the real cost of a data breachs3.amazonaws.com/storage.pardot.com/104432/...crisis services costs...

THE REAL COST OF A DATA BREACH

WELCOME

SPEAKERS

CYBER CLAIMS

STUDY

HIGHLIGHTS

MARK GREISIGER -NETDILIGENCE®

BREACHES

RECORDS

5

www.NetDiligence.comwww.eRiskHub.com

NetDiligence 2015 Claims Study–––––––––– HIGHLIGHTS OF FINDINGS —–––––––––

CRISIS SERVICES COSTS

– AVERAGE COST OF CRISIS SERVICES $500K (RANGE WAS $0–$15M)

Median cost of crisis services $60.6K

LEGAL COSTS

– AVERAGE COST OF LEGAL DEFENSE $434.4K (MEDIAN COST: $74K)

– Average cost of settlement $880.8K (Median cost: $50K)

6

2015 Claims Study–––––––––– HIGHLIGHTS OF FINDINGS —–––––––––

www.NetDiligence.comwww.eRiskHub.com

PCI

PHI

PII

Non-card Financial

Trade secrets

Other

Unknown

2015 Claims Study–––––––––– HIGHLIGHTS OF PRELIMINARY FINDINGS —–––––––––

www.NetDiligence.comwww.eRiskHub.com

Hacker

Lost/stolenlaptop/device

Malware/Virus

Paper records

Rogue employee

Staff mistake

System glitch

Theft of hardware

Theft of money

Wrongful datacollection

Other

2015 Claims Study–––––––––– HIGHLIGHTS OF PRELIMINARY FINDINGS —–––––––––

www.NetDiligence.comwww.eRiskHub.com

HEALTHCARE WAS THE SECTOR MOST FREQUENTLY BREACHED (21%), FOLLOWED CLOSELY BY FINANCIAL SERVICES (17%).

THE LARGEST BREACHES OCCURRED IN THE RETAIL SECTOR, FOLLOWED BY HEALTHCARE.

Energy

Entertainment

Financial Services

Gaming & Casino

Healthcare

Hospitality

Manufacturing

Media

Non-Profit

Other

Professional Services

Restaurant

Retail

Technology

Telecommunications

Transportation

2015 Claims Study–––––––––– HIGHLIGHTS OF PRELIMINARY FINDINGS —–––––––––

www.NetDiligence.comwww.eRiskHub.com

NANO ORGANIZATIONS EXPERIENCED THE MOST INCIDENTS (29%), FOLLOWED CLOSELY BY SMALL ORGANIZATIONS (25%).

EXTREMELY LARGE BREACHES OCCURRED IN NANO, SMALL AND LARGE ORGANIZATIONS.

Nano (<$50M)

Micro ($50M-$300M)

Small ($300M-$2B)

Mid ($2B-$10B)

Large ($10B-$100B)

Mega (> $100B)

Unknown

2015 Claims Study–––––––––– HIGHLIGHTS OF PRELIMINARY FINDINGS —–––––––––

www.NetDiligence.comwww.eRiskHub.com

NOTES ON VERIZON 2015 DBIRBASED ON 2100 CONFIRMED BREACHES

PEOPLE WEAK LINKS: STAFF ACCOUNT FOR NEARLY 90% OF ALL SECURITY INCIDENTS

BAD GUY METHODS & TARGETS

BREACHES ARE EXPENSIVE

www.NetDiligence.comwww.eRiskHub.com

THANK YOU TO OUR CYBER RISK INSURANCE

PARTNERS!

www.NetDiligence.comwww.eRiskHub.com

Security Controls & Investigation ProcessPREVENTION, DETECTION, & CORRECTION

Misconceptions

Low DemandInformation Security Risk Assessment

Security Awareness

Training

Incident Response Plan

Qualified Staff/Vendors

Engaged

Evidence Preservation & Investigation

Incident Discovery (30-

120 Days)

Environment Changes & Evidence

Destruction

Qualified Staff/ Vendors

Engaged

Evidence Preservation & Investigation

Information Security Risk Assessment

Security controls can be preventive, detective or corrective by nature

-

-

-

-

-

-

PREPARATION AND COST MINIMIZATION

PREPARATION IS THE KEY TO SUCCESS

PLAN AHEAD TO AVOID COSTLY MISTAKES

INVEST IN CAPACITY IN ADVANCE

A POOR CUSTOMER RESPONSE IS A

CAREER KILLER

2

3

1

PLAN AHEAD TO AVOID MISTAKES

•

•

•

INVEST IN CAPACITY IN ADVANCE

SCALEFor how many customer records are you

accountable?

SPEEDWhen Krebs on Security or the NY Times calls, how

quickly will your CEO want to respond to all those

customers?

RESERVE

CAPACITYIs a no-comittment, first-come, first-served

capacity plan sufficient for your CEO?

CREATE A POSITIVE CUSTOMER EXPERIENCE

•

•

•

OFFER APPROPRIATE PROTECTIONS

•

•

SPEAKER CONTACT INFORMATION

Mark GreisigerMark.Greisiger@netdiligence.com

Andrew Obuchowski

Andy.Obuchowski@rsm.com

Bo Holland

Bo.Holland@allclearid.com

ResponseTeam@allclearid.com

Breach Response Hotline: 1-877-441-3009

Steve Meckl

Steven_Meckl@symantec.com

Unable to join today but available for questions:Jack Kincaid, Partner at Cipriani & WernerJKincaid@c-wlaw.com