exposure
play

Exposure NRASP - July 15, 2020 Dan Hanson, CPCU SVP Management - PowerPoint PPT Presentation

Oct 01, 2023 •289 likes •606 views

Cyber Security The Complex & Inevitable Exposure NRASP - July 15, 2020 Dan Hanson, CPCU SVP Management Liability and Client Experience Marsh & McLennan Agency Mario Paez, RPLU, MBA, CIPP/US Director, Cyber & Technology E&O

  1. Cyber Security – The Complex & Inevitable Exposure NRASP - July 15, 2020 Dan Hanson, CPCU SVP Management Liability and Client Experience Marsh & McLennan Agency Mario Paez, RPLU, MBA, CIPP/US Director, Cyber & Technology E&O Marsh & McLennan Agency

  2. Disclaimer • This presentation and content is not meant to be considered professional legal advice. • The presenter is not a licensed attorney and all information obtained from this presentation should be considered for informational purposes only. • You should consult with a licensed privacy counsel for any decisions surrounding your corporate privacy initiatives, incident response plan or data breach response methodology. 2 MARSH & McLENNAN AGENCY LLC

  3. Agenda • Cyber Risk Statistics • Why Might you Be a Target • Emerging Threat Trends • Risk Management Techniques • What to do Once a Data Event has Occurred • Why Insurance Coverage is Recommended and Things to Look for in the Policy • Q&A Slide MARSH & McLENNAN AGENCY LLC November 2017 3

  4. Covid Related Cyber Threats & Stats • FBI and U.S. Secret Service have recently issued alerts for the growing threats on Business Email Compromise and Malicious Email Attacks. • Ransomware attacks jumped 148 percent in March from the previous month (VMWare) • Q1 2020 Coronavirus-Related Phishing Email Attacks Are Up 600% (KnowBe4) • Ransomware demands have continually increased over the past year due to increased sophistication of attacks (such as infiltrating critical systems and backups) with multi-million dollar demands becoming more common. • Increase of 33% from Q4 2019 to Q1 with average demand being over $111,000 (Coveware) • The majority of SMBs (83%) said they do feel prepared for a ransomware attack. Forty-six percent of SMBs have been targeted by ransomware, 73% have paid the ransom (Infrascale) • Cloud-based cyber-attacks by external actors on businesses went up by 630% between January to April 2020. • During May, a total of 108 data breaches exposed 841,529 sensitive records and 68,298,815 non- sensitive records. • Around 16 billion records have been exposed so far this year. According to researchers, 8.4 billion were exposed in the first quarter of 2020 alone, a 273% increase from the first half of 2019 which saw only 4.1 billion exposed. • Average estimated probability of a successful breach for organizations in the US is 45% (ESI Thoughtlab June Report) 4 MARSH & McLENNAN AGENCY LLC

  5. Statistics NetDiligence Cyber Claims Study 2019 (+2k claims analyzed) • Small to Medium Sized Enterprises (SMEs) (less than $2B in revenue) accounted for 96% of claims reported • SME Average Expenses Paid: • Breach Expenses: $178k • Crisis Services: $112k • Legal Expenses: $181k • Business Interruption: $343k • Per-Record Costs: $234 per record • SME Cause of Loss and average: • Social Engineering: $107k • Ransomware: $150k • Hacker: $337k • Business Email Compromise: $156k *Source: NetDiligence Cyber Claims Study 2019 5 MARSH & McLENNAN AGENCY LLC

  6. Statistics NetDiligence Cyber Claims Study 2019 (+2k claims analyzed) Continued: • Large Companies Average Expenses Paid: • Breach Expenses: $5.6M • Crisis Services: $3.8M • Legal Expenses: $2.2M • Business Interruption: N/A* • Per-Record Costs: $296 per record • Large Companies Cause of Loss and average: • Social Engineering: $409k • Ransomware: $15M • Hacker: $7.9M • Malware/Virus: $6.9M • Legal Action/Third Party: $1.9M • Business Email: $341k *Insignificant Data – One incident mentioned of a non-criminal network outage/system glitch. Lost income reported for that event was $60M; the recovery expense was $20M. *Source: NetDiligence Cyber Claims Study 2019 6 MARSH & McLENNAN AGENCY LLC

  7. Small does NOT = Safe Slide MARSH & McLENNAN AGENCY LLC November 2017 7

  8. The Cyber Risk is Real Cyber ranked 4 th in areas risk will increase of respondents expect 82% increased risk of cyber attacks leading to theft of money or data of respondents expect 80% increase in cyber risk around disruption of operations Marsh & McLennan Agency LLC MARSH & McLENNAN AGENCY LLC

  9. Industry Cyber Loss Statistics • Healthcare - $6.45M is average total cost of a data breach for healthcare industry ($429 per record; 236 days to Identify and 93 days contain to contain) • Retail - $1.84M is average total cost of a data breach for retail industry ($119 per record; 228 days to Identify and 83 days to contain) • Education - $4.77M is average total cost of a data breach for education industry ($142 per record; 212 days to Identify and 71 days to contain) • Hospitality - $1.99M is average total cost of a data breach for hospitality industry ($123 per record; 200 days to Identify and 77 days to contain) • Transportation - $3.77M is average total cost of a data breach for transportation industry ($130 per record; 203 days to Identify and 72 days to contain) • Financial Institution - $5.86M is average total cost of a data breach for financial institution industry ($210 per record; 177 days to Identify and 56 days to contain) • Manufacturing & Construction - $5.2M is average total cost of a data breach for industrial (including mfg & construction) industry ($160 per record; 220 days to Identify and 82 days to contain) (source: Ponemon-IBM Cost of a Data Breach) 9 MARSH & McLENNAN AGENCY LLC

  10. Why Might Your Organization Be A Target MARSH & McLENNAN AGENCY LLC

  11. What Kinds of Information are at Risk? Client/Vendor/Employee/Competitive Information • Intellectual Property: Plans, Processes, People, Clients • Protected Healthcare Information (PHI), including health records, test results, appointment history, prescriptions • Personally Identifiable Information (PII), like Drivers License, geolocation, biometric • Financial information • Access Credentials including ID and passwords Employee Information • Employers have at least some of the above information on all of their employees (Census) Access to Vendor & Clients Information MARSH & McLENNAN AGENCY LLC

  12. Why Your Organization May Be A Target? • Computer-based systems for operations: Many inter related systems • Multiple systems, or Ineffective integration of systems: M&A • Staff or members take work home with sensitive organizational information • Utilize free software or inexpensive hosting • Use outsourced IT infrastructure or utilize an understaffed IT team • Rogue employees / staff • Resource scarcity – no expertise or infrastructure to implement and maintain best practices for security. MARSH & McLENNAN AGENCY LLC

  13. Emerging Threat Trends MARSH & McLENNAN AGENCY LLC

  14. Source: NetDiligence 14 MARSH & McLENNAN AGENCY LLC 7/20/2020

  15. What Preventive Measure Organizations Can Take Against Threats MARSH & McLENNAN AGENCY LLC

  16. Cyber Preventative Measures 1. Establish / support VPN or other secure connectivity solutions to employee workstations and mobile devices via MDM. 2. Ensure multi-factor authentication (MFA) across critical systems 3. Back up & test system resiliency 4. External perimeter protections / Log and monitor access 5. Maintain clear inventories of digital assets and locations 6. Email controls - filters and sandboxing; strong passwords; frequent 7. Consistent employee awareness training 8. Verify requests for information 16 MARSH & McLENNAN AGENCY LLC

  17. Cyber Preventative Measures 8. Encrypt whenever possible 9. Have written procedures in place to handle sensitive place 10. Be conscious of privacy issues with contact tracing and scanning of business invitees. 11. Schedule a third-party assessment and vulnerability scan of your network 12. Ensure updated patching of systems, browsers, software, anti-virus 13. Ready your incident response plan - Review MSA’s of incident response firms such as legal and forensic firms that are approved by your cyber insurance carrier. 14. Consider cyber insurance in connection with your incident response plan 15. Segment your network 16. Contractual controls and audit 17 MARSH & McLENNAN AGENCY LLC 7/20/2020

  18. Contractual Considerations – 3 rd Party Agreements • Timing of Notice Back to Your Organization – X days to notify you of breach of your organization’s information • Appropriate Privacy/Cyber/Data Liability Coverage – It may not mean the same coverage you carry • Separation Terms/Provisions – X days to return/certify destroy your organization’s information • Cloud Providers – For PII purposes, house data within US MARSH & McLENNAN AGENCY LLC 18

  19. Incident Response Plan • Do you have a crisis response plan for a data security breach? – How do you Communicate? – Who is Involved? – When do you Communicate? – Assessing the scope of the breach and damage – Technological fixes and forensics – Notifications and remedial actions – Working with law enforcement – Working with governmental regulators – Public relations – Internal investigations and employee relations BARNES & THORNBURG, 19 MARSH & McLENNAN AGENCY LLC LLP

  20. Cyber risk has THREE core stakeholders Executive Sponsor CEO CFO GC CIO Key Cyber Risk RM CISO Stakeholders CRO Risk Management / IT & Information Insurance Buyer Security MARSH & McLENNAN AGENCY LLC

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Exposure Routes Internal and External Exposure External exposure Internal exposure Body surface

Exposure Routes Internal and External Exposure External exposure Internal exposure Body surface

Exposure Routes Internal and External Exposure External exposure Internal exposure Body surface From outer space contamination and the sun Inhalation Suspended Food and drink matters consumption Lungs From a radiation generator

180 views • 5 slides
Understand what UV-C is Issues of exposure to UV-C Safety Measures to prevent exposure

Understand what UV-C is Issues of exposure to UV-C Safety Measures to prevent exposure

Understand what UV-C is Issues of exposure to UV-C Safety Measures to prevent exposure Protection Against Exposure Maintaining UV System The UV Light Spectrum 1nm = 1/1000 micron UV-A (315nm - 400nm) - Black lights

547 views • 25 slides
Fetal exposure to EMF during maternal use of Laptops Fetal exposure of the fetus to EMF during

Fetal exposure to EMF during maternal use of Laptops Fetal exposure of the fetus to EMF during

Carlo Bellieni & Iole Pinto Siena Italy Fetal exposure to EMF during maternal use of Laptops Fetal exposure of the fetus to EMF during maternal use of Laptops The mother-fetus couple should receive safeguards from EMF exposure during

494 views • 16 slides
Exposure Prediction and Exposure Prediction and Measurement Error in Air P ll ti Pollution and

Exposure Prediction and Exposure Prediction and Measurement Error in Air P ll ti Pollution and

Exposure Prediction and Exposure Prediction and Measurement Error in Air P ll ti Pollution and Health Studies d H lth St di Lianne Sheppard Adam A. Szpiro, Sun-Young Kim p g University of Washington CMAS Special Session, October 13, 2010

506 views • 16 slides
General Principles of and Examples of Environmental Exposure Assessment Kees de Hoogh Andrea

General Principles of and Examples of Environmental Exposure Assessment Kees de Hoogh Andrea

Department of Epidemiology & Public Health General Principles of and Examples of Environmental Exposure Assessment Kees de Hoogh Andrea Ranzi Outline First half Definition of exposure Different exposure pathways Exposure

664 views • 62 slides
RF Exposure Procedures RF Exposure Procedures TCB Workshop October 2012 Laboratory Division

RF Exposure Procedures RF Exposure Procedures TCB Workshop October 2012 Laboratory Division

RF Exposure Procedures RF Exposure Procedures TCB Workshop October 2012 Laboratory Division Office of Engineering and Technology Federal Communications Commission Overview Overview Further updates on the RF exposure KDB drafts released for

1.03k views • 79 slides
Back to Basics Exposure and Depth of Field Woodley PC Members Evening 16 September 2019 Bob

Back to Basics Exposure and Depth of Field Woodley PC Members Evening 16 September 2019 Bob

Back to Basics Exposure and Depth of Field Woodley PC Members Evening 16 September 2019 Bob Collis Correct An exposure that achieves the desired effect ! Exposure: Taking Control of Exposure A S Camera uses factory User sets ISO and

439 views • 21 slides
Exposure Assessment in Personal Injury Litigation: Challenging the Data however, it is probably

Exposure Assessment in Personal Injury Litigation: Challenging the Data however, it is probably

9 real conclusion as to what level of exposure the person experienced. Although might be established. ExPOSURE ASSESSMENT METHODOLOGIES Personal testimony. A plaintiff may simply say, I ate it, I drank it, or I breathed it.

264 views • 4 slides
Basics of Skin Cancer Large majority caused by sun exposure Often sun exposure before age

Basics of Skin Cancer Large majority caused by sun exposure Often sun exposure before age

Basics of Skin Cancer Large majority caused by sun exposure Often sun exposure before age 20 Detection and Treatment of Non- Persons who burn easily and tan poorly are at Melanoma Skin Cancers greatest risk Toby Maurer, MD

446 views • 19 slides
Fraudulent Conveyance Exposure Fraudulent Conveyance Exposure for Intercompany Loans and Guarantees

Fraudulent Conveyance Exposure Fraudulent Conveyance Exposure for Intercompany Loans and Guarantees

Presenting a live 90 minute webinar with interactive Q&A Fraudulent Conveyance Exposure Fraudulent Conveyance Exposure for Intercompany Loans and Guarantees Navigating the Bankruptcy and Insolvency Risks of Intercorporate Obligations TUES

800 views • 48 slides
Exposure situation PEABs use of Rediset LQ1102 CE in warm mix application Exposure

Exposure situation PEABs use of Rediset LQ1102 CE in warm mix application Exposure

EAPA H&S-14-N886 Exposure situation PEABs use of Rediset LQ1102 CE in warm mix application Exposure assessment Background information Air sampling of Rediset LQ1102CE in warm mix asfalt AkzoNobel Surface Chemistry AB was

221 views • 7 slides
Arsenic exposure in the US and abroad Arsenic exposure in the world Arsenic exposure in the U.S.

Arsenic exposure in the US and abroad Arsenic exposure in the world Arsenic exposure in the U.S.

6/8/2020 Exposures and Latent Disease Risk: Session III Arsenic as a Case Study Yu Chen, PhD, MPH Professor of Epidemiology New York University School of Medicine, Department of Population Health Maria Argos, PhD, MPH Associate Professor

425 views • 14 slides
Taking into account variability and uncertainty in exposure assessment Prise en compte de la

Taking into account variability and uncertainty in exposure assessment Prise en compte de la

Taking into account variability and uncertainty in exposure assessment Prise en compte de la variabilit et de l'incertitude sur lvaluation de l'exposition Marie Cornu, Rgis Pouillot, Afssa 1 Exposure assessment "Exposure

570 views • 25 slides
A6: Sensitive Data Exposure A6 Sensitive Data Exposure Sensitive data stored or transmitted

A6: Sensitive Data Exposure A6 Sensitive Data Exposure Sensitive data stored or transmitted

A6: Sensitive Data Exposure A6 Sensitive Data Exposure Sensitive data stored or transmitted insecurely Failure to protect all sensitive data Usernames, passwords, password hashes, credit-card information, identity info Session

415 views • 17 slides
Survey results - Section 1 EXPOSURE TO RISKS EXPOSURE Structure 1. Occupation / education 2.

Survey results - Section 1 EXPOSURE TO RISKS EXPOSURE Structure 1. Occupation / education 2.

Survey results - Section 1 EXPOSURE TO RISKS EXPOSURE Structure 1. Occupation / education 2. Access to services 3. Earnings & economic liabilities 4. Classification of risks 5. Impact of risks 6. Take away lessons SPIREWORK initiative

2.09k views • 198 slides
This Week ! Exposure ! The Art, Science and Algorithms Camera Basics ! Simple Math !

This Week ! Exposure ! The Art, Science and Algorithms Camera Basics ! Simple Math !

This Week ! Exposure ! The Art, Science and Algorithms Camera Basics ! Simple Math ! of Photography ! Zone System ! Exposure & Metering ! CSCI 4900/6900 ! Maria Hybinette ! 1 ! 2 ! Maria Hybinette ! Exposure ! Shutter Speed !

324 views • 5 slides
RIG & LIFTBOAT MOVE PLANNING & EXECUTION Name Title Presented by: Capt Bjarke Pedersen

RIG & LIFTBOAT MOVE PLANNING & EXECUTION Name Title Presented by: Capt Bjarke Pedersen

RIG & LIFTBOAT MOVE PLANNING & EXECUTION Name Title Presented by: Capt Bjarke Pedersen Deputy Director, Fleet Operations Company Name Lessons Learned from Incidents Lessons Learned from other Jackup Incidents Key Assessment

358 views • 22 slides
Atlantic Street Bridge Project CTDOT Project Nos. 135-326 (Phase 1) & 135-301 (Phase 2)

Atlantic Street Bridge Project CTDOT Project Nos. 135-326 (Phase 1) & 135-301 (Phase 2)

Atlantic Street Bridge Project CTDOT Project Nos. 135-326 (Phase 1) & 135-301 (Phase 2) Reconstruction of Atlantic Street & Metro-North RR Bridge Replacement | City of Stamford www.AtlanticStreetBridge.com Atlantic Street Bridge Project

592 views • 26 slides
The first national micropile guideline in Finland Hannu Jokiniemi/Technology Manager IWM 2006

The first national micropile guideline in Finland Hannu Jokiniemi/Technology Manager IWM 2006

The first national micropile guideline in Finland Hannu Jokiniemi/Technology Manager IWM 2006 Schrobenhausen, Germany May 3-7, 2006 January 10, 2007 Hannu Jokiniemi www.ruukki.com Outline Short history of the piling codes in

467 views • 30 slides
& Interstate preservation Interstate Maintenance Preservation Program (IMPP) Emily McGraw,

& Interstate preservation Interstate Maintenance Preservation Program (IMPP) Emily McGraw,

& Interstate preservation Interstate Maintenance Preservation Program (IMPP) Emily McGraw, PE State Bridge Management Unit - NCDOT NCDOT Live Meeting October 28, 2010 & Interstate preservation Outline NCDOT/FHWA Agreement

390 views • 19 slides
2019 Dead End Water Main Elimination Project Nathaniel Virdell, P.E. Project Engineer, SAWS

2019 Dead End Water Main Elimination Project Nathaniel Virdell, P.E. Project Engineer, SAWS

2019 Dead End Water Main Elimination Project Nathaniel Virdell, P.E. Project Engineer, SAWS Stella Manzello Contract Administrator, SAWS Marisol V. Robles SMWVB Program Manager, SAWS Non-Mandatory Pre-Bid Meeting July 15, 2020 Page 2

1.02k views • 34 slides
Corporate Presentation Direct Logistics Group Corporate Presentation Direct Logistics Group 2011

Corporate Presentation Direct Logistics Group Corporate Presentation Direct Logistics Group 2011

Corporate Presentation Direct Logistics Group Corporate Presentation Direct Logistics Group 2011 2011 Vision & Mission Statement We are an integrated logistics service provider displaying total commitment to: Our customers Our employees

856 views • 49 slides
Emerging Technology Community Forum February 3, 2016 Emerging Technology Panel Malachi

Emerging Technology Community Forum February 3, 2016 Emerging Technology Panel Malachi

Emerging Technology Community Forum February 3, 2016 Emerging Technology Panel Malachi Salcido The Salcido Connection, Inc. Michael Cao Co-Owner Dedicated ASIC Services, LLC Jared Richardson Co-Owner Dedicated ASIC Services, LLC

638 views • 43 slides
Ga te wa y Pla za Eliza be th Hostutle r Wilming to n, DE Struc tura l O ption GAT E WAY PL

Ga te wa y Pla za Eliza be th Hostutle r Wilming to n, DE Struc tura l O ption GAT E WAY PL

Ga te wa y Pla za Eliza be th Hostutle r Wilming to n, DE Struc tura l O ption GAT E WAY PL AZA Wilming to n, DE Presentation Outline Project Overview Depth Study Breadth Studies Mechanical: duct design Construction

486 views • 36 slides

More recommend