Beazley Group | Beazley Breach Response

A data breach isn’t always a disasterMishandling it is.

Sheer carelessness Withvastamountsofdatastorableonsmallerandsmallerdevices,theriskofdatabreachesdueto theftorsheercarelessnessishuge.Between2005 and2015,portabledevicescarryingmorethan172millionpersonallyidentifiablerecordswerelostorstolen,accordingtothePrivacyRightsClearinghouse.

A world of risk

896mPersonal records breached in the U.S. since 20053

70%The proportion of breaches attributable to malware or hacking since 20053

3.2bNumber of people in the world who are online (approximately 43% of the world’s population)1

50%Nearly 50% of users open emails and click on phishing links within the first hour2

47The number of U.S. states that have their own regulations governing how data breaches should be handled

1455Healthcare data breaches affecting more than 500 personal records that have occurred since 2009 Total records breached: 154,519,5564

Notes1 InternationalTelecommunicationUnion2 2015VerizonDataBreachInvestigationsReport3 www.privacyrights.orgasofDecember31,20154 U.S.Dept.ofHealthandHumanServicesdatabaseasofDecember31,2015

Not if, but when.Any business handling customer data will, sooner or later, be confronted with the challenge of a data breach. It’s not a matter of “if” but “when”.

The incidence of data breaches is massive. In US healthcare alone (the industry for which the most reliable statistics exist), more than 475,000 people are being notified that their data has been breached every week.1

Healthcareprovidersandtensofthousandsofotherbusinesseshavelearnedthehardwaythatthere’snosuchthingasperfectcybersecurity.

Andthestakesarehigh.Youholdpersonaldataontrustforyourcustomers.Iftheydon’tthinkyourbusiness canbetrusted,theveryfutureofyourcompanymay beatrisk.Adatabreachisnotalearningopportunity–youhavetoomuchtolosetoriskmishandlingit.

1 www.hhs.gov/ocrasofDecember31,20152 www.privacyrights.orgasofDecember31,2015

The case for focusing on responseManycompaniesfocusexclusivelyondatabreachprotection–andfailtopayattentiontowhathappenswhenthewallsarebreached.Firewalls,encryptionandotherdefensesgettheattention. ThewarisfoughtonITturf.Butthetrulydangeroustimeisafteryou’vebeenbreached.

Afterabreachyou’refightingtoprotectyourreputation.It’swhenyourcustomersbegintoleave.AstudyconductedbytheEconomistIntelligenceUnit in2013foundthatmorethanathirdofcustomers ofcompaniesthathadsufferedadatabreachnolongerdidbusinesswiththecompaniesinquestion“becauseofthebreach.”Thewayyoumanageadatabreachtomaintaincustomertrustiscritical.

Thatdoesn’tmeanyoushouldn’tprotectyoursystem;itdoesmeanyouneedplansforyourresponse. Andthegoodnewsisthatthere’sagreatdealyou cando.Cyber-attacksarebeyondyourcontrol;breachresponseissomethingyoucanplanfor.

Records breached2

Total

896m

Hacking or malware Electronicentrybyanoutsideparty

70%

Unintended disclosure Sensitiveinformationpostedpubliclyon awebsite,mishandledorsenttothewrongpartyviaemail,faxormail

4%

Portable device Lost,discardedorstolenlaptop,PDA,smartphone,portablememorydevice, CD,harddrive,datatape,etc

19%

Insider Someonewithlegitimateaccess intentionallybreachesinformation –suchasanemployeeorcontractor

4%

Stationary device Lost,discardedorstolenstationary electronicdevicesuchasacomputer orservernotdesignedformobility

1%

Payment card fraud Fraudinvolvingdebitandcreditcards thatisnotaccomplishedviahacking. Forexample,skimmingdevices

1%

Unknown or other 1%

Physical loss Lost,discardedorstolennon-electronicrecords,suchaspaperdocuments

<0.5%

BBR Services – a dedicated team of experts Beazley is unique among insurers in having a dedicated business unit, BBR Services, that focuses exclusively on helping clients manage data breaches successfully.

Athicketofstateandfederalregulationsgovernshowandwhencustomersmustbenotified afterabreachhasoccurred,andtherisk ofreputationaldamagefromamishandled breachishigh.OurBBRServicesteamfocuses onthecoordinationoftheexpertforensic,legal,notificationandcreditmonitoringservicesthatclientsneedtosatisfyalllegalrequirements andmaintaincustomerconfidence.

Inadditiontocoordinatingdatabreachresponse,BBRServicesisresponsibleformaintaininganddevelopingBeazley’ssuiteofriskmanagementservices,designedtominimizetheriskofadatabreachoccurring.

Our experienceIn managing a data breach, you want to make the calls. It’s your reputation that’s on the line. But it’s also smart to have a partner who’s been there before. Things happen too quickly; there’s too much to learn.

That’swhypeopleturntoBeazley.Wepioneeredtheconceptofdatabreachinsurancethatfocusesfirstandforemostonresponse.WecoordinatetheITexpertsandspecializedlawyerstohelpyouestablishwhat’sbeencompromised;assessyourresponsibility;andnotifythoseyouhaveto.Inaddition,wecoordinatecreditoridentitymonitoringforyourcustomersandPRadvicetohelpyousafeguardyourreputation.Wealso,ofcourse,indemnifyyourlossesfromlawsuitsorregulatoryactions,theriskofwhichmaybereducedbyawell-coordinatedbreachresponsebutcanneverbecompletelyeliminated.Beazleyhasbeenattheforefrontofdefendingclientsinthedevelopingandevolvinglegalarenaofprivacyclassactionsandregulatoryinvestigationsarisingfromdatabreaches. Beazleyinventedthiscomprehensiveapproach.Wedomoreofitthananybodyelse.Todatewehavehelpedmorethan4,000clientsmanagedatabreachesswiftlyandsuccessfully.Wecan’tguaranteeyourcybersecurity:noonecan.Butwecanputyouincontrolofyourresponse.

InMarch2012,datacartridgescontaining800,000socialsecurityrecordswerelost intransittoastoragedepot. Itwasbynomeansan isolatedincident.

Beazley Breach Response A comprehensive serviceBeazley Breach Response is a unique insurance, loss control and risk mitigation service that provides a comprehensive service to notify and protect the customers of policyholders that have suffered a data breach.

Coverage includes:• Response to breach events:

• Notificationservicesforuptofivemillionaffectedindividualsincludingforeignnotificationwhereapplicable

• Callcenterservices• Breachresolutionandmitigationservices• Publicrelationsandcrisismanagementexpenses

• Thirdpartyliability,includingcoverageforregulatoryactionsandpaymentcardindustry(PCI)coverageforcreditcardbreaches

• Assistanceateverystageoftheinvestigationof,andresponseto,adatabreachincidentfromBeazley’sin-houseBBRServicesteamofdataprivacyattorneysandtechnicalexperts

• Initialbreachinvestigationandconsulting:• Legalservices• Computerforensicservices

• Complimentarylosscontrolandriskmanagementinformationincludingonlineresourcesandvalue-addededucationalwebinars

Thousandsofhospitalpatientsrequirenotificationafterpaperrecordscontainingpersonalfinancialdata–includingcreditcarddetails–arefoundblowingthroughafieldseveralmilesfromthehospital.

Beazley GroupPlantationPlaceSouth60GreatTowerStreetLondonEC3R5ADUnitedKingdomT+44(0)2076670623F+44(0)2076747100

Beazley Group30BattersonParkRoadFarmington,CT06032USAT+1(860)6773700F+1(860)6790247

Thedescriptionscontainedinthiscommunicationareforpreliminaryinformationalpurposesonly.TheproductisavailableonanadmittedbasisinsomebutnotallUSjurisdictionsthroughBeazleyInsuranceCompany,Inc.,andisavailableonasurpluslinesbasisthroughlicensedsurpluslinesbrokersunderwrittenbyBeazleysyndicatesatLloyd’s.Theexactcoverageaffordedbytheproductdescribedhereinissubjecttoandgovernedbythetermsandconditionsofeachpolicyissued.ThepublicationanddeliveryoftheinformationcontainedhereinisnotintendedasasolicitationforthepurchaseofinsuranceonanyUSrisk.BeazleyUSAServices,Inc.islicensedandregulatedbyinsuranceregulatoryauthoritiesintherespectivestatesoftheUSandtransactsbusinessintheStateofCaliforniaasBeazleyInsuranceServices(License#:0G55497).

CBSL330_US_05/16

Beazley InsuranceServices101CaliforniaStreetSuite1850SanFrancisco,CA94111USACALic.#OG55497T+1(415)2634040F+1(415)2634099

Visitourdedicatedmicrositewww.beazley.com/bbr

Followustwitter.com/breachsolutions