Cyber/Information Cyber/Information Security Cyber/Information - - PowerPoint PPT Presentation

▶

Jan 22, 2023 110 likes •199 views

Cyber/Information Cyber/Information Security Cyber/Information Cyber/Information Security Security Insurance: Security Insurance: Insurance: Insurance: A Montana Perspective A Montana Perspective Presented by: d b Brett E. Dahl,

SLIDE 1

Cyber/Information Cyber/Information Security Security Insurance: Insurance: Cyber/Information Cyber/Information Security Security Insurance: Insurance: A Montana Perspective A Montana Perspective

d b Presented by: Brett E. Dahl, Administrator/State Risk Manager Risk Management & Tort Defense Division Montana State Government Montana State Government

SLIDE 2

 Despite more media and law enforcement attention, by 2011, 7.0%

f U.S. households (about 8.6 million households) had at least one
f U.S. households (about 8.6 million households) had at least one

member age 12 or older experience identity theft victimization.

See, Bureau of Justice Statistics – http://bjs.ojp.usdoj.gov/index.cfm?ty=pbdetail&iid=2207

 Large and sophisticated black market with shockingly low prices for

l i f i ( l d d) personal information (supply > demand):

Credit card information (name, billing address, card-number,

CVV2 code, and expiration date) = $1.50 – $3.00 per file.

Social security numbers = $1

$6 per number depending on

Social security numbers = $1 – $6 per number, depending on

availability of corresponding date of birth and/or mother's maiden name.

Online banking log-in details = $50 – $1,000.

g g

SpyEye Trojan Kit (top on every aspiring hacker's holiday shopping

list): $1,000 – $2,000.

See, RSA Anti-Fraud Command Center, RSA Online Fraud Report, August 2011: www.rsa.com/solutions/consumer_authentication/intelreport/11068_Online_Fraud_report_0810.pdf

SLIDE 3

Montana’s agencies are the custodians of
Montana s agencies are the custodians of

personal information on an estimated 70% of the state’s citizens.

In Montana state government, there are an

estimated 500 million attempted cyber/information security intrusions each month.

SLIDE 4

In 2010 Montana experienced a well-publicized
In 2010, Montana experienced a well publicized
breach. At that time, there was no insurance

mechanism and no incident response program in place. p

In 2011, Montana gained access to inexpensive

cyber/information security insurance on a primary basis albeit with low limits basis albeit with low limits.

Services provided by the insurance carrier(s) and

vendors on a primary basis were comprehensive and cost effective cost-effective.

Effective July 1, 2013, Montana has an additional

layer of commercial excess above primary which ‘f ll f ’ d id l d i ‘follows form’ and provides seamless vendor services.

SLIDE 5

 The state's commercial insurance policy provides coverage for:

Data breach response costs including, but not limited to,

forensic investigations, mail notification, and credit g , , monitoring (one year)

Fines/penalties assessed by regulatory authorities
Revenue streams lost as a result of a breach
Revenue streams lost as a result of a breach
Personal injuries and property damage incurred by
utside parties for negligent acts or omissions of the

state state.

First party digital assets and many other risks are also

covered.

 Agency co pay 20% to $100 000 then fully covered  Agency co-pay 20% to $100,000 then fully covered.

Prevention is key! Prevention is key!

SLIDE 6

E l E l f C b /I f ti S i S it I i I id t Examp xamples o es of Cyber er/I /Informa

rmati

tion

n Secur

ecurit ity y Inc ncid iden ents s

 Unencrypted desktop computers were stolen from a former state

vendor’s place of business. The computers contained the names and p p social security numbers of seven individuals.

 An unencrypted hard drive was stolen from an employee’s personal

vehicle. The hard drive contained the names and social security

numbers of 11 individuals numbers of 11 individuals.

 The name and social security number of an individual was included in

material distributed to approximately 1,200 citizens and small businesses during a seminar.

 Unencrypted content was displayed on a website. The website content

contained the names and social security numbers of workers’ compensation beneficiaries and other employees.

 A hacker posing as a Microsoft official installed ‘man in the browser’  A hacker posing as a Microsoft official installed man in the browser

malware on a desktop in an attempt to discover passwords which could have allowed access to thousands of financial records.

 Electronic devices were stolen from an office. The devices contained

names and social security numbers of individuals.

SLIDE 7

Loss Loss Prevention Prevention Emphasis Emphasis Loss Loss Prevention Prevention Emphasis Emphasis

 Strategic partnerships with the state’s chief

information officer and chief information security ffi

fficer.

 Monthly cyber/information security meetings

involving the state risk manager, state chief information security officer, legal counsel, and the y , g , Director of Administration.

 Insurance premium discounts (2.5%) to those state

agencies or universities who……………..

1 R i ll l d t tt d li

1. Require all employees and managers to attend on-line

cyber/information security training courses.

2. Manage their mobile devices through the state’s secure

mobile service. 3 Manage their website content media through the state’s web

3. Manage their website content media through the state s web

secure service.

Loss mitigation grants for the purchase of mobile device

software and website media content software.

SLIDE 8