Beazley Group | Beazley Breach Response

A data breach isn’t always a disasterMishandling it is.

Sheer carelessness Withvastamountsofdatastorableonsmallerandsmallerdevices,theriskofdatabreachesdueto theftorsheercarelessnessishuge.Between2005 and2017,portabledevicescarryingmorethan185millionpersonallyidentifiablerecordswerelostorstolen,accordingtothePrivacyRightsClearinghouse.

A world of risk

81%The percentage of Canadians who would choose to do business with a company specifically because it has a good reputation for privacy practices.1

75%The proportion of records breached attributable to malware or hacking since 20052

3.5bNumber of people in the world who are online (approximately 47% of the world’s population)3

2.613 million*

data records compromised in 2017 source: www.breachlevelindex.com

1,766*

The number of data breaches that occurred globally in 2017 source: www.breachlevelindex.com

50%Nearly 50% of users open emails and click on phishing links within the first hour4

Notes1 www.priv.gc.ca2 www.privacyrights.orgasofDec31,20173 InternationalTelecommunicationUnion42015VerizonDataBreachInvestigationsReport

* Information collected from public sources only. Figure does not include unreported data breach incidents.

Not if, but when.Any business handling customer data will, sooner or later, be confronted with the challenge of a data breach. It’s not a matter of “if” but “when”.

The incidence of data breaches is massive. According to a Lloyd’s June 2017 report, Closing the gap, Insuring your business against evolving cyber threats, the estimated global cost of cyber crime is $400b a year.

Tensofthousandsofbusinesseshavelearnedthehardwaythatthere’snosuchthingasperfectcybersecurity.

Andthestakesarehigh.Youholdpersonaldataontrustforyourcustomers.Iftheydon’tthinkyourbusiness canbetrusted,theveryfutureofyourcompanymay beatrisk.Adatabreachisnotalearningopportunity–youhavetoomuchtolosetoriskmishandlingit.

1 www.privacyrights.orgasofDecember31,2017

The case for focusing on responseManycompaniesfocusexclusivelyondatabreachprotection–andfailtopayattentiontowhathappenswhenthewallsarebreached.Firewalls,encryptionandotherdefencesgettheattention. ThewarisfoughtonITturf.Butthetrulydangeroustimeisafteryou’vebeenbreached.

Afterabreachyou’refightingtoprotectyourreputation.It’swhenyourcustomersbegintoleave.AstudyconductedbytheEconomistIntelligenceUnit in2013foundthatmorethanathirdofcustomers ofcompaniesthathadsufferedadatabreachnolongerdidbusinesswiththecompaniesinquestion“becauseofthebreach.”Thewayyoumanageadatabreachtomaintaincustomertrustiscritical.

Thatdoesn’tmeanyoushouldn’tprotectyoursystem;itdoesmeanyouneedplansforyourresponse. Andthegoodnewsisthatthere’sagreatdealyou cando.Cyber-attacksarebeyondyourcontrol;breachresponseissomethingyoucanplanfor.

Records breached1

Total

10bn

Hacking or malware HackingormalwareElectronicentrybyanoutsideparty

75%

Unintended disclosure UnintendeddisclosureSensitiveinformationpostedpubliclyonawebsite,mishandledorsenttothewrongpartyviaemail,faxormail

19%

Portable device PortabledeviceLost,discardedorstolenlaptop,PDA,smartphone,portablememorydevice,CD,harddrive,datatape,etc

2%

Insider Someonewithlegitimateaccess intentionallybreachesinformation –suchasanemployeeorcontractor

1%

Stationary device Lost,discardedorstolenstationary electronicdevicesuchasacomputer orservernotdesignedformobility

<1%

Payment card fraud Fraudinvolvingdebitandcreditcards thatisnotaccomplishedviahacking. Forexample,skimmingdevices

<1%

Unknown or other 2%

Physical loss Lost,discardedorstolennon-electronicrecords,suchaspaperdocuments

<1%

BBR Services – a dedicated team of experts Beazley is unique among insurers in having a dedicated business unit, BBR Services, that focuses exclusively on helping clients manage data breaches successfully.

Theriskofreputationaldamagefromamishandled breachishigh.OurBBRServicesteamfocuses onthecoordinationoftheexpertforensic,legal,notificationandcreditmonitoringservicesthatclientsneedtosatisfyalllegalrequirements andmaintaincustomerconfidence.

Our experienceIn managing a data breach, you want to make the calls. It’s your reputation that’s on the line. But it’s also smart to have a partner who’s been there before. Things happen too quickly; there’s too much to learn.

That’swhypeopleturntoBeazley.Wepioneeredtheconceptofdatabreachinsurancethatfocusesfirstandforemostonresponse.WecoordinatetheITexpertsandspecialisedlawyerstohelpyouestablishwhat’sbeencompromised;assessyourresponsibility;andnotifythoseyouhaveto.Inaddition,wecoordinatecreditoridentitymonitoringforyourcustomersandPRadvicetohelpyousafeguardyourreputation.Wealso,ofcourse,indemnifyyourlossesfromlawsuitsorregulatoryactions,theriskofwhichmaybereducedbyawell-coordinatedbreachresponsebutcanneverbecompletelyeliminated.Beazleyhasbeenattheforefrontofdefendingclientsinthedevelopingandevolvinglegalarenaoflitigationandregulatoryinvestigationsarisingfromdatabreaches.

Beazleyinventedthiscomprehensiveapproach. Wedomoreofitthananybodyelse.Todatewe havehelpedmorethan7,000clientsmanagedatabreachesswiftlyandsuccessfully.Wecan’tguaranteeyourcybersecurity:noonecan.Butwecanputyou incontrolofyourresponse.

InMarch2012,datacartridgescontaining800,000socialsecurityrecordswerelost intransittoastoragedepot. Itwasbynomeansan isolatedincident.

Beazley Breach Response A comprehensive serviceBeazley Breach Response is a unique insurance, loss control and risk mitigation service that provides a comprehensive service to notify and protect the customers of policyholders that have suffered a data breach.

Coverage includes:• Response to breach events:

• Notificationservicesforuptofivemillionaffectedindividualsincludingforeignnotificationwhereapplicable

• Callcentreservices• Breachresolutionandmitigationservices• Publicrelationsandcrisismanagementexpenses

• Thirdpartyliability,includingcoverageforregulatoryactionsandpaymentcardindustry(PCI)coverageforcreditcardbreaches

• Assistanceateverystageoftheinvestigationof,andresponseto,adatabreachincidentfromBeazley’sin-houseBBRServicesteamofdataprivacyattorneysandtechnicalexperts

• Initialbreachinvestigationandconsulting:• Legalservices• Computerforensicservices

Thousandsofhospitalpatientsrequirenotificationafterpaperrecordscontainingpersonalfinancialdata–includingcreditcarddetails–arefoundblowingthroughafieldseveralmilesfromthehospital.

Beazley Canada LimitedFirstCanadianPlace 100KingStreetWest,Suite4530 P.O.Box328Toronto OntarioM5X1E1T(416)6012155F(416)8611617

310–1130SherbrookeStreetWestMontrealQuebecH3A2M8T(514)3504848F(514)3500843

500-666BurrardStreetVancouverBritishColumbiaV6C3P6T(778)3734432

Visitourwebsitewww.beazley.ca

Followustwitter.com/breachsolutions

Thedescriptionscontainedinthisbrochureareforpreliminaryinformationalpurposesanddoesnotconstituteaninsurancepolicy.ThecoveragesdescribedareunderwrittenbyunderwritersatLloyd’sofLondonissuedthroughBeazleyCanadaLimitedandmaybeunavailableorvarydependingonapplicablejurisdictionalrequirements.Theexactcoverageaffordedbytheproduct(s)describedinthisbrochurearesubjecttoandgovernedbythe termsandconditionsofeachpolicyas issued.Thepublicationanddisseminationof the informationcontainedherein isnot intendedasasolicitation, negotiation, offer or advice relative to thepurchaseof insuranceonanyCanadian risk, andmoreparticularly is not a solicitation,negotiation,offeroradviceforthesaleofinsuranceinManitoba,Nunavut,theYukonorNorthwestTerritories.

BZCER010_CA_03/18