Participate on Twitter: Follow @nfiblive and use hashtag #nfibliveDownload slides at: http://www.nfib.com/
Data Breach: Protecting Your Business
Dillon BehrExecutive Lines Broker
Risk Placement Services, Inc.
Participate on Twitter: Follow @nfiblive and use hashtag #nfibliveDownload slides at: http://www.nfib.com/
Meet Our Speaker
Dillon BehrExecutive Lines BrokerRisk Placement Services, Inc.• Previously worked as Cyber Security threat Intelligence Analyst for Discover
Financial Services and the US government.• Focused on finding cyber liability and breach response solutions for clients of
all types and sizes. • Risk Placement Services (RPS) is a Managing General Agent/Underwriting
Manager and nationally focused wholesale insurance broker. – Ranked in the top five in every insurance industry category and have
been consistently ranked as the largest MGA in the country for several years.
– Known for doing the right thing even if it means referring business to a competitor
Participate on Twitter: Follow @nfiblive and use hashtag #nfibliveDownload slides at: http://www.nfib.com/
What is a Data Breach?
A data breach is any exposure of private or confidential information held by an entity (business, government, nonprofit, etc.) and includes:
– Private Personal Information such as:• Personally Identifiable Information (PII)• Protected Health Information• Account Information
– Confidential Company Data such as:• Business Plans• Client Lists
A data breach does not have to involve a computer or a crime!
Participate on Twitter: Follow @nfiblive and use hashtag #nfibliveDownload slides at: http://www.nfib.com/
Typical Causes of Breaches
• Missing or stolen laptop or storage device• Mis-mailing• Erroneous Data Posting• Compromised System (Hacking)• Loss or Theft of Physical Documents• Lost Back-up Data or Tape• Third-Party Vendor• Improper Document/Equipment Disposal• Insider
Participate on Twitter: Follow @nfiblive and use hashtag #nfibliveDownload slides at: http://www.nfib.com/
• Responsibility for another’s data breach• Law suit defense• Fines and penalties• Website and systems interruption
• Loss of income• Digital forensics• Notifications and credit monitoring• Restoration of data• Ransomware• Cyber Deception
Other Types of Exposures
Participate on Twitter: Follow @nfiblive and use hashtag #nfibliveDownload slides at: http://www.nfib.com/
Legal Requirements
• Federal legislative framework for the protection of PII resembles a patchwork quilt
• No dedicated data protection law• Regulations are primarily by industry, sector-by-sector • Laws and regulations developed at both the federal and state
levels• Enforced by federal and state authorities, but most suits are
civil, not criminal (HIPAA is exception)
Stricter laws are coming!!! It’s just a matter of time.
Participate on Twitter: Follow @nfiblive and use hashtag #nfibliveDownload slides at: http://www.nfib.com/
Most small businesses are NOT prepared for a data breach
Is Your Business Prepared?
47 U.S. States, D.C., Guam, Puerto Rico and the Virgin Islands require notification of security breaches involving PII
60% of all targeted data breach attacks struck small and medium sized organizations(2015 Symantec Internet Security Threat Report)
60% of SMBs that suffer a breach go out of business(Protecting Small Business Against Emerging and Complex Cyber Attacks – House Committee on Small Business, 2013)
$3.79M = Average total cost of a data breach(2015 Ponemon-IBM Total Cost of a Data Breach Study)
Participate on Twitter: Follow @nfiblive and use hashtag #nfibliveDownload slides at: http://www.nfib.com/
Protecting Your Business:Data Handling Practices & Guidelines
• Identify all PII• Minimize use, collection, and retention of PII• Categorize PII by confidentiality impact level• Apply appropriate safeguards
• Develop Policies and Procedures• Training• De-identify• Control Access (mobiles too)• Transmission Confidentiality (encryption)• Audits
• Develop Incident Response Plan• Close coordination of Senior officers / counsel
Participate on Twitter: Follow @nfiblive and use hashtag #nfibliveDownload slides at: http://www.nfib.com/
Suspect a Breach?
Who will:• Determine if breach actually
occurred?• Clean up the systems and
restore data?• Notify customers?• Provide legal guidance and
protection?• Advise in a ransom scenario?• Pay for all of this?
Participate on Twitter: Follow @nfiblive and use hashtag #nfibliveDownload slides at: http://www.nfib.com/
Protecting Your Business:Cyber Liability Insurance
• Insurance coverage designed to protect a business from liability associated with:
• Unauthorized release of confidential information
• Violation of a person’s rights to privacy
• Personal injury in an electronic/social media environment
• Intellectual property infringement
• Violations of state or federal privacy laws
• Out-of-pocket expenses incurred to make the above problems go away
Participate on Twitter: Follow @nfiblive and use hashtag #nfibliveDownload slides at: http://www.nfib.com/
Protecting Your Business:Cyber Liability Insurance
Liability (3rd-Party)Privacy Liability – private info gets out, client gets sued.
Privacy Regulatory Claims Coverage – private info gets out, gov’t investigates/fines.
Security Liability – network gets breached, network transmits virus, etc. client gets sued.
Multimedia Liability – client responsible for IP infringement or personal injury online environment, clients gets sued.
First-PartySecurity Breach Response Coverage – legal assistance, IT forensics, notification expense, PR, credit monitoring, call center services, etc.
Cyber Extortion – expenses associated to mitigate an extortion threat or ransom
Business Income and Digital Asset Restoration – lost $ due to covered network disruption
PCI DSS Assessment – fines/penalties associated with breach of cardholder data
Cyber Deception (optional) – loss of $ the insured willingly releases, based on fraudulent instruction
Participate on Twitter: Follow @nfiblive and use hashtag #nfibliveDownload slides at: http://www.nfib.com/
Protecting Your Business:Cyber Liability Insurance
Things to consider when exploring your options:
•Understand your exposure•Number and type of records •Current security posture•Financial
•What limits for each coverage are necessary? Are sub-limits sufficient?•Are Extortion, Forensics, Restoration, Remediation and Response all covered?•Does policy offer breach response services or just indemnification?•How does this policy integrate with your Incident Response Plan?•Are value-added services available?
Participate on Twitter: Follow @nfiblive and use hashtag #nfibliveDownload slides at: http://www.nfib.com/
Protecting Your Business:Cyber Liability Insurance
NFIB CAN HELP! Access to cyber liability insurance is offered as a benefit of membership.
• Industry-leading coverage• Voluntary notification even if not required by law• Coverage for 3rd party vendors handling personally identifiable info• Broad Multimedia Liability covers Insured’s websites, social media, etc.• PCI Assessment sub-limit automatically included• Coverage for loss of confidential data in any form – paper or electronic• Dependent Business Interruption – full policy limits• Cyber Deception endorsement available
Learn more and apply for coverage at nfibcyber.com
Participate on Twitter: Follow @nfiblive and use hashtag #nfibliveDownload slides at: http://www.nfib.com/
For more information about cyber liability insurance contact:
SelectSolutions855-200-5313nfibcyber.com
Participate on Twitter: Follow @nfiblive and use hashtag #nfibliveDownload slides at: http://www.nfib.com/
Additional NFIB.com Resources
Please leave this blank