This Webcast Will Begin Shortly

Similar documents
Data Breach Preparation and Response. April 21, 2017

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

Cybersecurity and Nonprofit

NYDFS Cybersecurity Regulations

Mastering Data Privacy, Social Media, & Cyber Law

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Managing Cybersecurity Risk

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

encrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?

UPDATE: HEALTHCARE CYBERSECURITY & INCIDENT RESPONSE Lindsay M. Johnson, Esq. Partner, Freund, Freeze & Arnold, LPA

The Impact of Cybersecurity, Data Privacy and Social Media

Security Takes Center Stage

Cyber Security Issues

Cybersecurity The Evolving Landscape

PROTECTING ARIZONA AGAINST CYBER THREATS THE ARIZONA CYBERSECURITY TEAM

The State of Privacy in Washington State. August 16, 2016 Alex Alben Chief Privacy Officer Washington

Security Breaches: How to Prepare and Respond

Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws. Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?

2017 Cyber Incident & Breach Readiness Webinar Will Start Shortly

Data Security and Breach Notification Legislative Update: What You Need to Know (SESSION CODE CRM001)

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know

2017 Data Security Incident Response Report. Be Compromise Ready: Go Back to the Basics

Cyber Risks in the Boardroom Conference

Inside the OCR Investigation/Audit Process 2018 PBI HEALTH LAW INSTITUTE TUESDAY, MARCH 13, 2017 GREGORY M. FLISZAR, J.D., PH.D.

2017 RIMS CYBER SURVEY

How to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016

HIPAA Compliance is not a Cybersecurity Strategy

Cyber Risks, Coverage, and the Board of Directors.

Defending Our Digital Density.

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

The Evolving Threat to Corporate Cyber & Data Security

Cybersecurity: Federalism as Defense-in-Depth

ID Theft and Data Breach Mitigation

Cyber Insurance: What is your bank doing to manage risk? presented by

DATA BREACH NUTS AND BOLTS

SEC Key Considerations for Public Companies for Mitigating and Disclosing Cybersecurity Risks

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Keeping It Under Wraps: Personally Identifiable Information (PII)

Healthcare HIPAA and Cybersecurity Update

U.S. Private-sector Privacy Certification

Cybersecurity and Hospitals: A Board Perspective

Data Security: Public Contracts and the Cloud

What to do if your business is the victim of a data or security breach?

CYBER SOLUTIONS & THREAT INTELLIGENCE

Information Governance, the Next Evolution of Privacy and Security

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

ANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

EXECUTIVE SUMMARY JUNE 2016 Multifamily and Cybersecurity: The Threat Landscape and Best Practices

Data Privacy & Protection

79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90

Data Breach Trends: What Local Government Lawyers Need to Know

Engaging Executives and Boards in Cybersecurity Session 303, Feb 20, 2017 Sanjeev Sah, CISO, Texas Children s Hospital Jimmy Joseph, Senior Manager,

Data Compromise Notice Procedure Summary and Guide

CYBERSECURITY IN THE POST ACUTE ARENA AGENDA

PIPELINE SECURITY An Overview of TSA Programs

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

June 2 nd, 2016 Security Awareness

2017 Annual Meeting of Members and Board of Directors Meeting

NY DFS Cybersecurity Regulations August 8, 2017

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services

Mark Your Calendars: NY Cybersecurity Regulations to Go into Effect

DeMystifying Data Breaches and Information Security Compliance

CLE Alabama. Banking Law Update. Embassy Suites Hoover Hotel Birmingham, Alabama Friday, February 19, 2016

Business continuity management and cyber resiliency

X12 Clearinghouse Caucus. January 31, :00-6:30 pm Sheraton Seattle Hotel / Metropolitan B

2016 Data Protection & Breach Readiness Webinar Will Start Shortly. please download the guide at

Steps to Take Now to be Ready if Your Organization is Breached Thursday, February 22 2:30 p.m. 3:30 p.m.

Directive on Security of Network and Information Systems

ISACA West Florida Chapter - Cybersecurity Event

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges

Data Privacy and Security Strategies For Mitigating Supply Chain Risks ADVANCED SUPPLY CHAIN COMPLIANCE SERIES

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018

Anatomy of a Data Breach: A Practical Guide for Small Law Departments

Cybersecurity: Pre-Breach Preparedness and Post-Breach Duties

Medical Device Cybersecurity: FDA Perspective

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Security Breach Notification Reflections on the U.S. Experience

All 3 Billion Yahoo Accounts Were Affected by 2013 Attack NY Times 10/3/17

SECURITY STATE OF THE INDUSTRY

What It Takes to be a CISO in 2017

Cyber Security in Europe and CEER s new PEER initiative

Legal Considerations and Case Studies

Certified Information Privacy Professional/United States

Department of Homeland Security Updates

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International.

Financial Regulations, Enforcement & Cybersecurity

Legal and Regulatory Developments for Privacy and Security

NY State s Cybersecurity Legislation Requirements for Risk Management, Security of Applications, and the Appointed CISO

Summary Comparison of Current Data Security and Breach Notification Bills

HIPAA Comes of Age: 21 Years of Privacy and Security

TECHLAW AUSTRALIA. Update on cyber security and data protection. Thursday, 22 June Thursday, 22 June

Bringing Cybersecurity to the Boardroom Bret Arsenault

Transcription:

This Webcast Will Begin Shortly If you have any technical problems with the Webcast or the streaming audio, please contact us via email at: webcast@acc.com Thank You! 1

Cybersecurity Changing Landscape and Opportunities April Doss Sarah Geffroy 2

2016 Cybersecurity Incident Trends Costs of data breach: By sector: Healthcare: $355/record Education $246/record Financial Services: $221/record Data Sources: 2016 Ponemon Institute Study 2016 Verizon Study Impact of preparedness: Measurable cost reduction ($16/record) Trends 26% chance of a data breach of >10K records in next 2 years Over half of incidents caused by insiders Careless, inadvertent, or malicious Ransomware continuing to rise Spear phishing and social engineering Internet of Things 3

2016 Developments: States State breach notification laws More defined timelines Continued variation and overlap Increased activity in the states New York Department of Financial Services Cybersecurity draft regulations issued in Sept. 2016 Comments being reviewed now Concerns: Precedent for other states Inconsistent with risk-based approach Detailed requirements and sweeping effect» 72-hour breach notification» Broad definition of personal information» Covered entities must have CISO, incident response policies and plans» Specific technical requirements (e.g. encryption in transit and at rest) 4

2016 Developments: Federal FTC enforcement LabMD case Expansion of FTC role No need to demonstrate likelihood of harm DHHS OCR HIPAA enforcement Amherst case Illustrates trends in OCR enforcement of HIPAA Federal Rules of Criminal Procedure Rule 41(b) Rule change took effect Dec. 1 International obligations EU s General Data Protection Regulation Effective May, 2018 5

2016 Developments: Associations Voluntary/association standards for cybersecurity preparedness National Association of Insurance Commissioners Draft Model Law on cybersecurity for regulated entities Similar in content to NYDFS regulations Would have to be enacted by states to be binding But even without state enactment, could set expectations for standard of care in litigation 6

2016 Developments: Litigation What constitutes a reasonable standard of care? California Attorney General February 2016 California Data Breach Report In re Home Depot Federal Trade Commission Act and eight state laws Derivative litigation/ Directors and Officers liability claims What is the basis for monetary damages? In re Anthem N.D. CA, Feb. 14, 2016 Data security failures support claim consumers were overcharged In re Vtech N.D. Ill. 2016 Overpayment claim re product rather than service 7

Federal Developments - Continued CISA implementation Regulatory concerns President s Cybersecurity Commission ISAO standards development 8

2017: A New Administration Look for: Renewed engagement in protecting critical infrastructure (Cyber Review Teams) Continued discussion about active defense Priorities from industry Clearer federal deterrence policy Public-private partnership Less duplication and better organization at the federal level IoT attention in an ecosystem-wide manner Information Sharing - actionable information Resources for small and medium sized businesses International engagement 9

2017: A New Administration - Continued Continuing standards development: ISAO standards development Encryption 10

2017: Proactive Steps All the steps you already know: Cybersecurity preparedness Incident response plan Consider cyber insurance Employee policies Personnel training 11

2017: Proactive Steps Some additional steps you may not have considered Participating in: Trade associations, federal and state coalitions Standard-setting bodies Information sharing organizations Developing additional relationships With local FBI field offices 12

Questions? 13

Thank you for attending another presentation from ACC s Webcasts Please be sure to complete the evaluation form for this program as your comments and ideas are helpful in planning future programs. If you have questions about this or future webcasts, please contact ACC at webcast@acc.com This and other ACC webcasts have been recorded and are available, for one year after the presentation date, as archived webcasts at http://www.acc.com/webcasts 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback