the real cost of a data breachs3.amazonaws.com/storage.pardot.com/104432/...crisis services costs...
TRANSCRIPT
THE REAL COST OF A DATA BREACH
WELCOME
SPEAKERS
CYBER CLAIMS
STUDY
HIGHLIGHTS
MARK GREISIGER -NETDILIGENCE®
BREACHES
RECORDS
5
www.NetDiligence.comwww.eRiskHub.com
NetDiligence 2015 Claims Study–––––––––– HIGHLIGHTS OF FINDINGS —–––––––––
CRISIS SERVICES COSTS
– AVERAGE COST OF CRISIS SERVICES $500K (RANGE WAS $0–$15M)
Median cost of crisis services $60.6K
LEGAL COSTS
– AVERAGE COST OF LEGAL DEFENSE $434.4K (MEDIAN COST: $74K)
– Average cost of settlement $880.8K (Median cost: $50K)
6
2015 Claims Study–––––––––– HIGHLIGHTS OF FINDINGS —–––––––––
www.NetDiligence.comwww.eRiskHub.com
PCI
PHI
PII
Non-card Financial
Trade secrets
Other
Unknown
2015 Claims Study–––––––––– HIGHLIGHTS OF PRELIMINARY FINDINGS —–––––––––
www.NetDiligence.comwww.eRiskHub.com
Hacker
Lost/stolenlaptop/device
Malware/Virus
Paper records
Rogue employee
Staff mistake
System glitch
Theft of hardware
Theft of money
Wrongful datacollection
Other
2015 Claims Study–––––––––– HIGHLIGHTS OF PRELIMINARY FINDINGS —–––––––––
www.NetDiligence.comwww.eRiskHub.com
HEALTHCARE WAS THE SECTOR MOST FREQUENTLY BREACHED (21%), FOLLOWED CLOSELY BY FINANCIAL SERVICES (17%).
THE LARGEST BREACHES OCCURRED IN THE RETAIL SECTOR, FOLLOWED BY HEALTHCARE.
Energy
Entertainment
Financial Services
Gaming & Casino
Healthcare
Hospitality
Manufacturing
Media
Non-Profit
Other
Professional Services
Restaurant
Retail
Technology
Telecommunications
Transportation
2015 Claims Study–––––––––– HIGHLIGHTS OF PRELIMINARY FINDINGS —–––––––––
www.NetDiligence.comwww.eRiskHub.com
NANO ORGANIZATIONS EXPERIENCED THE MOST INCIDENTS (29%), FOLLOWED CLOSELY BY SMALL ORGANIZATIONS (25%).
EXTREMELY LARGE BREACHES OCCURRED IN NANO, SMALL AND LARGE ORGANIZATIONS.
Nano (<$50M)
Micro ($50M-$300M)
Small ($300M-$2B)
Mid ($2B-$10B)
Large ($10B-$100B)
Mega (> $100B)
Unknown
2015 Claims Study–––––––––– HIGHLIGHTS OF PRELIMINARY FINDINGS —–––––––––
www.NetDiligence.comwww.eRiskHub.com
NOTES ON VERIZON 2015 DBIRBASED ON 2100 CONFIRMED BREACHES
PEOPLE WEAK LINKS: STAFF ACCOUNT FOR NEARLY 90% OF ALL SECURITY INCIDENTS
BAD GUY METHODS & TARGETS
BREACHES ARE EXPENSIVE
www.NetDiligence.comwww.eRiskHub.com
THANK YOU TO OUR CYBER RISK INSURANCE
PARTNERS!
www.NetDiligence.comwww.eRiskHub.com
Security Controls & Investigation ProcessPREVENTION, DETECTION, & CORRECTION
Misconceptions
Low DemandInformation Security Risk Assessment
Security Awareness
Training
Incident Response Plan
Qualified Staff/Vendors
Engaged
Evidence Preservation & Investigation
Incident Discovery (30-
120 Days)
Environment Changes & Evidence
Destruction
Qualified Staff/ Vendors
Engaged
Evidence Preservation & Investigation
Information Security Risk Assessment
Security controls can be preventive, detective or corrective by nature
-
-
-
-
-
-
PREPARATION AND COST MINIMIZATION
PREPARATION IS THE KEY TO SUCCESS
PLAN AHEAD TO AVOID COSTLY MISTAKES
INVEST IN CAPACITY IN ADVANCE
A POOR CUSTOMER RESPONSE IS A
CAREER KILLER
2
3
1
PLAN AHEAD TO AVOID MISTAKES
•
•
•
INVEST IN CAPACITY IN ADVANCE
SCALEFor how many customer records are you
accountable?
SPEEDWhen Krebs on Security or the NY Times calls, how
quickly will your CEO want to respond to all those
customers?
RESERVE
CAPACITYIs a no-comittment, first-come, first-served
capacity plan sufficient for your CEO?
CREATE A POSITIVE CUSTOMER EXPERIENCE
•
•
•
OFFER APPROPRIATE PROTECTIONS
•
•
SPEAKER CONTACT INFORMATION
Mark [email protected]
Andrew Obuchowski
Bo Holland
Breach Response Hotline: 1-877-441-3009
Steve Meckl
Unable to join today but available for questions:Jack Kincaid, Partner at Cipriani & [email protected]