Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Breach Risks Overview Heather Pixton www2.idexpertscorp.com

Published byAbner Harrell Modified over 9 years ago

Similar presentations

Presentation on theme: "Data Breach Risks Overview Heather Pixton www2.idexpertscorp.com"— Presentation transcript:

1 Data Breach Risks Overview Heather Pixton www2.idexpertscorp.com

2 Agenda What you need to know about data breaches
What Are Data Breaches? Cyber Threats and Trends Recommended Proactive Efforts Breach Response Best Practices

3 What is a Data Breach*? Data Breach is a “Legal” Construct All breaches start as incidents, but not all incidents end up as breaches "Incident" = attempted or successful unauthorized access, use, disclosure, modification, or destruction of PHI/PII "Breach" = acquisition, access, use, or disclosure of PHI/PII [that poses a significant risk of financial, reputational, or other harm]* * The definition of “data breach” varies across specific legislation and rules. In US states, many include a “harm threshold”

4 Data Privacy, Security, Breach Notification
Regulatory Complexity 46 states and three territories have breach laws PII/PHI; 33 Have Harm-Test; Exceptions; Notification Thresholds FCRA, FACT Act, PCI-DSS Provide for security of financial data FTC enforcement HIPAA/HITECH Privacy, Security, Breach Notification Omnibus Rule just issued; HHS/OCR enforcement

5 855* 174,000,000* $33.7 billion** Annual Data Breaches By the Numbers
Estimated incidents (excluding healthcare) Number of affected individuals Estimated economic impact * Verizon 2012 Data Breach Investigations Report ** Derived from Ponemon Institute 2011 Cost of Data Breach Study, March 2012

6 Leading Causes of Data Breaches*
Source: Ponemon Institute 2012 Cost of Data Breach Study, March 2013

7 A Couple Breach Examples
Careless Malicious

8 Three Key Steps to Managing Risk*
Best Practice Based on ENISA Framework for Effective Governance Risk assessment: the basis for security governance; assets in scope, dependencies, transparency Security measures: take appropriate measures; logical redundancy, monitoring & audits Incident reporting: mandatory reporting, legal consequences, data breach regulatory requirements * European Network and Information Security Agency (ENISA), Critical Cloud Computing, December, 2012

9 If You Do Nothing Else… A risk assessment will
Do a privacy and security risk assessment A risk assessment will Inventory your organization’s data to understand your data breach risk exposure Review privacy & security policies/procedures to identify gaps Evaluate security technologies and controls Review insurance for data breach coverage

10 When a Data Breach Occurs
Have a Plan Small/medium-sized businesses must rely on a trusted partner Help you determine if your incident is a breach Develop a proportionate and compliant breach response Provide the proper level of concern and care to the affected individuals (customers)

11 YourResponse™ The only structured, repeatable methodology for data breach response that leads to reduced risks and positive outcomes

12 Looks Complicated. Does That Make it Expensive?
Not Necessarily. Using YourResponse, you will realize lower costs by Formulating response that is least costly based on a victim risk profile Reducing risks of fines/penalties due to use of a rigorous and documented methodology Breach response managed by experienced firm with volume cost structure

13 Questions? Jeremy Henley Insurance Solutions Executive

Download ppt "Data Breach Risks Overview Heather Pixton www2.idexpertscorp.com"

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP www.ScottandScottllp.com.

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.
Rise in cyber attacks at US companies “This threat to our country’s economic and national security, and to companies’ bottom line, is real and it is growing.”

Rise in cyber attacks at US companies “This threat to our country’s economic and national security, and to companies’ bottom line, is real and it is growing.”
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
6 March 2012Building Trust in Digital Life1. Amardeo Sarma Deputy General Manager, NEC Chairman, Trust in Digital Life Consortium 6 March.

6 March 2012Building Trust in Digital Life1. Amardeo Sarma Deputy General Manager, NEC Chairman, Trust in Digital Life Consortium 6 March.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Security Controls – What Works

Security Controls – What Works
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
1 Operational Risk Management Member Education Series Seminar Indian Institute of Banking & Finance Nagpur November 2005.

1 Operational Risk Management Member Education Series Seminar Indian Institute of Banking & Finance Nagpur November 2005.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.

Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.
1Copyright 2009. Jordan Lawrence. All rights reserved. Annual In-House Symposium Practical Steps to Minimize Privacy Risks: Understanding The Intersection.

1Copyright Jordan Lawrence. All rights reserved. Annual In-House Symposium Practical Steps to Minimize Privacy Risks: Understanding The Intersection.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security.

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security.
Overview of Cybercrime

Overview of Cybercrime
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Similar presentations

Ads by Google