a data breach isn’t always a disaster mishandling it is. · 2020-05-27 · healthcare data...
TRANSCRIPT
Beazley Group | Beazley Breach Response
A data breach isn’t always a disasterMishandling it is.
Sheer carelessness Withvastamountsofdatastorableonsmallerandsmallerdevices,theriskofdatabreachesdueto theftorsheercarelessnessishuge.Between2005 and2015,portabledevicescarryingmorethan172millionpersonallyidentifiablerecordswerelostorstolen,accordingtothePrivacyRightsClearinghouse.
A world of risk
896mPersonal records breached in the U.S. since 20053
70%The proportion of breaches attributable to malware or hacking since 20053
3.2bNumber of people in the world who are online (approximately 43% of the world’s population)1
50%Nearly 50% of users open emails and click on phishing links within the first hour2
47The number of U.S. states that have their own regulations governing how data breaches should be handled
1455Healthcare data breaches affecting more than 500 personal records that have occurred since 2009 Total records breached: 154,519,5564
Notes1 InternationalTelecommunicationUnion2 2015VerizonDataBreachInvestigationsReport3 www.privacyrights.orgasofDecember31,20154 U.S.Dept.ofHealthandHumanServicesdatabaseasofDecember31,2015
Not if, but when.Any business handling customer data will, sooner or later, be confronted with the challenge of a data breach. It’s not a matter of “if” but “when”.
The incidence of data breaches is massive. In US healthcare alone (the industry for which the most reliable statistics exist), more than 475,000 people are being notified that their data has been breached every week.1
Healthcareprovidersandtensofthousandsofotherbusinesseshavelearnedthehardwaythatthere’snosuchthingasperfectcybersecurity.
Andthestakesarehigh.Youholdpersonaldataontrustforyourcustomers.Iftheydon’tthinkyourbusiness canbetrusted,theveryfutureofyourcompanymay beatrisk.Adatabreachisnotalearningopportunity–youhavetoomuchtolosetoriskmishandlingit.
1 www.hhs.gov/ocrasofDecember31,20152 www.privacyrights.orgasofDecember31,2015
The case for focusing on responseManycompaniesfocusexclusivelyondatabreachprotection–andfailtopayattentiontowhathappenswhenthewallsarebreached.Firewalls,encryptionandotherdefensesgettheattention. ThewarisfoughtonITturf.Butthetrulydangeroustimeisafteryou’vebeenbreached.
Afterabreachyou’refightingtoprotectyourreputation.It’swhenyourcustomersbegintoleave.AstudyconductedbytheEconomistIntelligenceUnit in2013foundthatmorethanathirdofcustomers ofcompaniesthathadsufferedadatabreachnolongerdidbusinesswiththecompaniesinquestion“becauseofthebreach.”Thewayyoumanageadatabreachtomaintaincustomertrustiscritical.
Thatdoesn’tmeanyoushouldn’tprotectyoursystem;itdoesmeanyouneedplansforyourresponse. Andthegoodnewsisthatthere’sagreatdealyou cando.Cyber-attacksarebeyondyourcontrol;breachresponseissomethingyoucanplanfor.
Records breached2
Total
896m
Hacking or malware Electronicentrybyanoutsideparty
70%
Unintended disclosure Sensitiveinformationpostedpubliclyon awebsite,mishandledorsenttothewrongpartyviaemail,faxormail
4%
Portable device Lost,discardedorstolenlaptop,PDA,smartphone,portablememorydevice, CD,harddrive,datatape,etc
19%
Insider Someonewithlegitimateaccess intentionallybreachesinformation –suchasanemployeeorcontractor
4%
Stationary device Lost,discardedorstolenstationary electronicdevicesuchasacomputer orservernotdesignedformobility
1%
Payment card fraud Fraudinvolvingdebitandcreditcards thatisnotaccomplishedviahacking. Forexample,skimmingdevices
1%
Unknown or other 1%
Physical loss Lost,discardedorstolennon-electronicrecords,suchaspaperdocuments
<0.5%
BBR Services – a dedicated team of experts Beazley is unique among insurers in having a dedicated business unit, BBR Services, that focuses exclusively on helping clients manage data breaches successfully.
Athicketofstateandfederalregulationsgovernshowandwhencustomersmustbenotified afterabreachhasoccurred,andtherisk ofreputationaldamagefromamishandled breachishigh.OurBBRServicesteamfocuses onthecoordinationoftheexpertforensic,legal,notificationandcreditmonitoringservicesthatclientsneedtosatisfyalllegalrequirements andmaintaincustomerconfidence.
Inadditiontocoordinatingdatabreachresponse,BBRServicesisresponsibleformaintaininganddevelopingBeazley’ssuiteofriskmanagementservices,designedtominimizetheriskofadatabreachoccurring.
Our experienceIn managing a data breach, you want to make the calls. It’s your reputation that’s on the line. But it’s also smart to have a partner who’s been there before. Things happen too quickly; there’s too much to learn.
That’swhypeopleturntoBeazley.Wepioneeredtheconceptofdatabreachinsurancethatfocusesfirstandforemostonresponse.WecoordinatetheITexpertsandspecializedlawyerstohelpyouestablishwhat’sbeencompromised;assessyourresponsibility;andnotifythoseyouhaveto.Inaddition,wecoordinatecreditoridentitymonitoringforyourcustomersandPRadvicetohelpyousafeguardyourreputation.Wealso,ofcourse,indemnifyyourlossesfromlawsuitsorregulatoryactions,theriskofwhichmaybereducedbyawell-coordinatedbreachresponsebutcanneverbecompletelyeliminated.Beazleyhasbeenattheforefrontofdefendingclientsinthedevelopingandevolvinglegalarenaofprivacyclassactionsandregulatoryinvestigationsarisingfromdatabreaches. Beazleyinventedthiscomprehensiveapproach.Wedomoreofitthananybodyelse.Todatewehavehelpedmorethan4,000clientsmanagedatabreachesswiftlyandsuccessfully.Wecan’tguaranteeyourcybersecurity:noonecan.Butwecanputyouincontrolofyourresponse.
InMarch2012,datacartridgescontaining800,000socialsecurityrecordswerelost intransittoastoragedepot. Itwasbynomeansan isolatedincident.
Beazley Breach Response A comprehensive serviceBeazley Breach Response is a unique insurance, loss control and risk mitigation service that provides a comprehensive service to notify and protect the customers of policyholders that have suffered a data breach.
Coverage includes:• Response to breach events:
• Notificationservicesforuptofivemillionaffectedindividualsincludingforeignnotificationwhereapplicable
• Callcenterservices• Breachresolutionandmitigationservices• Publicrelationsandcrisismanagementexpenses
• Thirdpartyliability,includingcoverageforregulatoryactionsandpaymentcardindustry(PCI)coverageforcreditcardbreaches
• Assistanceateverystageoftheinvestigationof,andresponseto,adatabreachincidentfromBeazley’sin-houseBBRServicesteamofdataprivacyattorneysandtechnicalexperts
• Initialbreachinvestigationandconsulting:• Legalservices• Computerforensicservices
• Complimentarylosscontrolandriskmanagementinformationincludingonlineresourcesandvalue-addededucationalwebinars
Thousandsofhospitalpatientsrequirenotificationafterpaperrecordscontainingpersonalfinancialdata–includingcreditcarddetails–arefoundblowingthroughafieldseveralmilesfromthehospital.
Beazley GroupPlantationPlaceSouth60GreatTowerStreetLondonEC3R5ADUnitedKingdomT+44(0)2076670623F+44(0)2076747100
Beazley Group30BattersonParkRoadFarmington,CT06032USAT+1(860)6773700F+1(860)6790247
Thedescriptionscontainedinthiscommunicationareforpreliminaryinformationalpurposesonly.TheproductisavailableonanadmittedbasisinsomebutnotallUSjurisdictionsthroughBeazleyInsuranceCompany,Inc.,andisavailableonasurpluslinesbasisthroughlicensedsurpluslinesbrokersunderwrittenbyBeazleysyndicatesatLloyd’s.Theexactcoverageaffordedbytheproductdescribedhereinissubjecttoandgovernedbythetermsandconditionsofeachpolicyissued.ThepublicationanddeliveryoftheinformationcontainedhereinisnotintendedasasolicitationforthepurchaseofinsuranceonanyUSrisk.BeazleyUSAServices,Inc.islicensedandregulatedbyinsuranceregulatoryauthoritiesintherespectivestatesoftheUSandtransactsbusinessintheStateofCaliforniaasBeazleyInsuranceServices(License#:0G55497).
CBSL330_US_05/16
Beazley InsuranceServices101CaliforniaStreetSuite1850SanFrancisco,CA94111USACALic.#OG55497T+1(415)2634040F+1(415)2634099
Visitourdedicatedmicrositewww.beazley.com/bbr
Followustwitter.com/breachsolutions