Critical Issues in Cybersecurity:
|
|
- Brianna Boone
- 5 years ago
- Views:
Transcription
1 Critical Issues in Cybersecurity: Are you prepared and in compliance? July 27, 2017 Robert Barbarowicz Scott Lyon JillAllison Opell
2 1 What Types of Information do We Collect? PII v. PHI v. NPI v. sensitive/confidential information Information specific to individual Social Security Number Account numbers Name Address Specific financial information Catch-all Information not publicly available
3 2 Now That You Have It, Protect It! GLBA Safeguards Rule: If you are going to accept responsibility for having someone s personal information, then protect it
4 New York Department of Financial Services (NYDFS) Cybersecurity Regulation 23 NYCRR et. seq.
5 3 NYDFS Takes the Lead 3/2/16 NAIC proposes Insurance Data Security Model Law (version 2 8/17/16) 9/28/16 NYDFS proposes its own cybersecurity regulations for all DFS-regulated entities, financial institutions, insurance companies (domestic and admitted) and insurance producers. 12/28/16 NYDFS releases revised cybersecurity proposal 2/16/17 NYDFS regulations posted to New York State Register, to take effect on 3/1/17 March 2017 NAIC meeting in Denver NYDFS proposes that other states should use its cybersecurity regulations as a model for their own legislation
6 4 Covered Entity (c) Covered Entity means any Person operating under or required to operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services Law. Financial institutions Insurance carriers Insurance brokers and agents Captive insurance Surplus line carriers
7 5 Deadlines March 1, 2017 effective date of regulation August 28, days Implement & maintain program and policy & Limit user access privileges as part of program Utilize qualified cybersecurity personnel Notify Superintendent of cybersecurity events File Notice of Exemption with Superintendent (e) Designate Chief Information Security Officer [CISO]* Establish a written incident response plan* * May NOT apply to Covered Entities that qualify for a Limited Exemption
8 6 February 15, 2018 Deadlines Submit annual certification of compliance to Superintendent March 1, 2018 one year Conduct periodic risk assessment CISO to provide annual report to board or governing body of agency* (b) Conduct annual penetration testing and bi-annual vulnerability assessments* (a)(1) & (a)(2) Multi-factor authentication if needed* Regular cybersecurity awareness training for all personnel * May NOT apply to Covered Entities that qualify for a Limited Exemption
9 7 Deadlines September 1, months Establish policies and procedures for data retention & disposal Establish audit trails* Establish procedures, guidelines and standards for development of in-house developed applications* Monitor authorized users* (a)(1) Encryption of data both in transit over external networks and at rest* * May NOT apply to Covered Entities that qualify for a Limited Exemption
10 8 Exemptions Covered Entities exempt from some requirements if they Have less than the specified number of NY employees, gross annual revenue from NY operations, or year-end total assets (a) Are an employee, agent, representative or designee of a Covered Entity (b) Do not directly or indirectly operate, maintain, utilize or control any Information Systems AND Do not directly or indirectly control, own, access, generate, receive or possess Nonpublic Information (c) Required to file a Notice of Exemption
11 Cybersecurity Programs: What Do You Need?
12 9 Who Do You Call? Regulatory compliance issue Attorney client privilege/work product Due diligence v. Post-breach investigation Breaches Ignorance (willful or otherwise) is not an excuse FTC enforcement actions - [An unfair act or practice] causes or is likely to cause substantial injury - 15 USC 45(n)
13 10 Cybersecurity Policy Goal: Protection of Information Security Systems & NPI/PII, based on Risk Assessment Risk Assessment Policy (the foundation) Data governance and classification (NPI/PII) Incident Response Plan Third Party Service Provider Security Policy Asset inventory and device management (what do you have) Access controls and identity management (PLP, restrictions) Business Continuity and Disaster Recovery Policy Customer Data Privacy policy System availability plan (Ransomware, DDoS) Physical security (not all administrative or technical)
14 11 Risk Assessment Policy Written policies and procedures for satisfying objectives (b) Objectives Identify assets Identify threats/risks against assets Prioritize threats Mitigate threats
15 12 Risk Assessment Policy Identify assets Company information and data Hardware and software (servers and endpoints) Organization s reputation and branding Personnel Identify threats/risks against assets System hacked from inside System hacked from outside Data Unavailable Ransomware Hardware failure Analyze impact
16 13 Risk Assessment Policy Prioritize threats Ransomware healthcare and other service providers Data exfiltration confidential information (Ashley Madison) Mitigation techniques Ransomware robust backup strategy DDoS clustered servers, load balancers Insider threat Access Control Lists, Principle of Least Privilege, DLP solutions Outside threat Firewalls, IDS, IPS, encryption Residual Risk insurance = transferring risk
17 14 Data Governance and Classification Policy Types of private/sensitive/ confidential information Financial Healthcare NPI/PII Groups/Classes Role-based, not individual HR, Accounting Sensitivity Top Secret Unclassified Principle of Least Privilege
18 15 Incident Response Plan Develop policies and procedures for responding to potential breaches Incident v. Breach v. Cybersecurity Event Internal processes for responding (ex: flow-chart) Roles, responsibilities and levels of decision-making authority Coordinating communications - Law Enforc, Forensics, HR, PR External and internal communications and information sharing Plan for remediation of identified weaknesses Documentation and reporting (forensics, chain of custody) Evaluation and revision (Lessons Learned)
19 16 Third Party Service Provider Security Policy Develop policies and procedures for Third Party Service Providers (TPSP) Based on the Risk Assessment Risk assessment of TPSP Minimum cybersecurity standards (ISO, addendum) Access controls Encryption Notification requirements Due diligence processes (auditing) Periodic assessment based on risk and adequacy
20 17 Disaster Recovery Plan Based on Risk Assessment (fire, flood, earthquake) Business Impact Assessment (BIA) Identify critical systems Prioritize recovery time objective Identify preventative controls Ex: backup data centers Develop recovery strategies Ex: emergency office sharing Develop IT contingency plan Ex: remote login Backup strategy 3/2/1 (copies, media, offsite)
21 18 Training and Testing Program Training educate employees Communicate business risks and consequences Tabletop Simulations executive fire drills Helps identify SPOF Policy revisions Penetration Testing periodic checkup
22 Recent Cases
23 19 PF Chang s Pt. 1 The Class Action Lewert v. P.F. Chang's China Bistro, Inc., 819 F.3d 963 (7th Cir. 2016) June 2014 breach notification # of consumers -??? # of restaurants -??? Length of breach -??? June 2014 Plaintiffs filed suit Aug Clarification 33 restaurants, >60k customers Dec District court dismissed claims for lack of out-ofpocket losses or actual damages April th Cir. Reversed fraudulent transactions and time, money and effort spent monitoring were sufficient injuries to confer standing
24 20 PF Chang s Pt. 2 The Insurance P.F. Chang's China Bistro, Inc. v. Fed. Ins. Co., 2016 WL (D. Ariz. May 31, 2016) Chubb paid claims ($1.7M) for Third party breach investigation and counsel Breach notifications Class action litigation 2015 MasterCard issued $1.9M PCI DSS assessment to BofA Merchant Services (BAMS) PF Chang s liable for assessment based on processing contract with BAMS Chubb refused claim; PF Chang s sued May 2016 Arizona district court held that Chubb cyber policy does not cover PCI DSS assessments under the BAMS processing contract
25 21 FTC v. Wyndham F.T.C. v. Wyndham Worldwide Corp., 799 F.3d 236 (3d Cir. 2015) Between 2008 and 2010 Wyndham was breached 3 times Exposed 619,000 payment card numbers Resulted in more than $10.6M fraud loss 2012 FTC files administrative complaint, alleging that weak security = unfair and deceptive trade practice April 2014 NJ district court denies motion to dismiss
26 22 Aug rd Cir. Affirms FTC v. Wyndham Wyndham was not entitled to know with ascertainable certainty the FTC s interpretation of what cybersecurity practices are required by 45(a). Instead, the relevant question in this appeal is whether Wyndham had fair notice that its conduct could fall within the meaning of the statute... As a necessary consequence, Wyndham is only entitled to notice of the meaning of the statute and not to the agency s interpretation of the statute. Dec Stipulated Order PCI-DSS? But see LifeLock Consent Order ($100M)
27 23 FTC v. LabMD In the Matter of Labmd, Inc., Trade Cas. (CCH) (MSNET July 28, 2016) Feb patient records found on LimeWire Oct Sacramento PD found records in possession of identity thieves Aug FTC files administrative complaint for unfair acts or practices
28 24 FTC v. LabMD Nov ALJ Post-Hoc Analysis the absence of any evidence that any consumer has suffered harm as a result of [LabMD] s alleged unreasonable data security, even after the passage of many years, undermines the persuasiveness of [the FTC] s claim that such harm is nevertheless likely to occur. (no harm, no foul) July 2016 FTC Reverses ALJ "When evaluating a practice, we judge the likelihood that the practice will cause harm at the time the practice occurred, not on the basis of actual future outcomes. This is particularly true in the data security context. Section 5 very clearly has a prophylactic purpose and authorizes the Commission to take preemptive action. We need not wait for consumers to suffer known harm at the hands of identity thieves.
29 25 Consequences of Breach Damages Costs of breach Notification costs Monitoring costs Legal costs FTC fines and penalties (state and federal) Insurance: loss of license Privilege: Make sure your preparation and response does not turn into the evidence against you Have a plan!
30 Questions?
31 Thank You! Robert Barbarowicz Scott Lyon JillAllison Opell
CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING
CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING 2015 Verizon Data Breach Report 79,790 security incidents 2,122 confirmed data breaches Top industries affected: Public, Information,
More informationPaul Jones, Jones & Co. Kathleen Rice, Faegre Baker Daniels, LLP
HOW TO NAVIGATE THE LANDSCAPE OF GLOBAL PRIVACY AND DATA PROTECTION Paul Jones, Jones & Co. Kathleen Rice, Faegre Baker Daniels, LLP Topics to Cover General Concepts Increased U.S. enforcement activity
More informationWhat we will cover today
CYBERSECURITY WHAT YOU NEED TO KNOW March 30, 2017 Independent Insurance Agents Assoc of Western NY What we will cover today Broad overview of the regulation How did it come about? Who does it apply to?
More informationNEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES PROPOSED 23 NYCRR 500 CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES
NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES PROPOSED 23 NYCRR 500 CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES I, Maria T. Vullo, Superintendent of Financial Services, pursuant to the
More informationNEW CYBER RULES FOR NEW YORK-BASED BANKING, INSURANCE AND FINANCIAL SERVICE FIRMS HAVE FAR-REACHING EFFECTS
REGULATORY LAW ALERT JUNE 2017 NEW CYBER RULES FOR NEW YORK-BASED BANKING, INSURANCE AND FINANCIAL SERVICE FIRMS HAVE FAR-REACHING EFFECTS OVERVIEW In potentially the most significant state-level expansion
More informationWhat You Need to Know to Make Sure Your Insurance Business Complies
New York State Department of Financial Services New Cybersecurity Regulation 23 NYCRR Part 500 What You Need to Know to Make Sure Your Insurance Business Complies Presented by: NAIFA-NYS, Peter J. Molinaro,
More informationHIPAA vs. GDPR vs. NYDFS - the New Compliance Frontier. March 22, 2018
1 HIPAA vs. GDPR vs. NYDFS - the New Compliance Frontier March 22, 2018 2 Today s Panel: Kimberly Holmes - Moderator - Vice President, Health Care, Cyber Liability & Emerging Risks, TDC Specialty Underwriters,
More informationCyber Risks & Insurance
Cyber Risks & Insurance Bob Klobe Asst. Vice President & Cyber Security Subject Matter Expert Chubb Specialty Insurance Legal Disclaimer The views, information and content expressed herein are those of
More informationCredit Card Data Breaches: Protecting Your Company from the Hidden Surprises
Credit Card Data Breaches: Protecting Your Company from the Hidden Surprises By David Zetoony Partner, Bryan Cave LLP Courtney Stout Counsel, Davis Wright Tremaine LLP With Contributions By Suzanne Gladle,
More informationWe re Under Cyberattack Now What?! John Mullen, Partner/Co-founder, Mullen Coughlin Jason Bucher, Senior Underwriting Manager, Schinnerer Cyber
We re Under Cyberattack Now What?! John Mullen, Partner/Co-founder, Mullen Coughlin Jason Bucher, Senior Underwriting Manager, Schinnerer Cyber Protection Data Creates Duties What data do you access, and
More informationCyberinsurance: Necessary, Expensive and Confusing as Hell. Presenters: Sharon Nelson and Judy Selby
Cyberinsurance: Necessary, Expensive and Confusing as Hell Presenters: Sharon Nelson and Judy Selby Setting the stage 2018 report from PwC one-third of US businesses have some form of cyberinsurance PwC
More informationFREQUENTLY ASKED QUESTIONS REGARDING 23 NYCRR PART 500
FREQUENTLY ASKED QUESTIONS REGARDING 23 NYCRR PART 500 Effective March 1, 2017, the Superintendent of Financial Services promulgated 23 NYCRR Part 500, a regulation establishing cybersecurity requirements
More informationDesigning Privacy Policies and Identifying Privacy Risks for Financial Institutions. June 2016
Designing Privacy Policies and Identifying Privacy Risks for Financial Institutions June 2016 Program Overview Regulatory Environment Who Needs a Privacy Program and Common Questions Components of a Comprehensive
More informationChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them
ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them PROVIDED BY HUB INTERNATIONAL October 25th, 2016 W W W. C H I C A G O L A N D R I S K F O R U M. O R G AGENDA 1. The evolution of
More informationH 7789 S T A T E O F R H O D E I S L A N D
======== LC001 ======== 01 -- H S T A T E O F R H O D E I S L A N D IN GENERAL ASSEMBLY JANUARY SESSION, A.D. 01 A N A C T RELATING TO INSURANCE - INSURANCE DATA SECURITY ACT Introduced By: Representatives
More informationCYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY
CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY Agenda Threat Landscape and Trends Breach Response Process Pitfalls and Critical Points BBR Services Breach Prevention
More informationPRIVACY AND CYBER SECURITY
PRIVACY AND CYBER SECURITY Presented by: Joe Marra, Senior Account Executive/Producer Stoya Corcoran, Assistant Vice President Presented to: CIFFA Members September 20, 2017 1 Disclaimer The information
More informationPrivacy and Data Breach Protection Modular application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationCYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP
CYBER LIABILITY INSURANCE OVERVIEW FOR Prepared by: Evan Taylor NFP Targeted Industries Business Sector Financial Services 10% Non-Profit 11% Retail 10% Other 37% Other 18% Type of Data PII 40% Professional
More informationARE YOU HIP WITH HIPAA?
ARE YOU HIP WITH HIPAA? Scott C. Thompson 214.651.5075 scott.thompson@haynesboone.com February 11, 2016 HIPAA SECURITY WHY SHOULD I CARE? Health plan fined $1.2 million for HIPAA breach. Health plan fined
More informationCyber, Data Risk and Media Insurance Application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationHIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES
HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment
More informationCybersecurity Privacy and Network Security and Risk Mitigation
Ask the Experts at fi360 2016 Cybersecurity Privacy and Network Security and Risk Mitigation Gary Sutherland, NAPLIA CEO Brian Edelman, Financial Computer Inc. CEO Paul Smith, AIF NAPLIA SVP SEC s 1st
More informationHIPAA and Lawyers: Your stakes have just been raised
HIPAA and Lawyers: Your stakes have just been raised October 16, 2013 Presented by: Harry Nelson e: hnelson@fentonnelson.com Claire Marblestone e: cmarblestone@fentonnelson.com AGENDA Statutory & Regulatory
More informationTrends, Vendor Management, and Practical Tips For In House Counsel. ACC National Capital Region October 16, 2018
Cyberinsurance Issues Coming for 2019 Trends, Vendor Management, and Practical Tips For In House Counsel ACC National Capital Region October 16, 2018 Scott N. Godes Partner Insurance Recovery Co-Chair,
More informationCYBERINSURANCE TRENDS AND DEVELOPMENTS
CYBERINSURANCE TRENDS AND DEVELOPMENTS What cyber risks can be covered Emerging products Recent cases, pending legislation and regulation Claims case studies INTRODUCTION TO CYBERINSURANCE Gartner defines
More informationHealthcare Data Breaches: Handle with Care.
Healthcare Data Breaches: Handle with Care November 13, 2012 ID Experts Webinar www.idexpertscorp.com The material presented in this presentation is not intended to provide legal or other expert advice
More informationCAPTIVE INSURANCE COMPANY REPORTS
CAPTIVE INSURANCE COMPANY REPORTS New York Adopts Cyber-Security Requirements P. Bruce Wright, Saren Goldner, Daren Moreira Eversheds Sutherland LLP April 2017 Editor s Note: This article by P. Bruce Wright,
More informationCyber-Insurance: Fraud, Waste or Abuse?
SESSION ID: STR-F03 Cyber-Insurance: Fraud, Waste or Abuse? David Nathans Director of Security SOCSoter, Inc. @Zourick Cyber Insurance overview One Size Does Not Fit All 2 Our Research Reviewed many major
More informationEQUIFAX INC. (Exact name of registrant as specified in Charter)
UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM 8-K CURRENT REPORT Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934 Date of report (Date of earliest event
More informationBy David F. Katz, Richard D. Smith, Elizabeth K. Hinson, Jason Mark Anderman and Sarah Statz
CYBERSECURITY LAW & STRATEGY AUGUST 2017 Third-Party Cybersecurity Strategies Critical to Preparedness By David F. Katz, Richard D. Smith, Elizabeth K. Hinson, Jason Mark Anderman and Sarah Statz Understanding
More informationThe General Data Protection Regulation s Impact on M&A
The General Data Protection Regulation s Impact on M&A PRACTICAL ADVICE ON HOW TO CONTINUE A SMOOTH M&A PROCESS Presented by Avi Gesser, Davis Polk partner, Litigation/Cybersecurity Pritesh P. Shah, Davis
More informationClaims Made Basis. Underwritten by Underwriters at Lloyd s, London
APPLICATION for: NetGuard Plus Claims Made Basis. Underwritten by Underwriters at Lloyd s, London tice: The Policy for which this Application is made applies only to Claims made against any of the Insureds
More informationDATA COMPROMISE COVERAGE RESPONSE EXPENSES AND DEFENSE AND LIABILITY
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY. DATA COMPROMISE COVERAGE RESPONSE EXPENSES AND DEFENSE AND LIABILITY Coverage under this endorsement is subject to the following: PART 1 RESPONSE
More informationThe Cyber Insurance Broker Conundrum
CLM 2017 Annual Conference March 29-31, 2017 Nashville, TN The Cyber Insurance Broker Conundrum The Cyber Insurance Broker Conundrum I. Introduction P.F. Chang s is reeling after an U.S. District Court
More informationData Breach and Cyber Risk Update November 17, 2011
Data Breach and Cyber Risk Update November 17, 2011 Mark E. Schreiber Chair, Privacy & Data Protection Group Edwards Wildman Palmer LLP 111 Huntington Avenue Boston, MA 02199 Tel: 617-239-0585 Email: mschreiber@edwardswildman.com
More informationHIPAA AND ONLINE BACKUP WHAT YOU NEED TO KNOW ABOUT
WHAT YOU NEED TO KNOW ABOUT HIPAA AND ONLINE BACKUP Learn more about how KeepItSafe can help to reduce costs, save time, and provide compliance for online backup, disaster recovery-as-a-service, mobile
More informationVaco Cyber Security Panel
Vaco Cyber Security Panel ISACA Charlotte Chapter December 5 th, 2017 Vaco is an international talent solutions firm headquartered in Nashville, Tennessee, with more than 35 locations around the globe.
More informationCyber Risk Proposal Form
Cyber Risk Proposal Form Company or trading name Address Postcode Country Telephone Email Website Date business established Number of employees Do you have a Chief Privacy Officer (or Chief Information
More informationSummary Comparison of Current Senate Data Security and Breach Notification Bills
Data Security reasonable Standards measures Specific Data Security Requirements Personal Information Definition None (a) First name or (b) first initial and last name, in combination with one of the following
More information503 SURVIVING A HIPAA BREACH INVESTIGATION
503 SURVIVING A HIPAA BREACH INVESTIGATION Presented by Nicole Hughes Waid, Esq. Mark J. Swearingen, Esq. Celeste H. Davis, Esq. Regional Manager 1 Surviving a HIPAA Breach Investigation: Enforcement Presented
More informationA GUIDE TO CYBER RISKS COVER
A GUIDE TO CYBER RISKS COVER Cyber risk the daily business threat to SMEs Cyber risks and data security breaches are a daily threat to everyday business. Less than 10% of UK companies have cyber insurance
More informationTHIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY CRISIS MANAGEMENT COVERAGE The Insurer shall pay on behalf of the Insured: 1) Crisis Management Expenses that are a direct result of a Network
More informationInformation Security and Third-Party Service Provider Agreements
The Iowa State Bar Association s ecommerce & Intellectual Property Law Sections presents 2016 Intellectual Property Law & ecommerce Seminar Information Security and Third-Party Service Provider Agreements
More informationCybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do
ARTICLE Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do By Gene Griggs and Saad Gul This article analyzes cybersecurity issues for retirement plans. Introduction
More informationLargest Risk for Public Pension Plans (Other Than Funding) Cybersecurity
Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity 2017 Public Safety Employees Pension & Benefits Conference Ronald A. King (517) 318-3015 rking@ I am convinced that there are only
More informationCyber Insurance 2017:
Cyber Insurance 2017: Ensuring Your Coverage is Sound Thursday, March 23, 2017 Attorney Advertising Prior results do not guarantee a similar outcome 777 East Wisconsin Avenue, Milwaukee, WI 53202 414.271.2400
More informationEvaluating Your Company s Data Protection & Recovery Plan
Evaluating Your Company s Data Protection & Recovery Plan CBIA Cybersecurity Webinar Series 11AM 12PM Part V. Presented by: Stewart Tosh Charles Bellingrath Date: December 7, 2017 Today s presenters Stewart
More informationHEALTHCARE INDUSTRY SESSION CYBER IND 011
HEALTHCARE INDUSTRY SESSION CYBER IND 011 Speakers: Jody Westby, Chief Executive Officer, Global Cyber Risk René Siemens, Partner, Covington & Burling LLP Brent Rieth, Senior Vice President and Team Leader,
More informationCYBER LIABILITY REINSURANCE SOLUTIONS
CYBER LIABILITY REINSURANCE SOLUTIONS CYBER STRONG. CYBER STRONG. State-of-the-Art Protection for Growing Cyber Risks Businesses of all sizes and in every industry are experiencing an increase in cyber
More informationDefending Litigation After a Data Breach
Defending Litigation After a Data Breach November 9, 2016 Stewart Baker Steptoe & Johnson LLP Defending Litigation After a Data Breach Class Action Suits Commonly Filed By: Consumers Financial Institutions
More informationSouth Carolina General Assembly 122nd Session,
South Carolina General Assembly 122nd Session, 2017-2018 R184, H4655 STATUS INFORMATION General Bill Sponsors: Reps. Sandifer and Spires Document Path: l:\council\bills\nbd\11202cz18.docx Companion/Similar
More informationDATA COMPROMISE COVERAGE FORM
DATA COMPROMISE DATA COMPROMISE COVERAGE FORM Various provisions in this policy restrict coverage. Read the entire policy carefully to determine rights, duties and what is and is not covered. Throughout
More informationData Security Addendum for inclusion in the Contract between George Mason University (the University ) and the Selected Firm/Vendor
Data Security Addendum for inclusion in the Contract between George Mason University (the University ) and the Selected Firm/Vendor This Addendum is applicable only in those situations where the Selected
More informationTake It or Leave It: Pitfalls and Challenges of IT Contracts Thursday, May 4, 2017 General Session; 9:00 10:30 a.m.
Take It or Leave It: Pitfalls and Challenges of IT Contracts Thursday, May 4, 2017 General Session; 9:00 10:30 a.m. Margarita Gutierrez, Deputy City Attorney, City and County of San Francisco Rosa M. Sanchez,
More informationSENIOR CARE CYBER-LIABILITY, CRISIS MANAGEMENT AND REPUTATIONAL HARM SUPPLEMENTAL APPLICATION
SENIOR CARE CYBER-LIABILITY, CRISIS MANAGEMENT AND REPUTATIONAL HARM SUPPLEMENTAL APPLICATION A. Please indicate the coverages, limits and deductibles desired on the chart below. APPLICANT NAME: NATIONAL
More informationYour defence toolkit. How to combat the cyber threat
Your defence toolkit How to combat the cyber threat Contents The threat of cyber crime 4 How UK businesses are targeted 6 Case studies 8 Why cyber security is so important to manufacturers now 10 The
More informationHEALTHCARE BREACH TRIAGE
IAPP Privacy Academy September 30 October 2, 2013 HEALTHCARE BREACH TRIAGE Theodore P. Augustinos EDWARDS WILDMAN PALMER LLP Kenneth P. Mortensen CVS/CAREMARK 2013 Edwards Wildman Palmer LLP & Edwards
More informationDEBUNKING MYTHS FOR CYBER INSURANCE
SESSION ID: GRC-F02 DEBUNKING MYTHS FOR CYBER INSURANCE Robert Jones Global Head of Financial Lines Specialty Claims AIG Garin Pace Cyber Product Leader AIG @Garin_Pace Introduction What Is Cyber Insurance?
More informationDELHAIZE AMERICA PHARMACIES AND WELFARE BENEFIT PLAN HIPAA SECURITY POLICY (9/1/2016 VERSION)
DELHAIZE AMERICA PHARMACIES AND WELFARE BENEFIT PLAN HIPAA SECURITY POLICY (9/1/2016 VERSION) Delhaize America, LLC Pharmacies and Welfare Benefit Plan 2013 Health Information Security and Procedures (As
More informationCyber Incident Response When You Didn t Have a Plan
Cyber Incident Response When You Didn t Have a Plan April F. Doss Saul Ewing LLP How serious is the cybersecurity threat? Some sobering numbers from 2015: Over half a billion personal records were stolen
More informationCyber ERM Proposal Form
Cyber ERM Proposal Form This document allows Chubb to gather the needed information to assess the risks related to the information systems of the prospective insured. Please note that completing this proposal
More informationAPPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London
APPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London SECTION I. GENERAL INFORMATION 1. Name of Applicant: Physical Address: (as it should appear
More informationCyber COPE. Transforming Cyber Underwriting by Russ Cohen
Cyber COPE Transforming Cyber Underwriting by Russ Cohen Business Descriptor How tall is your office building? How close is the nearest fire hydrant? Does the building have an alarm system? Insurance companies
More informationHIPAA Basic Training for Health & Welfare Plan Administrators
2010 Human Resources Seminar HIPAA Basic Training for Health & Welfare Plan Administrators Norbert F. Kugele What We re going to Cover Important basic concepts Who needs to worry about HIPAA? Complying
More informationAnatomy of a Data Breach
Anatomy of a Data Breach May 17, 2017 Lucie F. Huger Officer, Greensfelder, Hemker & Gale, P.C. Mary Ann Wymore Officer, Greensfelder, Hemker & Gale, P.C. Information is the New Oil! Companies are collecting
More informationEmerging legal and regulatory risks
Emerging legal and regulatory risks Presentation for AusCERT2016 Matthew Pokarier and Ben Di Marco Structure Regulatory risks Third-party liability Actions by affected individuals Actions by banks and
More informationCyber Risk & Insurance
Cyber Risk & Insurance Digitalization in Insurance a Threat or an Opportunity Beirut, 3 & 4 May 2017 Alexander Blom - AIG 1 Today s Cyber Presentation Cyber risks insights from an insurance perspective
More informationData Breach Financial Protection Program Terms and Conditions
Data Breach Financial Protection Program Terms and Conditions The Data Breach Financial Protection Program (the Program ) is a comprehensive expense reimbursement program, provided with some Netsurion
More informationCase 3:13-cv Document 49 Filed 07/18/13 Page 1 of 39 PageID #: 959
Case 3:13-cv-00202 Document 49 Filed 07/18/13 Page 1 of 39 PageID #: 959 Case 3:13-cv-00202 Document 49 Filed 07/18/13 Page 2 of 39 PageID #: 960 Case 3:13-cv-00202 Document 49 Filed 07/18/13 Page 3 of
More informationData Compromise Issues: Is Your Company in Shape To Deal with Banks & Card Networks?
Data Compromise Issues: Is Your Company in Shape To Deal with Banks & Card Networks? 2 Today s Presenters Mike Williams, Executive Vice President and General Counsel, Staples, Inc. After 22 years as a
More informationSAFE DESTRUCTION OF DOCUMENTS
SAFE DESTRUCTION OF DOCUMENTS Federal and State Requirements for Proper Disposal of Information Contained in Consumer Reports OVERVIEW With the growth in popularity for organizations to utilize electronic
More informationANALYSIS & ASSESSMENT OF TECHNOLOGY FROM A BOARD S PERSPECTIVE STEPHANIE L. BUCKLEW SLB CONSULTING
ANALYSIS & ASSESSMENT OF TECHNOLOGY FROM A BOARD S PERSPECTIVE STEPHANIE L. BUCKLEW SLB CONSULTING WHAT IS TECHNOLOGY RISK? Any threat to information technology within your organization and the consequence
More informationHIPAA Data Breach ITPC
HIPAA Data Breach Objectives Overview of Omnibus Rule - Data Breach Suspected Breach - Investigation Audit Risk Assessment Corrective Action Plan Written Notification Elements NYS Rules on Data Breach
More informationHow to Cut Down on Security Risks:
How to Cut Down on Security Risks: What You Don t Know About HIPAA Security October 29, 2015 2015 Epstein Becker & Green, P.C. All Rights Reserved. ebglaw.com Presented by Adam Solander Member of the Firm
More informationNATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE
NATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE As many of you know, Gramm-Leach-Bliley requires "financial institutions" to establish and implement a Safeguard Rule Compliance
More informationAdd our expertise to yours Protection from the consequences of cyber risks
CyberEdge THIS INFORMATION IS INTENDED FOR INSURANCE BROKERS AND OTHER INSURANCE PROFESSIONALS ONLY Add our expertise to yours Protection from the consequences of cyber risks What is CyberEdge? 2 CyberEdge
More informationWhat is a privacy breach / security breach?
What is a breach? What is a privacy breach / security breach? Privacy breach Computer security breach: The theft, loss or unauthorized disclosure of personally identifiable non-public information (PII)
More informationCyberRisk: What we know and what we don't know
CyberRisk: What we know and what we don't know JOHN MULLEN, ESQ., LEWIS BRISBOIS BISGAARD & SMITH LLP ADAM COTTINI, ARTHUR J GALLAGHER MARCH 16, 2016 2014 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS
More informationAt the Heart of Cyber Risk Mitigation
At the Heart of Cyber Risk Mitigation De-risking Cyber Threats with Insurance Vikram Singh Abstract Management of risks is an integral part of the insurance industry. Companies have succeeded in identifying
More informationNEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES PROPOSED 23 NYCRR 500 CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES
NEW YORK STATE DEPARTMENT OF FINANCIAL SERVICES PROPOSED 23 NYCRR 500 CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES I, Maria T. Vullo, Superintendent of Financial Services, pursuant to the
More informationCyber breaches: are you prepared?
Cyber breaches: are you prepared? Presented by Michael Gapes, Partner Overview What is cyber crime? What are the risks and impacts to your business if you are a target? What are your responsibilities do
More informationSurprisingly, only 40 percent of small and medium-sized enterprises (SMEs) believe their
When It Comes to Data Breaches, Why Are Corporations Largely Uninsured? Under Attack and Unprepared: Argo Group Cyber Insurance Survey 2017 Surprisingly, only 40 percent of small and medium-sized enterprises
More informationCYBER-CRIMES: How Have Courts Dealt with the Insurance Implications of this Emerging Risk? By Alan Rutkin
CYBER-CRIMES: How Have Courts Dealt with the Insurance Implications of this Emerging Risk? By Alan Rutkin Insurance coverage law has one firm rule: when a new risk emerges, new coverage issues follow.
More informationFRAMEWORK FOR CONSUMER PRIVACY LEGISLATION
FRAMEWORK FOR CONSUMER PRIVACY LEGISLATION OBJECTIVES This framework is a call to action: The United States should adopt a national privacy law that protects consumers by expanding their current rights
More informationInvas ion of Privacy, Hacking and Intellectual Property Claims : Are You Covered?
Invas ion of Privacy, Hacking and Intellectual Property Claims : Are You Covered? Speakers : Edward M. Joyce, Partner, Jones Day Leslie Lamb, Director Global Risk Management, Cisco Systems, Inc. The views
More informationRe: Proposed Cybersecurity Requirements for Financial Services Companies DFS P
CATHERINE M. TULLY Director, Government Affairs Submit via electronic mail: CyberRegComments@dfs.ny.gov November 15, 2016 Ms. Cassandra Lentchner Deputy Superintendent for Compliance NYS Department of
More informationMarch 1. HIPAA Privacy Policy
March 1 HIPAA Privacy Policy 2016 1 PRIVACY POLICY STATEMENT Purpose: The following privacy policy is adopted by the Florida College System Risk Management Consortium (FCSRMC) Health Program and its member
More informationNEW YORK STATE REGULATIONS APPLICABLE TO THE PLACEMENT OF EXCESS/SURPLUS LINES INSURANCE. Eric A. Portuguese, Esq. Lester Schwab Katz & Dwyer, LLP
NEW YORK STATE REGULATIONS APPLICABLE TO THE PLACEMENT OF EXCESS/SURPLUS LINES INSURANCE by Eric A. Portuguese, Esq. Lester Schwab Katz & Dwyer, LLP 111 112 NEW YORK STATE REGULATIONS APPLICABLE TO THE
More informationSummary of Form Changes e-md /MEDEFENSE Plus Insurance Policy (from version P1818CE-0115 to P1818CE-0716)
GENERAL CHANGES 1. Notice Provisions Summary of Form Changes e-md /MEDEFENSE Plus Insurance Policy (from version P1818CE-0115 to P1818CE-0716) a. Currently, the policy requires notice to the Underwriters
More informationElectronic Commerce and Cyber Risk
Electronic Commerce and Cyber Risk Fifth Third Bank All Rights Reserved Reality and Solutions Objectives for Today What I will cover How banks are changing How the public is changing How the laws are changing
More informationThe Risk-based Approach to Data Breach Response Meeting mounting expectations for effective, relevant solutions
The Risk-based Approach to Data Breach Response Meeting mounting expectations for effective, relevant solutions Our Speakers Mark Melodia is Partner and Co-Head of the Global Data Security, Privacy & Management
More informationCyber & Privacy Liability and Technology E&0
Cyber & Privacy Liability and Technology E&0 Risks and Coverage Geoff Kinsella Partner http://map.norsecorp.com http://www.youtube.com/watch?v=f7pyhn9ic9i Presentation Overview 1. The Cyber Evolution 2.
More informationRegenstrief Center for Healthcare Engineering HIPAA Compliance Policy
Regenstrief Center for Healthcare Engineering HIPAA Compliance Policy Revised December 6, 2017 Table of Contents Statement of Policy 3 Reason for Policy 3 HIPAA Liaison 3 Individuals and Entities Affected
More informationSixth Annual Benchmark Study on Privacy & Security of Healthcare Data
Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: May 2016 Ponemon Institute Research Report
More informationRIMS Cyber Presentation
RIMS Cyber Presentation Forrest Pace Cyber & Strategic Risk Leader South Zone AIG Property Casualty Forrest.Pace@aig.com 1 Bio Forrest Pace is the Cyber and Strategic Risk Leader for the South Zone, coordinating
More informationDisclaimer LEGAL ISSUES IN PHYSICAL THERAPY
LEGAL ISSUES IN PHYSICAL THERAPY Paul J. Welk, PT, JD Tucker Arensberg, P.C. pwelk@tuckerlaw.com 2017 PHCA Annual Convention 1 Disclaimer The purpose of this presentation is to provide a general overview
More informationACORD 834 (2014/12) - Cyber and Privacy Coverage Section
ACORD 834 (2014/12) - Cyber and Privacy Coverage Section ACORD 834, Cyber and Privacy Coverage Section, is used to apply for cyber and privacy coverage. The form was designed to be used in conjunction
More informationPort Jefferson Union Free School District. Annual Risk Assessment Update Pertaining to the Internal Controls Of District Operations.
Update Pertaining to the Internal Controls Of District Operations INDEPENDENT ACCOUNTANTS REPORT ON APPLYING AGREED UPON PROCEDURES The Board of Education Port Jefferson Union Free School District We have
More informationProtecting Knowledge Assets Case & Method for New CISO Portfolio
SESSION ID: Protecting Knowledge Assets Case & Method for New CISO Portfolio MODERATOR: Jon Neiditz Kilpatrick Townsend & Stockton LLP jneiditz@kilpatricktownsend.com @jonneiditz PANELISTS: Dr. Larry Ponemon
More information