1 Cyber Risk Management Privacy & Data Protection •2 Agenda ► Introductions ► Risk Management 101 ► Defining & Quantifying a Breach ► Prevention, Mitigation & Transfer Strategies ► Finance Strategy- Cyber Insurance ► Underwriting Criteria ► First Party vs. Third Party Coverages ► Case Studies ► Q&A
20
Embed
Cyber Risk Management · Cyber Risk Management ... and minimizing the effects of risk. •4 Risk Management 101 Types of Risk Business Strategic ... (either in physical form, or via
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
Cyber Risk Management
Privacy & Data Protection
•2
Agenda
► Introductions
►Risk Management 101
►Defining & Quantifying a Breach
►Prevention, Mitigation & Transfer Strategies
►Finance Strategy- Cyber Insurance
►Underwriting Criteria
►First Party vs. Third Party Coverages
►Case Studies
►Q&A
2
•3
What is Risk Management?
Engage
Assess
Plan
Implement
► Identify The Opportunities
► Organize & Categorize initiatives
► Quantify The Impact
► Prioritize The Initiatives
► Create a Strategic Plan
► Engage Team & Strategic Partners
► Continually Monitor Progress
Risk management is the continual process of identifying, measuring, and minimizing the effects of risk.
•4
Risk Management 101
Types of Risk
Business
Strategic
Hazard
Risk Management
Strategies
► Prevent► Transfer► Mitigate► Assume► Finance
3
•5
A data breach is an incident that involves the unauthorized or illegal viewing, access, or retrieval of data by an individual, application, or service. It is a type of security breach specifically designed to steal and/or publish data to an unsecured or illegal location.
Defining a Breach
Source: www.techopedia.com
•6
Average Number of Records Breached Per Incident:
28,765
Average Cost Per Breached Record:
$192 - $240
Varying Factors
► Number of Records Breached
► Type of Breach (PCI, PHI, or PII)
► Class Action Lawsuit Filed?
Source: Ponemon Institute / Symantec Study
Quantifying a Breach
4
•7
Risk Management
Type of Risk Risk Management
Strategies
► Prevent?► Mitigate?► Transfer?
•8
My Password is…
https://www.youtube.com/watch?v=opRMrEfAIiI
5
•9
Cyber Liability Insurance -
A type of insurance designed to cover consumers of technology services or products (sometimes referred to Privacy & Data Protection Insurance). More specifically, the policies are intended to cover a variety of both liability and property losses that may result when a business engages in various electronic activities, such as selling on the Internet or collecting data within its internal electronic network.
Most notably, but not exclusively, cyber and privacy policies cover a business’ liability for a data breach (either in physical form, or via an electronic platform).
Finance Strategies
•10
Process of Financing
► Applications
► Underwriter Review
► Quote Review
► Purchase
6
•11
Application Process
►Technical Questions
►Operational Questions
►Addendum On Additional Information
•12
Underwriter Review
► Industry Classification
►Annual Revenue
►PII Quantity
►Minimum Controls
►Standard and Advanced Controls
►Red Flags
7
•13
Key Coverages
► 1st Party
► Notification
► Crisis Management
► Forensic Costs
► Public Relations
► Regulatory expenses
► Business Interruption
► 3rd Party Liability
•14
1st
Party Coverages
Investigation Expense Coverage
► to determine the source or cause of the Data Privacy Wrongful Act or Network Security Wrongful Act.
Source: THDPNSLP
8
•15
1st
Party Coverages
Notification and Credit Monitoring Expense Coverage
► Notify customers
► Credit monitoring services
► Voluntary Notifications
•16
1st
Party Coverages
Business Interruption
► Income loss and extra expenses during the period of restoration
► Must result from a network attack
► A retention of 8-12 hours
9
•17
1st
Party Coverages
Crisis Management Expense Coverage
► Public Relations firm
► Crisis Management Firm
► IdentityTheft 911
► Pre- and Post Breach Services
•18
3rd
Party Coverages
Data Privacy Regulatory Expense Coverage
► Fines and Penalties levied against insureds
► PCI Fines and Penalties
10
•19
3rd
Party Coverages
Privacy Liability
► the improper dissemination of Nonpublic Personal Information; or
► any breach or violation by the Insured of any Data Privacy Laws.
$4.6MM revenue LabMD goes bankrupt; letting go of 30
employees
Vendor discovered as only entity to
see data
Lab MD: Choosing Vendors Wisely
And Fighting The FTC
•26
Outside the Dark Web
Image: Kaspersky Lab
14
•27
Outside the Dark Web
Image: SBR Money
•28
Phishing
Definition: a form of social engineering in which a message, typically an email, with a malicious attachment of link I sent to a victim with the intent of tricking the recipient to open an attachment
Top Industries
► ALL
15
•29
Phishing
How:
► Spear fishing: targeted attacks
► Phishing: mass communication
► Clone phishing: using legit content with modified links and resent