slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Data Security & Beazley Breach Response PowerPoint Presentation
Download Presentation
Data Security & Beazley Breach Response

Loading in 2 Seconds...

play fullscreen
1 / 25

Data Security & Beazley Breach Response - PowerPoint PPT Presentation


  • 179 Views
  • Uploaded on

Data Security & Beazley Breach Response. Max Perkins. October 4, 2013. Agenda. A Brief Review of Data Breaches What is Beazley Breach Response? Beazley Breach Response Timeline Questions ? Appendix. A Brief Review of Data Breaches. What is a Data Breach?.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Data Security & Beazley Breach Response' - clancy


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Data Security &

Beazley Breach Response

Max Perkins

October 4, 2013

agenda
Agenda
  • A Brief Review of Data Breaches
  • What is Beazley Breach Response?
  • Beazley Breach Response Timeline
  • Questions?
  • Appendix
what is a data breach
What is a Data Breach?
  • Actual release or disclosure of information to an unauthorized individual/entity that relates to a person and that:
    • May cause the person inconvenience or harm (financial/reputational)
      • Personally Identifiable Information (PII)
      • Protected Healthcare Information (PHI)
    • May cause your company inconvenience or harm (financial/reputational)
      • Customer Data, Applicant Data
      • Current/Former Employee Data, Applicant Data
      • Corporate Information/Intellectual Property
types of data security breaches
Types of Data Security Breaches
  • Improper Disposal of Data
    • Paper
      • Un-shredded Documents
      • File cabinets without checking for contents
    • Electronic assets
      • computers, smart phones, backup tapes, hard drives, servers, copiers, fax machines, scanners, printers
  • Phishing/Spear Phishing Attacks
  • Network Intrusions/Hacks/Malware Viruses
  • Lost/Missing/Stolen Electronic Assets
  • Mishaps due to Broken Business Practices
  • Rogue Employees
what kinds of information are at risk
What Kinds of Information are at Risk?

Consumer Information

  • Credit Cards, Debit Cards, and other payment information
  • Social Security Numbers, ITIN’s, and other taxpayer records
  • Customer Transaction Information, like order history, account numbers, etc.
  • Protected Healthcare Information (PHI), including medical records, test results, appointment history
  • Personally Identifiable Information (PII), like Drivers License and Passport details
  • Financial information, like account balances, loan history, and credit reports
  • Non-PII, like email addresses, phone lists, and home address that may not be independently sensitive, but may be more sensitive with one or more of the above

Employee Information

  • Employers have at least some of the above information on all of their employees

Business Partners

  • Vendors and business partners may provide some of the above information, particularly for Sub-contractors and Independent Contractors
  • All of the above types of information may also be received from commercial clients as a part of commercial transactions or services
  • In addition, B2B exposures like projections, forecasts, M&A activity, and trade secrets

Many people think that without credit cards or PHI, they don’t have a data breach risk. But can you think of any business without any of the above kinds of information?

slide9

Beazley Breach Response is more than an insurance policy

Network / DataLiability

Insurance

+ Breach Response

Services

_____________________

Beazley Breach Response

  • Based on current, state-of-the-art Beazley Information Security & Privacy Insurance
  • Notification/Credit or Identity Monitoring indemnification is replaced with Privacy Breach Response Services
  • Integrated Breach-Handling Services using top industry experts and vendors
  • Privacy Breach Response insurance has a limit of coverage that is separate from and in addition to the third party limit of liability
  • A comprehensive solution to the risks of security breaches, data loss and unauthorized disclosures
  • A unique insurance product tailored to the needs of data owners, including higher education, healthcare, retail and other consumer-facing organizations
beazley breach response
Beazley Breach Response
  • Insuring Agreement A
    • Information Security and Privacy

1. theft, loss or unauthorized disclosure of personally identifiable non-public information or third party corporate information

2. failure of computer security to prevent a security breach

3. failure to timely disclose a breach

4. failure to comply with privacy policy

slide11
Insuring Agreement B
    • Breach Response Services
        • Computer forensics to determine existence and cause of breach. Includes costs of a PCI Forensic Investigator, when applicable to the suspected incident
        • Legal fees to determine the applicability of and actions necessary to comply with breach notice laws or in responding to credit card system operating regulation requirements (PCI)
        • To provide notification to individuals required to be notified under a breach notice law or if a potential risk of financial, reputational, or other harm exists to the individuals
        • Call center services to the notified individuals
        • One year credit or identity file monitoring and reasonable third party admin costs associated with program
        • Access to educational and loss control information
slide12
Insuring Agreement C
    • Regulatory Defense and Penalties
        • Claims expenses and penalties insured is obligated to pay because of a claim in the form of regulatory proceedings – (HIPAA, HiTech)
  • Insuring Agreement D
    • Crisis Management and Public Relations
        • Public relations and Crisis Management Expenses incurred as a result of a the publication or imminent publication in a newspaper, radio or television broadcast of a covered Claim under the policy.
  • Insuring Agreement E
    • PCI Fines and Costs
        • Indemnity coverage of PCI Fines and Costs (Defined Term)
what else makes beazley breach response different
What Else Makes Beazley Breach Response Different?

Beazley Breach Response:

  • Pre-Breach Education and Services
  • Dedicated Breach Response Services team: breaches are very different from liability claims
  • Hand-picked vendors: expertise makes a big difference for breach outcome, higher education organizations are note expected to have the in-house expertise to respond to a breach
  • Beazley insureds are encouraged to activate services when they think have a breach, because little breaches can turn into big problems if they aren’t handled properly
  • It only takes one phone call or email (bbr.claims@beazley.com) to activate services
pre breach response services
Pre-Breach Response Services
  • Policy Holder Services from ePlace Solutions, Inc. through nodatabreach.com to provide Data Security Risk Management services such as:
    • Training and Awareness programs
    • Animated Staff training Programs
    • HIPAA Compliance Tools
    • On-Line Compliance Materials – quick tips, links to statutes and regulations updates
    • Expert Support from consultants and attorneys on data security issues including
      • Healthcare & HIPAA compliance issues
      • Contractual Considerations
      • Data Breach Prevention Issues
      • Data Security Best Practices and Corporate Policies
      • Computer Forensic Issues
      • Data Breach Prevention Guidance
pre breach response services continued
Pre-Breach Response Services Continued
  • Alex Ricardo - Breach Response Services - Broker/Client Outreach Specialty Lines
  • Alex joined Beazley in April 2011
  • Graduated from Stevens Institute of Technology, BE Engineering
  • Worked in privacy sector for 15 years
  • Certified Information Privacy Professional (CIPP/US)
  • Based in Beazley's New York City office.
  • He is responsible for assuring BBR Insureds take full advantage of the professional services made available to them to reduce their risk & liability profile prior to or in the event of a privacy breach incident.
post breach response services
Post Breach Response Services
  • Dedicated Internal Breach Response Services Focus Group lead by Katherine Keefe, Esq.
    • 25 years practicing lawyer with extensive experience in data privacy and security issues and related regulatory matters.
    • Team responsible for providing breach response services to policyholders immediately following the report of a suspected data breach
    • Development of Beazley’s risk management services designed to minimize the occurrence and impacts of data breaches.
    • Client Advocacy during breach that is separate from claims staff handling regulatory and liability matters
slide21

Appendix

  • Best Practices – Breach Preparedness & Prevention
  • Best Practices – Breach Response Management
slide22

Best Practices – Breach Preparedness and Prevention

  • Encryption of Portable Devices
  • PCI-DSS Compliance
  • Data Segregation
  • Data Mapping
  • Log Files
  • Data Loss Prevention (DLP)
slide23

Best Practices – Breach Preparedness and Prevention

  • Background Screening Program
  • Pre-Arrange Breach Response Services
  • e-Learning Initiative
  • Written Data Breach Incident Response Plan
  • Tabletop Exercises
  • Legislative updates
slide24

Best Practices – Breach Response Management

  • Retain Outside Counsel
  • “Notify Correctly vs.. Quickly”
  • Outside Call Center When Appropriate
  • Reputational Risk Advisor When Appropriate
  • Investigate – Investigate – Investigate
  • Leverage External Resources – Privacy Counsel, Forensics
slide25

Max PerkinsUnderwriter; Specialty LinesBeazleyTwo Liberty Place t: +1 (215) 446 8446

  • 50 S. 16th Street, Suite 2700 c: +1 (336) 549 9999Philadelphia, PA 19102e: max.perkins@beazley.com For More Information: www.beazley.com

The descriptions contained in this broker communication are for preliminary informational purposes only. The product is available on an admitted basis in some but not all US jurisdictions through Beazley Insurance Company, Inc., and is available on a surplus lines basis through licensed surplus lines brokers underwritten by Beazley syndicates at Lloyd's. The exact coverage afforded by the product described herein is subject to and governed by the terms and conditions of each policy issued. The publication and delivery of the information contained herein is not intended as a solicitation for the purchase of insurance on any US risk. Beazley USA Services, Inc. is licensed and regulated by insurance regulatory authorities in the respective states of the US and transacts business in the State of California as Beazley Insurance Services (License#: 0G55497).