beazley breach response select
play

Beazley Breach Response Select p g Making the connection on data - PDF document

Nov 28, 2023 •266 likes •533 views

1 Making the connection on data breach complexities Beazley Breach Response Select p g Making the connection on data breach complexities P Presented by d b Jeffrey Norton underwriter Jeffrey Norton, underwriter, Beazley US Private

  1. 1 Making the connection on data breach complexities Beazley Breach Response Select p g

  2. Making the connection on data breach complexities P Presented by d b Jeffrey Norton underwriter Jeffrey Norton, underwriter, Beazley US Private Enterprise Technology, Media & Business Services team jeffrey.norton@beazley.com jeffrey.norton@beazley.com Marcello Antonucci, claims manager, Beazley US Technology, Media & Business Services team Business Services team marcello.antonucci@beazley.com 2

  3. Making the connection on data breach complexities Making the connection on data breach complexities • Data breach exposures • Data breach exposures • Data breach costs for small businesses • Claims scenarios for small businesses • Coverage misconceptions Coverage misconceptions • Beazley Breach Response Select 3

  4. Making the connection on data breach complexities Data breaches are a big concern for small businesses… • The U.S. Chamber of Commerce estimates that Th U S Ch b f C ti t th t employee theft costs American employers more than $50 billion dollars each year, and one third of all small business failures can be attributed to employee dishonesty... • Based on estimates, cybercriminals steal as much as US$1 billion a year from SMBs in the United States and Europe alone. Source: TrendMicro • Verizon’s 2011 data breach report of 759 occurrences conducted in collaboration with the US Secret Service shows 63 percent of last year’s breaches involved organizations with less than 100 employees less than 100 employees. 4

  5. Focus has shifted to small businesses since they are easier targets for cyber they are easier targets for cyber criminals... 5

  6. Making the connection on data breach complexities Making the connection on data breach complexities Most small business owners and their employees still lack understanding on the inherent risks and how best to protect their risks and how best to protect their data - and business. 6

  7. Making the connection on data breach complexities Making the connection on data breach complexities Response costs add up for a com pany w ith lim ited cash flow Costs for a small business can be as much as that faced by a larger company: o Small businesses typically have less internal resources and expertise to handle a o Small businesses typically have less internal resources and expertise to handle a breach response, so they are more likely to have to pay outside experts such as attorneys, consultants, crisis management and public relations professionals to assist. • Complexity of the business will drive costs for legal and forensics p y g • Response costs alone: Hiring a forensics expert to determine the size and scope of a breach -- can range from $ 1 0 ,0 0 0 to $ 1 0 0 ,0 0 0 - whatever size the business. • Once notifications go out – public relations/ damage control is critical to reputation! • The lion's share of response costs comes from the duty to notify those whose data has been breached or potentially breached -an estimated $ 2 0 0 ,0 0 0 in costs associated with breach response services. 7

  8. Making the connection on data breach complexities Making the connection on data breach complexities Direct Data Breach Costs in 2 0 1 0 • $214 per compromised customer/ client record p p • $7,200,000 in average total per-incident costs (forensics, legal, notification, customer fallout) ( U.S. Cost of a Data Breach Study, PGP Corporation and Ponemon Institute, 2011 ) • Small businesses typically have less internal resources and expertise to handle a S ll b i t i ll h l i t l d ti t h dl breach response, so they are more likely to have to pay outside experts such as attorneys, consultants, crisis management and public relations professionals. • Once customers are notified that their information has been breached, dam age control is critical control is critical. • Leveraging the services of experienced claims professionals is key… 8

  9. Making the connection on data breach complexities Making the connection on data breach complexities Regulatory I nvestigations & Third-Party Claim s • Mandatory breach notification in 46 states, the District of Columbia, and Puerto Rico. y • Notification brings potential for AG regulatory action and provides plaintiffs' bar with tempting lure for putative class actions. • PHI: HIPPA and HiTech • Regulatory proceedings can result in fines and corrective action plans that require R l t di lt i fi d ti ti l th t i significant expenditures on administrative, technical, and physical safeguards for data. • Third-party class action lawsuits entail potentially enormous exposure, and at the very least, cost a lot of money to defend. AI M of BBR Services: m itigate any potential regulatory investigations and respond clearly and w ith confidence 9

  10. Making the connection on data breach complexities Making the connection on data breach complexities How Do Breaches Occur? • Employee loses a portable device (blackberry, laptop, thumb drive, backup tape) • • Stray faxes emails Stray faxes, emails • Property crimes (computers prime targets) • Inside job (employee steals information, particularly upon separation) • Phishing scams (“Nigerian prince”), and increasingly, Spear-Phishing (social s g s a s ( g a p ), a d as g y, Sp a s g (so a engineering) • Malware / virus attacks (especially when working remotely on an unsecured network) 10

  11. Making the connection on data breach complexities Making the connection on data breach complexities Exam ples of Publically Reported Breaches ( continued) • The Briar Group LLC: owner of a number of bars and restaurants in the Boston area used default usernames and passwords on its point-of-sale system, which were shared by employees on an unsecured w ifi netw ork . Malware quickly made its way onto the network, and several custom ers began experiencing credit card fraud . The Massachusetts Attorney General learned of the incident from affected customers, and filed a lawsuit resulting in a $ 1 1 0 ,0 0 0 penalty and mandatory compliance with the rigorous Payment Card Industry Data Security Standards. g y y y • Roanoke State Community College: A USB drive and a personal handheld device were stolen from an employee's car when he took information home to do after-hours work. The nam es and Social Security num bers of 9,747 current or former students were on the handheld device, along with 1,194 current or former employees. Credit m onitoring alone for a breach of this size would typically exceed $100,000. it i l f b h f thi i ld t i ll d $100 000 11

  12. Making the connection on data breach complexities Making the connection on data breach complexities Exam ples of Publically Reported Breaches • The Surgeons of Lake County ("SLC"): a medical facility in northern Illinois, had hackers breach its computer network, infiltrating a server where e-mails and electronic medical records were stored. Hackers encrypted access to the system, and tried to exhort m oney from SLC in exchange for the decryption key. Hackers threatened to start spamming pornography from SLC's email addresses if not paid within 72 hours. SLC had to purge all systems and notify over 7 ,0 0 0 patients of the incident . • Phoenix Cardiac Surgery ("PCS"): a five physician practice posted clinical and surgical • Phoenix Cardiac Surgery ( PCS ): a five-physician practice posted clinical and surgical appointments for its patients on an Internet-based calendar that was publicly accessible. One patient Googled her own name, discovered the calendar, and reported the incident to federal regulators. In turn, regulators fined PCS $ 1 0 0 ,0 0 0 , and instituted a m andatory corrective action plan with the ability to audit PCS for six years . Just the tip of the iceberg: in five out of every six breaches, the infiltration rem ained undetected for w eeks at a tim e. See, “2 0 1 2 Data Breach I nvestigations Report,” Verizon Com m unications, at 3 ( 2 0 1 2 ) ( http:/ / bit ly/ GFfpdk) ( http:/ / bit.ly/ GFfpdk) . 12

  13. Top five list of small businesses misconceptions Top five list of small businesses misconceptions 5) Most breaches happen to big companies 4) The cost to respond to a breach is a postage stamp to mail a letter ) p p g p 3) Our information is well-protected by our IT consultants 2) My employees would never act maliciously, and know how to protect our data And the top m isconception is… 13

  14. Top five list of small businesses misconceptions Top five list of small businesses misconceptions # 1 – Every security breach is covered by m y general liability policy 14

  15. Beazley Breach Response Select : What makes it different? Beazley Breach Response Select : What makes it different? Our top tw o reasons: p 1) Very few businesses have the resources to manage a breach (we do it all!) 2) Notify by number of affected individuals outside the liability limit 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Global Breach Response: How to Select Your Key Partners Sponsored By: Global Breach Response:

Global Breach Response: How to Select Your Key Partners Sponsored By: Global Breach Response:

Global Breach Response: How to Select Your Key Partners Sponsored By: Global Breach Response: How to Select Your Key Partners Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides Recording of todays

722 views • 18 slides
Beazley Bridge Beazley presentation master February 2008 Beazley Bridge: A turnkey solution

Beazley Bridge Beazley presentation master February 2008 Beazley Bridge: A turnkey solution

Beazley Bridge Beazley presentation master February 2008 Beazley Bridge: A turnkey solution Simple administration: One Lloyds Global Contract One invoice When placed in the US, Beazley handles all premium apportionment and

375 views • 9 slides
Breach Notification Response Information Security and Privacy Office January 2012 Agenda

Breach Notification Response Information Security and Privacy Office January 2012 Agenda

Breach Notification Response Information Security and Privacy Office January 2012 Agenda Your information has been breached Now what? Youve Got Mail Breach Notification Letters 46 states have breach notification laws 1 st

656 views • 14 slides
Beazley plc | Annual report and accounts 201 2 Beazley achieved both growth and record profits

Beazley plc | Annual report and accounts 201 2 Beazley achieved both growth and record profits

Beazley plc | Annual report and accounts 201 2 Beazley achieved both growth and record profits in 2012 the fruit of If you have fjnished reading this report and no longer wish to keep it, please pass it on to other interested readers,

1.8k views • 156 slides
Versatile specialists Beazley Interim report 2015 Versatile specialists Beazley plc is the parent

Versatile specialists Beazley Interim report 2015 Versatile specialists Beazley plc is the parent

Beazley plc | Interim report 2015 Versatile specialists Beazley Interim report 2015 Versatile specialists Beazley plc is the parent company of our specialist Beazleys specialist expertise derives insurance business with operations in Europe,

786 views • 44 slides
Digital imaging: objects The Beazley Archive, CLAROS and The World of Ancient Art of Ancient Art

Digital imaging: objects The Beazley Archive, CLAROS and The World of Ancient Art of Ancient Art

Beazley Archive Classical Art Research Centre Ioannou School for Classical and Byzantine Studies Digital imaging: objects The Beazley Archive, CLAROS and The World of Ancient Art of Ancient Art Donna Kurtz Beazley Archive Donna Kurtz,

927 views • 64 slides
Overview of Select Oil Spill Preparedness, Prevention, & Response Initiatives Alaska

Overview of Select Oil Spill Preparedness, Prevention, & Response Initiatives Alaska

Overview of Select Oil Spill Preparedness, Prevention, & Response Initiatives Alaska Department of Environmental Conservation Division of Spill Prevention and Response Rick Bernhardt, PhD ADEC Spill Prevention & Response - Approx 2,000

603 views • 16 slides
MANDATORY BREACH REPORTING: REVIEW OF THE REQUIREMENTS UNDER PHIPA OVERVIEW OF BREACH

MANDATORY BREACH REPORTING: REVIEW OF THE REQUIREMENTS UNDER PHIPA OVERVIEW OF BREACH

MANDATORY BREACH REPORTING: REVIEW OF THE REQUIREMENTS UNDER PHIPA OVERVIEW OF BREACH NOTIFICATION AND IPC STATISTICS Fida Hindi, Legal Counsel Office of the Information and Privacy Commissioner of Ontario This presentation is

352 views • 23 slides
CYBER INSURANCE Luxury or necessary protection? What is a data breach? A breach is defined as an

CYBER INSURANCE Luxury or necessary protection? What is a data breach? A breach is defined as an

CYBER INSURANCE Luxury or necessary protection? What is a data breach? A breach is defined as an event in which an individuals name plus personal information such as an address, phone number and/or financial record such as a social security

307 views • 16 slides
PRIVACY BREACH GUIDELINES Purpose The Privacy Breach Guidelines may provide to contain, assess

PRIVACY BREACH GUIDELINES Purpose The Privacy Breach Guidelines may provide to contain, assess

Office of the Saskatchewan Information and Privacy Commissioner PRIVACY BREACH GUIDELINES Purpose The Privacy Breach Guidelines may provide to contain, assess and analyze a privacy some guidance to government institutions, breach. The

291 views • 10 slides
Versatile specialists Beazley Annual report 2014 29 years of profjtable growth Beazleys vision

Versatile specialists Beazley Annual report 2014 29 years of profjtable growth Beazleys vision

Beazley plc | Annual report and accounts 2014 Versatile specialists Beazley Annual report 2014 29 years of profjtable growth Beazleys vision is to become, and be recognised as, the highest performing specialist insurer. 2005 2006 2007

1.98k views • 186 slides
Contract Risk Analysis: Data Breach/Incident Response Management Richard Borden White &

Contract Risk Analysis: Data Breach/Incident Response Management Richard Borden White &

Contract Risk Analysis: Data Breach/Incident Response Management Richard Borden White & Williams Debra Bromson AAA Club Alliance Inc. Andrew Serwin DLA Piper Michael Wade Planet Data Solutions Speaker Debra Bromson Andrew Serwin

200 views • 19 slides
Auditd for the Masses Philipp Krenn @xeraa Learn about a breach From the press or

Auditd for the Masses Philipp Krenn @xeraa Learn about a breach From the press or

Auditd for the Masses Philipp Krenn @xeraa Learn about a breach From the press or users Learn about a breach Attackers asking for a ransom Learn about a breach Cloud provider's bill Learn about a breach Yourself after the

942 views • 51 slides
Exploring Rimhook Rules and Quantum Schubert Calculus Elizabeth Beazley Haverford College Sage

Exploring Rimhook Rules and Quantum Schubert Calculus Elizabeth Beazley Haverford College Sage

Exploring Rimhook Rules and Quantum Schubert Calculus Elizabeth Beazley Haverford College Sage Days 45 at ICERM February 13, 2013 Elizabeth Beazley Exploring Rimhook Rules A First Example Consider projective space P 3 . Intersection theory

461 views • 45 slides
Audience Response Where We Live, Learn, Work Who is in our audience? Select the answer that

Audience Response Where We Live, Learn, Work Who is in our audience? Select the answer that

6/12/2014 Creating Healthy Environments Audience Response Where We Live, Learn, Work Who is in our audience? Select the answer that most and Receive Care closely describes your work. Arizona Department of Health Services Division of

383 views • 10 slides
Seattles Response to the Homelessness Crisis Select Committee on Homelessness and Housing

Seattles Response to the Homelessness Crisis Select Committee on Homelessness and Housing

Seattles Response to the Homelessness Crisis Select Committee on Homelessness and Housing Affordability September 13, 2018 Date (xx/xx/xxxx) Department Name Page Number 9/13/18 9/13/18 1 1 As the City addresses the crisis of

687 views • 37 slides
National Protection and Programs Directorate Office of Cyber and Infrastructure Analysis (OCIA)

National Protection and Programs Directorate Office of Cyber and Infrastructure Analysis (OCIA)

National Protection and Programs Directorate Office of Cyber and Infrastructure Analysis (OCIA) Director John Murphy Virginia Tech Science & Technology & Policy Leadership Seminar Series October 9, 2014 National Protection and Programs

374 views • 20 slides
Cyber Security Threats y y Shehzad Mirza Director of the MS ISAC SOC Will Pelgrin CIS

Cyber Security Threats y y Shehzad Mirza Director of the MS ISAC SOC Will Pelgrin CIS

Cyber Security Threats y y Shehzad Mirza Director of the MS ISAC SOC Will Pelgrin CIS President and CEO CIS President and CEO MS ISAC Chair 2.6 Billion Internet Users 2.6 Billion Internet Users 1% Asia 44% 3% 6% Europe 22 7% Europe

972 views • 64 slides
#Hacked How safe is your city? Mike Sturm, IT Director, City of San Marcos Beth Ann Unger, IS

#Hacked How safe is your city? Mike Sturm, IT Director, City of San Marcos Beth Ann Unger, IS

2/28/2019 #Hacked How safe is your city? Mike Sturm, IT Director, City of San Marcos Beth Ann Unger, IS Manager, City of Frisco How frequently are local governments under cyberattack? 70 60 50 40 30 20 10 0 Hourly or more At least

437 views • 18 slides
Legal and Policy Issues with Maritime Cybersecurity Paula S. deWitte, J.D., Ph.D., P.E.

Legal and Policy Issues with Maritime Cybersecurity Paula S. deWitte, J.D., Ph.D., P.E.

Legal and Policy Issues with Maritime Cybersecurity Paula S. deWitte, J.D., Ph.D., P.E. Paula.dewitte@tamu.edu Associate Professor of Practice Computer Science & Engineering ENGR 461 October 10, 2017 1 Agenda Maritime assets as

583 views • 20 slides
Improving Community Preparedness to Assist Victims of Mass Violence or Domestic Terrorism:

Improving Community Preparedness to Assist Victims of Mass Violence or Domestic Terrorism:

OVC Fiscal Year 2020 Improving Community Preparedness to Assist Victims of Mass Violence or Domestic Terrorism: Training and Technical Assistance Project April 22, 2020 Presenters Mary Atlas-Terry Eugenia Pedley Victim Justice Program

701 views • 31 slides
Virginia Association of School Business Officials May 24, 2018 Clarence Rhudy, CPA, CISA, CITP

Virginia Association of School Business Officials May 24, 2018 Clarence Rhudy, CPA, CISA, CITP

Virginia Association of School Business Officials May 24, 2018 Clarence Rhudy, CPA, CISA, CITP Course Objectives Current Cybersecurity Trends and Statistics The Role of Audit Committees and Internal Audit Understanding Your IT Risks

386 views • 38 slides
APD TECHNOLOGIES COMMUNITY OUTREACH LINKS Crime data: www.crimemapping.com An easy to

APD TECHNOLOGIES COMMUNITY OUTREACH LINKS Crime data: www.crimemapping.com An easy to

APD TECHNOLOGIES COMMUNITY OUTREACH LINKS Crime data: www.crimemapping.com An easy to use crime mapping system that taps into APDs reporting system to extract crime data on a regular basis for the City of Albuquerque. Online

562 views • 6 slides
4/ 17/ 2017 1 2 Lets S et the Tone WHY is there the for HIE? Healt h Informat ion

4/ 17/ 2017 1 2 Lets S et the Tone WHY is there the for HIE? Healt h Informat ion

4/ 17/ 2017 1 2 Lets S et the Tone WHY is there the for HIE? Healt h Informat ion Exchange (HIE): Over the last several years there have been presentations about being a data driven Impact on t he Behavioral Health and organizat

402 views • 7 slides

More recommend