Cyber Attack: Is Your Business at Risk?

Similar documents
Cybersecurity and Nonprofit

CYBER SECURITY TAILORED FOR BUSINESS SUCCESS

CyberEdge. End-to-End Cyber Risk Management Solutions

2017 RIMS CYBER SURVEY

Moving from Prevention to Detection March 2017

You ve Been Hacked Now What? Incident Response Tabletop Exercise

SURVIVING THE CYBERPOCALYPSE. Craig Felty Vice President, Patient Care Services Hancock Regional Hospital

The RSA Cyber Risk policy is simple and offers wide-ranging cover, designed to work

Leveraging Best Practices to Determine your Cyber Insurance Needs. Sector Conference, Toronto November 2017

The Cyber War on Small Business

Cyber Insurance: What is your bank doing to manage risk? presented by

Cybersecurity The Evolving Landscape

Legal Aspects of Cybersecurity

Service Provider View of Cyber Security. July 2017

PULSE TAKING THE PHYSICIAN S

mhealth SECURITY: STATS AND SOLUTIONS

COUNTERING CYBER CHAOS WITH HIPAA COMPLIANCE. Presented by Paul R. Hales, J.D. May 8, 2017

Cyber Risk for. Small and Medium-Sized Enterprises (SMEs)

HIPAA 2017 Compliancy Group, LLC

The Data Breach: How to Stay Defensible Before, During & After the Incident

DeMystifying Data Breaches and Information Security Compliance

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

CYBERAID + The Cyber Solution for UK SMEs THBGROUP.COM

Ransomware A case study of the impact, recovery and remediation events

Data Centers & Technology:

Cyber Risks in the Boardroom Conference

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

The Evolving Threat to Corporate Cyber & Data Security

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

A practical guide to IT security

Cybowall Solution Overview

Digital Health Cyber Security Centre

Nine Steps to Smart Security for Small Businesses

Cyber Security and Data Protection: Huge Penalties, Nowhere to Hide

Data and Cyber Crisis how to manage a crisis and reduce loss. Melissa Russell Special Counsel February 2016

Business continuity management and cyber resiliency

Jeff Wilbur VP Marketing Iconix

ISO in the world today

Cyber Security. February 13, 2018 (webinar) February 15, 2018 (in-person)

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

CYBERSECURITY PREPAREDNESS AND RESPONSE

Legal Considerations and Case Studies

How to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016

Cybersecurity Auditing in an Unsecure World

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

CYBERSECURITY AND DATA BREACHES FROM A BUSINESS LAWYER S PERSPECTIVE

CYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

Gujarat Forensic Sciences University

June 2 nd, 2016 Security Awareness

A Privacy and Cybersecurity Primer for Nonprofits Nonprofits in the Digital Age March 9, 2016

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Protect Your Endpoint, Keep Your Business Safe. White Paper. Exosphere, Inc. getexosphere.com

Why you MUST protect your customer data

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

Incident Response Table Tops

NYDFS Cybersecurity Regulations

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

People risk. Capital risk. Technology risk

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Anticipating the wider business impact of a cyber breach in the health care industry

Data Breach Trends: What Local Government Lawyers Need to Know

HIMSS 15 Doing Better Business in the Era of Data Security and Privacy

COPYRIGHT 2018 NETSCOUT SYSTEMS, INC. 1

encrypted, and that all portable devices (laptops, phones, thumb drives, etc.) be encrypted while in use and while at rest?

Cyber Due Diligence: Understanding the New Normal in Corporate Risk

Cybersecurity. Overview. Define Cyber Security Importance of Cyber Security 2017 Cyber Trends Top 10 Cyber Security Controls

Building Blocks for Effective Compliance Risk Assessment (Cyber) Brian McGrath Rohan Singla

falanx Cyber Falanx Phishing: Measure your resilience

Table of Contents. Sample

Personal Cybersecurity

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT:

CYBER RISK MANAGEMENT

How will cyber risk management affect tomorrow's business?

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

Cyber (In)Security. What Business Leaders Need To Know. Roy Luebke Innovation and Growth Consultant. Presented by:

Brian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM

Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services.

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

How to Prepare a Response to Cyber Attack for a Multinational Company.

Too Little Too Late: Top Reasons Why You Got Hacked

Security Breach Notification Reflections on the U.S. Experience

Information Security Is a Business

Altitude Software. Data Protection Heading 2018

Cyber Security For Utilities Risks, Trends & Standards. IEEE Toronto March 22, Doug Westlund Senior VP, AESI Inc.

Guide to Cyber Security Compliance with GDPR

Cybersecurity for the SMB. CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Avanade s Approach to Client Data Protection

TABLE OF CONTENTS ONLY IT Resiliency Benchmarking Report

CYBER INSURANCE: MANAGING THE RISK

NIS, GDPR and Cyber Security: Convergence of Cyber Security and Compliance Risk

Security Terminology Related to a SOC

2017 Cost of Data Breach Study

Data Breach Preparedness & Response

Data Breach Preparedness & Response. April 16, 2015 Daniel Nelson, C EH, CIPP/US Lucas Amodio, C EH

CRIMINAL NETWORK INTRUSION AND DATA THEFT: Today s Security Landscape and What to Do If You ve Been Compromised

Managing Your Cyber Risk Posture: From Risk Transfers to Business Continuity Management

Transcription:

15 July 2017 Cyber Attack: Is Your Business at Risk? Stanley Wong Regional Head of Financial Lines, Asia Pacific

Agenda Some common misconceptions by SMEs around cyber protection Cyber Claims and Industry Trends Cyber Targets by Organisation Size Cyber Incidents by Country Cyber Claims Overview Where the Money is Spent Cyber Insurance Coverage Summary Incident Response Solution/Service Claims Case Studies 8 Truths about Cyber Security 2

23 July 2017 3

The Petya Ransomware Attack 4

Some common misconceptions by SMEs around cyber protection My company is not exposed to cyber-attacks Unless you don t use any computer, mobile device etc! IT companies are more vulnerable to attacks I will reveal the truth in the next slide! This is a big company problem I will reveal the truth in the next slide! 5

Some common misconceptions by SMEs around cyber protection (continued) Our IT department has cyber risks under control Hackers are now releasing over 100,000 new ransomware every day. No security software vendor can keep up easily. We outsource Liability can t be outsourced! I don t know that such protection is available / I don t know about the coverage I will tell you more in the following slides! I don t have the budget Cyber insurance is very expensive Not really! 6

Cyber Claims and Industry Trends (10 years of data) Triggers and Industry Trends (as of 10/2015) Hack 29% Privacy Policy 8% Rogue Employee 14% Human Error 15% Software Error 3% Other 8% Lost/Stolen Devices 18% Paper 5% Laptops 13% Hard Drives 3% Other 2% Source: Chubb s global claims data. Industry Breakout: Healthcare 30% Technology 11% Professional Services 14% Retail 9% Financial Institutions 7% Targeted Attacks for PI: Lost/Stolen Devices - 2013 17% - 2014 12% - 2015 11% Hack - 2013 29% - 2014 27% - 2015 43% Rogue Employee - 2013 14% - 2014 16% - 2015 11% 7

Total Number of Cyber Events by Industry Hard Drive 1% Source: Journal of Cybersecurity Volume 2, Dec 2016 8

Loss by Industry Hard Drive 1% Source: Journal of Cybersecurity Volume 2, Dec 2016 9

Cyber Targets by Organisation Size 2011 vs 2015 2011 2015 50% 35% 43% 32% 22% 18% Large enterprises 2,500+ Medium 251 to 2,500 Small 1 to 250 Large enterprises 2,500+ Medium 251 to 2,500 Small 1 to 250 Source: Internet Security Threat Report 2016 Volume 21 10

Cyber Incidents by Country: First Three Months of 2017 Analysis by Country Top 10 Incidents by Country Top 10 United States United Kingdom Canada India Australia Indonesia China France Taiwan Russian Federation 51 32 23 16 16 15 8 8 7 757 North America accounted for 63% of breaches Source: Risk Based Security s 2017 First Quarter Data Breach Quickview Report 11

Where The Money Is Spent? Source: Ponemon 2015 Cost of a Data Breach Study Australia pg 14 12

Cyber Claims Overview (10 years) Average Cost of First Party Expenses (as of 10/2015) $200,000 $180,000 $160,000 $140,000 $120,000 $100,000 $80,000 $60,000 $40,000 $20,000 $- $51,600 $185,600 $81,600 Legal Fees Forensics Notification & Call Center $59,150 Credit Monitoring $44,500 Crisis Management Every Breach Response is Unique Cost Range of Each Service - Legal Fees: Under $5,000 up to about $50,000 - Forensics: About $10,000 to Seven Figures - Notification & Call Center: up to $80,000 - Credit Monitoring: Payment per Enrollee or Restoration Service - Minimal Crisis Management Costs Source: Chubb s global claims data 13

Cyber Insurance - Coverage Summary Third party liability coverage: Privacy Liability Network Security Liability Cyber Policy First party loss coverage: Cyber Extortion Business Interruption Expenses coverage: Incident Response Costs 14

Incident Response Solution/Service Internal Forensics IT Forensics Forensic Accountancy Cyber Extortion Legal and Compliance Incident Response Manager Public Relations Notification Specialists Identity Protection Public Notification Call Centre Regulatory Notification 15

Claims Case Study 1 A staff member at an insurance broker opened a file from their Facebook page that contained malware (Crypto locker). Over the weekend the malware started to encrypt all the brokers data so that it was unreadable to staff. The broker also received a ransom demand that if paid would provide access to a key that decrypted the data. Federal police were called and additional forensics assistance. The network and operations were impaired for over 10 days (Note: the IT function was outsourced) Call Incident Response Manager Recovery Expenses. Lease servers Network security lawyers Incident Response Expenses Forensics Team Public relations Legal Business Income Loss payroll expenses Cyber Extortion Payments demanded to mitigate the extortion. Privacy Liability Defence Costs Privacy Liability Impaired Access Regulatory Fines First -party $200k Third-party related 16

Claims Case Study 2 The data centre which hosted an online retail company s website became the target of a distributed denial of service attack. The attack, which utilised hacked internet of things devices, flooded the data centre s network with so much traffic that their network failed. This made the online retail company s website inaccessible for a period of six hours before backup systems were able to restore 100% functionality. Call Incident Response Manager Recovery Expenses. Increased cost of working (sub contract with external provider) Incident Response Expenses Forensics Team Public relations Legal Business Income Loss Lost sales and revenue from website downtime First -party $216k 17

8 Truths about Cyber Security Impact of reputational damage What SMEs should do when they experience cyber-attacks Cyber ransom: After you ve paid, you ll be more vulnerable to future attacks Insurance is part of risk management measures to keep businesses on stable financial footing if a security event takes place 18

8 Truths about Cyber Security (continued) Cyber insurance is not just financial loss protection, but a comprehensive package with different specialist advice available via an Incident Response Team Ransom decisions can be a tough one. FBI warns that paying ransom encourages this kind of criminal activity. In certain events some jurisdictions treat this as a criminal activity. Don t think that your organisation is safe from cyberattacks. It s not a matter of if, but when. Importance of risk mitigation measures to minimise the impact of a cyber-attack on your company s operations 19

Chubb. Insured.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback