Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber...
Transcript of Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber...
![Page 1: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/1.jpg)
Jarrett Kolthoff, CISSP, GCFA
SpearTip – Cyber Counterintelligence
Risk Transfer via Insurance
![Page 2: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/2.jpg)
![Page 3: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/3.jpg)
Background
![Page 4: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/4.jpg)
Strategic Threat of Cyber Economic Espionage
• Cloud Networks & IoT Infrastructure for online operational space
• Lack of industry standardization within Cloud & IoT
• Building effective incident response capabilities
![Page 5: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/5.jpg)
Strategic Threat of Cyber Economic Espionage
![Page 6: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/6.jpg)
Strategic Threat of Cyber Economic Espionage
• Disinformation
• Cyber
• Energy
• Money
• Violence
• Kompromat
• Espionage
• Diplomacy
Active Measures
![Page 7: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/7.jpg)
Strategic Threat of Cyber Economic Espionage
![Page 8: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/8.jpg)
Strategic Threat of Cyber Economic Espionage
![Page 9: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/9.jpg)
Strategic Threat of Cyber Economic Espionage
![Page 10: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/10.jpg)
Strategic Threat of Cyber Economic Espionage
1st Stage 2020-2025
2nd Stage 2035-2050
![Page 11: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/11.jpg)
Strategic Threat of Cyber Economic Espionage
Steganography / Encryption
![Page 12: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/12.jpg)
Strategic Threat of Cyber Economic Espionage
![Page 13: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/13.jpg)
Cost of Data Breach – Ponemon 2018
![Page 14: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/14.jpg)
Cost of Data Breach – Ponemon 2018
![Page 15: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/15.jpg)
Cost of Data Breach – Ponemon 2018
Per Capita by Industry
![Page 16: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/16.jpg)
Cost of Data Breach – Ponemon 2018
A data breach
involving one million
compromised records
yields an estimated
total cost of $39.49
million, with a range
from $29.62 to $49.36.
At 50 million records,
the total cost could be
as high as $350.44
million, with a range
from $262.83
to $438.06.
![Page 17: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/17.jpg)
Tradecraft - SpearPhishing
![Page 18: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/18.jpg)
Tradecraft – Financial Fraud
• Business E-Mail Compromise (BEC)
• Data Breach
• Denial of Service
• E-Mail Account Compromise
• Malware/Scareware
• Phishing/Spoofing
• Ransomware
![Page 19: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/19.jpg)
Tip of the Spear
![Page 20: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/20.jpg)
Tip of the Spear – Cyber Counterintelligence
SLIDES REMOVED
![Page 21: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/21.jpg)
Tip of the Spear
![Page 22: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/22.jpg)
Cost of Data Breach – Ponemon 2018
![Page 23: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/23.jpg)
Cost of Data Breach – Ponemon 2018
![Page 24: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/24.jpg)
Cost of Data Breach – Ponemon 2018
![Page 25: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/25.jpg)
Approach cybersecurity as an enterprise-wide risk management issue, not just an IT issue
Understand the legal implication of cyber risks
Adequate access to cybersecurity expertise and allocate adequate time on the board meeting
agenda
Enterprise-wide cyber-risk management framework with adequate staffing and budget
Risk appetite - to avoid, accept, mitigate or transfer RISK through insurance
Risk Transfer – Cyber Insurance
![Page 26: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/26.jpg)
• Medidata Solutions, Inc. v. Federal Insurance Company• American Tooling Center, Inc. v. Travelers Casualty and Surety Company of America • The National Bank of Blacksburg v. Everest National Insurance Company
Risk Transfer – Cyber Insurance
![Page 27: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/27.jpg)
Security Operations Center
Threat Intelligence & Event Correlation
![Page 28: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/28.jpg)
Security Operations Center
![Page 29: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/29.jpg)
Gartner
![Page 30: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/30.jpg)
Train Your Staff
![Page 31: Risk Transfer via Insurance - Dallas Chapter of the IIA...Understand the legal implication of cyber risks Adequate access to cybersecurity expertise and allocate adequate time on the](https://reader034.fdocuments.net/reader034/viewer/2022051902/5ff1d3793d4cc62907161aa3/html5/thumbnails/31.jpg)
Blending cutting-edge technologies, unique skill sets and proven military cyber counterintelligence strategies,
partnering with clients to protect shareholder value, shield corporate reputations and enhance long-term profits.
Outmaneuver Your Adversary