Anticipating the wider business impact of a cyber breach in the health care industry

Size: px
Start display at page:

Download "Anticipating the wider business impact of a cyber breach in the health care industry"

Transcription

1 Anticipating the wider business impact of a cyber breach in the health care industry John Gelinne, Director Cyber Risk Services Deloitte & Touche LLP jgelinne@deloitte.com commodore_22 Hector Calzada, Director Financial Advisory Services Deloitte & Touche LLP hcalzada@deloitte.com

2 Agenda Impacts of a cyberattack A method to better anticipate cyberattack impacts Preliminary findings from a health plan scenario Key takeaways / connecting the dots / becoming more resilient

3 Why this topic is important Cyberattacks when. not if. Organizations should operate on the premise that despite the best defenses, cyber incidents will occur. To minimize damage organizations need to be adequately prepared. Being prepared starts with a clear picture of what could happen. Anticipating the financial impact (to include duration) can help leaders determine: How much cyber risk they are willing to accept; How much, and where to invest, in efforts to be secure, vigilant, and resilient.

4 Innovations in the health care industry lead to increased cyber risk Increased sharing: the new normal Population health/ New care models Consumerism New technologies and services with demand for increased integration to external organizations (e.g., accountable care organization, heath information exchange) New models of care delivery and market consolidation means new regulatory rules and new players to assist in privacy compliance and securing access. Inherited cyber risks associated with mergers and acquisition The rise of consumer-supporting technologies further increase security, compliance, and cyber risk, and access issues. (e.g., mobile, direct to consumer applications, direct access to electronic medical records access)

5 Impact of cyberattacks: common assumptions Direct costs commonly associated with data breaches: Patient/member breach notification Post-breach patient/member protection Regulatory compliance costs Public relations costs Attorney fees and litigation Cybersecurity improvements Cost of lost customers or members

6 Impact of cyberattacks: common assumptions Direct costs commonly associated with data breaches: Patient/member breach notification Post-breach patient/member protection Regulatory compliance costs Public relations costs Attorney fees and litigation Cybersecurity improvements Cost of lost customers or members Challenges: With typical data breaches, there is a tendency to underestimate: how long it takes to recover; the breadth of the impact. It can also be difficult to anticipate intangible costs, such as brand or reputation damage.

7 An attack can be more than the loss of PHI/PII What if intellectual property or strategic information are stolen? What if critical services or processes are disrupted? What if third-party party vendors are compromised?

8 A narrow lens on cyberattacks can leave you unprepared for the broader potential costs Above the surface: Patient/member breach notification Post-breach patient/member protection Regulatory compliance costs Public relations costs Attorney fees and litigation Cybersecurity improvements Cost of lost customers Below the surface: Impact to current contracts Devaluation of trade name Loss of intellectual property (IP) Impact of operational disruption and/or destruction Insurance premium increases Increased cost to raise debt

9 Magnitude ofcosts and unprepared for the duration of recovery efforts Costs are incurred and impacts are felt over years, in several phases Incident triage Analyze and take immediate steps to stop compromises in progress Impact management Minimize and address the direct consequences of the incident Business recovery Repair damage to the business and prevent occurrence of future incidents Impact over time

10 Anticipating and quantifying cyberattack impact Model a likely cyberattack scenario What could happen? Identify how the organization could be impacted How could it affect us? Mitigate potential impacts through riskfocused investment How can we prepare?

11 Estimating financial impact of the attack Deriving cost and duration data Leveraged experience helping companies recover from major cyberattacks Developed fictitious profiles and scenarios based on industry knowledge Used publicly available information on similar companies as benchmark data to derive factors used in direct cost and valuation equations Calculating direct costs Relatively simple to approximate based on publicly available information Leveraged existing studies Customer protection programs Legal costs PR costs Customer notification Regulatory fines

12 Estimating financial impact of the attack Calculating intangible impacts Applying professional judgement, accepted financial modeling methods Reasonable assumptions in the absence of detailed, actual data Financial impact is associated with a specific point in time Lost contracts Devaluation of trade name Loss of IP Lost value of customer relationships Increased cost to raise debt

13 Illustrating the impact of a cyber attack (Health Plan CompanyX ) $60B Revenue (annually) 23.5 million customers 60% through employer contracts 50,000 employees Seek to raise $1B to acquire a health system in the future Open enrollment November January IR Response rated 2.0 on CMMI scale

14 CompanyX - cyber attack scenario Cyber criminals steal a laptop from CompanyX s health care analytics software vendor 1 Days later, CompanyX is notified by a client that PHI of some of its employees is on the dark web. CompanyX confirms 2.8 PHI records exposed 3 Increases in patient record downloads are detected and CompanyX is unable to confirm that the increased usage was authorized 5 The system is kept offline while the incident is investigated, user accounts re-issued and new application and system controls put in place 7 While offline, physicians must rely on less effective alternatives for key medical alerts 2 Hackers access companies integrated health care application and reverseengineer the software, creating a large number of false user IDs 4CompanyX notes an increase in account registrations and usage of its integrated health care application used by physicians 6 Concerns related to the lost laptop and increased downloads, CompanyX shuts down physician access to the integrated health care application Along with unknown financial considerations associated with their choices of care

15 Findings (CompanyX)

16 Key takeaways 1 Costs associated with typical data breaches may only be the tip of the iceberg 2 Modeling a cyberattack provides a more accurate picture of the true cost of the incident 3 Triage is costly, but the long term impacts can be costlier 4 Incident response is not primarily a technical effort 5 A balanced, guided investment strategy in cyber security before a breach occurs can mitigate longer term impacts

17 Connecting the dots Cybersecurity programs tend to focus on the threats, vulnerabilities and probability. But often times, not enough attention is paid to the true damages a particular type of cyberattack can cause. By looking realistically at potential costs, business leaders can right-size investments to better protect their most valuable assets. How likely is that type of attack? What are the threats? What is the business impact? Where are our vulnerabilities?

18 Becoming more resilient 1 Involve the right team both technical and business leaders 2 Focus on top business risk areas and assets 4 3 Right-size spend to help reduce the frequency of cyber incidents and their impact Adjust your program to be secure, vigilant, and resilient 5 Continually improve adopt a regimen of sustained resilience

19 Contact info John Gelinne Director Deloitte Advisory Deloitte & Touche LLP Cyber Risk Services commodore_22 Hector Calzada Director Deloitte Advisory Deloitte & Touche LLP +1 (404) Anticipating the wider business impact of a cyber breach in the Health Care Industry Copyright 2016 Deloitte Development LLC. All rights reserved.

20 This presentation contains general information only and Deloitte is not, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. In addition, this presentation contains the results of a survey conducted by Deloitte. The information obtained during the survey was taken as is and was not validated or confirmed by Deloitte. Deloitte shall not be responsible for any loss sustained by any person who relies on this presentation. As used in this document, Deloitte Advisory means Deloitte & Touche LLP, which provides audit and enterprise risk services; Deloitte Financial Advisory Services LLP, which provides forensic, dispute, and other consulting services; and its affiliate, Deloitte Transactions and Business Analytics LLP, which provides a wide range of advisory and analytics services. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. These entities are separate subsidiaries of Deloitte LLP. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting

21 About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu, Limited privateuka company limited guaranteeby networkits,( DTTL ) memberof relatedtheirand, firms entities. DTTL and each of its member firms are legally separate independentand. entities referredalso )DTTL Deloitte asto ( Global does providenot services Please. clientsto see for a detailed description of DTTL and its member firms. Please see for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright 2016 Deloitte Development LLC. All rights reserved. 36 USC Member of Deloitte Touche Tohmatsu Limited

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust

Managing Cyber Risk. Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust Managing Cyber Risk Robert Entin Executive Vice President Chief Information Officer Vornado Realty Trust Adam Thomas Principal Cyber Risk Services Deloitte & Touche LLP Give Us Your Feedback for this Session!

More information

Building and Testing an Effective Incident Response Plan

Building and Testing an Effective Incident Response Plan 14th Annual Building and Testing an Effective Incident Response Plan John Gelinne Deloitte & Touche LLP jgelinne@deloitte.com www.linkedin.com/in/jgelinne No battle plan ever survives contact with the

More information

Cyber Security Incident Response Fighting Fire with Fire

Cyber Security Incident Response Fighting Fire with Fire Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the

More information

Real estate predictions 2017 What changes lie ahead?

Real estate predictions 2017 What changes lie ahead? Real estate predictions 2017 What changes lie ahead? Cyber Risk 2017. For information, contact Deloitte Consultores, S.A. Real Estate Predictions 2017 2 Cyber Risk Rising cyber risk in real estate through

More information

Headline Verdana Bold

Headline Verdana Bold Headline Verdana Bold Federal Banking Agencies Issue Proposal on Cyber Risk Management Standards Standards would require largest institutions to enhance operational resilience October 2016 Executive summary

More information

From Dabbling to Doing The Age of the Intuitive Enterprise

From Dabbling to Doing The Age of the Intuitive Enterprise GMA Executive Forum From Dabbling to Doing The Age of the Intuitive Enterprise The Clorox Company Unilever Deloitte Consulting LLP please welcome our panelists Frank Tataseo EVP, New Business Development

More information

Emerging Technologies The risks they pose to your organisations

Emerging Technologies The risks they pose to your organisations Emerging Technologies The risks they pose to your organisations 10 June 2016 Digital trends are fundamentally changing the way that customers behave and companies operate Mobile Connecting people and things

More information

Cyber Risk and Networked Medical Devices

Cyber Risk and Networked Medical Devices Cyber Risk and Networked Medical Devices Hot Topics Deloitte & Touche LLP February 2016 Copyright Scottsdale Institute 2016. All Rights Reserved. No part of this document may be reproduced or shared with

More information

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance

The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance The HIPAA Security & Privacy Rule How Municipalities Can Prepare for Compliance Russell L. Jones Partner Health Sciences Sector Deloitte & Touche LLP Security & Privacy IMLA 2013 Annual Conference San

More information

Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report. November 19, 2015

Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report. November 19, 2015 Standing Together for Financial Industry Resilience Quantum Dawn 3 After-Action Report November 19, 2015 Table of contents Background Exercise objectives Quantum Dawn 3 (QD3) cyberattack scenario QD3 results

More information

Building Resilience to Denial-of-Service Attacks

Building Resilience to Denial-of-Service Attacks Building Resilience to Denial-of-Service Attacks Building resilience to denial-of-service attacks Traditionally, organizations have relied on disaster recovery (DR) solutions to provide protection from

More information

The New Healthcare Economy is rising up

The New Healthcare Economy is rising up The New Healthcare Economy is rising up February 2017 The ever-rising costs of healthcare are fostering innovative solutions and disruptive business models Cybersecurity concerns come to medical technology

More information

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach Customer Breach Support A Deloitte managed service Notifying, supporting and protecting your customers through a data breach Customer Breach Support Client challenges Protecting your customers, your brand

More information

Risk-based security in practice Turning information into smart screening. October 2014

Risk-based security in practice Turning information into smart screening. October 2014 Risk-based security in practice Turning information into smart screening October 2014 Organizations charged with securing our society s vital functions transit, commerce, communication have expansive missions

More information

Spiros Angelopoulos Principal Solutions Architect ForgeRock. Debi Mohanty Senior Manager Deloitte & Touche LLP

Spiros Angelopoulos Principal Solutions Architect ForgeRock. Debi Mohanty Senior Manager Deloitte & Touche LLP Debi Mohanty Senior Manager Deloitte & Touche LLP Multi-factor (MFA) Authentication September 2018 Spiros Angelopoulos Principal Solutions Architect ForgeRock MFA Evolved Authentication Spiros Angelopoulos

More information

Are we breached? Deloitte's Cyber Threat Hunting

Are we breached? Deloitte's Cyber Threat Hunting Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the

More information

The Deloitte-NASCIO Cybersecurity Study Insights from

The Deloitte-NASCIO Cybersecurity Study Insights from The Deloitte-NASCIO Cybersecurity Study Insights from 2010-2016 August 21, 2018 Srini Subramanian State Government Sector Leader Deloitte Erik Avakian CISO Pennsylvania Michael Roling CISO Missouri Meredith

More information

Cybersecurity Fortification Initiative (CFI) infrastructure whitepaper

Cybersecurity Fortification Initiative (CFI) infrastructure whitepaper Cybersecurity Fortification Initiative (CFI) infrastructure whitepaper Recently, Cybersecurity Fortification Initiative (CFI) have been a hot topic in the Hong Kong banking industry and financial institutions

More information

Standing Together for Financial Industry Resilience Quantum Dawn IV after-action report June 2018

Standing Together for Financial Industry Resilience Quantum Dawn IV after-action report June 2018 Standing Together for Financial Industry Resilience Quantum Dawn IV after-action report June 2018 Contents Background 3 Exercise objectives 4 Day 1 Cyber-range exercise 5 Day 2 Cyberattack scenario 6-7

More information

Sustainable Security & Compliance Solutions NSAA IT Conference & Workshop Copyright 2016 Terra Verde, LLC. All rights reserved.

Sustainable Security & Compliance Solutions NSAA IT Conference & Workshop Copyright 2016 Terra Verde, LLC. All rights reserved. Sustainable Security & Compliance Solutions 2016 NSAA IT Conference & Workshop 9-21-2016 FAST FACTS Founded in 2008 by Cyber Security, Risk, Compliance Executives & Experts Headquartered in Phoenix Arizona

More information

Webcast title in Verdana Regular

Webcast title in Verdana Regular Medical devices and the Internet of Things: A threelayer defense against cyber threats Webcast title in Verdana Regular The Dbriefs Industries series Veronica Lim, Principal, Deloitte & Touche LLP Russell

More information

The value of visibility. Cybersecurity risk management examination

The value of visibility. Cybersecurity risk management examination The value of visibility Cybersecurity risk management examination Welcome to the "new normal" Cyberattacks are inevitable. In fact, it s no longer a question of if a breach will occur but when. Cybercriminals

More information

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016

Data Protection. Practical Strategies for Getting it Right. Jamie Ross Data Security Day June 8, 2016 Data Protection Practical Strategies for Getting it Right Jamie Ross Data Security Day June 8, 2016 Agenda 1) Data protection key drivers and the need for an integrated approach 2) Common challenges data

More information

CFOs in a new global environment Sandy Cockrell, Deloitte

CFOs in a new global environment Sandy Cockrell, Deloitte CFOs in a new global environment Sandy Cockrell, Deloitte CFOs in a new global environment 1 2 3 Background The CFO role CFOs Challenges Where does our data come from? How is the CFO role evolving in the

More information

Internet of Things (IoT) Securing the Connected Ecosystem

Internet of Things (IoT) Securing the Connected Ecosystem Internet of Things (IoT) Securing the Connected Ecosystem June 2018 Making sense of the buzzwords: What is the Internet of Things Internet of Things (IoT) refers to a world of intelligent, connected devices

More information

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action 2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action April 11, 2018 Contact Information Casie D. Collignon Partner Denver 303.764.4037 ccollignon@bakerlaw.com

More information

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response Cyber Incident Response Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response 1 2 Today, no Canadian business is immune from a potential attack. It s no longer

More information

Vulnerability Management. June Risk Advisory

Vulnerability Management. June Risk Advisory June 2018 Risk Advisory Contents A Better Way To Manage Vulnerabilities 4 Business Challenge 6 Vulnerability Management as a Service 7 Robust Service Architecture 8 Our Differentiators 9 Vulnerability

More information

Cybersecurity The Evolving Landscape

Cybersecurity The Evolving Landscape Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG

More information

The hidden cost of smart buildings

The hidden cost of smart buildings Real estate The hidden cost of smart buildings Cybersecurity Risk Understanding cyber risk for asset managers and owners November 2017 Contents Section Page Asset management issues for boards 01 Smart

More information

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers Identify Protect Detect Respond Recover Identify: Risk Assessments & Management 1. Risk assessments are conducted frequently (e.g. annually, quarterly). 2. Cybersecurity is included in the risk assessment.

More information

Cybersecurity and the role of internal audit An urgent call to action

Cybersecurity and the role of internal audit An urgent call to action Cybersecurity and the role of internal audit An urgent call to action The threat from cyberattacks is significant and continuously evolving. One estimate suggests that cybercrime could cost businesses

More information

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager 2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager NIST Cybersecurity Framework (CSF) Executive Order 13636 Improving Critical Infrastructure Cybersecurity tasked the National

More information

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient? Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY

More information

mhealth SECURITY: STATS AND SOLUTIONS

mhealth SECURITY: STATS AND SOLUTIONS mhealth SECURITY: STATS AND SOLUTIONS www.eset.com WHAT IS mhealth? mhealth (also written as m-health) is an abbreviation for mobile health, a term used for the practice of medicine and public health supported

More information

Cloud Computing Overview. The Business and Technology Impact. October 2013

Cloud Computing Overview. The Business and Technology Impact. October 2013 Cloud Computing Overview The Business and Technology Impact October 2013 Cloud Computing offers new types of IT services and models On-demand self-service Rapid elasticity Pay per use Increase Agility

More information

Cyber Espionage A proactive approach to cyber security

Cyber Espionage A proactive approach to cyber security Cyber Espionage A proactive approach to cyber security #DeloitteRA To mitigate the risks of advanced cyber threats, organisations should enhance their capabilities to proactively gather intelligence and

More information

Risk Advisory Academy Training Brochure

Risk Advisory Academy Training Brochure Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty

More information

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services 0 CYBER SECURITY WORKSHOP NOVEMBER 2, 2016 Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services VIDEO: CAN IT HAPPEN TO ME? 1 2 AGENDA CYBERSECURITY WHY SUCH A BIG DEAL? INFORMATION

More information

Technical Resilience Building the always-on enterprise with Deloitte Advisory and Amazon Web Services

Technical Resilience Building the always-on enterprise with Deloitte Advisory and Amazon Web Services Technical Resilience Building the always-on enterprise with Deloitte Advisory and Amazon Web Services Organizations spend millions of dollars on disaster recovery (DR) solutions that rely on tight interconnectivity,

More information

MassMEDIC s 21st Annual Conference

MassMEDIC s 21st Annual Conference MassMEDIC s 21st Annual Conference Panel Discussion Moderators: William Greenrose and Mutahar Shamsi, Deloitte & Touche LLP May 3, 2017 Three critical regulatory issues facing MedTech Implementing the

More information

Agenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved.

Agenda. Security essentials. Year in review. College/university challenges. Recommendations. Agenda RSM US LLP. All Rights Reserved. Agenda Agenda Security essentials Year in review College/university challenges Recommendations 2 About me Matt Franko Director, Risk Advisory Services matthew.franko@rsmus.com (216) 927-8224 11+ years

More information

Cyber Security: Are digital doors still open?

Cyber Security: Are digital doors still open? Cyber Security: Are digital doors still open? Introduction Security is becoming a rapidly evolving and complex issue that various organizations are contending with today. It continues to be one of the

More information

Cyber Risks in the Boardroom Conference

Cyber Risks in the Boardroom Conference Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks

More information

Deloitte Discovery Caribbean & Bermuda Countries Guide

Deloitte Discovery Caribbean & Bermuda Countries Guide Deloitte Discovery Caribbean & Bermuda Countries Guide Deloitte Discovery Caribbean & Bermuda Countries Guide Caribbean & Bermuda Countries Our Region Deloitte CBC primarily serves businesses located or

More information

Cybersecurity in Higher Ed

Cybersecurity in Higher Ed Cybersecurity in Higher Ed 1 Overview Universities are a treasure trove of information. With cyber threats constantly changing, there is a need to be vigilant in protecting information related to students,

More information

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager, Deloitte & Touche LLP 1 Speaker Introduction Sanjeev

More information

Autobot - IoT enabled security. For Private circulation only October Risk Advisory

Autobot - IoT enabled security. For Private circulation only October Risk Advisory For Private circulation only October 2018 Risk Advisory Table of contents Background 02 Common Challenges 03 About the AutoBot 04 Capabilities of the AutoBot 05 Future of Autobot 06 The success story

More information

MFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment

MFA Enrollment Guide. Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment Multi-Factor Authentication (MFA) Enrollment guide STAGE Environment December 2017 00 Table of Contents What is MFA and how does it impact the way I sign into applications? 2 MFA Enrollment Log-in 3 Setup

More information

Moving from Prevention to Detection March 2017

Moving from Prevention to Detection March 2017 www.pwc.com Moving from Prevention to Detection Le Tran Hai Minh Manager Cyber Security 29 Agenda Slide Cyber Security Statistics 3 How to Stay Confidence 8 Contact 19 2 Cyber Security Statistics 3 Cyber

More information

CYBER INSURANCE: MANAGING THE RISK

CYBER INSURANCE: MANAGING THE RISK CYBER INSURANCE: MANAGING THE RISK LEON FOUCHE PARTNER & NATIONAL CYBERSECURITY LEAD BDO AUSTRALIA MEMBER OF THE GLOBAL CYBERSECURITY LEADERSHIP GROUP ii CYBER INSURANCE: MANAGING THE RISK There s no doubt

More information

Clarity on Cyber Security. Media conference 29 May 2018

Clarity on Cyber Security. Media conference 29 May 2018 Clarity on Cyber Security Media conference 29 May 2018 Why this study? 2 Methodology Methodology of the study Online survey consisting of 33 questions 60 participants from C-Level (CISOs, CIOs, CTOs) 26

More information

The Quest to Measure Strength of Function for Authenticators: SOFA, So Good

The Quest to Measure Strength of Function for Authenticators: SOFA, So Good SESSION ID: IDY-F02 The Quest to Measure Strength of Function for Authenticators: SOFA, So Good Dr. Elaine Newton Deputy Standards Liaison NIST ITL Dr. Colin Soutar Senior Manager Deloitte & Touche LLP

More information

Cyber Security is it a boardroom issue?

Cyber Security is it a boardroom issue? Brisbane, 23 September 2014 Alistair Blake Director Cyber Security & Risk Services Today s session will cover Cyber Security and the Boardroom Executive sponsorship Organisational culture Operational readiness

More information

encrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?

encrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest? Data Privacy According to statistics provided by the Data Breach Level Index, hackers and thieves are stealing more than 227,000 personal records per hour as of 2017, generally targeting customer information

More information

HEALTH CARE AND CYBER SECURITY:

HEALTH CARE AND CYBER SECURITY: HEALTH CARE AND CYBER SECURITY: Increasing Threats Require Increased Capabilities kpmg.com 1 HEALTH CARE AND CYBER SECURITY EXECUTIVE SUMMARY Four-fifths of executives at healthcare providers and payers

More information

Bharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP

Bharath Chari Cyber Risk Sr. Manager, Deloitte & Touche LLP Prioritizing & enabling internal during ERP/Cloud SaaS and other enterprise system implementations NASC Conference March 21, 2018 Introduction Moderator Presenters Jim Kennedy Senior Deputy Director of

More information

Leveraging ediscovery Technology for Internal Audit 2016 Houston IIA 7th Annual Conference

Leveraging ediscovery Technology for Internal Audit 2016 Houston IIA 7th Annual Conference Leveraging ediscovery Technology for Internal Audit 2016 Houston IIA 7th Annual Conference April 11, 2016 kpmg.com Agenda 1. Survey said 2. Leveraging ediscovery technology to audit risk a. IP threat assessment

More information

How to be cyber secure A practical guide for Australia s mid-size business

How to be cyber secure A practical guide for Australia s mid-size business How to be cyber secure A practical guide for Australia s mid-size business Introduction The digital age has bred opportunity for mid-size business. From ecommerce to social media, agile organisations have

More information

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,

More information

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1 Addressing the Evolving Cybersecurity Tom Tollerton, CISSP, CISA, PCI QSA Manager Cybersecurity Advisory Services DHG presenter Tom Tollerton, Manager DHG IT Advisory 704.367.7061 tom.tollerton@dhgllp.com

More information

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security Cybersecurity What Companies are Doing & How to Evaluate Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security Learning Objectives At the end of this presentation, you will be able to: Explain the

More information

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services EY s Forensic

More information

Deloitte Forensic Caribbean & Bermuda Countries Guide

Deloitte Forensic Caribbean & Bermuda Countries Guide Deloitte Forensic Caribbean & Bermuda Countries Guide Deloitte Forensic Caribbean & Bermuda Countries Guide Caribbean & Bermuda Countries Our Region Deloitte CBC primarily serves businesses located or

More information

Protecting your next investment: The importance of cybersecurity due diligence

Protecting your next investment: The importance of cybersecurity due diligence Protecting your next investment: The importance of cybersecurity due diligence Oct. 11, 2018 Baker Tilly Virchow Krause, LLP. All rights reserved. Baker Tilly refers to Baker Tilly Virchow Krause, LLP,

More information

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory

The Future of IT Internal Controls Automation: A Game Changer. January Risk Advisory The Future of IT Internal Controls Automation: A Game Changer January 2018 Risk Advisory Contents Introduction 01 Future Operating Models for Managing Internal Controls 02 Summary 07 Introduction Internal

More information

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by

More information

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA CYBERSECURITY IN THE POST ACUTE ARENA AGENDA 2 Introductions 3 Assessing Your Organization 4 Prioritizing Your Review 5 206 Benchmarks and Breaches 6 Compliance 0 & Cybersecurity 0 7 Common Threats & Vulnerabilities

More information

CENTER for REGULATORY STRATEGY AMERICAS. Global cybersecurity compliance integrity A daunting but manageable challenge

CENTER for REGULATORY STRATEGY AMERICAS. Global cybersecurity compliance integrity A daunting but manageable challenge Global cybersecurity compliance integrity A daunting but manageable challenge CENTER for REGULATORY STRATEGY AMERICAS Establishing an effective cybersecurity program is a major challenge for companies

More information

Cyber Risk Services Going beyond limits

Cyber Risk Services Going beyond limits Cyber Risk Services Going beyond limits Current Threat Environment Security breaches: 318 Scanned websites with vulnerabilities: 78% Average identities exposed per breach: 1.3 Million Email malware rate

More information

Multi-factor authentication enrollment guide for Deloitte client or business partner user

Multi-factor authentication enrollment guide for Deloitte client or business partner user Deloitte OnLine eroom Global Technology Services December 2017 Multi-factor authentication enrollment guide for Deloitte client or business partner user What is multi-factor authentication (MFA) and how

More information

Cybersecurity Auditing in an Unsecure World

Cybersecurity Auditing in an Unsecure World About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity

More information

Cyber Attack: Is Your Business at Risk?

Cyber Attack: Is Your Business at Risk? 15 July 2017 Cyber Attack: Is Your Business at Risk? Stanley Wong Regional Head of Financial Lines, Asia Pacific Agenda Some common misconceptions by SMEs around cyber protection Cyber Claims and Industry

More information

SEC Key Considerations for Public Companies for Mitigating and Disclosing Cybersecurity Risks

SEC Key Considerations for Public Companies for Mitigating and Disclosing Cybersecurity Risks SEC Key Considerations for Public Companies for Mitigating and Disclosing Cybersecurity Risks By Richard A. Blunk (Thermopylae Ventures, LLC) and Apprameya Iyengar (Morrison Cohen LLP) The SEC has continued

More information

GDPR: A QUICK OVERVIEW

GDPR: A QUICK OVERVIEW GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance

More information

SEC Issues Updated Guidance on Cybersecurity Disclosure

SEC Issues Updated Guidance on Cybersecurity Disclosure February 27, 2018 SEC Issues Updated Guidance on Cybersecurity Disclosure On February 21, 2018, the Securities and Exchange Commission (the SEC ) issued an interpretive release providing Commission-level

More information

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies

More information

Cybersecurity and Nonprofit

Cybersecurity and Nonprofit Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit

More information

Gujarat Forensic Sciences University

Gujarat Forensic Sciences University Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat

More information

Cyber Risk and Third Party Risk Management. Lisa Murphy First Horizon National Corporation

Cyber Risk and Third Party Risk Management. Lisa Murphy First Horizon National Corporation Cyber Risk and Third Party Risk Management Lisa Murphy First Horizon National Corporation The Cyber Risks Third Party Breach Advance Persistent Threat The Headlines Goodwill Names Vendor in Breach C&K

More information

Achieving third-party reporting proficiency with SOC 2+

Achieving third-party reporting proficiency with SOC 2+ Achieving third-party reporting proficiency with SOC 2+ Achieving third-party reporting proficiency with SOC 2+ Today s organizations do business within a broad ecosystem. Customers, partners, agents,

More information

Rethinking Information Security Risk Management CRM002

Rethinking Information Security Risk Management CRM002 Rethinking Information Security Risk Management CRM002 Speakers: Tanya Scott, Senior Manager, Information Risk Management, Lending Club Learning Objectives At the end of this session, you will: Design

More information

Elements of a Swift (and Effective) Response to a HIPAA Security Breach

Elements of a Swift (and Effective) Response to a HIPAA Security Breach Elements of a Swift (and Effective) Response to a HIPAA Security Breach Susan E. Ziel, RN BSN MPH JD Krieg DeVault LLP Past President, The American Association of Nurse Attorneys Disclaimer The information

More information

Effective Cyber Incident Response in Insurance Companies

Effective Cyber Incident Response in Insurance Companies August 2017 Effective Cyber Incident Response in Insurance Companies An article by Raj K. Chaudhary, CRISC, CGEIT; Troy M. La Huis; and Lucas J. Morris, CISSP Audit / Tax / Advisory / Risk / Performance

More information

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby

More information

Medical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.

Medical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved. Medical Devices and Cyber Issues JANUARY 23, 2018 AHA and Cybersecurity Policy Approaches Role of the FDA FDA Guidance and Roles Pre-market Post-market Assistance during attack Recent AHA Recommendations

More information

Building a strong platform strategy: IT and cybersecurity implications November 15, 2018

Building a strong platform strategy: IT and cybersecurity implications November 15, 2018 Building a strong platform strategy: IT and cybersecurity implications November 15, 2018 Today s Presenters Craig Zampa Principal, technology consulting craig.zampa@plantemoran.com 248-223-3703 Learn more

More information

The Data Breach: How to Stay Defensible Before, During & After the Incident

The Data Breach: How to Stay Defensible Before, During & After the Incident The Data Breach: How to Stay Defensible Before, During & After the Incident Alex Ricardo Beazley Insurance Breach Response Services Lynn Sessions Baker Hostetler Partner Michael Bazzell Computer Security

More information

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015

RIMS Perk Session Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 www.pwc.com RIMS Perk Session 2015 - Protecting the Crown Jewels A Risk Manager's guide to cyber security March 18, 2015 Los Angeles RIMS Agenda Introductions What is Cybersecurity? Crown jewels The bad

More information

Does someone else own your company s reputation? EY Global Information Security Survey 2018

Does someone else own your company s reputation? EY Global Information Security Survey 2018 Does someone else own your company s reputation? EY Global Information Security Survey 2018 Perspectives for technology, media and entertainment, and telco companies Risking cyber reputations Are TMT companies

More information

MITIGATE CYBER ATTACK RISK

MITIGATE CYBER ATTACK RISK SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations

More information

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Plan a Pragmatic Approach to the new EU Data Privacy Regulation AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General

More information

#DeloitteInnovation: In-Time Uncover the Potential of SAP HANA

#DeloitteInnovation: In-Time Uncover the Potential of SAP HANA #DeloitteInnovation: In-Time Uncover the Potential of SAP HANA Deloitte In-Time in a Nutshell In-Time is the first and only SAP HANA optimization add-on that can analyze the effectiveness of SAP HANA usage

More information

Financial Regulations, Enforcement & Cybersecurity

Financial Regulations, Enforcement & Cybersecurity Financial Regulations, Enforcement & Cybersecurity Elizabeth P. Gray May 16, 2017 Copyright 2017 by Willkie Farr & Gallagher LLP. All Rights Reserved. These course materials may not be reproduced or disseminated

More information

Cybersecurity. Securely enabling transformation and change

Cybersecurity. Securely enabling transformation and change Cybersecurity Securely enabling transformation and change Contents... Cybersecurity overview Business drivers Cybersecurity strategy and roadmap Cybersecurity in practice CGI s cybersecurity offering Why

More information

People risk. Capital risk. Technology risk

People risk. Capital risk. Technology risk Decode secure. People risk Capital risk Technology risk Cybersecurity needs a new battle plan. A better plan that deals with the full spectrum of your company s cybersecurity not just your technology.

More information

Cybersecurity and the role of internal audit An urgent call to action

Cybersecurity and the role of internal audit An urgent call to action Cybersecurity and the role of internal audit An urgent call to action The threat from cyberattacks is significant and continuously evolving. One estimate suggests that cybercrime could cost businesses

More information

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA Cyber Security in M&A Joshua Stone, CIA, CFE, CISA Agenda About Whitley Penn, LLP The Threat Landscape Changed Cybersecurity Due Diligence Privacy Practices Cybersecurity Practices Costs of a Data Breach

More information

CYBERAID + The Cyber Solution for UK SMEs THBGROUP.COM

CYBERAID + The Cyber Solution for UK SMEs THBGROUP.COM CYBERAID + The Cyber Solution for UK SMEs THBGROUP.COM The Cyber Security threat Cyber Security is consistently one of the top three risks faced by UK businesses to ensure that adequate protection is in

More information

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017 COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE Presented by Paul R. Hales, J.D. May 8, 2017 1 HIPAA Rules Combat Cyber Crime HIPAA Rules A Blueprint to Combat Cyber Crime 2 HIPAA Rules Combat Cyber Crime

More information