Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2012 ARTHUR J. GALLAGHER & CO. Agricultural Co-Ops: The Challenges of Protecting Data Today Cyber, Privacy & Network Security GALLAGHER CYBERRISK SERVICES.

Published byKirk Gunnell Modified over 10 years ago

Similar presentations

Presentation on theme: "© 2012 ARTHUR J. GALLAGHER & CO. Agricultural Co-Ops: The Challenges of Protecting Data Today Cyber, Privacy & Network Security GALLAGHER CYBERRISK SERVICES."— Presentation transcript:

1 © 2012 ARTHUR J. GALLAGHER & CO. Agricultural Co-Ops: The Challenges of Protecting Data Today Cyber, Privacy & Network Security GALLAGHER CYBERRISK SERVICES APRIL, 30, 2013

2 © 2012 ARTHUR J. GALLAGHER & CO. Your Presenters

3 © 2012 ARTHUR J. GALLAGHER & CO. Your Presenters 3 Joe is the CyberRisk Services Practice Leader at Arthur J. Gallagher. He is responsible for management, business development, marketing and consulting within the products and services related to Cyber Risk. These specifically include Cyber Liability, Privacy Liability, Network Security Liability, Media Liability & Patent Liability.

4 © 2012 ARTHUR J. GALLAGHER & CO. 4 What is Cyber Risk? Trends Costs Who is looking at Cyber? How we can assist Coverage A GENDA

5 © 2012 ARTHUR J. GALLAGHER & CO. What is Cyber Risk?

6 © 2012 ARTHUR J. GALLAGHER & CO. 6 The CONVERGENCE of TECHNOLOGY with INFORMATION Information & Data is Valuable: Advancements in technology has enabled organizations to capitalize on the value of Information & Data Ease of Business: Technology has made storing and removing data easy and convenient (Laptops, back-up drives, thumb drives, recordable CDs, PDAs, smart phones, ipads, etc.) W HAT IS C YBER R ISK ? N ETWORK S ECURITY & P RIVACY

7 © 2012 ARTHUR J. GALLAGHER & CO. 7 W HAT I S C YBER R ISK ? According to the FBI Identity Theft is the fastest growing white collar crime in America! OUTSIDE THE NETWORK: Where PII & PHI data (Electronic/Non-Electronic) is stored outside of the Network THE NETWORK: Where PII & PHI data is stored Electronically

8 © 2012 ARTHUR J. GALLAGHER & CO. 6

9 9 P ERSPECTIVES – IT/E MPLOYEE IT Departments Challenge = Balancing demands of safeguarding the network/data while adapting to ever-changing technologies and business needs Encryption Servers are porous and need constant care Patches to software Lack of tested back-up processes More data often collected than needed Data often stored for too long Tools that help hackers are readily available and shared on the Internet at no cost to malicious attackers Limited Resources $$/Budgets Employees Challenge = Balancing work flow needs with safeguarding the confidential information used to perform their job Rogue Employees, social engineering, hacker sophistication, and human error (Societe Generale) Private records disposed of improperly (dumpster) Many employees lack computer common sense Employees choose easy to decipher passwords Clean Desk policy Training

10 © 2012 ARTHUR J. GALLAGHER & CO. Trends

11 © 2012 ARTHUR J. GALLAGHER & CO. H IGH F REQUENCY I NDUSTRIES Source: Identity Theft Resource Center 201220112010200920082007 447 Published Breaches as of 12/31/12 414 Publicized Breaches Reported Annually 662 Publicized Breaches Reported Annually 498 Publicized Breaches Reported Annually 656 Publicized Breaches Reported Annually 448 Publicized Breaches Reported Annually 17,317,184 Records Exposed 22,945,773 Records Exposed 16,167,542 Records Exposed 222,477,043 Records Exposed 35,691,255 Records Exposed 127,000,000 Records Exposed (Heartland incident) (94 Million from TJX incident) 2012 Breaches by Industry: 2011 Breaches by Industry: 2010 Breaches by Industry: 2009 Breaches by Industry: 2008 Breaches by Industry: 2007 Breaches by Industry: Financial Banking 3.8% of Breaches 2.7% of Records 7.0% of Breaches 2.7% of Records 8.2% of Breaches 30% of Records 11.4% of Breaches 0% of Records 11.9% of Breaches 52.5% of Records 7% of Records 6.9% of Records Educational 13.6% of Breaches 13.3% of Records 14.3% of Breaches 3.6% of Records 9.8% of Breaches 9.9% of Records 15.7% of Breaches 0.4% of Records 20% of Breaches 2.3% of Records 24.9% of Breaches 1% of Records Govt./Military 11.2% of Breaches 44.4% of Records 11.4% of Breaches 43.7% of Records 15.7% of Breaches 7.5% of Records 18.1% of Breaches 35.7% of Records 16.8% of Breaches 8.3% of Records 24.7% of Breaches 6.4% of Records Medical/Healthcare 34.5% of Breaches 12.9% of Records 16.3% of Breaches 20.5% of Records 24.2% of Breaches 11.6% of Records 13.7% of Breaches 5.1% of Records 14.8% of Breaches 20.5% of Records 14.5% of Breaches 3.1% of Records All Other Business 36.9% of Breaches 26.7% of Records 46.9% of Breaches 33.7% of Records 42% of Breaches 41% of Records 41.2% of Breaches 58.9% of Records 36.6% of Breaches 16.5% of Records 28.9% of Breaches 82.6% of Records 11

12 © 2012 ARTHUR J. GALLAGHER & CO. 50 State Privacy Laws (County/Local) - Laws or Regulation Foreign Privacy Laws – UK ICO – Information Commissioners Office & many others (trans- border privacy issues) Federal Trade Commission FACTA Regulation 114: Red Flags Rule FERPA/DPPA HIPAA / HITECH Standard for smooth, consistent, and secure electronic transmission of health care data. PII/PHI – personally identifiable information/health information about individuals - PII includes drivers license #s, SS #s, Credit Card #s, address, account numbers & PINs PHI includes written documents, electronic files, and verbal information. (Even information from an informal conversation can be considered PHI.) Examples of PHI include: Completed health care claims forms Detailed claim forms Explanations of benefits Notes documenting discussions with plan participants SEC PCI/DSS The R EGULATORY L ANDSCAPE is…complex, challenging and growing 12

13 © 2012 ARTHUR J. GALLAGHER & CO. Industry & Region Comparison Table: Boards NOT Reviewing Cyber Insurance Coverage B OARD R EVIEW OF C YBER ?? Even though risk management is a high priority, most boards are not reviewing their companys insurance for cyber related risks. Carnegie Mellon University – Cylab Governance of Enterprise Security: Cylab 2012 Report Board reviews cyber insurance coverage North America EuropeAsiaEnergy/ Utilities Financia l IT/ Telecom Industri als No58%56%57%79%52%77%44% Although cyber incidents are not covered by general liability policies, 57% of the respondents indicated that their boards are not reviewing insurance coverage for cyber related risks, compared with 65% in 2010. This slight improvement, however, is due to the increase in respondents in 2012 that said they did not know. This response was consistent across geographical regions. It was surprising that a much higher percentage of respondents from the two consequential infrastructure sectors 18 – energy/utilities and IT/telecom – indicated that their boards did not review insurance coverage of cyber risks: Seventy-nine percent (79%) of the energy/utilities respondents indicated that their boards do not review coverage and 77% of the IT/telecom sector respondents said the same. 13

14 © 2012 ARTHUR J. GALLAGHER & CO. T RENDS Some of the Numbers Ponemon Institute LLC 2011 Cost of Data Breach Study The study found the average … cost per data breach was $5.5 million in 2011. Additionally, the cost per compromised record was $194 per record. Ponemon Institute LLC 2012 Cost of Cyber Crime Study Average annualized cost of cybercrime incurred by a benchmark sample of U.S. organizations was $8.9 million. Organizations experiencing an average of 102 successful attacks per week. Net Diligence Cyber Liability and Data Breach Insurance Claims The average number of records exposed per incident was 1.4 million. The average cost per incident was $3.7 million 14

15 © 2012 ARTHUR J. GALLAGHER & CO. 2012 had a significant number of large breaches. Global Payments (1.5 million records) Yahoo! (400 thousand passwords) Wyndham Hotels (600 thousand credit cards) eHarmony (1.5 million passwords) LinkedIn (6.5 million passwords) Zappos (24 million records) Gamigo (3 million records) Texas Attorney Generals Office (6.6 million records) South Carolina Department of Revenue (3.6 million SS #s, 387,000 CC #s) T RENDS 15

16 © 2012 ARTHUR J. GALLAGHER & CO. Largest data breaches of all time. T RENDS 16

17 © 2012 ARTHUR J. GALLAGHER & CO. H AS THE NEXT BIG LITIGATION TREND ARRIVED ? Social Media & Privacy 17

18 © 2012 ARTHUR J. GALLAGHER & CO. W HAT A BOUT T HE C LOUD ? Things to think about. Where is the data really stored? How is the data protected? What about the provider? Is the provider transferring data or moving your data around? 18

19 © 2012 ARTHUR J. GALLAGHER & CO. U.S. public companies perceptions of risk and their risk management strategies. 19

20 © 2012 ARTHUR J. GALLAGHER & CO. U.S. public companies perceptions of risk and their risk management strategies. 20

21 © 2012 ARTHUR J. GALLAGHER & CO. S OURCES OF S ECURITY AND P RIVACY B REACHES 41% Negligence 31% Malicious or Criminal Acts 28% System Failure Source: 2011 Annual Study: U.S. Cost of a Data Breach – by The Ponemon Institute, LLC; Sponsored by Symantec. 2011 Results 21

22 © 2012 ARTHUR J. GALLAGHER & CO. 22 W HO ARE THE S TAKEHOLDERS ? Leadership Team / Board Customers/Members Employees CFO Information Technology General Counsel Chief Security OfficerRisk Management Who do you see as the key risk stakeholders within your organization and what have been the challenges in bringing them on board?

23 © 2012 ARTHUR J. GALLAGHER & CO. Costs

24 © 2012 ARTHUR J. GALLAGHER & CO. 24 L ITIGATION T RENDS Plaintiffs Bar (Class Actions) Individuals (Identity Theft) Government (Privacy Laws) Impacted Businesses (Banks/Trading Partners) Third Parties

25 © 2012 ARTHUR J. GALLAGHER & CO. 25 R ESPONSE C OSTS Third & First Party Claims Defense Notification Credit Monitoring Public Relations/Reputational Harm Forensic Investigations Call Center Support Identity Theft Education

26 © 2012 ARTHUR J. GALLAGHER & CO. 26 W HAT DOES A B REACH C OST ? Costs of A Breach: $194 average cost per record (includes response costs, defense and damages) $5.5M average total cost per breach 15% - Legal Services – Defense - $825,000 average cost to defend a claim, per breach cost Response Costs Per Record: Notification (in/outbound) 11% - $21 Forensics/Legal Expenses/Compliance/Public Relations 15% - $29 Credit Monitoring and ID Theft Services 3% - $6 1) Source: 2011 Annual Study: U.S. Cost of a Data Breach – by The Ponemon Institute, LLC; Sponsored by Symantec.

27 © 2012 ARTHUR J. GALLAGHER & CO. Who is looking at Cyber?

28 © 2012 ARTHUR J. GALLAGHER & CO. P URCHASE OF N ETWORK S ECURITY /P RIVACY L IABILITY I NSURANCE AND A MOUNT OF L IMIT P URCHASED 28

29 © 2012 ARTHUR J. GALLAGHER & CO. H OW THE COMPANY ARRIVED AT A LIMIT LEVEL 29

30 © 2012 ARTHUR J. GALLAGHER & CO. R EASONS FOR N OT H AVING A N ETWORK S ECURITY /P RIVACY L IABILITY P ROGRAM IN P LACE 30

31 © 2012 ARTHUR J. GALLAGHER & CO. T ECHNIQUES U SED TO A SSESS C YBER R ISK E XPOSURE 31

32 © 2012 ARTHUR J. GALLAGHER & CO. CyberRisk Services – What We Do

33 © 2012 ARTHUR J. GALLAGHER & CO. HOW CAN WE ASSIST? Educate Analyze Exposures/Risks Analyze coverage gaps – present/future Analyze current coverage Benchmark Recommend Experts to assist in analysis – all aspects Design Risk Transfer Solutions to match Exposures/Risks Dovetail with client appetite 33

34 © 2012 ARTHUR J. GALLAGHER & CO. PROGRAM DESIGN POLICY ANALYSIS LOSS QUANTIFICATION LOSS MITIGATION RISK IDENTIFICATION Website/Multimedia: Liability arising out of publishing, advertising, or broadcasting by your company on its own behalf or for others. Data Privacy & Network Security: Liability arising out of the collection and dissemination of private information and the operation of a computer network. Professional Services: Liability arising out the performance or failure to perform professional services. Contractual Vendors, Partners & Subcontractors: Liability arising out of services provided to your company or on behalf of your company by others. Quadrants of Cyber/E&O Risk 34

35 © 2012 ARTHUR J. GALLAGHER & CO. 35

36 © 2012 ARTHUR J. GALLAGHER & CO. 36

37 © 2012 ARTHUR J. GALLAGHER & CO. Coverage

38 © 2012 ARTHUR J. GALLAGHER & CO. Travelers CyberRisk Insurance Comprehensive coverage solution 10 Insuring Agreements provide 1 st Party & 3 rd Party protection Flexible and scalable Choose the coverage and limits that suit your exposures Proven industry leader Over 25 years writing technology related coverages and a leading writer of specialty crime coverages Travelers financial strength World class claim service

39 © 2012 ARTHUR J. GALLAGHER & CO. Travelers CyberRisk – 3 rd Party Coverage Network and Information Security Liability Coverage for: Claims arising from the unauthorized access to data containing identity information, The failure to provide notification of data breach where required by law, Transmission of a computer virus, and Liability associated with the failure to provide authorized users with access to the companys website

40 © 2012 ARTHUR J. GALLAGHER & CO. Travelers CyberRisk – 3 rd Party Coverage Communications and Media Liability Coverage for: Claims arising from copyright infringement, plagiarism, defamation, libel, and slander in electronic content, such as websites and email Regulatory Defense Expenses Coverage for: Governmental claims made as a result of network and information security liability or communications and media liability Fines/Penalties from regulatory bodies or payment card industry Available by endorsement

41 © 2012 ARTHUR J. GALLAGHER & CO. Travelers CyberRisk – 1 st Party Coverage Crisis Management Event Expenses Coverage for: Public relations services to mitigate negative publicity as a result of cyber liability Security Breach Remediation and Notification Expenses Coverage for: Costs incurred to determine whose identity information was accessed, Notification to those individuals of the security breach, Credit monitoring for 365 days, Call center to handle inquiries, and Identity fraud expense reimbursement for those individuals affected by the breach

42 © 2012 ARTHUR J. GALLAGHER & CO. Travelers CyberRisk – 1 st Party Coverage Computer Program and Electronic Data Restoration Expenses Coverage for: Expenses incurred to restore data lost from damage to computer systems due to computer virus or unauthorized access Computer Fraud Coverage for: Loss of money, securities or other property due to unauthorized access to computer system Funds Transfer Fraud Coverage for: Loss of money or securities due to fraudulent transfer instructions to a financial institution

43 © 2012 ARTHUR J. GALLAGHER & CO. Travelers CyberRisk – 1 st Party Coverage E-Commerce Extortion Coverage for: Money paid due to threats made regarding an intent to fraudulently transfer funds, destroy data, introduce a virus or attack on computer system, or disclose electronic customer information Business Interruption and Additional Expense Coverage for: Loss of income, and the extra expense incurred to restore operations, as result of a computer system disruption caused by a virus or other unauthorized computer attack

44 © 2012 ARTHUR J. GALLAGHER & CO. Travelers CyberRisk – Underwriting Adobe fillable-saveable format Create, save and e-mail in PDF format Allows for e-signatures Accessible at www.travelers.com/cyberrisk www.travelers.com/cyberrisk

45 © 2012 ARTHUR J. GALLAGHER & CO. Travelers CyberRisk – Claims A hacker successfully obtains sensitive personal information from the insureds computer system. As a result, a number of customers bring a claim against the insured for allowing access to their personal information. Damages and defense costs for covered lawsuits. Network and Information Security Liability Insuring Agreement Claim Scenario Coverage Response Communications and Media Liability Regulatory Defense Expenses A lawsuit is brought against the insured by a competitor alleging that their online marketing content and product branding have been plagiarized and their trademarks infringed upon. An insured with offices nationwide suffers a major data breach involving thousands of customers. As a result, Attorneys General in multiple states bring a regulatory action against the insured. Damages and defense costs for covered lawsuits. Costs for responding to regulatory claims stemming from the data breach.

46 © 2012 ARTHUR J. GALLAGHER & CO. Travelers CyberRisk – Claims A skilled cyber criminal hacks into the insureds internal processing system. Names, addresses, and credit card information for over 50,000 of the insureds customers are captured out of the system. Costs for hiring a Breach Response firm to find and fix the breach, assist with notice requirements and expenses, provide credit monitoring and a call center for impacted individuals, and obtaining an ID Fraud policy for affected victims. Security Breach Remediation and Notification Expense Insuring Agreement Claim Scenario Coverage Response Computer Program and Electronic Data Restoration Expenses Computer Fraud A computer virus totally destroys the insureds operating system software and data. Costs for repair and restoration of the insureds computer programs and electronic data. An organized crime ring gains unauthorized access to the insureds accounts payable in their computer system, and alters the bank routing information on outgoing payments. The result - $1 million transferred to the crime rings account. Direct loss of the insureds money, securities or other property.

47 © 2012 ARTHUR J. GALLAGHER & CO. Travelers CyberRisk – Claims The insured receives an email that appeared to be from its bank but was not. The insureds employee opened the email, which activated a computer virus called a Trojan horse that read key strokes from their computer. The perpetrator used this means to obtain banking and password information and initiate a fraudulent electronic wire transfer from the insureds bank account. The insureds funds that were fraudulently transferred from its bank account. Funds Transfer Fraud Insuring Agreement Claim Scenario Coverage Response E-Commerce Extortion Business Interruption and Additional Expense The insured receives a series of notes which threaten to hack into its customer database and disclose all of the contact information to the general public. Money or securities paid to the extortioner. A companys server is infected by a severe virus, and as a result the insureds sales website is not available to customers for an extended period. The net profit that would have been earned (or net losses that would have been avoided) resulting from the computer system disruption.

48 © 2012 ARTHUR J. GALLAGHER & CO. Travelers CyberRisk – Claims The insureds Chief Customer Service Officer has his laptop stolen. The laptop contains over 100,000 customer records, including social security numbers. Costs for hiring a Public Relations firm to restore customer confidence or mitigate negative publicity generated from the incident. Crisis Management Event Expenses Insuring Agreement Claim Scenario Coverage Response

49 © 2012 ARTHUR J. GALLAGHER & CO. G ALLAGHER E R ISK H UB As an Arthur J. Gallagher policyholder, you will receive complimentary access to the eRisk Hub® portal, powered by NetDiligence®. eRisk Hub provides tools and resources to help you understand your exposures, establish a response plan and minimize the effects of a breach on your organization. 49

50 © 2012 ARTHUR J. GALLAGHER & CO. Questions?

51 © 2012 ARTHUR J. GALLAGHER & CO.

Download ppt "© 2012 ARTHUR J. GALLAGHER & CO. Agricultural Co-Ops: The Challenges of Protecting Data Today Cyber, Privacy & Network Security GALLAGHER CYBERRISK SERVICES."

Similar presentations

Hot Topics in Privacy & Security Law Presented by Robert J. Scott Managing Partner Scott & Scott, LLP www.ScottandScottllp.com.

Hot Topics in Privacy & Security Law Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Eight Strategies to Reduce Your Risk in the Event of A Data Breach Sheryl Falk December 10, 2013.

Eight Strategies to Reduce Your Risk in the Event of A Data Breach Sheryl Falk December 10, 2013.
Cybersecurity Update December 5, 2012. Agenda Cybersecurity – A growing problem Cybersecurity in other states (NASCIO/Deloitte Study) Structure Challenges.

Cybersecurity Update December 5, Agenda Cybersecurity – A growing problem Cybersecurity in other states (NASCIO/Deloitte Study) Structure Challenges.
Basics of Insurance Law PLI: Bridge the Gap II Robert H. Friedman May 26, 2005 Robert H. Friedman May 26, 2005 1.

Basics of Insurance Law PLI: Bridge the Gap II Robert H. Friedman May 26, 2005 Robert H. Friedman May 26,
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
06B – DATA INCIDENTS AND LITIGATION Jeffrey L. Poston Partner Crowell & Moring, LLP.

06B – DATA INCIDENTS AND LITIGATION Jeffrey L. Poston Partner Crowell & Moring, LLP.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,

Regulatory Issues in Campus Computing Privacy and Security in a Digital World Presented by David Gleason, Esq. University Counsel University of Maryland,
Springfield Technical Community College Security Awareness Training.

Springfield Technical Community College Security Awareness Training.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.

RMG:Red Flags Rule 1 Regal Medical Group Red Flags Rule Identify Theft Training.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.

Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.
2 3 4 5 6 www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.

Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.

Similar presentations

Ads by Google