SlideShare a Scribd company logo

TechAssure Presentation PDF linkedin

B
Brian D. Brown

This document provides information about Brian D. Brown, a nationally recognized expert in network security, privacy, and cyber insurance. It discusses Brown's experience in the cyber field spanning over a decade, where he helped draft early cyber insurance products and taught the first classes on e-business risk and insurance. The document outlines Brown's expertise, involvement in industry organizations, published works, and background running the CyberSpecialist Group consulting firm in Atlanta, GA.

1 of 24
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
Network Security and Privacy (Cyber Coverage) Sales and Production Brian D. Brown CyberSpecialist Group Brian@CyberSpecialistGroup.com 404 849 3004 http://lnkd.in/XXCFi7 This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. 2 President  –  CyberSpecialists  Group   3495  Waddeston  Way,  Suite  101C,  Atlanta,  Georgia    30319   brian@CyberSpecialistGroup.com     404  849  3004   Brian  is  a  naEonally  recognized  expert  in  Network  Security  and  Privacy  (Cyber)   exposures  and  Insurance.  He  has  worked  in  the  Cyber  field  for  over  a  decade  and   had  a  hand  in  draSing  the  first  Cyber  products.  He  also  developed  and  taught  the   first  CIC  classes  on  e-­‐Business  risk  and  insurance  responses.     Having  worked  with  both  naEonal  brokers  and  carriers,  he  brings  a  unique  and   broad  perspecEve  to  the  subject.  In  addiEon  to  Cyber  experEse,  Brian  was  an   account  execuEve  at  naEonal  brokers  so  has  a  broad  range  of  knowledge  and  skills   in  all  areas  of  property  and  casualty  insurance.  He  has  been  instrumental,  in  his   career,  in  developing  successful,  innovaEve,  cuWng  edge  programs  and  products  for   both  insurance  carriers  and  brokers.   Brian  is  an  acEve  member  of  the  PLUS  Southeastern  Chapter  and  a  regular  speaker   for  PLUS  and  RIMS  events  and  seminars.  He  is  also  a  published  author  in  Property   Casualty  360  and  the  American  Bar  AssociaEon  magazine.  In  the  last  month  he  has   an  arEcle  the  Texas  magazine,  The  Insurance  Record  –  September  4,  2014  and   another  naEonally  in  The  Insurance  Journal  –  September  22,  2014.     In  his  spare  Eme  Brian  is  a  freelance  fine  arEst  and  a  Dad  to  his  three  children  and   current  resides  in  Atlanta,  GA. Brian D. Brown
3 1. Discuss Data Privacy exposures 2. Determine the # of records at risk 3. Explain the costs of a Breach 4. Review causes of a Breach • Negligence • Rogue Employee • Business Assoc./Vendor • Hacker 5. Present Insurance solution Typical Sales Process
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. 4 Your Experiences
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. 5 Not Us Isn’t this already insured? “BULLETPROOF Security” I just don’t get this tech stuff End Costs Too Much Apps. – Too Much Work X
State Security Breach Notification Laws -
 Forty-seven states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information 
 http://www.digestiblelaw.com/files/upload/securitybreach.pdf The Health Insurance Portability and Accountability Act of 1996 (HIPAA) - Health Information Technology for Economic and Clinical Health (HITECH) 
 
 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html Gramm–Leach–Bliley Act (Subtitle A: Disclosure of Nonpublic Personal Information, codified at 15 U.S.C. §§ 6801– 6809) • The Safeguards Rule requires financial institutions to develop a written information security plan that describes how the company is prepared for, and plans to continue to protect clients’ nonpublic personal information. 6 Not us? This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
Progress on Federal Notification Bill 7 National Data Breach Notification Bill Advances Measure Would Pre-empt State Breach Notification Laws By Eric Chabrow, April 15, 2015. The House Energy and Commerce Committee approved on April 15 the Data Security and Breach Notification Act by a 29-20 vote, with only Republicans supporting the measure. Even its Democratic co-sponsor, Rep. Peter Welch of Vermont, voted against it. http://www.databreachtoday.com/national-data-breach-notification-bill-advances-a-8109
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. Further Federal Intervention 8 House Panel Passes Cyberthreat Info Sharing Bill Democratic Attempts to Limit Liability Safeguards Fail By Eric Chabrow, April 14, 2015. "If you abide by the provisions of this act," Cedric Richmond (D-LA) said, "then you're exempt from liability. It's just that simple. Instead of adding all these other concepts to the liability language, if we take the time to pass a bill and you abide by it, you have liability exemption. If you don't, then you don't have exemption." http://www.databreachtoday.com/house-panel-passes-cyberthreat-info-sharing-bill-a-8106
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. 9 http://www.informationisbeautiful.net/visualizations/worlds-biggest-data- breaches-hacks/
Not Us…Right? 5/12/2014 10 © 2014 CyberSpecialist, LLC All Rights Reserved. This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. •Back http://www.csid.com/resources/stats/data-breaches-by-industry/ https://www.privacyrights.org/data-breach
11 Isn’t This Already Insured? A. Coverage 2. Property Not Covered Covered property does not include: n. The following property, except as provided in the Coverage Extension for Electronic Media And Records and Valuable Papers And Records: (1) Electronic media and records, meaning the following: (a) Media, meaning disks, drives, CD-ROMs, tapes, cells or other computer software, or any media which are used with electronically controlled equipment. Software includes systems and applications software. (b) Data, meaning information or facts stored on media described in (1) (a) above. Data includes valuable papers and records converted to data. (c) Computer program, meaning a set of related electronic instructions which direct the operations and functions of a computer or device connected to it, which enable the computer or device to receive, process, store, retrieve or send data. ISO BUILDING AND PERSONAL PROPERTY CP-00-10 This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
12 Isn’t This Already Insured? ISO COMMERCIAL GENERAL LIABILITY COVERAGE FORM CG-00-01 12 04 (Cov. A - BI & PD) This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. p. Electronic Data Damages arising out of the loss of, loss of use of, damage to, corruption of, inability to access, or inability to manipulate electronic data. As used in this exclusion, electronic data means information, facts or programs stored as or on, created or used on, or transmitted to or from computer software, including systems and applications software, hard or floppy disks, CD- ROMS, tapes, drives, cells, data processing devices or any other media which are used with electronically controlled equipment. Exclusion Pg. 5 of 15
Endorsement for Cov. B (P &AI)
14 PROFESSIONAL LIABILITY POLICIES HEALTH CARE ORGANIZATIONS AND PROVIDERS PROFESSIONAL LIABILITY, GENERAL LIABILITY AND EMPLOYEE BENEFIT LIABILITY POLICY - ONE BEACON - HPF-10002-02-13 (12) (a) unauthorized, unlawful, or unintentional taking, obtaining, accessing, using, disclosing, distributing, disseminating, transmitting, gathering, collecting, acquiring, corrupting, damaging, destroying, deleting, or impairing of any information or data of any kind, including but not limited to any health care or other medical information or Personally Identifiable Health Information; provided, that this Exclusion (D)(12)(a) shall not apply to any Claim for a Professional Services Wrongful Act as defined in DEFINTION (OO)(3); “((3) any inadvertent: (a) publication)” (b)  failure or inability of any computer, computer component (including but not limited to any hardware, network, terminal device, data storage device, input and output device, or back up facility), application, program, software, code, or script of any kind (a “System”) to perform or function as planned or intended, including but not limited to any failure or inability of any System to prevent any hack, virus, contaminant, worm, trojan horse, logic bomb, or unauthorized or unintended accessing or use involving any System; 
 Be careful of exclusions disguised as sub-limits •Back This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
15 “Jam Up and Jelly Tight” BOTTOM LINE There is always an incremental risk – It is unavoidable…
 AND IT IS PERFECTLY “OKAY”. •Back This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. Automatic Sprinkler Analogy
There is no need to get into extremely deep technical details As with most insurance, one of the underwriting consideration is management concern (resources and focus) Brief Network Security and Privacy Primer • Architecture • Concerns o Hardware o Software o People o Mobile o “Off network” risks 16 I Just Don’t Get This Tech Stuff This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
17 I Just Don’t Get This Tech Stuff Wireless The Network Remote Users/Laptops Vendor •BackThis is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. Realms of “Cyber” Exposures
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. 18 Interest /Need Complete Application Obtain Quotes Present Bind Interest /Need Complete Application Obtain Pricing Present Bind Obtain Quotes Traditional Cyber Cycle BACK The Sales Process is Now Flipped
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. Sample Costs - $1M limit - $250k Sub-Limits Matrix for Community Banks Revenues Bands Option #1 Premium Range $0 - $1M $1,000 $1M - $2M $1,000 - $1,450 $2M - $3M $1,450 - $2,000 $3M - $4M $2,000 - $2,350 $4M - $5M $2,350 - $2,700 $5M - $7.5M $2,700 - $3,500 $7.5M - $10M $3,500 - $4,300 $10M - $20M $4,300 - $8,150 19 Back
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. Insurance Pricing How it REALLY works. 20 Back It’s a very complex process. Insurance can’t be priced like most products, by supply and demand, because the money people pay for it is intended to help protect against the cost of unforeseen future happenings—for example, a fire, a burglary or an auto accident. While many factors are considered in rate making, rates basically are dependent on one major factor—the combined cost of all the losses or claims—known as the company’s loss experience. http://www.pia.org/IRC/qs/qs_other/QS90360.pdf
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. Insurance Pricing How it REALLY works. 21 Back 'Underwriting Cycle' 
 At the beginning of the cycle, the underwriting business is soft due to increased competition and excess insurance capacity, as a result of which premiums are low. (leading to) lower insurance capacity … enabling insurers to raise premiums and post solid earnings growth. This robust underwriting environment attracts more competitors, which gradually leads to more capacity and lower premiums, setting the stage for a repetition of the underwriting cycle. 
 http://www.investopedia.com/terms/u/underwriting-cycle.asp
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. Bang for Your Buck Nearly all States have a Safe Harbor provision included in their State Notification Law for Personal Identifiable Information which is encrypted. TX – “Sensitive personal information” only applies to data items that are not encrypted. Free Sites https://www.gnupg.org/ http://en.wikipedia.org/wiki/ Comparison_of_disk_encryption_software And others.22
This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. Brian D. Brown 23 brian@CyberSpecialistGroup.com 404 849 3004 CyberSpecialistGroup.com
© 2014 CyberSpecialit, LLC. All Rights Reserved. | ?’s 24 Open Discussion •Back

More Related Content

PDF
Privacy and Data Security: Minimizing Reputational and Legal Risks
TechWell
 
PPT
MA Privacy Law
travismd
 
PPTX
Life Cycle of a Data Breach - Cybersecurity Seminar Series
Paige Rasid
 
PDF
New York State Department of Financial Services Expands Its Cyber Focus to In...
NationalUnderwriter
 
PDF
Data Breaches Preparedness (Credit Union Conference Session)
NAFCU Services Corporation
 
PDF
International Standards to Regulate Aggressive Cyber-behavior from a Foreign ...
Mansoor Faridi, CISA
 
PDF
wp-follow-the-data
Numaan Huq
 
PDF
Dinis Cruz IBWAS'10 Conference Keynote
SandraPaiva
 
Privacy and Data Security: Minimizing Reputational and Legal Risks
TechWell
 
MA Privacy Law
travismd
 
Life Cycle of a Data Breach - Cybersecurity Seminar Series
Paige Rasid
 
New York State Department of Financial Services Expands Its Cyber Focus to In...
NationalUnderwriter
 
Data Breaches Preparedness (Credit Union Conference Session)
NAFCU Services Corporation
 
International Standards to Regulate Aggressive Cyber-behavior from a Foreign ...
Mansoor Faridi, CISA
 
wp-follow-the-data
Numaan Huq
 
Dinis Cruz IBWAS'10 Conference Keynote
SandraPaiva
 

What's hot (11)

PDF
170105 d link-complaint_and_exhibits
Andrey Apuhtin
 
PDF
Data Breach Response Guide (Whitepaper))
NAFCU Services Corporation
 
PPTX
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Don Grauel
 
PPT
Data Breaches: The Cost of Being Unprepared
haynormania
 
PDF
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
Casey Ellis
 
PDF
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Shawn Tuma
 
PDF
FTC- Internet of Things (January, 2015)
Dr Dev Kambhampati
 
PDF
Session B: Handout 3
feitwincities
 
PPTX
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
HB Litigation Conferences
 
PDF
CT, HI & VT - Oh My! What Do the Latest Privacy Regulations Mean to You?
Resilient Systems
 
PDF
BEA Presentation
Glenn E. Davis
 
170105 d link-complaint_and_exhibits
Andrey Apuhtin
 
Data Breach Response Guide (Whitepaper))
NAFCU Services Corporation
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Don Grauel
 
Data Breaches: The Cost of Being Unprepared
haynormania
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
Casey Ellis
 
Cybersecurity Legal Trends: The Evolving Standard of Care for Companies and M...
Shawn Tuma
 
FTC- Internet of Things (January, 2015)
Dr Dev Kambhampati
 
Session B: Handout 3
feitwincities
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
HB Litigation Conferences
 
CT, HI & VT - Oh My! What Do the Latest Privacy Regulations Mean to You?
Resilient Systems
 
BEA Presentation
Glenn E. Davis
 
Ad

Viewers also liked (13)

PDF
Terrorismo y turismo
José Ignacio B
 
PDF
La amenaza terrorista en el ámbito marítimo
Alfredo Rodriguez Gomez
 
PPT
Elterrorismo
mecagoenlaputa
 
PPT
Nuevo PresentacióN De Microsoft Power Point
sadik4c
 
PPT
El terrorismo
danielaisimar
 
PDF
Aljofar octubre 2010 no.7
Ingrid Lopez
 
ODP
Guantanamo
Flaviolacampos
 
PDF
Jacinto Valdés-Dapena: “La CIA contra Cuba”
nuestrocanto
 
PPTX
Que es el terrorismo
CISPensamientoEstrategico
 
PPT
BLOQUEO CONTRA CUBA
cubatellama
 
PPTX
Terrorismo informático
Stalin Eduardo Tusa Vitar
 
PPT
Terrorismo De Estado
crisan
 
PPTX
Expo relaciones
INJUROMA
 
Terrorismo y turismo
José Ignacio B
 
La amenaza terrorista en el ámbito marítimo
Alfredo Rodriguez Gomez
 
Elterrorismo
mecagoenlaputa
 
Nuevo PresentacióN De Microsoft Power Point
sadik4c
 
El terrorismo
danielaisimar
 
Aljofar octubre 2010 no.7
Ingrid Lopez
 
Guantanamo
Flaviolacampos
 
Jacinto Valdés-Dapena: “La CIA contra Cuba”
nuestrocanto
 
Que es el terrorismo
CISPensamientoEstrategico
 
BLOQUEO CONTRA CUBA
cubatellama
 
Terrorismo informático
Stalin Eduardo Tusa Vitar
 
Terrorismo De Estado
crisan
 
Expo relaciones
INJUROMA
 
Ad

Similar to TechAssure Presentation PDF linkedin (20)

PPT
Securing Your "Crown Jewels": Do You Have What it Takes?
IBM Security
 
PDF
Law Firm Security: How to Protect Your Client Data and Stay Compliant
Clio - Cloud-Based Legal Technology
 
PDF
Online Trust Alliance Recommendations
Meg Weber
 
PDF
2014 ota databreachguide4
Meg Weber
 
PDF
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
CA Technologies
 
PDF
Linking the CISO to the CFO
Axio
 
PDF
IDENTITY AWARENESS, PROTECTION, AND MANAGEMENT GUIDE - March 2019
Ron Craig
 
DOCX
Security Policies and Implementation IssuesChapter 3U.S. Com.docx
jeffreye3
 
PPT
IBM Insight 2014 session (4152 )- Accelerating Insights in Healthcare with “B...
Alex Zeltov
 
PPTX
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Eric Vanderburg
 
PDF
wp-analyzing-breaches-by-industry
Numaan Huq
 
PPTX
Privacy Frontline - Level 1 - Module 1.pptx
trevor501353
 
PPTX
September 2019 part 9
seadeloitte
 
PDF
Data Privacy Compliance
Financial Poise
 
PDF
CC Certified in Cybersecurity All-in-One Exam Guide Steven Bennett
tapzawageih34
 
PPT
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Peter1020
 
PDF
2015 09-22 Is it time for a Security and Compliance Assessment?
Raffa Learning Community
 
PDF
2020 vrm expert reference guide
AnkitKumar250429
 
PDF
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Financial Poise
 
PDF
Business Continuity State of the Industry Report 1st Edition Herbert J. Mattord
ngoahhx4886
 
Securing Your "Crown Jewels": Do You Have What it Takes?
IBM Security
 
Law Firm Security: How to Protect Your Client Data and Stay Compliant
Clio - Cloud-Based Legal Technology
 
Online Trust Alliance Recommendations
Meg Weber
 
2014 ota databreachguide4
Meg Weber
 
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
CA Technologies
 
Linking the CISO to the CFO
Axio
 
IDENTITY AWARENESS, PROTECTION, AND MANAGEMENT GUIDE - March 2019
Ron Craig
 
Security Policies and Implementation IssuesChapter 3U.S. Com.docx
jeffreye3
 
IBM Insight 2014 session (4152 )- Accelerating Insights in Healthcare with “B...
Alex Zeltov
 
Protecting Accounting Firms and their Clients - Eric Vanderburg - JurInnov
Eric Vanderburg
 
wp-analyzing-breaches-by-industry
Numaan Huq
 
Privacy Frontline - Level 1 - Module 1.pptx
trevor501353
 
September 2019 part 9
seadeloitte
 
Data Privacy Compliance
Financial Poise
 
CC Certified in Cybersecurity All-in-One Exam Guide Steven Bennett
tapzawageih34
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Peter1020
 
2015 09-22 Is it time for a Security and Compliance Assessment?
Raffa Learning Community
 
2020 vrm expert reference guide
AnkitKumar250429
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Financial Poise
 
Business Continuity State of the Industry Report 1st Edition Herbert J. Mattord
ngoahhx4886
 

TechAssure Presentation PDF linkedin

  • 1. Network Security and Privacy (Cyber Coverage) Sales and Production Brian D. Brown CyberSpecialist Group Brian@CyberSpecialistGroup.com 404 849 3004 http://lnkd.in/XXCFi7 This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
  • 2. This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. 2 President  –  CyberSpecialists  Group   3495  Waddeston  Way,  Suite  101C,  Atlanta,  Georgia    30319   brian@CyberSpecialistGroup.com     404  849  3004   Brian  is  a  naEonally  recognized  expert  in  Network  Security  and  Privacy  (Cyber)   exposures  and  Insurance.  He  has  worked  in  the  Cyber  field  for  over  a  decade  and   had  a  hand  in  draSing  the  first  Cyber  products.  He  also  developed  and  taught  the   first  CIC  classes  on  e-­‐Business  risk  and  insurance  responses.     Having  worked  with  both  naEonal  brokers  and  carriers,  he  brings  a  unique  and   broad  perspecEve  to  the  subject.  In  addiEon  to  Cyber  experEse,  Brian  was  an   account  execuEve  at  naEonal  brokers  so  has  a  broad  range  of  knowledge  and  skills   in  all  areas  of  property  and  casualty  insurance.  He  has  been  instrumental,  in  his   career,  in  developing  successful,  innovaEve,  cuWng  edge  programs  and  products  for   both  insurance  carriers  and  brokers.   Brian  is  an  acEve  member  of  the  PLUS  Southeastern  Chapter  and  a  regular  speaker   for  PLUS  and  RIMS  events  and  seminars.  He  is  also  a  published  author  in  Property   Casualty  360  and  the  American  Bar  AssociaEon  magazine.  In  the  last  month  he  has   an  arEcle  the  Texas  magazine,  The  Insurance  Record  –  September  4,  2014  and   another  naEonally  in  The  Insurance  Journal  –  September  22,  2014.     In  his  spare  Eme  Brian  is  a  freelance  fine  arEst  and  a  Dad  to  his  three  children  and   current  resides  in  Atlanta,  GA. Brian D. Brown
  • 3. 3 1. Discuss Data Privacy exposures 2. Determine the # of records at risk 3. Explain the costs of a Breach 4. Review causes of a Breach • Negligence • Rogue Employee • Business Assoc./Vendor • Hacker 5. Present Insurance solution Typical Sales Process
  • 4. This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. 4 Your Experiences
  • 5. This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. 5 Not Us Isn’t this already insured? “BULLETPROOF Security” I just don’t get this tech stuff End Costs Too Much Apps. – Too Much Work X
  • 6. State Security Breach Notification Laws -
 Forty-seven states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information 
 http://www.digestiblelaw.com/files/upload/securitybreach.pdf The Health Insurance Portability and Accountability Act of 1996 (HIPAA) - Health Information Technology for Economic and Clinical Health (HITECH) 
 
 http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html Gramm–Leach–Bliley Act (Subtitle A: Disclosure of Nonpublic Personal Information, codified at 15 U.S.C. §§ 6801– 6809) • The Safeguards Rule requires financial institutions to develop a written information security plan that describes how the company is prepared for, and plans to continue to protect clients’ nonpublic personal information. 6 Not us? This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
  • 7. Progress on Federal Notification Bill 7 National Data Breach Notification Bill Advances Measure Would Pre-empt State Breach Notification Laws By Eric Chabrow, April 15, 2015. The House Energy and Commerce Committee approved on April 15 the Data Security and Breach Notification Act by a 29-20 vote, with only Republicans supporting the measure. Even its Democratic co-sponsor, Rep. Peter Welch of Vermont, voted against it. http://www.databreachtoday.com/national-data-breach-notification-bill-advances-a-8109
  • 8. This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. Further Federal Intervention 8 House Panel Passes Cyberthreat Info Sharing Bill Democratic Attempts to Limit Liability Safeguards Fail By Eric Chabrow, April 14, 2015. "If you abide by the provisions of this act," Cedric Richmond (D-LA) said, "then you're exempt from liability. It's just that simple. Instead of adding all these other concepts to the liability language, if we take the time to pass a bill and you abide by it, you have liability exemption. If you don't, then you don't have exemption." http://www.databreachtoday.com/house-panel-passes-cyberthreat-info-sharing-bill-a-8106
  • 9. This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. 9 http://www.informationisbeautiful.net/visualizations/worlds-biggest-data- breaches-hacks/
  • 10. Not Us…Right? 5/12/2014 10 © 2014 CyberSpecialist, LLC All Rights Reserved. This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. •Back http://www.csid.com/resources/stats/data-breaches-by-industry/ https://www.privacyrights.org/data-breach
  • 11. 11 Isn’t This Already Insured? A. Coverage 2. Property Not Covered Covered property does not include: n. The following property, except as provided in the Coverage Extension for Electronic Media And Records and Valuable Papers And Records: (1) Electronic media and records, meaning the following: (a) Media, meaning disks, drives, CD-ROMs, tapes, cells or other computer software, or any media which are used with electronically controlled equipment. Software includes systems and applications software. (b) Data, meaning information or facts stored on media described in (1) (a) above. Data includes valuable papers and records converted to data. (c) Computer program, meaning a set of related electronic instructions which direct the operations and functions of a computer or device connected to it, which enable the computer or device to receive, process, store, retrieve or send data. ISO BUILDING AND PERSONAL PROPERTY CP-00-10 This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
  • 12. 12 Isn’t This Already Insured? ISO COMMERCIAL GENERAL LIABILITY COVERAGE FORM CG-00-01 12 04 (Cov. A - BI & PD) This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. p. Electronic Data Damages arising out of the loss of, loss of use of, damage to, corruption of, inability to access, or inability to manipulate electronic data. As used in this exclusion, electronic data means information, facts or programs stored as or on, created or used on, or transmitted to or from computer software, including systems and applications software, hard or floppy disks, CD- ROMS, tapes, drives, cells, data processing devices or any other media which are used with electronically controlled equipment. Exclusion Pg. 5 of 15
  • 14. 14 PROFESSIONAL LIABILITY POLICIES HEALTH CARE ORGANIZATIONS AND PROVIDERS PROFESSIONAL LIABILITY, GENERAL LIABILITY AND EMPLOYEE BENEFIT LIABILITY POLICY - ONE BEACON - HPF-10002-02-13 (12) (a) unauthorized, unlawful, or unintentional taking, obtaining, accessing, using, disclosing, distributing, disseminating, transmitting, gathering, collecting, acquiring, corrupting, damaging, destroying, deleting, or impairing of any information or data of any kind, including but not limited to any health care or other medical information or Personally Identifiable Health Information; provided, that this Exclusion (D)(12)(a) shall not apply to any Claim for a Professional Services Wrongful Act as defined in DEFINTION (OO)(3); “((3) any inadvertent: (a) publication)” (b)  failure or inability of any computer, computer component (including but not limited to any hardware, network, terminal device, data storage device, input and output device, or back up facility), application, program, software, code, or script of any kind (a “System”) to perform or function as planned or intended, including but not limited to any failure or inability of any System to prevent any hack, virus, contaminant, worm, trojan horse, logic bomb, or unauthorized or unintended accessing or use involving any System; 
 Be careful of exclusions disguised as sub-limits •Back This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
  • 15. 15 “Jam Up and Jelly Tight” BOTTOM LINE There is always an incremental risk – It is unavoidable…
 AND IT IS PERFECTLY “OKAY”. •Back This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. Automatic Sprinkler Analogy
  • 16. There is no need to get into extremely deep technical details As with most insurance, one of the underwriting consideration is management concern (resources and focus) Brief Network Security and Privacy Primer • Architecture • Concerns o Hardware o Software o People o Mobile o “Off network” risks 16 I Just Don’t Get This Tech Stuff This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.
  • 17. 17 I Just Don’t Get This Tech Stuff Wireless The Network Remote Users/Laptops Vendor •BackThis is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. Realms of “Cyber” Exposures
  • 18. This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. 18 Interest /Need Complete Application Obtain Quotes Present Bind Interest /Need Complete Application Obtain Pricing Present Bind Obtain Quotes Traditional Cyber Cycle BACK The Sales Process is Now Flipped
  • 19. This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. Sample Costs - $1M limit - $250k Sub-Limits Matrix for Community Banks Revenues Bands Option #1 Premium Range $0 - $1M $1,000 $1M - $2M $1,000 - $1,450 $2M - $3M $1,450 - $2,000 $3M - $4M $2,000 - $2,350 $4M - $5M $2,350 - $2,700 $5M - $7.5M $2,700 - $3,500 $7.5M - $10M $3,500 - $4,300 $10M - $20M $4,300 - $8,150 19 Back
  • 20. This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. Insurance Pricing How it REALLY works. 20 Back It’s a very complex process. Insurance can’t be priced like most products, by supply and demand, because the money people pay for it is intended to help protect against the cost of unforeseen future happenings—for example, a fire, a burglary or an auto accident. While many factors are considered in rate making, rates basically are dependent on one major factor—the combined cost of all the losses or claims—known as the company’s loss experience. http://www.pia.org/IRC/qs/qs_other/QS90360.pdf
  • 21. This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. Insurance Pricing How it REALLY works. 21 Back 'Underwriting Cycle' 
 At the beginning of the cycle, the underwriting business is soft due to increased competition and excess insurance capacity, as a result of which premiums are low. (leading to) lower insurance capacity … enabling insurers to raise premiums and post solid earnings growth. This robust underwriting environment attracts more competitors, which gradually leads to more capacity and lower premiums, setting the stage for a repetition of the underwriting cycle. 
 http://www.investopedia.com/terms/u/underwriting-cycle.asp
  • 22. This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. Bang for Your Buck Nearly all States have a Safe Harbor provision included in their State Notification Law for Personal Identifiable Information which is encrypted. TX – “Sensitive personal information” only applies to data items that are not encrypted. Free Sites https://www.gnupg.org/ http://en.wikipedia.org/wiki/ Comparison_of_disk_encryption_software And others.22
  • 23. This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases. Brian D. Brown 23 brian@CyberSpecialistGroup.com 404 849 3004 CyberSpecialistGroup.com
  • 24. © 2014 CyberSpecialit, LLC. All Rights Reserved. | ?’s 24 Open Discussion •Back