Presentation is loading. Please wait.

Presentation is loading. Please wait.

The State of Cybersecurity and

Published bySamuel Todd Strickland Modified over 5 years ago

Similar presentations

Presentation on theme: "The State of Cybersecurity and"— Presentation transcript:

1

2 The State of Cybersecurity and
Worst Case Scenario The State of Cybersecurity and Lessons Learned 2016 ACC Mid-Year Meeting

3 Program Agenda Highlights from the State of Cybersecurity Report
Managing risk, privilege and the investigation process Best practices for information sharing and working with regulators Incident response planning and what to do now Who should be on your go-to list Cybersecurity insurance and why most organizations don’t have enough Mistakes to avoid when communicating with the media

4 Speakers Charles Kallenbach, Chief Legal Officer and General Counsel, Heartland Payment Systems Edward J. McAndrew, Partner, Ballard Spahr LLP Stewart A. Pomerantz, Senior Vice President & Associated General Counsel, Jefferies LLC Phil N. Yanella, Partner, Ballard Spahr LLP

5 Why the ACC Foundation Conducted This Important Study
Cybersecurity is a leading concern among in-house counsel Expanding role of in-house counsel 53% allocating more of their budget to cybersecurity

6 About the Report Data breaches by industry and region
Top cybersecurity causes and concerns worldwide Company and legal department budgets Cybersecurity insurance Lessons learned Managing vendors and outside risk Detailed glossary of information security terms Self assessment tool for benchmarking And much more………..

7 How Would You Characterize Your
Responsibilities Regarding Cybersecurity in Your Company?

8 in-house counsel experienced a data breach
31% of in-house counsel experienced a data breach

9 Most GC/CLOs and other in-house counsel do not know what standards their organization uses to address cybersecurity

10 Member of the Legal Department on a Data Breach Team?

11 How Was the System Breached?

12 Ranking of Immediate Concerns Related to Data Breach

13 Mandatory Cybersecurity Training for All Employees

14 How Does Your Organization Evaluate Company
Preparedness at the Employee Level?

15 Portion of law department’s budget specifically dedicated to cybersecurity or related cyber issues

16

17 The Legal and Regulatory Landscape
Class action litigation Consumer Financial Protection Bureau (CFPB) Cybersecurity Information Sharing Act (CISA) European Union (EU) Federal Trade Commission UK Financial Conduct Authority (FCA) US Securities & Exchange Commission (SEC)

18 What challenges did you face in preserving lawyer-client privilege after the data breach, and how did you navigate these?

19 Less than half of the respondents say their company has cybersecurity insurance

20 Did Insurance Cover the Damages Incurred From the Breach?

21 General Counsel and Lessons Learned
“No firewall can give 100% protection” “How much time is involved in responding to a breach” “Act fast and get out ahead of the news and the regulators” “Some employees working from home are on their own unencrypted devices”

22 Crisis Management Dos Prepare a three-tiered incident response plan
Test the plan quarterly for vulnerabilities Identify a centralized decision maker (in legal) Join an industry based ISAC (Information sharing and analysis center) Select and media train a spokesperson Stay ahead of the news curve

23 Crisis Management Don’ts
Assume cybersecurity is an IT issue Provide lost record numbers and breach details to media prematurely Rely on text book incident response plans Limit response to only US state law or other regulatory notification requirements Select and media train a spokesperson

24 What Resource Was Most Helpful?
An outside call center In-house privacy counsel Having an established incident response team Chief privacy officer and local law enforcement Subject matter experts and a single center point of contact Retaining outside counsel and experts Office of Australian Information Commissioner Guidelines

25 “Act as if you’ve already been breached”

26 For addition information:
Derede McAlpin ACC, Vice President & Chief Communications Officer ACC FOUNDATION: THE STATE OF CYBERSECURITY REPORT Price: Members - $475 Non-Members - $595 Underwritten by:

Download ppt "The State of Cybersecurity and"

Similar presentations

Freshfields Bruckhaus Deringer LLP Global investigations What to advise your board Marius Berenbrok Edward Braham Matthew Herman Melissa Thomas 29 February.

Freshfields Bruckhaus Deringer LLP Global investigations What to advise your board Marius Berenbrok Edward Braham Matthew Herman Melissa Thomas 29 February.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
Corporate Ethics Compliance *

Corporate Ethics Compliance *
Are you ready for a recall? Medical Device Regulatory, Reimbursement and Compliance Congress March 28, 2007 Willie R. Bryant, Jr. Consultant Stericycle,

Are you ready for a recall? Medical Device Regulatory, Reimbursement and Compliance Congress March 28, 2007 Willie R. Bryant, Jr. Consultant Stericycle,
In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.

In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.
Navigating a Corporate Crisis © 2012 Fox Rothschild LLP Navigating a Corporate Crisis Pre-Crisis Phase September 20, 2012 Presented by Dori K. Stibolt.

Navigating a Corporate Crisis © 2012 Fox Rothschild LLP Navigating a Corporate Crisis Pre-Crisis Phase September 20, 2012 Presented by Dori K. Stibolt.
©2008, Promega Corporation. All rights reserved. ©2007, Promega Corporation. All rights reserved. Global Financial Crisis -- Practical Implications for.

©2008, Promega Corporation. All rights reserved. ©2007, Promega Corporation. All rights reserved. Global Financial Crisis -- Practical Implications for.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.

Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
Internal Investigations: A primer Bob Cooper May 30, 2007.

Internal Investigations: A primer Bob Cooper May 30, 2007.
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, 2014 -WITH THANKS TO.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
For broker-dealer use only. Not for use with the public. PROCU 2012 ANNUAL MEETING REGULATORY UPDATE Michael D. Burns Chief Compliance Officer October.

For broker-dealer use only. Not for use with the public. PROCU 2012 ANNUAL MEETING REGULATORY UPDATE Michael D. Burns Chief Compliance Officer October.
INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.

INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.
The Impact of Privacy on HP’s Customer Relationship Management Solution Mike Overly Vice President, Marketing © 2003 Hewlett-Packard Development Company,

The Impact of Privacy on HP’s Customer Relationship Management Solution Mike Overly Vice President, Marketing © 2003 Hewlett-Packard Development Company,
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
DOJ Perspectives on Effective Compliance and Investigations Maxwell Carr-Howard Husch Blackwell, LLP October 8, 2012.

DOJ Perspectives on Effective Compliance and Investigations Maxwell Carr-Howard Husch Blackwell, LLP October 8, 2012.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Chris Apgar, CISSP President, Apgar & Associates, LLC December 12, 2007.

Chris Apgar, CISSP President, Apgar & Associates, LLC December 12, 2007.

Similar presentations

Ads by Google