Presentation is loading. Please wait.

Presentation is loading. Please wait.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

Published byPrimrose Ray Modified over 9 years ago

Similar presentations

Presentation on theme: "WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm."— Presentation transcript:

1 WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm

2 2 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. Presenter: Joshua Gold, Esq. (212) 278-1886 jgold@andersonkill.com

3 3 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. Disclaimer The views expressed by the participants in this program are not those of the participants’ employers, their clients, or any other organization. The opinions expressed do not constitute legal advice, or risk management advice. The views discussed are for educational purposes only, and provided only for use during this session.

4 4 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. WHO IS VULNERABLE? EVERYONE!

5 5 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. WHO IS VULNERABLE? 2012 Data Breaches. 1 Business – 36.9% Medical/Healthcare – 34.6% Educational – 13.6% Government/Military – 11.2% Banking/Credit/ Financial – 3.8% ____________ 1 Identity Theft Resource Center, www.idtheftcenter.org/ITRC%20Breach%20Report%202012.Pdr

6 6 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. WHAT IS THE EXPOSURE? Government/Military – 7.7 million records (44.4%) Business – 4.6 million (26.7%) Education – 2.3 million (13.3%) Medical/Healthcare – 2.2 million (12.9%) Banking/Credit/Financial – 470k (2.7%) 2 ________________ 2 Identity Theft Resource Center, www.idtheftcenter.org/ITRC%20Breach%20Report%202012.Pdr

7 7 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. Negligence – 39% Malicious or Criminal Attack – 37% System Error – 24% 3 ________________ 3 2011 Cost of Data Breach Study: United States, Ponemon Institute, March 2012. WHAT ARE THE CAUSES?

8 8 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. Information Loss – 44% Business Disruption – 30% Revenue Loss – 19% Equipment Damages – 5% Other Miscellaneous Costs – 2% 4 ________________ 4 2011 Cost of Data Breach Study: United States, Ponemon Institute, March 2012 WHAT IS THE COST?

9 9 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. Average Resolution Time: 24 days Average Cost: $5.5 Million 5 ________________ 5 2011 Cost of Data Breach Study: United States, Ponemon Institute, March 2012 WHAT’S THE REAL COST?

10 10 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. THIRD-PARTY DATA MANAGEMENT & RISKS. Cloud is the Trend Cost Savings Data Security Risks Lack of Control Can delegate the data management but not the responsibility What are the risks; Amazon/Sony Breach

11 11 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. BEST PRACTICES. SEC Guidance FFIEC Guidance Due Diligence on Vendors Negotiate Strong Terms in Vendor/Cloud Contracts Risk Transfer Indemnity/Insurance Security Assessment of Vendor: Tricky in a Multi- Tenant Cloud Platform Make Sure There is Adequate Notice/Disclosure of Use of Cloud to Stakeholders

12 12 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. RISK MANAGEMENT. Notice of Incident (even if your data is not disclosed) Cooperation with regulation authorities and law enforcement Periodic audit rights Notification costs responsibility Costs of computer forensic experts Use of sub-contractors Cloud Services Termination: How does hosted data get disposed of? / Who pays? Representations and Warranties about firm protecting data

13 13 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. SECURITY & INSURANCE. Encryption –Automatic red flag for AGs/FTC if data disclosed and not encrypted Contractual Indemnity/Hold Harmless Mandate insurance purchase by vendor Require additional insured status

14 14 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. DEALING WITH A SECURITY BREACH. Data Breach Team and Plan needs to be in place Compliance with State Notice Make sure your insurance provides cover where cloud used Notice all potentially applicable insurance

15 15 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. POLICIES COVERING LOSS. Take Inventory of Policies GL, D&O, E&O, Crime, All Risk Property, Cyber Policies 1 st Party, 3 rd Party, Hybrid Coverage Issues

16 16 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. IP Exposure Data Loss Business Interruption Third Party Losses Privacy COVERAGE UNDER CGL?

17 17 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. CYBER POLICIES! WHEN CGL IS NOT ENOUGH.

18 18 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. CURRENTLY AVAILABLE CYBER INSURANCE. Privacy Injury Liability Privacy Regulatory Proceedings and PCI Fines Network and Content Liability Crisis Management Fund Network Loss or Damage Business Interruption Electronic Theft Network Extortion

19 19 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. Virus Coverage or Exclusions Virus Defined in a Manner that Might Affect Hacker Coverage “Confidential” Information vs. Trade Secrets vs. Customer Information Coverage for Regulatory Matters (e.g., FTC) RISK MANAGEMENT CONSIDERATIONS

20 20 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. RISK MANAGEMENT CONSIDERATIONS Data Security Efforts and Policyholder Protective Measures Coverage for Network Computers Only? What about Laptops? Insured Property / Locations / Premises Where are Servers / Computers Housed?

21 21 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. TIME SENSITIVE PROVISIONS. Fear of Reporting Claims? Timely Notice Proofs of Loss Suit Limitation Clauses

22 22 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. LITIGATION ISSUES. Not a Ton of Precedent What Exists is Not Uniform Careful What Gets Disclosed During Discovery: –E.g., Sensitive Data, Customer Information, Network Security Blueprints

23 23 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. ONE LAST THOUGHT. Side note for clients at risk due to a reduction in coverage: Duty of Insurer to advise of reduction in coverage at renewal Duty of Broker to inform client of reduction in coverage

24 24 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. QUESTIONS?

25 25 1016250v1 ©2013 Anderson Kill & Olick, P.C. All Rights Reserved. Thank You Joshua Gold, Esq. (212) 278-1886 jgold@andersonkill.com

Download ppt "WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm."

Similar presentations

Hot Topics in Privacy & Security Law Presented by Robert J. Scott Managing Partner Scott & Scott, LLP www.ScottandScottllp.com.

Hot Topics in Privacy & Security Law Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,

Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,
Page 1 Recording of this session via any media type is strictly prohibited. Edward M. Joyce Partner Jones Day Invasion of Privacy, Hacking & IP Claims:

Page 1 Recording of this session via any media type is strictly prohibited. Edward M. Joyce Partner Jones Day Invasion of Privacy, Hacking & IP Claims:
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.

Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.

Draft of June 9, 2015 Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing.
Presenter: Marshall Gilinsky, Esq. (212) 278-1513 Canadian Capital RIMS Chapter Meeting March 11, 2009 Understanding Key E&O,

Presenter: Marshall Gilinsky, Esq. (212) Canadian Capital RIMS Chapter Meeting March 11, 2009 Understanding Key E&O,
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
Cyber Liability Insurance Why we have it & How it works DRAFT – Version 3 May 28, 2015 SBCTC – BAR Commission Meeting Doug Selix, MBA, CISSP, CISM, PMP.

Cyber Liability Insurance Why we have it & How it works DRAFT – Version 3 May 28, 2015 SBCTC – BAR Commission Meeting Doug Selix, MBA, CISSP, CISM, PMP.
NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.

NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.
Overview of Cybercrime

Overview of Cybercrime

Similar presentations

Ads by Google