1 / 13

Data Breach Risks Overview Heather Pixton www2.idexpertscorp

Data Breach Risks Overview Heather Pixton www2.idexpertscorp.com. Agenda. What you need to know about data breaches What Are Data Breaches? Cyber Threats and Trends Recommended Proactive Efforts Breach Response Best Practices. What is a Data Breach*?.

rhoda
Télécharger la présentation

Data Breach Risks Overview Heather Pixton www2.idexpertscorp

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Breach Risks OverviewHeather Pixtonwww2.idexpertscorp.com

  2. Agenda What you need to know about data breaches • What Are Data Breaches? • Cyber Threats and Trends • Recommended Proactive Efforts • Breach Response Best Practices

  3. What is a Data Breach*? All breaches start as incidents, but not all incidents end up as breaches • "Incident" = attempted or successful unauthorized access, use, disclosure, modification, or destruction of PHI/PII • "Breach" = acquisition, access, use, or disclosure of PHI/PII [that poses a significant risk of financial, reputational, or other harm]* Data Breach is a “Legal” Construct * The definition of “data breach” varies across specific legislation and rules. In US states, many include a “harm threshold”

  4. Data Privacy, Security, Breach Notification 46 states and three territories have breach laws • PII/PHI; 33 Have Harm-Test; Exceptions; Notification Thresholds FCRA, FACT Act, PCI-DSS • Provide for security of financial data • FTC enforcement HIPAA/HITECH Privacy, Security, Breach Notification • Omnibus Rule just issued; HHS/OCR enforcement Regulatory Complexity

  5. Annual Data Breaches By the Numbers 855* 174,000,000* $33.7 billion** Estimated incidents (excluding healthcare) Number of affected individuals Estimated economic impact * Verizon 2012 Data Breach Investigations Report ** Derived from Ponemon Institute 2011 Cost of Data Breach Study, March 2012

  6. Leading Causes of Data Breaches* Source: Ponemon Institute 2012 Cost of Data Breach Study, March 2013

  7. A Couple Breach Examples Careless Malicious

  8. Three Key Steps to Managing Risk* Risk assessment: the basis for security governance; assets in scope, dependencies, transparency Security measures: take appropriate measures; logical redundancy, monitoring & audits Incident reporting: mandatory reporting, legal consequences, data breach regulatory requirements Best Practice Based on ENISA Framework for Effective Governance * European Network and Information Security Agency (ENISA), Critical Cloud Computing, December, 2012

  9. If You Do Nothing Else… A risk assessment will • Inventory your organization’s data to understand your data breach risk exposure • Review privacy & security policies/procedures to identify gaps • Evaluate security technologies and controls • Review insurance for data breach coverage Do a privacy and security risk assessment

  10. When a Data Breach Occurs Small/medium-sized businesses must rely on a trusted partner • Help you determine if your incident is a breach • Develop a proportionate and compliant breach response • Provide the proper level of concern and care to the affected individuals (customers) Have a Plan

  11. YourResponse™ The only structured, repeatable methodology for data breach response that leads to reduced risks and positive outcomes

  12. Looks Complicated. Does That Make it Expensive? Not Necessarily. • Using YourResponse, you will realize lower costs by • Formulating response that is least costly based on a victim risk profile • Reducing risks of fines/penalties due to use of a rigorous and documented methodology • Breach response managed by experienced firm with volume cost structure

  13. Jeremy Henley Questions? jeremy.henley@idexpertscorp.com 760-304-4761 Insurance Solutions Executive

More Related