TechAssure Presentation PDF linkedin
-
Upload
brian-d-brown -
Category
Documents
-
view
107 -
download
0
Transcript of TechAssure Presentation PDF linkedin
Network Security and Privacy (Cyber Coverage)
Sales and ProductionBrian D. Brown
CyberSpecialist Group
[email protected] 404 849 3004
http://lnkd.in/XXCFi7 This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in
this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
2
President – CyberSpecialists Group
3495 Waddeston Way, Suite 101C, Atlanta, Georgia 30319
404 849 3004 Brian is a naEonally recognized expert in Network Security and Privacy (Cyber) exposures and Insurance. He has worked in the Cyber field for over a decade and had a hand in draSing the first Cyber products. He also developed and taught the first CIC classes on e-‐Business risk and insurance responses.
Having worked with both naEonal brokers and carriers, he brings a unique and broad perspecEve to the subject. In addiEon to Cyber experEse, Brian was an account execuEve at naEonal brokers so has a broad range of knowledge and skills in all areas of property and casualty insurance. He has been instrumental, in his career, in developing successful, innovaEve, cuWng edge programs and products for both insurance carriers and brokers.
Brian is an acEve member of the PLUS Southeastern Chapter and a regular speaker for PLUS and RIMS events and seminars. He is also a published author in Property Casualty 360 and the American Bar AssociaEon magazine. In the last month he has an arEcle the Texas magazine, The Insurance Record – September 4, 2014 and another naEonally in The Insurance Journal – September 22, 2014.
In his spare Eme Brian is a freelance fine arEst and a Dad to his three children and current resides in Atlanta, GA.
Brian D. Brown
3
1. Discuss Data Privacy exposures 2. Determine the # of records at risk 3. Explain the costs of a Breach 4. Review causes of a Breach
• Negligence • Rogue Employee • Business Assoc./Vendor • Hacker
5. Present Insurance solution
Typical Sales Process
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
4
Your Experiences
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
5
Not Us
Isn’t this already insured?
“BULLETPROOF Security”
I just don’t get this tech stuff
End
Costs Too Much
Apps. – Too Much Work
X
State Security Breach Notification Laws -Forty-seven states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information
http://www.digestiblelaw.com/files/upload/securitybreach.pdf
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) - Health Information Technology for Economic and Clinical Health (HITECH) http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html
Gramm–Leach–Bliley Act (Subtitle A: Disclosure of Nonpublic Personal Information, codified at 15 U.S.C. §§ 6801–6809)
• The Safeguards Rule requires financial institutions to develop a written information security plan that describes how the company is prepared for, and plans to continue to protect clients’ nonpublic personal information. 6
Not us?
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
Progress on Federal Notification Bill
7
National Data Breach Notification Bill Advances Measure Would Pre-empt State Breach Notification Laws By Eric Chabrow, April 15, 2015.
The House Energy and Commerce Committee approved on April 15 the Data Security and Breach Notification Act by a 29-20 vote, with only Republicans supporting the measure. Even its Democratic co-sponsor, Rep. Peter Welch of Vermont, voted against it.
http://www.databreachtoday.com/national-data-breach-notification-bill-advances-a-8109
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
Further Federal Intervention
8
House Panel Passes Cyberthreat Info Sharing Bill Democratic Attempts to Limit Liability Safeguards Fail By Eric Chabrow, April 14, 2015.
"If you abide by the provisions of this act," Cedric Richmond (D-LA) said, "then you're exempt from liability. It's just that simple. Instead of adding all these other concepts to the liability language, if we take the time to pass a bill and you abide by it, you have liability exemption. If you don't, then you don't have exemption."
http://www.databreachtoday.com/house-panel-passes-cyberthreat-info-sharing-bill-a-8106
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
9
http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
Not Us…Right?
5/12/2014
10© 2014 CyberSpecialist, LLC All Rights Reserved.
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
•Back
http://www.csid.com/resources/stats/data-breaches-by-industry/ https://www.privacyrights.org/data-breach
11
Isn’t This Already Insured?
A. Coverage
2. Property Not Covered Covered property does not include:
n. The following property, except as provided in the Coverage Extension for Electronic Media And Records and Valuable Papers And Records:
(1) Electronic media and records, meaning the following:
(a) Media, meaning disks, drives, CD-ROMs, tapes, cells or other computer software, or any media which are used with electronically controlled equipment. Software includes systems and applications software.
(b) Data, meaning information or facts stored on media described in (1)(a) above. Data includes valuable papers and records converted to data.
(c) Computer program, meaning a set of related electronic instructions which direct the operations and functions of a computer or device connected to it, which enable the computer or device to receive, process, store, retrieve or send data.
ISO BUILDING AND PERSONAL PROPERTY CP-00-10
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
12
Isn’t This Already Insured?
ISO COMMERCIAL GENERAL LIABILITY COVERAGE FORM CG-00-01 12 04 (Cov. A - BI & PD)
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
p. Electronic Data Damages arising out of the loss of, loss of use of, damage to, corruption of, inability to access, or inability to manipulate electronic data. As used in this exclusion, electronic data means information, facts or programs stored as or on, created or used on, or transmitted to or from computer software, including systems and applications software, hard or floppy disks, CD- ROMS, tapes, drives, cells, data processing devices or any other media which are used with electronically controlled equipment.
Exclusion Pg. 5 of 15
Endorsement for Cov. B (P &AI)
14
PROFESSIONAL LIABILITY POLICIES HEALTH CARE ORGANIZATIONS AND PROVIDERS PROFESSIONAL LIABILITY, GENERAL
LIABILITY AND EMPLOYEE BENEFIT LIABILITY POLICY - ONE BEACON - HPF-10002-02-13
(12)
(a) unauthorized, unlawful, or unintentional taking, obtaining, accessing, using, disclosing, distributing, disseminating, transmitting, gathering, collecting, acquiring, corrupting, damaging, destroying, deleting, or impairing of any information or data of any kind, including but not limited to any health care or other medical information or Personally Identifiable Health Information; provided, that this Exclusion (D)(12)(a) shall not apply to any Claim for a Professional Services Wrongful Act as defined in DEFINTION (OO)(3); “((3) any inadvertent: (a) publication)”
(b) failure or inability of any computer, computer component (including but not limited to any hardware, network, terminal device, data storage device, input and output device, or back up facility), application, program, software, code, or script of any kind (a “System”) to perform or function as planned or intended, including but not limited to any failure or inability of any System to prevent any hack, virus, contaminant, worm, trojan horse, logic bomb, or unauthorized or unintended accessing or use involving any System;
Be careful of exclusions disguised as sub-limits
•BackThis is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in
this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
15
“Jam Up and Jelly Tight”
BOTTOM LINE There is always an incremental risk – It is unavoidable…
AND IT IS PERFECTLY “OKAY”.
•BackThis is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in
this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
Automatic Sprinkler Analogy
There is no need to get into extremely deep technical details
As with most insurance, one of the underwriting consideration is management concern (resources and focus)
Brief Network Security and Privacy Primer • Architecture • Concerns
oHardware oSoftware oPeople oMobile o“Off network” risks
16
I Just Don’t Get This Tech Stuff
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
17
I Just Don’t Get This Tech Stuff
Wireless
The Network
Remote Users/Laptops
Vendor
•BackThis is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
Realms of “Cyber” Exposures
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
18
Interest /Need
Complete Application
Obtain Quotes
Present
Bind
Interest /Need
Complete Application
Obtain Pricing
Present
Bind
Obtain Quotes
Traditional Cyber Cycle
BACK
The Sales Process is Now
Flipped
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
Sample Costs - $1M limit - $250k Sub-Limits Matrix for Community Banks
Revenues BandsOption #1 Premium Range
$0 - $1M $1,000$1M - $2M $1,000 - $1,450$2M - $3M $1,450 - $2,000$3M - $4M $2,000 - $2,350$4M - $5M $2,350 - $2,700$5M - $7.5M $2,700 - $3,500$7.5M - $10M $3,500 - $4,300$10M - $20M $4,300 - $8,150
19 Back
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
Insurance Pricing How it REALLY works.
20 Back
It’s a very complex process. Insurance can’t be priced like most products, by supply and demand, because the money people pay for it is intended to help protect against the cost of unforeseen future happenings—for example, a fire, a burglary or an auto accident. While many factors are considered in rate making, rates basically are dependent on one major factor—the combined cost of all the losses or claims—known as the company’s loss experience. http://www.pia.org/IRC/qs/qs_other/QS90360.pdf
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
Insurance Pricing How it REALLY works.
21 Back
'Underwriting Cycle' At the beginning of the cycle, the underwriting business is soft due to increased competition and excess insurance capacity, as a result of which premiums are low. (leading to) lower insurance capacity … enabling insurers to raise premiums and post solid earnings growth. This robust underwriting environment attracts more competitors, which gradually leads to more capacity and lower premiums, setting the stage for a repetition of the underwriting cycle. http://www.investopedia.com/terms/u/underwriting-cycle.asp
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
Bang for Your Buck
Nearly all States have a Safe Harbor provision included in their State Notification Law for Personal Identifiable Information which is
encrypted.
TX –
“Sensitive personal information” only applies to data items that are not encrypted.
Free Sites
https://www.gnupg.org/ http://en.wikipedia.org/wiki/
Comparison_of_disk_encryption_software
And others.22
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
Brian D. Brown
23
[email protected] 404 849 3004
CyberSpecialistGroup.com
© 2014 CyberSpecialit, LLC. All Rights Reserved. |
?’s24
Open Discussion
•Back