Data Breach Risks Overview Heather Pixton www2.idexpertscorp.com

Slides:

Advertisements

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP

Advertisements

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

Rise in cyber attacks at US companies “This threat to our country’s economic and national security, and to companies’ bottom line, is real and it is growing.”

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Recent Trends and Insurance Considerations March 2015

6 March 2012Building Trust in Digital Life1. Amardeo Sarma Deputy General Manager, NEC Chairman, Trust in Digital Life Consortium 6 March.

© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,

Security Controls – What Works

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

1 Operational Risk Management Member Education Series Seminar Indian Institute of Banking & Finance Nagpur November 2005.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.

1Copyright Jordan Lawrence. All rights reserved. Annual In-House Symposium Practical Steps to Minimize Privacy Risks: Understanding The Intersection.

Information Security Technological Security Implementation and Privacy Protection.

The Financial Impact of Cyber Security 50 Questions Every CFO Should Ask A publication of the American National Standards Institute and the Internet Security.

Overview of Cybercrime

Evolving IT Framework Standards (Compliance and IT)

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.

CDS Operational Risk Management - October 28, 2005 Existing Methodologies for Operational Risk Mitigation - CDS’s ERM Program ACSDA Seminar - October 26.

AUGUST 25, 2015 Cyber Insurance:

The 2009 HIMSS Security Survey: Insights into the Status of Healthcare Security Implementation sponsored by Symantec Meeting of the HIT Standards Committee,

Security Mark A. Magumba. Definitions Security implies the minimization of threats and vulnerabilities A security threat is a harmful event or object.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

Paul Leinster Director Environmental Protection. Overview Spearheads Regulatory & Charging Strategy Move towards Environmental Risk Based Regulation Integration.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Chris Apgar, CISSP President, Apgar & Associates, LLC December 12, 2007.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.

Final HIPAA-HITECH Rules, Cybersecurity, and Privacy Dino TsibourisMehmet Munur (614) (614)

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

Best Practices for Competition Law Enforcement: March 18, 2016 Russell W. Damtoft Associate Director Office of International Affairs United States Federal.

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

1Third Party Assurance Optimization and Control RationalizationCopyright © 2016 Deloitte Development LLC. All rights reserved. Third-Party Assurance (TPA)

Donald JG Chiarella, PhD, CISM, CDMP, PEM, CHS-CIA, MBA.

Michael Wright • Chief Security Officer • Tech Lock

Financial Institutions – Cyber Risk

Data Minimization Framework

Risk Assessment.

Cyber Incident Response When You Didn’t Have a Plan

Current ‘Hot Topics’ in Information Security Governance Auditing

About the NIS directive

UNCITRALThird International Colloquium on Public-Private Partnerships (PPPs) October 2017, Vienna Experts for Chapter IV October 2017.

LEGAL & ETHICAL ISSUES InsurTech & Health Insurance Providers

Chapter 3: IRS and FTC Data Security Rules

CYBER CRIME Matthew Purchase.

Bob Siegel President Privacy Ref, Inc.

Cyber Issues Facing Medical Practice Managers

Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |

Cyber Trends and Market Update

Review of the Telecom Framework – Security rules Security rules in the proposed European Electronic Communications Code (EECC) Lisbon, 8 March 2017.

By Joseph Carnevale, CIP Partner & Director of Sales

Cyber Risk & Cyber Insurance - Overview

Cyber security Policy development and implementation

Building a Vertical Around Regulated Industries to Increase Your Business

Cyber Security: What the Head & Board Need to Know

Session 8: Innovative Uses of Captives: Cyber and Beyond

Sam elkholy Director, systems engineering

Anatomy of a Common Cyber Attack

The state of digital supplier risk management: In partners we trust

Presentation transcript:

Data Breach Risks Overview Heather Pixton www2.idexpertscorp.com

Agenda What you need to know about data breaches What Are Data Breaches? Cyber Threats and Trends Recommended Proactive Efforts Breach Response Best Practices

What is a Data Breach*? Data Breach is a “Legal” Construct All breaches start as incidents, but not all incidents end up as breaches "Incident" = attempted or successful unauthorized access, use, disclosure, modification, or destruction of PHI/PII "Breach" = acquisition, access, use, or disclosure of PHI/PII [that poses a significant risk of financial, reputational, or other harm]* * The definition of “data breach” varies across specific legislation and rules. In US states, many include a “harm threshold”

Data Privacy, Security, Breach Notification Regulatory Complexity 46 states and three territories have breach laws PII/PHI; 33 Have Harm-Test; Exceptions; Notification Thresholds FCRA, FACT Act, PCI-DSS Provide for security of financial data FTC enforcement HIPAA/HITECH Privacy, Security, Breach Notification Omnibus Rule just issued; HHS/OCR enforcement

855* 174,000,000* $33.7 billion** Annual Data Breaches By the Numbers Estimated incidents (excluding healthcare) Number of affected individuals Estimated economic impact * Verizon 2012 Data Breach Investigations Report ** Derived from Ponemon Institute 2011 Cost of Data Breach Study, March 2012

Leading Causes of Data Breaches* Source: Ponemon Institute 2012 Cost of Data Breach Study, March 2013

A Couple Breach Examples Careless Malicious

Three Key Steps to Managing Risk* Best Practice Based on ENISA Framework for Effective Governance Risk assessment: the basis for security governance; assets in scope, dependencies, transparency Security measures: take appropriate measures; logical redundancy, monitoring & audits Incident reporting: mandatory reporting, legal consequences, data breach regulatory requirements * European Network and Information Security Agency (ENISA), Critical Cloud Computing, December, 2012

If You Do Nothing Else… A risk assessment will Do a privacy and security risk assessment A risk assessment will Inventory your organization’s data to understand your data breach risk exposure Review privacy & security policies/procedures to identify gaps Evaluate security technologies and controls Review insurance for data breach coverage

When a Data Breach Occurs Have a Plan Small/medium-sized businesses must rely on a trusted partner Help you determine if your incident is a breach Develop a proportionate and compliant breach response Provide the proper level of concern and care to the affected individuals (customers)

YourResponse™ The only structured, repeatable methodology for data breach response that leads to reduced risks and positive outcomes

Looks Complicated. Does That Make it Expensive? Not Necessarily. Using YourResponse, you will realize lower costs by Formulating response that is least costly based on a victim risk profile Reducing risks of fines/penalties due to use of a rigorous and documented methodology Breach response managed by experienced firm with volume cost structure

Questions? Jeremy Henley Insurance Solutions Executive jeremy.henley@idexpertscorp.com 760-304-4761