$0 $50 $100 $150 $200 $250 $300 $350
Healthcare Transportation
Education Energy
Financial Services
Communications Pharmaceutical
Industrial Consumer
Media Technology
Public Retail
Hospitality Research
According to 2014 Ponemon Institute Study
![Page 19: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/19.jpg)
License No. 045127
Real Life Example #1
• Healthcare industry • Children’s health system • 1.6 million patients and employees effected • Lost three unencrypted computer backup tapes
during a building remodeling project – Patient billing – Employee payroll
• $316 x 1.6M = Could you absorb this loss?
19
![Page 20: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/20.jpg)
License No. 045127
• Local Community College
• Confidential records for 35,212 students were mistakenly emailed to an unknown account
• The employee used a personal
email account to send the data to the researcher’s personal email address because the data file was too large to go through the district’s secure, encrypted email server
• The incident is costing about
$290,000
20
Real Life Example #2
![Page 21: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/21.jpg)
License No. 045127
Real Life Example #3
• Southern California City • CalPERS payment document was accidentally
posted to the Water District’s website • Document contained personal information,
including names and SSNs • Information of employees and former employees
who were enrolled in CalPERS during July 1986-October 2011
21
![Page 22: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/22.jpg)
License No. 045127
Risk Management Strategies
Risk Transfer • Cyber Liability Insurance (Data Breach/Privacy)
– A risk management option that reduces the out-of-pocket cost related to data breaches
• Vendor Management – Cloud/Data management provider – Data is held by a 3rd party vendor
22
![Page 23: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/23.jpg)
License No. 045127
Cyber Liability: First-Party Coverage
Loss of Data – Costs for repair and restoration of computer programs and electronic data
Cyber Extortion – Covers extortion threats to commit an intentional computer attack against the
insured
Crisis Management – Costs for hiring a public relations firm to mitigate negative publicity – Security experts to come in and assess the scope of the breach and determine a
plan of action – Costs to comply with multiple state breach notice laws
Notification requirements Credit monitoring for detecting fraud
23
![Page 24: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/24.jpg)
License No. 045127
Cyber Liability: Third-Party Coverage
Network and Information Security Liability – To defend and indemnify claims for breach of security and access
to protected information
Regulatory Defense Expenses – Defense costs and claims expenses involved with the regulatory
action taken against you resulting from a data breach.
24
![Page 25: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/25.jpg)
License No. 045127
Policy Benefits
Loss Prevention Services
• In-depth knowledge of the risk and specific exposures
• Training and compliance solutions • IT Security Assessment services • Consultations • Proactive computer security services
25
![Page 26: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/26.jpg)
License No. 045127
3rd Party Contractual Language
1) Seek defense/indemnity for breach of information security
2) Seek proof of insurance and adequate limits, perhaps even contract specific limits
3) Beware of limitation of liability provisions, limiting to amount of the contract
26
![Page 27: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/27.jpg)
License No. 045127
Risk Management Strategy
• Risk retention
27
![Page 28: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/28.jpg)
License No. 045127
Risk Management Strategy
Risk Control • Insider misuse • Physical theft/loss • Miscellaneous errors
28
![Page 29: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/29.jpg)
License No. 045127 29
![Page 30: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/30.jpg)
License No. 045127
Protect Your Organization
• Privacy/Breach Mitigation Program: – network authentication – credit card security – data back-up – complex passwords & physical security controls – encrypted laptops/access – file purging
• Assess your exposures, including employees, students, parents/guardians, volunteers, vendors, contractors, residents, customers, and patients
• Evaluate your potential costs and liabilities in connection with a breach – Identify and track the life cycle of information in your organization
30
![Page 31: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/31.jpg)
License No. 045127 31
Questions? Disclaimer – Keenan & Associates is an insurance brokerage and consulting firm. It is not a law firm or an accounting firm. We do not give legal advice or tax advice and neither this presentation, the answers provided during the Question and Answer period, nor the documents accompanying this presentation constitutes or should be construed as legal or tax advice. You are advised to follow up with your own legal counsel and/or tax advisor to discuss how this information affects you.
31
![Page 32: Webinar: Don’t Be a Victim to Cyber Liability Risks](https://reader033.vdocument.in/reader033/viewer/2022042817/55a624751a28ab073c8b467b/html5/thumbnails/32.jpg)
License No. 045127
Innovative Solutions. Enduring Principles.
32
Thank you for your participation!