Cyber Incident Response When You Didn t Have a Plan
|
|
- Byron Thomas
- 6 years ago
- Views:
Transcription
1 Cyber Incident Response When You Didn t Have a Plan April F. Doss Saul Ewing LLP
2 How serious is the cybersecurity threat? Some sobering numbers from 2015: Over half a billion personal records were stolen or lost Spear-phishing attacks targeting employees increased 55% Ransomware increased 35% 1 in 220 s contained malware 431 million new varieties of malware were launched 78% of websites were vulnerable to cyber attack Some challenging trends: Mobile devices and bring your own device are greatly increasing cybersecurity risk Regulators and enforcement agencies are taking note: DHS OCR; FTC; FCC; SEC
3 What is the best response? One that s based on a plan Where the plan is: Tailored to your organization Tested through tabletop exercises and scenarios Trained for executives and line personnel Updated regularly And Puts relationships in place where needed With outside counsel With forensics experts With crisis communications firms But it doesn t always work that way
4 It s surprisingly easy Really? How can anyone not have a plan? They linger on a to-do list for too long The existing plan gets out of date People have turned over and no one remembers how to actually execute the actions in the plan Urgent trumps important in planning Resources (personnel time, funding) aren t available
5 How much does a cybersecurity incident cost? Two answers: It depends A lot Some data The average cost in 2015: $7 million per breach $221 per stolen record Biggest costs are often lost business Indirect costs outweight direct costs Regulated industries have the greatest costs But anyone with data on computers is at risk Some practical examples FTC decision In re LabMD, Aug. 10, 2016
6 Some quick wins to save money and reduce risk Know your IT Astonishing how many organizations don t have anyone who really knows their IT Where does different information map to? What internal access controls exist? Resist the temptation to DIY it Know the limits of what you know If you get contract help, read the contract carefully review indemnity clauses and manage vendor risk If you switch IT providers, get detailed documentation A forensic image might not be a bad idea
7 Don t Panic A cybersecurity incident creates a lot of chaos But it can be managed if you: Think fast Act deliberately Keep first things first And resist the temptation to DIY it Don t let the first incident you handle be your own Plenty of other people specialize in this: legal, forensics, crisis communications
8 So, you ve had an incident. What s first? Practical steps First: Do No Harm Act quickly towards three goals: Prevent the spread of damage (ransomware, unauthorized access, etc.) Assess what s at risk Understand your legal liability Some starting questions: What kind of incident is it? What kind of system has been compromised? How can you isolate that system and preserve information? What kind of data is at risk? What legal obligations are associated with that data?
9 What next? More practical steps Figure out who you need to call C-Suite? Board? Other leadership? Figure out how you re going to reach them Have work accounts been compromised? Figure out what outside help you need Outside counsel? Forensics experts? Crisis communications/public relations? Think about attorney-client privilege early and often Advantages to having counsel run the investigation and engage outside consultants
10 What s next? Questions to ask What precipitated the event? External hacker? Carelessness? Disgruntled employee? Has any kind of information been compromised? Personally identifiable information? Financial account or payment card information? Protected health information? Protected student information? Intellectual property? From what kinds of entities? Customers Employees Others
11 What s next? More questions to ask What laws are you subject to? Sectoral laws? HIPAA Gramm-Leach-Bliley State breach laws? Often tied to residence of the subject of the PII For some states, location of business International laws? E.g., European customers or business components Deadlines? Some states have open-ended deadlines Others have very strict, rigid deadlines Some sectoral laws have strict deadlines Burden of proof?
12 What to expect when you re handling a breach Expect to be on the phone every day The facts can and should unfold quickly Counsel should be on all calls and s Counsel should be directing the investigation Expect to think about privilege a lot Not everything done at counsel s direction will be privileged, but you risk waiving any claim of privilege if you don t preserve it at the outset Expect to ask lots of questions Especially about data inventory, file directories, network connections, backups of data, and burdens of proof If you re not comfortable knowing what IT-related questions to ask, bring in someone who is
13 What if you need to make notifications? Consider optional, as well as mandatory notification Should you reach out to law enforcement? FBI, Secret Service, local and state police What s involved in your notifications? Notice to enforcement agencies & regulators? Notice to individual victims? Call centers? Credit monitoring? Can you handle the logistical burden? Outside consultants can provide support services
14 What should be your internal after-actions? Like everything else, it depends But here are some general considerations in using this incident to be better prepared next time Internal issues: How complete was your data inventory? Can you now create or update a plan? Does leadership understand the importance of planning? Is the business identifying resources personnel and funding to put towards preparedness?
15 What should be your external after-actions? Respond to all regulatory and enforcement requirements Prepare for possibility of litigation Assess whether indemnification may be available From your IT or other vendor for lax cybersecurity? From your provider of employee background checks for not catching concerns about insider threat? Review all your third-party vendor contracts for any potential issues going forward Consider requiring vendor IT security questionnaires Consider incorporating security requirements Check indemnification provisions Update employee policies and training Good IT can t fix the problems created by bad habits
16 Where does that leave you? Do you now have a data inventory? Have you assessed your IT preparedness against future threats? Have you updated personnel and IT policies and training? Is training on those policies now required, regular, and effective? Have you created an incident response plan? Have you identified members of the incident response team? Have you set a schedule for reviewing, training, and exercising that plan?
17 Better prepared for a future You can t drive cybersecurity risk to zero But, with preparation, you can: Reduce the risks of: incident Financial impact Reputational damage Interruption to business operations Respond more quickly Recover more effectively At lower cost
18 Remember: An ounce of prevention is worth a pound of response But if you find yourself underprepared and having to react, these tips may prove helpful
19 Baltimore Lockwood Place 500 East Pratt Street, Suite 900 Baltimore, MD (tel) (fax) Boston 131 Dartmouth Street, Suite 501 Boston, MA (tel) (fax) Chesterbrook 1200 Liberty Ridge Drive, Suite 200 Wayne, PA (tel) (fax) Harrisburg Penn National Insurance Plaza 2 North Second Street, 7th Floor Harrisburg, PA (tel) (fax) New York 245 Park Avenue, 24th Floor New York, NY (tel) (fax) Newark One Riverfront Plaza Newark, NJ (tel) (fax) Philadelphia Centre Square West 1500 Market Street, 38th Floor Philadelphia, PA (tel) (fax) Pittsburgh One PPG Place 30th Floor Pittsburgh, PA (tel) (fax) Princeton 650 College Road East, Suite 4000 Princeton, NJ (tel) (fax) Washington 1919 Pennsylvania Avenue, N.W. Suite 550 Washington, DC (tel) (fax) Wilmington 1201 North Market Street Suite 2300 P.O. Box 1266 Wilmington, DE (tel) (fax)
Contract Fundamentals Part II
Contract Fundamentals Part II ACC New to In House Committee Legal Quick Hit Presented by: Evan J. Foster, Esq. Saul Ewing LLP February 17, 2016 efoster@saul.com 610-251-5762 1 Agenda for this Presentation
More informationPreparing for a Divestiture: An In-house Counsel s Guide September 20, 2017
ACC NEW TO IN-HOUSE COMMITTEE LEGAL QUICK HIT Preparing for a Divestiture: An In-house Counsel s Guide September 20, 2017 James F. Modzelewski of Saul Ewing Arnstein & Lehr Principal Considerations Due
More informationCollege and University Retirement Plan Fees and Controversial Class Action Litigation
College and University Retirement Plan Fees and Controversial Class Action Litigation Sponsored by February 16, 2017 Presenters Ira Shepard, Esq. Partner, Saul Ewing, LLP James Keller, Esq. Partner, Saul
More informationPort Legal Issues Workshop
Port Legal Issues Workshop Legal & Regulatory Limitations on Leases Paul Heylman 1919 Pennsylvania Ave., NW Suite 550 Washington, DC 20006 (202) 342-3422 paul.heylman@saul.com February 22, 2018 Houston,TX
More informationAN OVERVIEW. The Obama Agenda Labor Law Proposals. Obama/Pelosi Agenda Employment Law HEALTH, SAFETY AND OTHER
The Obama Administration s Labor and Employment Law Agenda AN OVERVIEW THE OBAMA LABOR AGENDA Presented by: Gary L. Lieber, Esquire Partner, Saul Ewing LLP and NECA s National Labor & Employment Counsel
More informationCyber-Insurance: Fraud, Waste or Abuse?
SESSION ID: STR-F03 Cyber-Insurance: Fraud, Waste or Abuse? David Nathans Director of Security SOCSoter, Inc. @Zourick Cyber Insurance overview One Size Does Not Fit All 2 Our Research Reviewed many major
More informationWe re Under Cyberattack Now What?! John Mullen, Partner/Co-founder, Mullen Coughlin Jason Bucher, Senior Underwriting Manager, Schinnerer Cyber
We re Under Cyberattack Now What?! John Mullen, Partner/Co-founder, Mullen Coughlin Jason Bucher, Senior Underwriting Manager, Schinnerer Cyber Protection Data Creates Duties What data do you access, and
More informationCYBERSECURITY AND PRIVACY: REDUCING YOUR COMPANY S LEGAL RISK. By: Andrew Serwin
CYBERSECURITY AND PRIVACY: REDUCING YOUR COMPANY S LEGAL RISK By: Andrew Serwin January 19, 2018 Overview What are companies concerned about? What information are we concerned about? Cybersecurity Who
More informationHere is some more information on the Equifax Breach and how you may protect yourself in the aftermath...
UPDATE 2 October 13, 2017 Here is some more information on the Equifax Breach and how you may protect yourself in the aftermath... What could happen? The Equifax breach gave criminals access to vital personal
More informationCYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP
CYBER LIABILITY INSURANCE OVERVIEW FOR Prepared by: Evan Taylor NFP Targeted Industries Business Sector Financial Services 10% Non-Profit 11% Retail 10% Other 37% Other 18% Type of Data PII 40% Professional
More informationRIMS Cyber Presentation
RIMS Cyber Presentation Forrest Pace Cyber & Strategic Risk Leader South Zone AIG Property Casualty Forrest.Pace@aig.com 1 Bio Forrest Pace is the Cyber and Strategic Risk Leader for the South Zone, coordinating
More informationEvaluating Your Company s Data Protection & Recovery Plan
Evaluating Your Company s Data Protection & Recovery Plan CBIA Cybersecurity Webinar Series 11AM 12PM Part V. Presented by: Stewart Tosh Charles Bellingrath Date: December 7, 2017 Today s presenters Stewart
More informationCYBER LIABILITY INSURANCE: CLAIMS ISSUES AND TRENDS THAT AUDITORS NEED TO KNOW
CYBER LIABILITY INSURANCE: CLAIMS ISSUES AND TRENDS THAT AUDITORS NEED TO KNOW INSURANCE RISK MANAGEMENT EMPLOYEE BENEFITS Presented by: Douglas R. Jones, CPCU, ARM, Senior Vice President, Principal www.rhsb.com
More informationCybersecurity Insurance: New Risks and New Challenges
SESSION ID: SDS1-F01 Cybersecurity Insurance: New Risks and New Challenges Mark Weatherford Chief Cybersecurity Strategist varmour @marktw The cybersecurity market in the Asia Pacific region contributes
More informationCybersecurity Insurance: The Catalyst We've Been Waiting For
SESSION ID: CRWD-W16 Cybersecurity Insurance: The Catalyst We've Been Waiting For Mark Weatherford Chief Cybersecurity Strategist varmour @marktw Agenda Insurance challenges in the market today 10 reasons
More informationAnatomy of a Data Breach
Anatomy of a Data Breach May 17, 2017 Lucie F. Huger Officer, Greensfelder, Hemker & Gale, P.C. Mary Ann Wymore Officer, Greensfelder, Hemker & Gale, P.C. Information is the New Oil! Companies are collecting
More informationChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them
ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them PROVIDED BY HUB INTERNATIONAL October 25th, 2016 W W W. C H I C A G O L A N D R I S K F O R U M. O R G AGENDA 1. The evolution of
More informationCyber Risks & Cyber Insurance
Cyber Risks & Cyber Insurance Terry Quested Executive Director Associated Risk Managers of Ohio Darren Faye Vice President Leonard Insurance / Assured Partners Legal Disclaimer The views, information and
More informationSurprisingly, only 40 percent of small and medium-sized enterprises (SMEs) believe their
When It Comes to Data Breaches, Why Are Corporations Largely Uninsured? Under Attack and Unprepared: Argo Group Cyber Insurance Survey 2017 Surprisingly, only 40 percent of small and medium-sized enterprises
More informationSixth Annual Benchmark Study on Privacy & Security of Healthcare Data
Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: May 2016 Ponemon Institute Research Report
More informationCYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY
CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY Agenda Threat Landscape and Trends Breach Response Process Pitfalls and Critical Points BBR Services Breach Prevention
More informationEdward J. Finn 1275 Drummers Lane, Suite 302 Office: Wayne, PA Fax:
Edward J. Finn 1275 Drummers Lane, Suite 302 Office: 267-930-4776 Wayne, PA 19087 Fax: 267-930-4771 Email: efinn@mullen.law VIA U.S. MAIL AND EMAIL Office of the Attorney General 1125 Washington Street
More informationCybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do
ARTICLE Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do By Gene Griggs and Saad Gul This article analyzes cybersecurity issues for retirement plans. Introduction
More informationJAMES GRAY SPECIAL GUEST 6/7/2017. Underwriter, London UK Specialty Treaty Beazley Group
SPECIAL GUEST JAMES GRAY Underwriter, London UK Specialty Treaty Beazley Group All 6 Beazley Lloyd's Syndicates are rated A (Excellent) by A.M. Best Admitted Carrier in the US Beazley Ins Co rated A (Excellent)
More informationAn Overview of Cyber Insurance at AIG
An Overview of Cyber Insurance at AIG Michael Lee, MBA Cyber Business Development Manager AIG 2018 Brittney Mishler, ARM Cyber Casualty Underwriting Specialist AIG Cyber Insurance It s a peril, not a product
More informationJames E. Prendergast 1275 Drummers Lane, Suite 302 Office: Wayne, PA Fax:
James E. Prendergast 1275 Drummers Lane, Suite 302 Office: 267-930-4798 Wayne, PA 19087 Fax: 267-930-4771 Email: jprendergast@mullen.law INTENDED FOR ADDRESSEE(S) ONLY VIA U.S. MAIL AND EMAIL Office of
More informationTrends in Cyber-Insurance Coverage to Meet Insureds Needs
Trends in Cyber-Insurance Coverage to Meet Insureds Needs Linda Wendell Hsu Selman Breitman LLP 33 New Montgomery Street, Sixth Floor San Francisco, CA 94105 (415) 979-0400 lhsu@selmanlaw.com William A.
More informationCyberinsurance: Necessary, Expensive and Confusing as Hell. Presenters: Sharon Nelson and Judy Selby
Cyberinsurance: Necessary, Expensive and Confusing as Hell Presenters: Sharon Nelson and Judy Selby Setting the stage 2018 report from PwC one-third of US businesses have some form of cyberinsurance PwC
More informationPRIVACY AND CYBERSECURITY ISSUES IN M&A TRANSACTIONS
PRIVACY AND CYBERSECURITY ISSUES IN M&A TRANSACTIONS Don Shelkey and Ezra Church May 22, 2018 2018 Morgan, Lewis & Bockius LLP Overview Introduction Why should I care? Five Key Legal Requirements Sector-Specific
More informationSara Robben, Statistical Advisor National Association of Insurance Commissioners
Moderated by Daniel Eliot, Director Small Business Programs National Cyber Security Alliance Sara Robben, Statistical Advisor National Association of Insurance Commissioners Angela Gleason, Senior Counsel
More informationHighlights of the Jobs And Growth Tax Relief Reconciliation Act of 2003 ("2003 Act")
#WIWUV 5CWN'YKPI7RFCVG Highlights of the Jobs And Growth Tax Relief Reconciliation Act of 2003 ("2003 Act") I. RELIEF FOR INDIVIDUAL TAXPAYERS A. 15% Tax Rate on Long-Term Capital Gains. For individual
More informationDEBUNKING MYTHS FOR CYBER INSURANCE
SESSION ID: GRC-F02 DEBUNKING MYTHS FOR CYBER INSURANCE Robert Jones Global Head of Financial Lines Specialty Claims AIG Garin Pace Cyber Product Leader AIG @Garin_Pace Introduction What Is Cyber Insurance?
More informationEquifax Data Breach: Your Vital Next Steps
Equifax Data Breach: Your Vital Next Steps David A. Reed Partner, Ann Davidson Vice President Risk Consulting/ Bond Division Allied Solutions, LLC Do You Remember When this Was the Biggest Threat to Data
More informationCyber Risk Mitigation
Cyber Risk Mitigation Eide Bailly Howalt + McDowell Insurance Introduction Meet your presenters Eric Pulse Risk Advisory Director 20 years in the public accounting and consulting industry providing information
More informationSUMMARY: The Federal Trade Commission ( FTC or Commission ) requests public
[Billing Code: 6750-01S] FEDERAL TRADE COMMISSION 16 CFR Part 314 RIN 3084-AB35 Standards for Safeguarding Customer Information AGENCY: Federal Trade Commission. ACTION: Request for public comment. SUMMARY:
More informationProtecting Against the High Cost of Cyberfraud
Protecting Against the High Cost of Cyberfraud THE ROLE OF CYBER LIABILITY INSURANCE IN YOUR RISK MANAGEMENT STRATEGY Paying the Price...2 The Ransomware Scourge...3 Policy Provisions...3 Management Liability...4
More informationL EW) S BRISBOIS BISGAARD. & SMITH LLP Fax: ATTORNEYS AT Law www, lewisbrisbols.com
rp L EW) S BRISBOIS 550 E. Swedesford Road, Suite 270 Wayne, Pennsylvania 19087 BISGAARD Telephone: 215.977.4100 & SMITH LLP Fax: 215.977.4101 ATTORNEYS AT Law www, lewisbrisbols.com MU "Ilk" S~,gTT~ May
More informationCyber Risk Management
Cyber Risk Management Privacy & Data Protection Agenda 2 Introductions Risk Management 101 Defining & Quantifying a Breach Prevention, Mitigation & Transfer Strategies Finance Strategy- Cyber Insurance
More informationInformation Security and Third-Party Service Provider Agreements
The Iowa State Bar Association s ecommerce & Intellectual Property Law Sections presents 2016 Intellectual Property Law & ecommerce Seminar Information Security and Third-Party Service Provider Agreements
More informationUniversity Data Policies
BACKGROUND Data are valuable institutional assets of Washington State University. Data policies are needed to ensure that these resources are carefully managed, maintained, protected, and used appropriately.
More informationPort Jefferson Union Free School District. Annual Risk Assessment Update Pertaining to the Internal Controls Of District Operations.
Update Pertaining to the Internal Controls Of District Operations INDEPENDENT ACCOUNTANTS REPORT ON APPLYING AGREED UPON PROCEDURES The Board of Education Port Jefferson Union Free School District We have
More informationHEALTHCARE INDUSTRY SESSION CYBER IND 011
HEALTHCARE INDUSTRY SESSION CYBER IND 011 Speakers: Jody Westby, Chief Executive Officer, Global Cyber Risk René Siemens, Partner, Covington & Burling LLP Brent Rieth, Senior Vice President and Team Leader,
More informationAugust 18, Re: Security Incident Notice. Dear Attorney General Ferguson:
1300 SW Fifth Avenue, Suite 2400 Portland, OR 97201-5610 Sean B. Hoar 503-778-5396 tel 503-778-5299 fax seanhoar@dwt.com August 18, 2016 Mr. Bob Ferguson Attorney General Washington State Office of the
More informationCyber Liability Insurance for Sports Organizations
Cyber Liability Insurance for Sports Organizations The biggest threat to your organization or club isn t a loss of funds. It s a loss of data. From online sign-ups and payment systems to social media
More informationCybersecurity and Personal Finance. Identity Theft by Sue Lynn Sasser
Cybersecurity and Personal Finance Identity Theft by Sue Lynn Sasser Lesson Objectives Recognize the importance of protecting yourself from identity theft. Determine the relationship between identity theft
More informationTax Diligence, Representations, Covenants and Indemnifications in Business Acquisitions
Tax Diligence, Representations, Covenants and Indemnifications in Business Acquisitions Steven D. Bortnick and Timothy J. Leska Lorman Education Services Teleconference February 29, 2012 Part I Overview
More informationCyber Risks & Insurance
Cyber Risks & Insurance Bob Klobe Asst. Vice President & Cyber Security Subject Matter Expert Chubb Specialty Insurance Legal Disclaimer The views, information and content expressed herein are those of
More informationInsuring your online world, even when you re offline. Masterpiece Cyber Protection
Insuring your online world, even when you re offline Masterpiece Cyber Protection Protect your online information from being an open network 97% of Chubb clients who had a claim paid were highly satisfied
More informationCyber Liability Launch Event Moscow
Allianz Global Corporate & Specialty Cyber Liability Launch Event Moscow AGCS November 2016 Cyber Insurance market Stand Alone Business USA USA Started in the early to mid 1990 s 50 Started + carriers
More informationLaunching a Hedge Fund: 10 Keys to Success. from marketing to technology, the top tips for achieving startup success
Launching a Hedge Fund: 10 Keys to Success from marketing to technology, the top tips for achieving startup success It may be a dream for most, but the desire to start a hedge fund is a real one for many
More informationHIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES
HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment
More informationHayes Connor Solicitors
Hayes Connor Solicitors A jargon-free guide to: making a data breach group action claim with Hayes Connor Solicitors Why have we created this document? Making a data breach claim shouldn t be difficult.
More informationVaco Cyber Security Panel
Vaco Cyber Security Panel ISACA Charlotte Chapter December 5 th, 2017 Vaco is an international talent solutions firm headquartered in Nashville, Tennessee, with more than 35 locations around the globe.
More informationWhitepaper: Cyber Liability Insurance Overview
Whitepaper: Cyber Liability Insurance Overview Sponsored by the State, Local, Tribal, and Territorial Government Coordinating Council (SLTTGCC) June 2016 Contents Contents... 2 1. Introduction... 3 2.
More information945 East Paces Ferry Rd., Suite 1475, Atlanta, GA aptos.com
945 East Paces Ferry Rd., Suite 1475, Atlanta, GA 30326 +1-866-493-7037 aptos.com March 10, 2017 BY U.S. MAIL Office of the Attorney General 1125 Washington Street SE P.O. Box 40100 Olympia, WA 98504-0100
More informationNature of the Data Security Incident ALBUQUERQUE ATLANTA BEAUMONT BOSTON CHARLESTON CHICAGO DALLAS DENVER FORT LAUDERDALE HOUSTON LAQUINTA
LEWIS BRISBOIS 550 E. Swedesford Road, Suite 270 Wayne, Pennsylvania 19087 Telephone; 215.977.4100 BISGAARD & SMITH LLp Fax; 215.977.4101 ATTORNEYS AT LAW www.lewisbrisbols.com JENNIFER A. COUGHLIN January
More informationCritical Issues in Cybersecurity:
Critical Issues in Cybersecurity: Are you prepared and in compliance? July 27, 2017 Robert Barbarowicz Scott Lyon JillAllison Opell 1 What Types of Information do We Collect? PII v. PHI v. NPI v. sensitive/confidential
More informationYou ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017
You ve been hacked Riekie Gordon & Roger Truebody & Alexandra Schudel Why should you care? U$4.6 - U$121 billion - Lloyds U$45 billion not covered 2 The plot thickens 2016 Barkly Survey: It s a business
More informationM&A ACADEMY. Privacy and Data Security Issues in M&A Transactions. Ezra Church, Don Shelkey, Pulina Whitaker March 5, 2019
M&A ACADEMY Privacy and Data Security Issues in M&A Transactions Ezra Church, Don Shelkey, Pulina Whitaker March 5, 2019 2019 Morgan, Lewis & Bockius LLP Overview Introduction Why should I care? Five Key
More informationHot Topics in Software as a Service and Cloud
Hot Topics in Software as a Service and Cloud Presented by: Robert J. Scott www.scottandscottllp.com Speaker Robert J. Scott Cloud Computing Trends Forrester Research estimates the cloud market will reach
More informationDesigning Privacy Policies and Identifying Privacy Risks for Financial Institutions. June 2016
Designing Privacy Policies and Identifying Privacy Risks for Financial Institutions June 2016 Program Overview Regulatory Environment Who Needs a Privacy Program and Common Questions Components of a Comprehensive
More informationInsurance Requirement Provisions in Technology Contracts: Mitigating Risk, Maximizing Coverage
Presenting a live 90-minute webinar with interactive Q&A Insurance Requirement Provisions in Technology Contracts: Mitigating Risk, Maximizing Coverage THURSDAY, OCTOBER 5, 2017 1pm Eastern 12pm Central
More informationCrowdfunding under the JOBS Act. Brian Korn November 27, 2012
Crowdfunding under the JOBS Act Brian Korn November 27, 2012 Crowdfunding background Capital Raising Online While Deterring Fraud and Unethical Non- Disclosure Comprises Title III of the Jumpstart Our
More informationMANAGING DATA BREACH
MANAGING DATA BREACH Beazley is a specialist insurer and leading provider of cyber insurance. Michael Phillips is a Claims Manager in the Technology, Media, and Business division of Beazley, and focuses
More informationMay 15, VIA
King & Spalding LLP 1700 Pennsylvania Ave, NW Suite 200 Washington, D.C. 20006-4707 Tel: +1 202 737 0500 www.kslaw.com Nicholas A. Oldham Direct Dial: +1 202 626 3740 noldham@kslaw.com VIA EMAIL: SecurityBreach@atg.wa.gov
More informationA GUIDE TO CYBER RISKS COVER
A GUIDE TO CYBER RISKS COVER Cyber risk the daily business threat to SMEs Cyber risks and data security breaches are a daily threat to everyday business. Less than 10% of UK companies have cyber insurance
More informationInsuring intangible assets: Is the insurance industry keeping pace with its customers changing requirements?
Insuring intangible assets: Is the insurance industry keeping pace with its customers changing requirements? With developments in technology and the increasing value of intangible assets, does the insurance
More informationCyber breaches: are you prepared?
Cyber breaches: are you prepared? Presented by Michael Gapes, Partner Overview What is cyber crime? What are the risks and impacts to your business if you are a target? What are your responsibilities do
More informationMedical Data Security Beyond HIPAA: Practical Solutions for Red Flags and Security Breaches. April 3, 2009
Medical Data Security Beyond HIPAA: Practical Solutions for Red Flags and Security Breaches April 3, 2009 Jon A. Neiditz Cynthia B. Hutto Ross E. Sallade Eli A. Poliakoff Nelson Mullins Healthcare Information
More informationSlide 1. Slide 2. Slide 3. Identity Theft Coverage. Today s Agenda. What is Identity Theft? What is Identity Theft?
Slide 1 Identity Theft Coverage Presented by Hartford Steam Boiler Inspection & Insurance Company Copyright 2010 The Hartford Steam Boiler Inspection and Insurance Company Slide 2 Today s Agenda What is
More informationLargest Risk for Public Pension Plans (Other Than Funding) Cybersecurity
Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity 2017 Public Safety Employees Pension & Benefits Conference Ronald A. King (517) 318-3015 rking@ I am convinced that there are only
More informationMitigating the Existential Data Breach Risk A Complimentary LexisNexis Webinar March 12, 2014
Mitigating the Existential Data Breach Risk A Complimentary LexisNexis Webinar March 12, 2014 Oliver Brew, CIPP/US, CIPM, Vice President, Specialty Casualty, Liberty International Underwriters David Katz,
More informationHealthcare Data Breaches: Handle with Care.
Healthcare Data Breaches: Handle with Care November 13, 2012 ID Experts Webinar www.idexpertscorp.com The material presented in this presentation is not intended to provide legal or other expert advice
More informationThe Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage
The Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage James P. Bobotek james.bobotek@pillsburylaw.com (202) 663-8930 Pillsbury Winthrop Shaw Pittman LLP DOCUMENT
More informationHEALTHCARE BREACH TRIAGE
IAPP Privacy Academy September 30 October 2, 2013 HEALTHCARE BREACH TRIAGE Theodore P. Augustinos EDWARDS WILDMAN PALMER LLP Kenneth P. Mortensen CVS/CAREMARK 2013 Edwards Wildman Palmer LLP & Edwards
More informationNEW CYBER RULES FOR NEW YORK-BASED BANKING, INSURANCE AND FINANCIAL SERVICE FIRMS HAVE FAR-REACHING EFFECTS
REGULATORY LAW ALERT JUNE 2017 NEW CYBER RULES FOR NEW YORK-BASED BANKING, INSURANCE AND FINANCIAL SERVICE FIRMS HAVE FAR-REACHING EFFECTS OVERVIEW In potentially the most significant state-level expansion
More informationPersonal Information Protection Act Breach Reporting Guide
Personal Information Protection Act Breach Reporting Guide If an organization determines that a real risk of significant harm exists to an individual as a result of a breach of personal information, section
More information2016 Risk Practices Survey
Strong Board. Strong Bank. 2016 Risk Practices Survey MAR 2016 RESEARCH Sponsored by: 2 2016 RISK PRACTICES SURVEY TABLE OF CONTENTS Executive Summary 3 Risk Governance & Oversight 4 Risk Culture & Infrastructure
More informationRE \\I. NO'V o s 2ms. CONSUMER PROlECl\ON
HUNTON ANDREWS KURTH November 5, 2018 RE \\I NO'V o s 2ms CONSUMER PROlECl\ON HUNTON AN DREWS KURTH LLP 200 PARK AVENUE NEW YORK, NY 10166-0005 TEL 2 12 309 1000 FAX 21 2 309 11 00 LISA J. SOTTO DIRECT
More informationFederal Reserve Bank of Philadelphia
Federal Reserve Bank of Philadelphia 1 Credit is a valuable commodity. Having the ability to borrow funds enables us to obtain things we would otherwise have to save years to afford: homes, cars, a college
More informationYour defence toolkit. How to combat the cyber threat
Your defence toolkit How to combat the cyber threat Contents The threat of cyber crime 4 How UK businesses are targeted 6 Case studies 8 Why cyber security is so important to manufacturers now 10 The
More informationJuly 6, Data Security Incident. Dear Assistant Attorney General Ferguson:
July 6, 2018 Kevin M. Scott 312.821.6131 (direct) Kevin.Scott@wilsonelser.com Robert W. Ferguson Office of the 1125 Washington Street SE PO Box 40100 Olympia, WA 98504-0100 Email: securitybreach@atg.wa.gov
More informationExcess Elite / Fast, simple, high performance
Liabilities THIS INFORMATION IS INTENDED FOR INSURANCE BROKERS AND OTHER INSURANCE PROFESSIONALS ONLY Excess Elite / Fast, simple, high performance 1 Summary of our Excess Elite cover Quick and easy Flexible
More informationData Breach and Cyber Risk Update November 17, 2011
Data Breach and Cyber Risk Update November 17, 2011 Mark E. Schreiber Chair, Privacy & Data Protection Group Edwards Wildman Palmer LLP 111 Huntington Avenue Boston, MA 02199 Tel: 617-239-0585 Email: mschreiber@edwardswildman.com
More informationBuilding a Program to Manage the Vendor Management Lifecycle
Building a Program to Manage the Vendor Management Lifecycle Libbie Canter Amelia Hukoveh Daniel Nazar October 5, 2017 Overview 1. Introduction and Background 2. Three Pillars of Third-Party Risk Management
More informationCYBER CLAIMS BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIMS & LEGAL GROUP
www.willis.com July 2015 CYBER CLAIMS BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIMS & LEGAL GROUP INSIDE THIS EDITION... CYBER CLAIMS LANDSCAPE A SAMPLING OF LARGE CYBER SETTLEMENTS LEGAL
More informationPAI Secure Program Guide
PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements (PCI DSS) and utilizing the PAI Secure Program Welcome to PAI Secure, a unique 4-step PCI-DSS
More informationCrawford & Company (Canada) Inc. Cyber Loss Management Program
Crawford & Company (Canada) Inc. Cyber Loss Management Program About Crawford Crawford & Company (Canada) Inc. is an independent provider of claims management solutions that has specialized in claims and
More informationNEGLIGENT SECURITY: WHAT YOU NEED TO KNOW ABOUT THEM
NEGLIGENT SECURITY: WHAT YOU NEED TO KNOW ABOUT THEM 1 The meeting ran longer than planned, and it is now nighttime. As you leave the building, you recall your car is parked off in a far one corner of
More informationOctober 30, 2017 File No VIA ELECTRONIC SUBMISSION
Elizabeth R. Dill 550 E. Swedesford Road, Suite 270 Wayne, Pennsylvania 19087 Elizabeth.Dill@lewisbrisbois.com Direct: 215.977.4080 October 30, 2017 File No. 50131.512 VIA ELECTRONIC SUBMISSION Attorney
More informationNATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE
NATIONAL RECOVERY AGENCY COMPLIANCE INFORMATION GRAMM-LEACH-BLILEY SAFEGUARD RULE As many of you know, Gramm-Leach-Bliley requires "financial institutions" to establish and implement a Safeguard Rule Compliance
More informationCYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING
CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING 2015 Verizon Data Breach Report 79,790 security incidents 2,122 confirmed data breaches Top industries affected: Public, Information,
More informationSOX, Corporate Governance and Working with the Board
SOX, Corporate Governance and Working with the Board HCCA Compliance Institute New Orleans, Louisiana April 18, 2005 Lisa Murtha Parente Randolph, LLC Two Penn Center Plaza Suite 1800 Philadelphia, PA
More informationAon Cyber Risk and Directors & Officers Forum CRM011
Aon Cyber Risk and Directors & Officers Forum CRM011 Speakers: Leslie Lamb, Director, Global Risk & Resiliency Management, Cisco Systems Timothy Fletcher, Senior Vice President and Team Leader, Aon Risk
More informationBusiness Associate Risk
Business Associate Risk Assessing and Managing Business Associate Risk Presented by CJ Wolf, MD, COC, CPC, CHC, CCEP, CIA Healthicity Senior Compliance Executive Disclaimer: Nothing in this presentation
More informationCYBER LIABILITY REINSURANCE SOLUTIONS
CYBER LIABILITY REINSURANCE SOLUTIONS CYBER STRONG. CYBER STRONG. State-of-the-Art Protection for Growing Cyber Risks Businesses of all sizes and in every industry are experiencing an increase in cyber
More informationChapter 6 - Credit. Section 6.1
Chapter 6 - Credit Section 6.1 Credit is a medium of exchange which allows individuals to buy goods or services now and pay for them later The creditor supplies money, goods, or services in a credit agreement
More informationMICHIGAN STATE UNIVERSITY
MICHIGAN STATE UNIVERSITY Mr. Bob Ferguson Attorney General Office of the Attorney General 1125 Washington Street SE PO Box 40100 Olympia, WA 98504-0100 Dear Attorney General: November 18, 2016 R E ru,
More informationLIABILITY INTERRUPTION OF ACTIVITIES CYBER CRIMINALITY OWN DAMAGE AND COSTS OPTION: LEGAL ASSISTANCE
I N S U R A N C E a g a i n s t c y b e r r i s k s After "prevention", risk covering is always the next step. Good insurance policies have the substantial merit allowing people to progress, even choosing
More informationCredit Card Data Breaches: Protecting Your Company from the Hidden Surprises
Credit Card Data Breaches: Protecting Your Company from the Hidden Surprises By David Zetoony Partner, Bryan Cave LLP Courtney Stout Counsel, Davis Wright Tremaine LLP With Contributions By Suzanne Gladle,
More information