1 / 31

Finance and Governance Workshop

Finance and Governance Workshop. Management of a Data Breach James Webster Hiscox Insurance. Question. What industry makes up the highest percentage of investigations?. Answer. Source: Trustwave 2013 Global Security Report. Question.

hubert
Download Presentation

Finance and Governance Workshop

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Finance and Governance Workshop Management of a Data Breach James Webster HiscoxInsurance

  2. Question What industry makes up the highest percentage of investigations?

  3. Answer Source: Trustwave 2013 Global Security Report

  4. Question What is the average timeframe from an initial breach to detection?

  5. Answer 210 days Source: Trustwave 2013 Global Security Report

  6. Question What are the most common methods of detection?

  7. Answer Source: Trustwave 2013 Global Security Report

  8. Question From which country do most attacks originate?

  9. Answer Source: Trustwave 2013 Global Security Report

  10. Question What percentage of breaches involve a third party responsible for system support, development or maintenance?

  11. Answer Source: Trustwave 2013 Global Security Report

  12. Question What is the average cost per compromised record after a data breach?

  13. Answer Source: 2013 Cost of Data Breach Study, Ponemon Institute

  14. Question What is the average cost per data breach incident?

  15. Answer $3.14 million (£2.05 million) in the UK Source: 2013 Cost of Data Breach Study, Ponemon Institute

  16. Question Which industries have the highest breach costs?

  17. Answer Hospitality: £68 per record Public services: £48 per record Source: 2013 Cost of Data Breach Study, Ponemon Institute

  18. Question What is the most common cause of data breaches?

  19. Answer Source: 2013 Cost of Data Breach Study, Ponemon Institute

  20. Guess who?

  21. Management of a data breach

  22. Breakfast with Malcolm Team training Coffee with Alan from Barclays Call Jenna Murray re: licensing Lunch with Board Review outsourcing agreement and call with the lawyers Meeting with Arnold re: finance (do not miss!) Conference call with Heads of Department Discuss conference call with FD Tom’s appraisal

  23. Management of a data breach • Importance of Incident Response Plans • Containment and recovery • Assessment of ongoing risk • Notification of breach • Evaluation and response These are not linear activities, following one another in orderly sequence.......

  24. Breakfast with Malcolm Team training Re-arrange for Friday Coffee with Alan from Barclays Jill – rearramge this please Call Jenna Murray re: licensing Handover to John Lunch with Board Review outsourcing agreement and call with the lewyers Move to tomorrow (pm) Meeting with Arnold re: finance (do not miss!) Conference call with Heads of Department Discuss conference call with FD Tom’s appraisal

  25. Management of a data breach • Containment and recovery • Decide who is to take the lead in investigating • Establish who needs to be informed (internally and externally – separately from any formal notifications) • Identify actions to recover loss and/or limit damage • Consider whether appropriate to inform the police

  26. Breakfast with Malcolm July Team training Re-arrange for Friday Coffee with Alan from Barclays Jill – rearrange this please Call Jenna Murray re: licensing Handover to John Lunch with Board Jill – send my apologies Review outsourcing agreement and call with the lawyers Move to tomorrow (pm) Meeting with Arnold re: finance (do not miss!) Send apologies!! Conference call with Heads of Department Discuss conference call with FD Tom’s appraisal Move to Monday – tell HR

  27. Management of a data breach • Risk Assessment • What sort of data is involved? • What level of sensitivity is it? • What is your best assessment of what has happened to the data (in terms of unauthorised parties who have access to it, and for how long they have had access)? • What is its value to the unauthorised party? what harm could come to the affected individuals? • How much data is involved? • Are there wider consequences e.g. risk to public health? • Should passwords be changed or banks contacted?

  28. Anniversary today!! Jill – can you rearrange dinner for tomorrow and please send Trudy some flowers? Data protection training (until 12.30) Lunch with Arnold re: finance Lunch with Tom Meeting with Jenna Murray Oursourcing Agreement! JILL CANCEL EVERYTHING!!! Pick up kids (Trudy at hairdressers)

  29. Management of a data breach • Notification • ICO notification: telecoms sector and public bodies must notify. Other sectors currently voluntary regime • FCA and other regulators: sector-specific rules apply • Individuals: "will notification help them?" is the ICO's overriding concern Conclusion: notification is not an end in itself

  30. Management of a data breach • Notification Content • “How and when" details and overview • Affected data, affected number of individuals • Breach response so far, mitigation steps taken so far • Security measures in place • Whether individuals have been informed • Whether there has been media coverage • Whether investigation is being carried out, and if so, when is it due and in what format • Whether other regulators or the police have been informed • What future preventive measures you plan • Is there any other information that would be useful?

  31. Thank you

More Related