SlideShare una empresa de Scribd logo

Cyber for Beginners v2

Descargar como PPTX, PDF
K
Kenny Boddye
1 de 15
Cyber Risk & Cyber Coverage Cyber Risk Insurance is Rapidly Emerging as a Must for Businesses Large & Small in Every Industry, Including Community Associations!
Cyber Insurance Overview • What is Cyber Insurance? • Why do Community Associations need Cyber Coverage? • Are there Different Types of Cyber Policies?
1. Do you know what to do in the event of a breach? 2. How much does a breach cost?
What is a Breach? • Failure to prevent unauthorized access to, or use of, electronic or non- electronic data containing personal identifiable information (PII) • Failure to prevent the transmission of a computer virus into a computer network that is not rented, owned, leased by, licensed to, or under the direct operational control of, the association or property manager • Failure to provide any authorized user of the association or property manager’s website or computer system with access to such website or system • Failure to provide notification of any actual or potential unauthorized access to, or use of, data containing private or confidential information of others if such notification is required by any applicable security breach law
• “Nonpublic Personal Information” • Medical or Health Care Information • Private Personal Information by state • Unique Identity Numbers – driver’s license, state ID number, SSN, unpublished phone numbers, card numbers, passwords, PINs, access codes What is PII?
Calculating Costs of Breaches 1. Forensic Examination 2. Notification of Affected Third-parties 3. Call Centers 4. Credit/Identity Monitoring 5. Public Relations 6. Legal Defense 7. Fines and Penalties from Regulatory Proceedings and PCI DSS violations 8. Comprehensive Written Information Security Program
Cyber Breaches – Fact or Fiction? 1. A Cyber Breach only occurs with data stored on a computer or through other electronic means. The above is Fiction: In reality, paper files may also be considered Personal Identifiable Information (PII) and if they are not stored or destroyed properly, may lead to a breach.
Insuring Agreements Network and Information Security Liability (3rd Party Insuring Agreement: A) Coverage for claims arising from: Failure to prevent unauthorized access to data, failure to provide notification of a data breach where required by law, transmission of a computer virus, and failure to provide authorized users with access to the company website Claim Example: The property manager hired by a HOA experiences a data breach involving payment card data of residents. Homeowners file a lawsuit against the HOA and Property Manager for their failure to prevent unauthorized access to this data. 8
Insuring Agreements 9 Regulatory Defense Expenses (3rd Party Insuring Agreement: C) Coverage for governmental claims made as a result of network and information security liability or communications and media liability Claim Example: The attorney general brings regulatory action against the HOA and Property manager for failure to protect the identity information of residents, including an assessment of fines / penalties.
Insuring Agreements 10 Security Breach Remediation and Notification Expenses (1st Party Insuring Agreement: E) Coverage for costs associated with notification of individuals breached, credit monitoring for 365 days or longer where required by law, fraud expense reimbursement, and a call center. - Reimbursement coverage for services provided by an Approved Service Provider Claim Example: As a result of the data breach, the HOA is responsible for notifying individuals whose PII was compromised. Notification costs include: - Legal Services to comply with specific notification / privacy laws - Forensic Investigation - Credit Monitoring and ID Fraud policies for affected individuals 10
Insuring Agreements 11 Crisis Management Event Expenses (1st Party Insuring Agreement: D) Coverage for public relations services to mitigate negative publicity Claim Example: A public relations firm is hired to restore community confidence in the HOA and property manager and to mitigate negative publicity generated from the incident 11
Cyber Breaches – Fact or Fiction? 2. My association is not liable for a breach since the property management company handles all of our resident data and information. The above is Fiction: Associations are still ultimately responsible for the data of its residents, even if the data is handled exclusively by the property manager. It is important to review the management contract for mention of who is held liable in the event of a breach.
Other Coverages Available in a Standard Cyber Policy  Communications and Media Limit of Liability  Business Interruption and Additional Expenses  E-Commerce Extortion  Computer Program and Electronic Data Restoration Expenses  Computer Fraud  Funds Transfer Fraud 13
Cyber Breaches – Fact or Fiction? 3. My association collects no personal information other than addresses, and we are either self-managed or our property manager doesn’t collect this information either. We have no exposure to a breach. The above is Fiction: If your community has a website or the property manager provides an online portal for paying dues, there is still the potential for a breach. Emails and newsletters infected with viruses are also potential exposures.
Q & A 15

Recomendados

The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber InsuranceHB Litigation Conferences
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance Hubbard Insurance Group
 
Managing and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesManaging and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesIISPEastMids
 
Cyber Threats and Insurance
Cyber Threats and InsuranceCyber Threats and Insurance
Cyber Threats and InsuranceEric Dean
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryHNI Risk Services
 
Vendor Contracts & Cyber Risks
Vendor Contracts & Cyber RisksVendor Contracts & Cyber Risks
Vendor Contracts & Cyber RisksHB Litigation Conferences
 
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesTech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesEvents2018
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 

Recomendados

The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber InsuranceHB Litigation Conferences
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance Hubbard Insurance Group
 
Managing and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesManaging and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesIISPEastMids
 
Cyber Threats and Insurance
Cyber Threats and InsuranceCyber Threats and Insurance
Cyber Threats and InsuranceEric Dean
 
Cyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryCyber Risks Looming in the Transportation Industry
Cyber Risks Looming in the Transportation IndustryHNI Risk Services
 
Vendor Contracts & Cyber Risks
Vendor Contracts & Cyber RisksVendor Contracts & Cyber Risks
Vendor Contracts & Cyber RisksHB Litigation Conferences
 
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesTech Connect Live 30th May 2018 ,GDPR Summit Hugh jones
Tech Connect Live 30th May 2018 ,GDPR Summit Hugh jonesEvents2018
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability PresentationSean Graham
 
Cyber Insurance Policy - Understanding the Premiums & Coverages
Cyber Insurance Policy - Understanding the Premiums & CoveragesCyber Insurance Policy - Understanding the Premiums & Coverages
Cyber Insurance Policy - Understanding the Premiums & CoveragesBajaj Allianz General Insurance Company Limited
 
Cyber risk
Cyber riskCyber risk
Cyber riskTarek Younan
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Chapter 16
Chapter 16Chapter 16
Chapter 16glickauf
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmNext Dimension Inc.
 
Legal aspects of IT Security-at ISACA conference 2011
Legal aspects of IT Security-at ISACA conference 2011Legal aspects of IT Security-at ISACA conference 2011
Legal aspects of IT Security-at ISACA conference 2011Adv Prashant Mali
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information ProtectionPECB
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
CBIZ Cyber Liability Flyer
CBIZ Cyber Liability FlyerCBIZ Cyber Liability Flyer
CBIZ Cyber Liability FlyerCBIZ, Inc.
 
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud SummitThe Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud SummitShawn Tuma
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics7wounders
 
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation GianinoCyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino-Gianino Gino Prieto -Dynamic Connector -Insurance Strategist
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA ComplianceRaffa Learning Community
 
What's new with Cybersecurity in Singapore?
What's new with Cybersecurity in Singapore? What's new with Cybersecurity in Singapore?
What's new with Cybersecurity in Singapore? Abraham Vergis
 
Legal aspects of IT security
Legal aspects of IT securityLegal aspects of IT security
Legal aspects of IT securityAdv Prashant Mali
 
Responding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachResponding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachCBIZ, Inc.
 
Top Level Cyber Security Strategy
Top Level Cyber Security Strategy Top Level Cyber Security Strategy
Top Level Cyber Security Strategy John Gilligan
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Don Grauel
 

Más contenido relacionado

La actualidad más candente

Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Raleigh ISSA
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Chapter 16
Chapter 16Chapter 16
Chapter 16glickauf
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmNext Dimension Inc.
 
Legal aspects of IT Security-at ISACA conference 2011
Legal aspects of IT Security-at ISACA conference 2011Legal aspects of IT Security-at ISACA conference 2011
Legal aspects of IT Security-at ISACA conference 2011Adv Prashant Mali
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information ProtectionPECB
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
CBIZ Cyber Liability Flyer
CBIZ Cyber Liability FlyerCBIZ Cyber Liability Flyer
CBIZ Cyber Liability FlyerCBIZ, Inc.
 
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud SummitThe Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud SummitShawn Tuma
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics7wounders
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA ComplianceRaffa Learning Community
 
What's new with Cybersecurity in Singapore?
What's new with Cybersecurity in Singapore? What's new with Cybersecurity in Singapore?
What's new with Cybersecurity in Singapore? Abraham Vergis
 
Legal aspects of IT security
Legal aspects of IT securityLegal aspects of IT security
Legal aspects of IT securityAdv Prashant Mali
 
Responding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachResponding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachCBIZ, Inc.
 

La actualidad más candente (20)

Cyber Insurance Policy - Understanding the Premiums & Coverages
Cyber Insurance Policy - Understanding the Premiums & CoveragesCyber Insurance Policy - Understanding the Premiums & Coverages
Cyber Insurance Policy - Understanding the Premiums & Coverages
 
Cyber risk
Cyber riskCyber risk
Cyber risk
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
Growing trend of finding2013-11 Growing Trend of Finding Regulatory and Tort ...
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
Chapter 16
Chapter 16Chapter 16
Chapter 16
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law Firm
 
Legal aspects of IT Security-at ISACA conference 2011
Legal aspects of IT Security-at ISACA conference 2011Legal aspects of IT Security-at ISACA conference 2011
Legal aspects of IT Security-at ISACA conference 2011
 
Personally Identifiable Information Protection
Personally Identifiable Information ProtectionPersonally Identifiable Information Protection
Personally Identifiable Information Protection
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?
 
CBIZ Cyber Liability Flyer
CBIZ Cyber Liability FlyerCBIZ Cyber Liability Flyer
CBIZ Cyber Liability Flyer
 
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud SummitThe Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
The Legal Side of Data Breach and Third Party Risk - IIA 9th Annual Fraud Summit
 
10. law invest & ethics
10. law invest & ethics10. law invest & ethics
10. law invest & ethics
 
Cyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation GianinoCyber Facts and Prevention Presentation Gianino
Cyber Facts and Prevention Presentation Gianino
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance
 
What's new with Cybersecurity in Singapore?
What's new with Cybersecurity in Singapore? What's new with Cybersecurity in Singapore?
What's new with Cybersecurity in Singapore?
 
Legal aspects of IT security
Legal aspects of IT securityLegal aspects of IT security
Legal aspects of IT security
 
Responding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data BreachResponding to a Company-Wide PII Data Breach
Responding to a Company-Wide PII Data Breach
 

Destacado

Top Level Cyber Security Strategy
Top Level Cyber Security Strategy Top Level Cyber Security Strategy
Top Level Cyber Security Strategy John Gilligan
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Don Grauel
 
LaCroix- D&O IRT Balto 10-2012
LaCroix- D&O IRT Balto 10-2012LaCroix- D&O IRT Balto 10-2012
LaCroix- D&O IRT Balto 10-2012Don Grauel
 
Cybersecurity Risk Assessment - 'All Done' with WISER
Cybersecurity Risk Assessment - 'All Done' with WISERCybersecurity Risk Assessment - 'All Done' with WISER
Cybersecurity Risk Assessment - 'All Done' with WISERCYBERWISER .eu
 
Technology Risk Management
Technology Risk ManagementTechnology Risk Management
Technology Risk ManagementSocial Tables
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWPICPE
 
Risk Assessment Cybersecurity Project at Utica College
Risk Assessment Cybersecurity Project at Utica CollegeRisk Assessment Cybersecurity Project at Utica College
Risk Assessment Cybersecurity Project at Utica CollegeJeff Macharyas
 
Network DDoS Incident Response Cheat Sheet (by SANS)
Network DDoS Incident Response Cheat Sheet (by SANS)Network DDoS Incident Response Cheat Sheet (by SANS)
Network DDoS Incident Response Cheat Sheet (by SANS)Martin Cabrera
 
Integrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementIntegrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementPriyanka Aash
 
Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksTripwire
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryPriyanka Aash
 
Enterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormEnterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormGoutama Bachtiar
 
Mastering Information Technology Risk Management
Mastering Information Technology Risk ManagementMastering Information Technology Risk Management
Mastering Information Technology Risk ManagementGoutama Bachtiar
 

Destacado (20)

Top Level Cyber Security Strategy
Top Level Cyber Security Strategy Top Level Cyber Security Strategy
Top Level Cyber Security Strategy
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
 
LaCroix- D&O IRT Balto 10-2012
LaCroix- D&O IRT Balto 10-2012LaCroix- D&O IRT Balto 10-2012
LaCroix- D&O IRT Balto 10-2012
 
Cybersecurity Risk Assessment - 'All Done' with WISER
Cybersecurity Risk Assessment - 'All Done' with WISERCybersecurity Risk Assessment - 'All Done' with WISER
Cybersecurity Risk Assessment - 'All Done' with WISER
 
Technology Risk Management
Technology Risk ManagementTechnology Risk Management
Technology Risk Management
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
 
Webinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity RiskWebinar - Reducing Your Cybersecurity Risk
Webinar - Reducing Your Cybersecurity Risk
 
Risk Assessment Cybersecurity Project at Utica College
Risk Assessment Cybersecurity Project at Utica CollegeRisk Assessment Cybersecurity Project at Utica College
Risk Assessment Cybersecurity Project at Utica College
 
Cyber Risks
Cyber RisksCyber Risks
Cyber Risks
 
Network DDoS Incident Response Cheat Sheet (by SANS)
Network DDoS Incident Response Cheat Sheet (by SANS)Network DDoS Incident Response Cheat Sheet (by SANS)
Network DDoS Incident Response Cheat Sheet (by SANS)
 
Computer history
Computer historyComputer history
Computer history
 
Integrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk ManagementIntegrating Cybersecurity into Supply Chain Risk Management
Integrating Cybersecurity into Supply Chain Risk Management
 
Mitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security AttacksMitigating Risk from Cyber Security Attacks
Mitigating Risk from Cyber Security Attacks
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
The Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your StoryThe Measure of Success: Security Metrics to Tell Your Story
The Measure of Success: Security Metrics to Tell Your Story
 
Customer 360
Customer 360Customer 360
Customer 360
 
Enterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormEnterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment Form
 
IT Risk Management
IT Risk ManagementIT Risk Management
IT Risk Management
 
Cyber crime ppt
Cyber crime pptCyber crime ppt
Cyber crime ppt
 
Mastering Information Technology Risk Management
Mastering Information Technology Risk ManagementMastering Information Technology Risk Management
Mastering Information Technology Risk Management
 

Similar a Cyber for Beginners v2

Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Next Dimension Inc.
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006JNicholson
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Michael C. Keeling, Esq.
 
Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Usersjyates
 
TBG Security Mgl93 H 201 CMR17.00 Compliance Service
TBG Security Mgl93 H 201 CMR17.00 Compliance ServiceTBG Security Mgl93 H 201 CMR17.00 Compliance Service
TBG Security Mgl93 H 201 CMR17.00 Compliance Servicegorsline
 
Cybertorts
CybertortsCybertorts
Cybertortspanabaha
 
Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...CBIZ, Inc.
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarDon Grauel
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityRachel Hamilton
 
TMI CYBER INSURANCE BROCHURE
TMI CYBER INSURANCE BROCHURETMI CYBER INSURANCE BROCHURE
TMI CYBER INSURANCE BROCHUREShan Budesha
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareNationalUnderwriter
 
Legal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersLegal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersMMMTechLaw
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Construction Cyber Risks
Construction Cyber RisksConstruction Cyber Risks
Construction Cyber RisksGraeme Cross
 
Social Media In 2011
Social Media In 2011Social Media In 2011
Social Media In 2011amystewart
 
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers BDO_Consulting
 

Similar a Cyber for Beginners v2 (20)

Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?Cybersecurity: What does Cyber Insurance Cover?
Cybersecurity: What does Cyber Insurance Cover?
 
Cyberinsurance 111006
Cyberinsurance 111006Cyberinsurance 111006
Cyberinsurance 111006
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
 
Legal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & UsersLegal Issues Impacting Data Center Owners, Operators & Users
Legal Issues Impacting Data Center Owners, Operators & Users
 
Cyber risk insurance
Cyber risk insuranceCyber risk insurance
Cyber risk insurance
 
TBG Security Mgl93 H 201 CMR17.00 Compliance Service
TBG Security Mgl93 H 201 CMR17.00 Compliance ServiceTBG Security Mgl93 H 201 CMR17.00 Compliance Service
TBG Security Mgl93 H 201 CMR17.00 Compliance Service
 
Cybertorts
CybertortsCybertorts
Cybertorts
 
Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...Network Security and Privacy Liability - Four Reasons Why You need This Cove...
Network Security and Privacy Liability - Four Reasons Why You need This Cove...
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
 
The Changing Landscape of Cyber Liability
The Changing Landscape of Cyber LiabilityThe Changing Landscape of Cyber Liability
The Changing Landscape of Cyber Liability
 
TMI CYBER INSURANCE BROCHURE
TMI CYBER INSURANCE BROCHURETMI CYBER INSURANCE BROCHURE
TMI CYBER INSURANCE BROCHURE
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber Warfare
 
Cyber
Cyber Cyber
Cyber
 
Legal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersLegal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and Users
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Construction Cyber Risks
Construction Cyber RisksConstruction Cyber Risks
Construction Cyber Risks
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
Social Media In 2011
Social Media In 2011Social Media In 2011
Social Media In 2011
 
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers The Unseen Enemy - Protecting the Brand, the Assets and the Customers
The Unseen Enemy - Protecting the Brand, the Assets and the Customers
 

Cyber for Beginners v2

  • 1. Cyber Risk & Cyber Coverage Cyber Risk Insurance is Rapidly Emerging as a Must for Businesses Large & Small in Every Industry, Including Community Associations!
  • 2. Cyber Insurance Overview • What is Cyber Insurance? • Why do Community Associations need Cyber Coverage? • Are there Different Types of Cyber Policies?
  • 3. 1. Do you know what to do in the event of a breach? 2. How much does a breach cost?
  • 4. What is a Breach? • Failure to prevent unauthorized access to, or use of, electronic or non- electronic data containing personal identifiable information (PII) • Failure to prevent the transmission of a computer virus into a computer network that is not rented, owned, leased by, licensed to, or under the direct operational control of, the association or property manager • Failure to provide any authorized user of the association or property manager’s website or computer system with access to such website or system • Failure to provide notification of any actual or potential unauthorized access to, or use of, data containing private or confidential information of others if such notification is required by any applicable security breach law
  • 5. • “Nonpublic Personal Information” • Medical or Health Care Information • Private Personal Information by state • Unique Identity Numbers – driver’s license, state ID number, SSN, unpublished phone numbers, card numbers, passwords, PINs, access codes What is PII?
  • 6. Calculating Costs of Breaches 1. Forensic Examination 2. Notification of Affected Third-parties 3. Call Centers 4. Credit/Identity Monitoring 5. Public Relations 6. Legal Defense 7. Fines and Penalties from Regulatory Proceedings and PCI DSS violations 8. Comprehensive Written Information Security Program
  • 7. Cyber Breaches – Fact or Fiction? 1. A Cyber Breach only occurs with data stored on a computer or through other electronic means. The above is Fiction: In reality, paper files may also be considered Personal Identifiable Information (PII) and if they are not stored or destroyed properly, may lead to a breach.
  • 8. Insuring Agreements Network and Information Security Liability (3rd Party Insuring Agreement: A) Coverage for claims arising from: Failure to prevent unauthorized access to data, failure to provide notification of a data breach where required by law, transmission of a computer virus, and failure to provide authorized users with access to the company website Claim Example: The property manager hired by a HOA experiences a data breach involving payment card data of residents. Homeowners file a lawsuit against the HOA and Property Manager for their failure to prevent unauthorized access to this data. 8
  • 9. Insuring Agreements 9 Regulatory Defense Expenses (3rd Party Insuring Agreement: C) Coverage for governmental claims made as a result of network and information security liability or communications and media liability Claim Example: The attorney general brings regulatory action against the HOA and Property manager for failure to protect the identity information of residents, including an assessment of fines / penalties.
  • 10. Insuring Agreements 10 Security Breach Remediation and Notification Expenses (1st Party Insuring Agreement: E) Coverage for costs associated with notification of individuals breached, credit monitoring for 365 days or longer where required by law, fraud expense reimbursement, and a call center. - Reimbursement coverage for services provided by an Approved Service Provider Claim Example: As a result of the data breach, the HOA is responsible for notifying individuals whose PII was compromised. Notification costs include: - Legal Services to comply with specific notification / privacy laws - Forensic Investigation - Credit Monitoring and ID Fraud policies for affected individuals 10
  • 11. Insuring Agreements 11 Crisis Management Event Expenses (1st Party Insuring Agreement: D) Coverage for public relations services to mitigate negative publicity Claim Example: A public relations firm is hired to restore community confidence in the HOA and property manager and to mitigate negative publicity generated from the incident 11
  • 12. Cyber Breaches – Fact or Fiction? 2. My association is not liable for a breach since the property management company handles all of our resident data and information. The above is Fiction: Associations are still ultimately responsible for the data of its residents, even if the data is handled exclusively by the property manager. It is important to review the management contract for mention of who is held liable in the event of a breach.
  • 13. Other Coverages Available in a Standard Cyber Policy  Communications and Media Limit of Liability  Business Interruption and Additional Expenses  E-Commerce Extortion  Computer Program and Electronic Data Restoration Expenses  Computer Fraud  Funds Transfer Fraud 13
  • 14. Cyber Breaches – Fact or Fiction? 3. My association collects no personal information other than addresses, and we are either self-managed or our property manager doesn’t collect this information either. We have no exposure to a breach. The above is Fiction: If your community has a website or the property manager provides an online portal for paying dues, there is still the potential for a breach. Emails and newsletters infected with viruses are also potential exposures.