2017 RIMS CYBER SURVEY
|
|
- Jemimah Boone
- 5 years ago
- Views:
Transcription
1 2017 RIMS CYBER SURVEY
2 This report marks the third year that RIMS has surveyed its membership about cyber risks and transfer practices. This is, of course, a topic that only continues to captivate the business world s attention year after year. Based on our 2017 results, organizations are buying more cyber insurance and spending more on cyber risk best practices. On the heels of WannaCry and other ransomware outbreaks, respondents chose cyber extortion as one of the leading first-party exposures their organizations face (72%). Business interruption as a result of network outage is still the leading first-party exposure, according to 80% of respondents. On the cyber insurance front, there might be the beginning of a plateau in 2017 s data. Businesses are still relying on insurance to address the growing number of cyber risks: when asked if they transfer cyber exposure to a third party, 72% of respondents said yes. That is up, but not by much, from 2016 s result of 69%. The utilization of stand-alone cyber insurance policies is mostly static with 2016: of those who have cyber coverage, 83% do it with stand-alone products. In 2016, it was 80%. The rate of increase for stand-alone policies might be slowing because other forms of insurance coverage are picking up the slack. Of those who are insured but do not have stand-alone policies, 84% say that other purchased insurance policies include cyber liability coverage (up from 76% last year). In short, we might be seeing something resembling maturity from the cyber insurance market. Those who want to buy cyber coverage have bought it, and specialty stand-alone cyber coverage is nearing saturation. In 2018, any trends along these lines will be more discernable. When it comes to government regulations, options are still divided. The percentage of respondents who think the government should mandate the reporting of cyber breaches was flat compared to Only 34% think that government should mandate cyber security standards. Information Sharing and Analysis Organizations are faring better this year, however. About a quarter of respondents say their organizations belong to one of these voluntary reporting groups created by US law in In 2016, it was 20%. METHODOLOGY This year s survey had 288 respondents; 2016 had 272. Demographics such as industry sector, organization revenue and number of employees held close to 2016 results. In 2017 the number of financial services respondents dropped nearly four percentage points, while government and manufacturing respondents were up about four percentage points each. The survey was distributed to RIMS membership via an internet link, and was in field between May 18 and June 25, Percentages shown are rounded up or down to the nearest whole number. If you have additional questions about data collection, please contact RIMS at content@rims.org. As the preeminent organization dedicated to educating, engaging and advocating for the global risk community, RIMS, the risk management society, is a not-for-profit organization representing more than 3,500 corporate, industrial, service, nonprofit, charitable and government entities throughout the world. RIMS has a membership of approximately 11,000 risk practitioners who are located in more than 60 countries. For more information about the Society s world-leading risk management content, networking, professional development and certification opportunities, visit PUBLICATIONS EDITOR Morgan O Rourke ANALYSIS Brandon Righi RIMS hopes you find the full survey results informative. If you have additional questions about the information you find here, please contact content@rims.org. 1
3 SURVEY AT A GLANCE» LESS THAN HALF think that» About a THIRD think» 24% belong to Information the government should the government should Sharing and Analysis mandate the reporting of cyber breaches. mandate cyber security standards for companies. Organizations (ISAOs), compared to 20% in % 58% % 69% % 72% Percentage identifying cyber extortion as a first-party exposure Percentage transferring cyber risk to third parties 44% 26% 48%...of those purchasing cyber insurance have a limit in the $5m to $20m range....say they will spend more than $1m to protect against cyber security exposures in report they are spending more than last year to protect against cyber security exposures. 2
4 RESULTS 1) Please identify your organization s potential first-party cyber exposures. Business interruption and extra expense as a result of network outage Business interruption and extra expenses for loss of data 72% 80% Cyber extortion 72% (s9% from 2016) Theft of trade secrets or IP 42% Reputational harm Regulator investigations, fines, penalties Cost related to notification, response, etc. 52% 75% 79% 2) Please identify your organization s potential third-party cyber exposures. Disclosure of personal indentifiable information (employees or customers) 88% Media liability 43% Business interruption 61% Economic harm to customers as the result of a network outage Regulator investigations, fines, penalties 46% 51% Cost related to notification, response, etc 73% 3
5 3) Does your organization transfer the risk of cyber exposure to a third party? 72% (69% in 2016) 23% 5% 4) Is your organization considering a purchase of cyber coverage within the next months? 61% 16% 23% 5) If your organization is not interested in cyber coverage, please explain why. SOME COMMENTS FROM RESPONDENTS: Organization has pushed back due to low risk and controls in place. Coverage is inadequate for our industry. Our potential loss is extremely low except for a black swan which is so large you can t effectively cover it in the current market. 6) Does your company have a stand-alone cyber insurance policy? 83% (80% in 2016) 17% 4
6 7) Is your organization s cyber liability coverage included in other purchased insurance policies? 84% (s8% from 2016) 13% 3% 8) Does your organization purchase cyber insurance as a result of contractual obligations? 17% 82% 1% 9) Please select a range of limit purchased. Less than $5 million 20% $5 million $20 million 44% $20 million $50 million 14% $50 million $100million 13% $100 million $200 million 6% More than $200 million 2% 5
7 10) What premium are you paying for your cyber coverage? Less than $50,000 29% $50,000 $75,000 14% $75,000 $100,000 7% $100,000 $200,000 16% $200,000 $500,000 15% More than $500,000 19% 11) Which of the following is included in your cyber insurance policy? Professional liability 47% Network/business interruption 87% Cyber extortion 88% Fines and penalties 70% Breach notification costs 88% Reputational harm 41% Theft of trade secrets 34% Data recovery 76% 6
8 12) Does your organization s cyber insurance coverage extend to data stored in cloud servers? 57% 9% 34% 13) Are you considering purchasing cyber coverage for data stored in cloud servers in the next months? 42% 24% 34% 14) Does your organization have a response plan in place in the event of a cyber crisis? 83% 7% 10% 7
9 15) Who is involved in that response procedure? (Please check all that apply) Public relations 67% Information technology 93% Legal 82% Risk management 83% Information security 76% Compliance 42% Privacy officer 40% 16) Has your organization identified cyber risk using any of the following methods or tools? Enterprise Risk Management (ERM) 42% Strategic Risk Management (SRM) 20% NIST cybersecurity framework 33% Software 32% Consultants 49% 24% 8
10 17) Which of the following has primary responsibility for cyber security within your organization? Risk management 5% Information security 42% Information technology 51% Privacy 1% Compliance 1% 18) Which individual within your company has primary accountability for cyber security? Risk manager 6% Chief information security officer 82% Chief risk officer 4% Chief privacy officer 3% Chief compliance officer 3% Attorney 2% 9
11 19) Which of the following methods does your company use to evaluate cyber security? In-house committee 58% Third party vendor 59% Risk assessments 75% Audit 51% 20) How much will your company spend to protect cyber security exposures in 2017? Less than $100,000 25% $100,000 $250,000 25% $250,000 $500,000 12% $500,000 $750,000 7% $750,000 $1,000,000 6% More than $1,000,000 26% 21) How does this amount compare to 2016? Increase compared to % Decrease compared to % Flat compared to % 19% 10
12 22) What will be your top cyber risk spending categories in 2017? (Please check all that apply) Employee education 50% Incident response 23% Scanning tools 52% Smart phone encryption software 13% Active monitoring and analysis of information security 71% Cyber insurance 52% Unauthorized use of access monitoring tools 28% Other 9% 23) Which aspect of cyber risk is most relevant to your company? Privacy issues 20% Loss of business 5% Reputational issues 27% Business interruption 24% Legal liability, fines, and penalties 13% Information security requirements 11% Other 1% 11
13 24) Do you think the federal government should mandate the reporting of cyber breaches? (U.S. repondents only) 47% 25% 28% SOME COMMENTS FROM RESPONDENTS: Only for publicly traded companies or organizations that are in industries critical to infrastructure. Even if reporting occurs, the government is not in any position to do anything about it. It s the only way to get people to disclose that they ve been breached. There must be significant fines for failing to do this. Only if the states back off their reporting requirements. 25) Do you think the federal government should mandate cyber security standards for companies? (U.S. repondents only) 34% 46% 19% SOME COMMENTS FROM RESPONDENTS: Only in certain sensitive industries like banking, healthcare, etc. I think there should be guidelines for companies that hold personal information such as credit cards, financial and medical information. Let the free market take care of companies that don t maintain a certain level of security. 12
14 26) Does your organization belong to an information sharing and analysis organization (or ISAO, as created by the Cybersecurity Information Sharing Act of 2015)? (U.S. respondents only) 24% 38% 38% DEMOGRAPHICS 1) Please identify your organization s industry. Other 19% Retail 4% Hospitality 3% Healthcare 5% Financial Services 10% Transportation 5% Industrial 0% Professional Services 4% Utilities 6% Manufacturing 15% Energy 4% Education 7% Government or n-profit 14% Information Technology 3% Telecommunications 1% 13
15 2) What is your organization s estimated annual revenue? US $0 $1 million 1% $1 million $10 million 1% $10 million $50 million 6% $50 million $100 million 5% $100 million $500 million 19% More than $1 billion 54% $500 million $1 billion 14% 3) How many total employees are in your organization? More than 25,000 16% % % % 15,000 25,000 9% 500 1,000 9% 10,000 15,000 6% 5,000 10,000 14% 1,000 5,000 32% 14
16 4) Does your company have international operations? (operations in more than one country) 54% 46% 5) What is your primary country of residence? Denmark 1% United Kingdom 1% Other 4% Canada 16% United States 80% 15
encrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?
Data Privacy According to statistics provided by the Data Breach Level Index, hackers and thieves are stealing more than 227,000 personal records per hour as of 2017, generally targeting customer information
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationCyber Attack: Is Your Business at Risk?
15 July 2017 Cyber Attack: Is Your Business at Risk? Stanley Wong Regional Head of Financial Lines, Asia Pacific Agenda Some common misconceptions by SMEs around cyber protection Cyber Claims and Industry
More informationCYBER RISK MANAGEMENT
CYBER RISK MANAGEMENT AND BEST PRACTICES Heather Fields, JD, CHC, CCEP (414) 298-8166 hfields@reinhartlaw.com 1000 North Water Street, Suite 1700, Milwaukee, WI 53202 www.reinhartlaw.com 0 Agenda Role
More informationCybersecurity and Nonprofit
Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit
More informationInstitute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI
Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO CHAPTER: @IIACHI #IIACHI WWW.FACEBOOK.COM/IIACHICAGO HTTPS://WWW.LINKEDIN.COM/GROUPS/1123977 1 CAE Communications and Common Audit Committee
More informationHIMSS 15 Doing Better Business in the Era of Data Security and Privacy
HIMSS 15 Doing Better Business in the Era of Data Security and Privacy Michael D. Stovsky, Esq. Partner and Chair, Innovations, Information Technology and IP Group Cleveland Columbus Indianapolis Philadelphia
More informationCyber Insurance: What is your bank doing to manage risk? presented by
Cyber Insurance: What is your bank doing to manage risk? David Kitchen presented by Lisa Micciche Today s Agenda Claims Statistics Common Types of Cyber Attacks Typical Costs Incurred to Respond to an
More informationThe Evolving Threat to Corporate Cyber & Data Security
The Evolving Threat to Corporate Cyber & Data Security Presented by: Sara English, CIPP/US Sara.English@KutakRock.com 1 http://blogs.wsj.com/law/2015/12/09/employee error leading cause of data breaches
More informationCYBERSECURITY PREPAREDNESS AND RESPONSE
A MIDDLE MARKET RISK MANAGEMENT PERSPECTIVE Sponsored by THE HARTFORD by Josh Bradford, Senior Editor, Specialty Editorial TABLE OF CONTENTS Survey Overview Pg. 1 Key Findings Pg. 2 Cyber Risk: A Self-Assessment
More informationTIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE
TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,
More informationNYDFS Cybersecurity Regulations
SPEAKERS NYDFS Cybersecurity Regulations Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com www.huntonprivacyblog.com March 9, 2017 The Privacy Team at Hunton & Williams Over 30 privacy
More informationNYDFS Cybersecurity Regulations: What do they mean? What is their impact?
June 13, 2017 NYDFS Cybersecurity Regulations: What do they mean? What is their impact? Gus Coldebella Principal, Boston Caroline Simons Principal, Boston Agenda 1) Overview of the new regulations 2) Assessing
More informationMastering Data Privacy, Social Media, & Cyber Law
Mastering Data Privacy, Social Media, & Cyber Law Data Breach Notification and Cybersecurity Developments Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy Professional/US 1 State
More information2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly
2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly please download the guide at https://otalliance.org/incident 2017 Cyber Incident & Breach Readiness Webinar Craig Spiezle Executive Director
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationUnderstanding Cyber Insurance & Regulatory Drivers for Business Continuity
Understanding Cyber Insurance & Regulatory Drivers for Business Continuity Lily Yeoh, CISSP, CBCP lily@cb1security.com https://www.cb1security.com Agenda BC/DR Business Drivers Recent Regulatory & Cyber
More informationRobert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group
Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group Presentation Objectives Introductions Cyber security context Cyber security in the maritime sector Developing cybersecurity
More informationUpcoming PIPEDA Changes What is changing and what to do about it
Upcoming PIPEDA Changes What is changing and what to do about it Danny Pehar Global Television Cyber Security Expert 02 Danny Pehar Put Text Here This slide is 100% editable. Adapt it to your needs and
More informationCybersecurity 2016 Survey Summary Report of Survey Results
Introduction In 2016, the International City/County Management Association (ICMA), in partnership with the University of Maryland, Baltimore County (UMBC), conducted a survey to better understand local
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationPrivacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information
Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.
More informationWhat can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco
What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco Increasing Digital Traffic Creates a Greater Attack Surface Global IP Traffic
More informationGive Me 5 Understanding Cyber Security Part 1: How Cyber Security is Impacting Your Business
Give Me 5 Understanding Cyber Security Part 1: How Cyber Security is Impacting Your Business Women Impacting Public Policy (WIPP) is a nonprofit, membership organization working to increase the economic
More informationBringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016
Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus September 9 th 2016 Dirk Lybaert Chief Group Corporate Affairs We constantly keep people connected to the
More informationDon t Be the Next Headline! PHI and Cyber Security in Outsourced Services.
Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services. June 2017 Melanie Duerr Fazzi Associates Partner, Director of Coding Operations Jami Fisher Fazzi Associates Chief Information
More informationCYBERSECURITY AND THE MIDDLE MARKET
CYBERSECURITY AND THE MIDDLE MARKET The Importance of Cybersecurity and How Middle Market Companies Manage Cyber Risks IN COLLABORATION WITH 2 Concerns about cybersecurity are not matched by plans. IMPORTANCE
More informationDeveloping Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?
Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite? Minnesota RIMS 39 th Annual Seminar Risk 2011-2012: Can You Hack
More informationDeMystifying Data Breaches and Information Security Compliance
May 22-25, 2016 Los Angeles Convention Center Los Angeles, California DeMystifying Data Breaches and Information Security Compliance Presented by James Harrison OM32 5/25/2016 3:00 PM - 4:15 PM The handouts
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationMOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner
MOBILE SECURITY 2017 SPOTLIGHT REPORT Group Partner Information Security PRESENTED BY OVERVIEW Security and privacy risks are on the rise with the proliferation of mobile devices and their increasing use
More informationThe Role of the Data Protection Officer
The Role of the Data Protection Officer Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 28 July 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC consultant Infrastructure services
More informationHow will cyber risk management affect tomorrow's business?
How will cyber risk management affect tomorrow's business? The "integrated" path towards continuous improvement of information security Cyber Risk as a Balance Sheet Risk exposing Board and C-Levels 2018
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More information2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE
2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE February 2014 Sponsored by: 2014 Network Security & Cyber Risk Management:
More informationHow to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016
How to Respond to a HIPAA Breach Tuesday, Oct. 25, 2016 This Webinar is Brought to You By. About HealthInsight and Mountain-Pacific Quality Health HealthInsight and Mountain-Pacific Quality Health are
More informationCOPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1
COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1 Worldwide Infrastructure Security Report Highlights Volume XIII C F Chui, Principal Security Technologist COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 2 Overview This presentation
More informationAchieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs)
Achieving Cyber-Readiness through Information Sharing Analysis Organizations (ISAOs) Florida Hospital Association Welcome! John Wilgis Director, Emergency Management Services Florida Hospital Association
More informationRobert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe
Respecting Privacy, Securing Data and Enabling Trust a view from Europe Robert Bond, Partner & Notary Public Robert Bond Robert Bond has nearly 40 years' experience in advising national and international
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationPULSE TAKING THE PHYSICIAN S
TAKING THE PHYSICIAN S PULSE TACKLING CYBER THREATS IN HEALTHCARE Accenture and the American Medical Association (AMA) surveyed U.S. physicians regarding their experiences and attitudes toward cybersecurity.
More informationThe Data Breach: How to Stay Defensible Before, During & After the Incident
The Data Breach: How to Stay Defensible Before, During & After the Incident Alex Ricardo Beazley Insurance Breach Response Services Lynn Sessions Baker Hostetler Partner Michael Bazzell Computer Security
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationHow to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model
How to Optimize Cyber Defenses through Risk-Based Governance Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model The Goal: Risk-Based Operationalization Incident Management IT/IS
More informationEXECUTIVE SUMMARY JUNE 2016 Multifamily and Cybersecurity: The Threat Landscape and Best Practices
Multifamily and Cybersecurity: The Threat Landscape and Best Practices By CHRISTOPHER G. CWALINA, ESQ., KAYLEE A. COX, ESQ. and THOMAS H. BENTZ, JR., ESQ. HOLLAND & KNIGHT Overview Cyber policy is critical
More informationA Global Look at IT Audit Best Practices
A Global Look at IT Audit Best Practices 2015 IT Audit Benchmarking Survey March 2015 Speakers Kevin McCreary is a Senior Manager in Protiviti s IT Risk practice. He has extensive IT audit and regulatory
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationEmerging Technologies The risks they pose to your organisations
Emerging Technologies The risks they pose to your organisations 10 June 2016 Digital trends are fundamentally changing the way that customers behave and companies operate Mobile Connecting people and things
More informationEU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know
EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know The General Data Protection Regulation (GDPR) The eprivacy Regulation (epr) The Network and Information Security Directive
More informationManaging Cybersecurity Risk
Managing Cybersecurity Risk Maureen Brundage Andy Roth August 9, 2016 Managing Cybersecurity Risk Cybersecurity: The Current Legal and Regulatory Environment Cybersecurity Governance: Considerations for
More informationCyber Risks, Coverage, and the Board of Directors.
Cyber Risks, Coverage, and the Board of Directors PCI Northeastern General Counsel Seminar September 19-20, 2016 Vincent J. Vitkowsky Seiger Gfeller Laurie LLP vvitkowsky@sgllawgroup.com CYBER RISKS and
More informationCybersecurity and Hospitals: A Board Perspective
Cybersecurity and Hospitals: A Board Perspective Cybersecurity is an important issue for both the public and private sector. At a time when so many of our activities depend on information systems and technology,
More informationHong Kong s Personal Data (Privacy) Ordinance
Asia Privacy Bridge Forum 11 May 2016 Hong Kong s Personal Data (Privacy) Ordinance Fanny Wong Deputy Privacy Commissioner for Personal Data Hong Kong, China The Personal Data Landscape in Asia 2011 2003
More informationTHE SIXTH ANNUAL SURVEY ON THE CURRENT SECURITY AND CYBER RISK MANAGEMENT THE SEVENTH ANNUAL SURVEY ON THE CURRENT STATE OF AND TRENDS IN INFORMATION
INFORMATION SECURITY AND CYBER RISK MANAGEMENT INFORMATION SECURITY AND THE SIXTH ANNUAL SURVEY ON THE CURRENT STATE OF AND TRENDS IN INFORMATION CYBER RISK MANAGEMENT SECURITY AND CYBER RISK MANAGEMENT
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationIntelligent Building and Cybersecurity 2016
Intelligent Building and Cybersecurity 2016 Landmark Research Executive Summary 2016, Continental Automated Buildings Association Presentation Contents 1. About CABA, Compass Intelligence & This Research
More informationAIRMIC ENTERPRISE RISK MANAGEMENT FORUM
AIRMIC ENTERPRISE RISK MANAGEMENT FORUM Date 10 November 2016 Name Nick Gibbons Position, PARTNER BLM T: 0207 457 3567 E: Nick.Gibbons@blmlaw.com SUMMARY Cyber crime is now a daily reality Every business
More informationCyber Security in Smart Commercial Buildings 2017 to 2021
Smart Buildings Cyber Security in Smart Commercial Buildings 2017 to 2021 Published: Q2 2017 Cyber Security in Smart Buildings Synopsis 2017 This report will help all stakeholders and investors in the
More informationState of Cloud Survey GERMANY FINDINGS
2011 State of Cloud Survey GERMANY FINDINGS CONTENTS Executive Summary... 4 Methodology... 6 Finding 1: Cloud security is top goal and top concern.................................. 8 Finding 2: IT staff
More informationData Breach Notification: what EU law means for your information security strategy
Data Breach Notification: what EU law means for your information security strategy Olivier Proust December 8, 2011 Hunton & Williams LLP Key points 1. Introduction 2. Overview of data breach requirements
More informationHIPAA How to Comply with Limited Time & Resources. Jonathan Pantenburg, MHA, Senior Consultant August 17, 2017
HIPAA How to Comply with Limited Time & Resources Jonathan Pantenburg, MHA, Senior Consultant JPantenburg@Stroudwater.com August 17, 2017 Stroudwater Associates is a leading national healthcare consulting
More informationWhat is ISO ISMS? Business Beam
1 Business Beam Contents 2 Your Information is your Asset! The need for Information Security? About ISO 27001 ISMS Benefits of ISO 27001 ISMS 3 Your information is your asset! Information is an Asset 4
More informationJeff Wilbur VP Marketing Iconix
2016 Data Protection & Breach Readiness Guide February 3, 2016 Craig Spiezle Executive Director & President Online Trust Alliance Jeff Wilbur VP Marketing Iconix 1 Who is OTA? Mission to enhance online
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationEU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?
EU GDPR and Email The EU General Data Protection Regulation (GDPR) is the new legal framework governing the use of the personal data of European Union (EU) citizens across all EU markets. It replaces existing
More informationAnatomy of a Data Breach: A Practical Guide for Small Law Departments
Anatomy of a Data Breach: A Practical Guide for Small Law Departments Judy Branzelle is the Chief Legal Officer and General Counsel for Goodwill Industries International, Inc. where she has been employed
More informationPerforming a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH
Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH 1 Speaker Bio Katie McIntosh, CISM, CRISC, CISA, CIA, CRMA, is the Cyber Security Specialist for Central Hudson Gas &
More informationSEC Key Considerations for Public Companies for Mitigating and Disclosing Cybersecurity Risks
SEC Key Considerations for Public Companies for Mitigating and Disclosing Cybersecurity Risks By Richard A. Blunk (Thermopylae Ventures, LLC) and Apprameya Iyengar (Morrison Cohen LLP) The SEC has continued
More informationThe HIPAA Omnibus Rule
The HIPAA Omnibus Rule What You Should Know and Do as Enforcement Begins Rebecca Fayed, Associate General Counsel and Privacy Officer Eric Banks, Information Security Officer 3 Biographies Rebecca C. Fayed
More informationPeople risk. Capital risk. Technology risk
Decode secure. People risk Capital risk Technology risk Cybersecurity needs a new battle plan. A better plan that deals with the full spectrum of your company s cybersecurity not just your technology.
More informationTop Five Privacy and Data Security Issues for Nonprofit Organizations
Top Five Privacy and Data Security Issues for Nonprofit Organizations Julia K. Tama, Esq. Jeffrey S. Tenenbaum, Esq. Association of Corporate Counsel Nonprofit Organizations Committee Legal Quick Hit MAY
More informationDisruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise
Disruptive Technologies Legal and Regulatory Aspects 16 May 2017 Investment Summit - Swiss Gobal Enterprise Legal and Regulatory Framework in Switzerland Legal and regulatory Framework: no laws or provisions
More informationEvaluating Cybersecurity Coverage A Maturity Model. Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium
Discussion on: Evaluating Cybersecurity Coverage A Maturity Model Presented to: ISACA Charlotte Chapter Vision for IT Audit 2020 Symposium By: Eric C. Lovell PricewaterhouseCoopers LLP ( PwC ) March 24,
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationTAN Jenny Partner PwC Singapore
1 Topic: Cybersecurity Risks An Essential Audit Consideration TAN Jenny Partner PwC Singapore PwC Singapore is honoured to be invited to contribute to the development of this guideline. Cybersecurity Risks
More informationThe Cyber War on Small Business
The Cyber War on Small Business Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Meet Our Speaker Dillon Behr Executive Lines Broker Risk Placement Services, Inc. Previously worked as Cyber
More informationNORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers
Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.
More informationPutting It All Together:
Putting It All Together: The Interplay of Privacy & Security Regina Verde, MS, MBA, CHC Chief Corporate Compliance & Privacy Officer University of Virginia Health System 2017 ISPRO Conference October 24,
More informationCyber Security in M&A. Joshua Stone, CIA, CFE, CISA
Cyber Security in M&A Joshua Stone, CIA, CFE, CISA Agenda About Whitley Penn, LLP The Threat Landscape Changed Cybersecurity Due Diligence Privacy Practices Cybersecurity Practices Costs of a Data Breach
More informationFROM TACTIC TO STRATEGY:
FROM TACTIC TO STRATEGY: The CDW-G 2011 Cloud Computing Tracking Poll 2011 CDW Government LLC TABLE OF CONTENTS Introduction 3 Key findings 4 Planning for the cloud 16 Methodology and demographics 19 Appendix
More informationAltitude Software. Data Protection Heading 2018
Altitude Software Data Protection Heading 2018 How to prevent our Contact Centers from Data Leaks? Why is this a priority for Altitude? How does it affect the Contact Center environment? How does this
More informationLCU Privacy Breach Response Plan
LCU Privacy Breach Response Plan Sept 2018 Prevention Communication & Notification Evaluation of Risks Breach Containment & Preliminary Assessment Introduction The Credit Union makes every effort to safeguard
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationProtecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014
Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented
More informationChoosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist
Choosing the Right Cybersecurity Assessment Tool Michelle Misko, TraceSecurity Product Specialist Agenda Industry Background Cybersecurity Assessment Tools Cybersecurity Best Practices 2 Cybersecurity
More informationSecurity Breaches: How to Prepare and Respond
Security Breaches: How to Prepare and Respond BIOS SARAH A. SARGENT Sarah is a CIPP/US- and CIPP/E-certified attorney at Godfrey & Kahn S.C. in Milwaukee, Wisconsin. She specializes in cybersecurity and
More informationGDPR: The Day After. Pierre-Luc REFALO
GDPR: The Day After Pierre-Luc REFALO The speaker: Pierre-Luc REFALO Global Head of Strategic Cybersecurity Consulting 25+ years in Information & Cyber Security consultancy CISO for SFR & Vivendi Universal
More informationPublic vs private cloud for regulated entities
Public vs private cloud for regulated entities DC2: Restricted use The cloud is for everyone but not for everything 2 Opportunity enabler DC2: Restricted use Flexibility SAAS Public Accessibility Agility
More information2014 NETWORK SECURITY & CYBER RISK MANAGEMENT:
2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: A SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN THE ASIA-PACIFIC REGION April 2014 Sponsored by: 2014 NETWORK SECURITY & CYBER RISK MANAGEMENT:
More informationA Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions
May 2018 TMT INSIGHTS From the Debevoise Technology, Media & Telecommunications Practice A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions Companies in the technology, media
More informationIntroduction. Angela Holzworth, RHIA, CISA, GSEC. Kimberly Gray, Esq., CIPP/US. Sr. IT Infrastructure Analyst
Introduction Angela Holzworth, RHIA, CISA, GSEC Sr. IT Infrastructure Analyst Kimberly Gray, Esq., CIPP/US Chief Privacy Officer, Global, IMS Health 1 Incorporating Privacy into the CSF: Approach and Benefits
More informationCybersecurity in Higher Ed
Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,
More informationCYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services
0 CYBER SECURITY WORKSHOP NOVEMBER 2, 2016 Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services VIDEO: CAN IT HAPPEN TO ME? 1 2 AGENDA CYBERSECURITY WHY SUCH A BIG DEAL? INFORMATION
More informationOn the Radar: IBM Resilient applies incident response orchestration to GDPR data breaches
On the Radar: IBM Resilient applies incident response orchestration to GDPR data breaches An incident response orchestration platform tailored to GDPR breach management needs Publication Date: 24 Oct 2018
More information74% 2014 SIEM Efficiency Report. Hunting out IT changes with SIEM
2014 SIEM Efficiency Report Hunting out IT changes with SIEM 74% OF USERS ADMITTED THAT DEPLOYING A SIEM SOLUTION DIDN T PREVENT SECURITY BREACHES FROM HAPPENING Contents Introduction 4 Survey Highlights
More informationCloud Communications for Healthcare
Cloud Communications for Healthcare Today, many powerful business communication challenges face everyone in the healthcare chain including clinics, hospitals, insurance providers and any other organization
More informationFirst aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018
First aid toolkit for the management of data breaches Mary Deligianni Senior Associate 15 February 2018 What is a personal data breach? Breach of security which leads to the accidental or unlawful destruction,
More informationThis Webcast Will Begin Shortly
This Webcast Will Begin Shortly If you have any technical problems with the Webcast or the streaming audio, please contact us via email at: webcast@acc.com Thank You! 1 Cybersecurity Changing Landscape
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationCERT Symposium: Cyber Security Incident Management for Health Information Exchanges
Pennsylvania ehealth Partnership Authority Pennsylvania s Journey for Health Information Exchange CERT Symposium: Cyber Security Incident Management for Health Information Exchanges June 26, 2013 Pittsburgh,
More information