thursday, may 28, 2015 after anthem: cybersecurity, data ......2. alert and activate everyone on the...
TRANSCRIPT
![Page 1: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/1.jpg)
© Copyright 2015 by K&L Gates LLP. All rights reserved.
After Anthem: Cybersecurity, Data Privacy, and Cyber-Resilience for the Health Care Sector
Thursday, May 28, 2015
Moderator: Mary Beth F. Johnston (Partner, Research Triangle Park)
Presenters:Roberta D. Anderson (Partner, Pittsburgh)David P. Baghdassarian (Partner, Miami)David A. Bateman (Partner, Seattle)
![Page 2: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/2.jpg)
AGENDA• Understanding Cyber Risks and
Security Options (1:30-2:10 p.m.) Identifying cyber risks, including new and
emerging threats Improving internet safety and network security
• Cybersecurity in Health Care(2:10-2:50 p.m.) Regulatory framework, including HIPAA Performing a risk assessment Risks of using a cloud service provider Security of medical devices and mobile
devices
• Managing the Consequences of a Data Breach (2:50-3:30 p.m.) Preparing for the inevitable breach The first 24 hours Notice requirements Civil litigation issues and trends
• Break (3:30-3:45 p.m.)• Managing and Mitigating Cyber
Risks (3:45-4:25 p.m.) Pro-active management at the Board level Adequate training and internal procedures Vendor contracting and business associate
agreements
• Insuring Against Cyber Risks (4:25-5:05 p.m.)
klgates.com 1
![Page 3: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/3.jpg)
Understanding Cyber Risks and Security Options
![Page 4: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/4.jpg)
![Page 5: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/5.jpg)
The Spectrum of Cyber Attacks• Advanced Persistent Threats (“APT”)• Cybercriminals, Exploits and Malware• Denial of Service attacks (“DDoS”)• Domain name hijacking • Corporate impersonation and Phishing• Employee mobility and disgruntled
employees• Lost or stolen laptops and mobile devices• Inadequate security and systems: third-
party vendors
![Page 6: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/6.jpg)
Advanced Persistent Threats
• targeted, persistent, evasive and advanced• nation state sponsored
P.L.A. Unit 61398“Comment Crew”
![Page 7: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/7.jpg)
Advanced Persistent Threats
• United States Cyber Command and director of the National Security Agency, Gen. Keith B. Alexander, has said the attacks have resulted in the “greatest transfer of wealth in history.”
Source: New York Times, June 1, 2013.
![Page 8: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/8.jpg)
![Page 9: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/9.jpg)
Advanced Persistent Threats
• Penetration:– 67% of organizations admit that their current
security activities are insufficient to stop a targeted attack.*
• Duration:– average = 356 days**
• Discovery: External Alerts– 55 percent are not even aware of intrusions*
*Source: Trend Micro, USA. http://www.trendmicro.com/us/enterprise/challeng
es/advance-targeted-attacks/index.html
**Source: Mandiant, “APT1, Exposing One of China’s Cyber Espionage Units”
![Page 10: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/10.jpg)
Advanced Persistent Threats: Penetration
• Spear Phishing
• Watering Hole Attackrely on insecurity of frequently visited
websites
• Infected Thumb Drive*Source: Trend Micro, USA.
http://www.trendmicro.com/us/enterprise/challenges/advance-targeted-attacks/index.html
**Source: Mandiant, “APT1, Exposing One of China’s Cyber Espionage Units”
![Page 11: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/11.jpg)
Advanced Persistent Threats: Penetration
![Page 12: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/12.jpg)
Employee Theft
![Page 13: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/13.jpg)
Inadequate security and systems: third-party vendors
• Vendors with client data• Vendors with password access• Vendors with direct system integration
– Point-of-sale
![Page 14: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/14.jpg)
Cloud Computing Risks
• Exporting security function and control• Geographical uncertainty creates
exposure to civil and criminal legal standards
• Risk of collateral damage
![Page 15: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/15.jpg)
Source: Ponemon Institute 2014 Cost of Data Breach Study – Global
PREPARING FOR THE INEVITABLE BREACH
klgates.com 14
![Page 16: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/16.jpg)
Source: Ponemon Institute LLC
Cost of Data Breach Study:Global Analysis
(May 2014)
klgates.com 15
![Page 17: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/17.jpg)
16
Source: Ponemon Institute LLCCost of Data Breach Study:Global Analysis(May 2014)
![Page 18: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/18.jpg)
klgates.com 17
![Page 19: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/19.jpg)
Security Tips1. Logging
- Centralize, retain 3-6 months, verbose2. Access Controls
- No shared admin rights accounts- Dual Factor Auth for sensitive data, admin accounts,
vpn access3. Manage BYODs
- group policies, require password, encryption, wipe4. Application Whitelisting5. Encrypt sensitive data
klgates.com
![Page 20: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/20.jpg)
Cybersecurity in Health Care
![Page 21: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/21.jpg)
CYBERSECURITY IN HEALTH CARE
DAVE BAGHDASSARIAN Regulatory framework, including HIPAA Performing a risk assessment Risks of using a cloud service provider Security of medical devices and mobile devices
klgates.com 20
![Page 22: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/22.jpg)
Managing the Consequences of a Data Breach
![Page 23: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/23.jpg)
klgates.com
THE FIRST 24 HOURS
• Don’t panic. Follow the plan.• Mobilize first-response team • Immediately call breach coach counsel• Forensics
• Investigate, isolate, contain, and secure systems / data• Preserve evidence• Document everything
• PR• Consider contacting law enforcement• Think notification
22
![Page 24: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/24.jpg)
1. Record the date and time of discovery and time when response efforts begin
2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness plan
3. Investigate, while preserving evidence
4. Stem additional data loss5. Document everything known
about the breach
6. Interview those involved in discovering the breach and anyone else who may know about it
7. Consider notifying law enforcement after consulting with legal counsel
8. Revisit state and federal regulations governing your industry and the type of data lost
9. Determine all persons/entities to be notified, i.e. customers, employees, the media
10.Ensure all notifications occur within any mandated timeframes
Don’t Panic. Follow the plan.
klgates.com
THE FIRST 24 HOURS
23
![Page 25: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/25.jpg)
klgates.com
APT Response
6
Detect Impacted Systems- Firewall Logs- IDS Logs- Network Packet Captures- Lima Scans/Host-based Scanning - SEIM
Analysis- Host Forensics- Memory Analysis- Network Logs- Malware Analysis- Connections
Indicators of Compromise (IOC)- IP Addresses- Protocols- Registry Keys- Filenames- Hash Values
Client Provided• Logs• Reports• Notifications• Interviews• Malware
![Page 26: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/26.jpg)
klgates.com
Source: Ponemon Institute LLCCost of Data Breach Study:Global Analysis(May 2014)
v
v
NOTICE REQUIREMENTS
25
![Page 27: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/27.jpg)
• Industry-specific, e.g. HIPAA / HITECH• 47 different state notification laws• Others, e.g., Regulators, AGs, consumer reporting agencies, law
enforcement?• Media• Social media• SEC
klgates.com 26
NOTICE REQUIREMENTS
![Page 28: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/28.jpg)
klgates.com
• Industry-specific, e.g. HIPAA / HITECH
vv
NOTICE REQUIREMENTS
27
![Page 29: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/29.jpg)
NOTICE REQUIREMENTS
28klgates.com
• 47 different state notification laws, e.g., Pennsylvania
![Page 30: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/30.jpg)
Any business or public entity that compiles or maintains computerized records that include personal information on behalf of another business or public entity shall notify that business or public entity, who shall notify its New Jersey customers, as provided in subsection a. of this section, of any breach of security of the computerized records immediately following discovery, if the personal information was, or is reasonably believed to have been, accessed by an unauthorized person.
NOTICE REQUIREMENTS
29klgates.com
• Business partners, e.g., New Jersey
![Page 31: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/31.jpg)
NOTICE REQUIREMENTS
30klgates.com
![Page 32: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/32.jpg)
MEDIA
klgates.com 31
![Page 33: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/33.jpg)
SOCIAL MEDIA
klgates.com 32
![Page 34: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/34.jpg)
33
CIVIL LITIGATION ISSUES AND TRENDS
klgates.com
![Page 35: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/35.jpg)
34klgates.com
CIVIL LITIGATION ISSUES AND TRENDS
![Page 36: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/36.jpg)
35klgates.com
CIVIL LITIGATION ISSUES AND TRENDS
![Page 37: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/37.jpg)
36klgates.com
CIVIL LITIGATION ISSUES AND TRENDS
![Page 38: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/38.jpg)
37klgates.com
CIVIL LITIGATION ISSUES AND TRENDS
![Page 39: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/39.jpg)
38klgates.com
CIVIL LITIGATION ISSUES AND TRENDS
![Page 40: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/40.jpg)
39klgates.com
CIVIL LITIGATION ISSUES AND TRENDS
![Page 41: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/41.jpg)
40klgates.com
CIVIL LITIGATION ISSUES AND TRENDS
![Page 42: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/42.jpg)
Managing and Mitigating Cyber Risks
![Page 43: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/43.jpg)
Ten Tips for Cyber Security Protection and Risk Mitigation
1. Proactive management at Board Level Not an IT problem - board level support is required to
ensure that the resources both in time and capital are expended. Ensure that a cyber management policy is part of the
company’s governance framework and given the same level of attention as financial and other risk management regimes.
klgates.com
![Page 44: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/44.jpg)
Ten Tips for Cyber Security Protection and Risk Mitigation
2. Know Your Data: data mapping what data you hold how sensitive the data is which systems control the management of key
information how critical is the information to the management of
the business purge unnecessary data
klgates.com
![Page 45: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/45.jpg)
Ten Tips for Cyber Security Protection and Risk Mitigation
3. Plan for Data Breach Events “Not a question of IF, but WHEN” Create and implement a data breach response plan Designate core team for responses Interview and retain vendors Develop PR plan
klgates.com
![Page 46: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/46.jpg)
Ten Tips for Cyber Security Protection and Risk Mitigation
4. Systems Security, Monitoring and Penetration Testing Monitor systems for unusual activity. Implement malware protection to all business areas
and produce a policy on dealing with any malwareissues. Install security patches Implement basic security controls on networks. Ex-
employees should immediately be denied access.
klgates.com
![Page 47: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/47.jpg)
NIST Cybersecurity Framework
46
NIST Unveils Cybersecurity Framework, http://www.klgates.com/nist-unveils-cybersecurity-framework-02-17-2014/
85% of security budgetscurrently go here
According to Gartner:By 2020, 75% of security budgets will go towards detection and response
![Page 48: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/48.jpg)
PCI DSS
“PCI DSS provides a baseline of technical and operational requirements designed to protect cardholder data.”
47
![Page 49: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/49.jpg)
Ten Tips for Cyber Security Protection and Risk Mitigation
5. Education and Training for the “Human Element” Every company has a cyber defense weak spot in its
own employees. An adequate defense system protecting a company
from cyber attacks should not only have the relevant defenses and policies in place, but staff must be trained on the relevant policies.
klgates.com
![Page 50: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/50.jpg)
Ten Tips for Cyber Security Protection and Risk Mitigation
6. Protect Work with Attorney Privileges Protection for discovery of weaknesses Protection for testing events Protection for data breach analysis and response Retention of vendors for legal exercise
klgates.com
![Page 51: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/51.jpg)
Ten Tips for Cyber Security Protection and Risk Mitigation
7. Third-Party Vendor and Access Review Know your vendors and data access Create a risk classification based on data type and
disclosure risk. Review contract details. Incorporate vendor event into breach planning.
klgates.com
![Page 52: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/52.jpg)
Ten Tips for Cyber Security Protection and Risk Mitigation
8. Review mobile computing and BYOD policies 52% of mobile users store sensitive files online 24% of mobile users store work and personal info in
same account 21% of mobile users share logins with families Mobile malware: apps Insufficient mobile platform security
klgates.com
![Page 53: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/53.jpg)
Ten Tips for Cyber Security Protection and Risk Mitigation
9. Cyber Insurance Review
klgates.com
![Page 54: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/54.jpg)
Ten Tips for Cyber Security Protection and Risk Mitigation
10. Ongoing Management Planning and analysis of risk serves no purpose unless
a company also properly implements its findings. As cybercrime evolves over time, companies must
constantly monitor the adequacy of their cyber defenses and re-evaluate the threats pertinent to their business.
klgates.com
![Page 55: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/55.jpg)
DOJ “Best Practices”
klgates.com 54
![Page 56: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/56.jpg)
Insuring Against Cyber Risks
![Page 57: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/57.jpg)
“[A]ppropriate disclosures may include”: “Discussion of aspects of the registrant's business or operations that give rise to
material cybersecurity risks and the potential costs and consequences”;
“To the extent the registrant outsources functions that have material cybersecurity risks, description of those functions and how the registrant addresses those risks”;
“Description of cyber incidents experienced by the registrant that are individually, or in the aggregate, material, including a description of the costs and other consequences”;
“Risks related to cyber incidents that may remain undetected for an extended period”; and
“Description of relevant insurance coverage.”
Cybersecurity: Five Tips to Consider When Any Public Company Might be the Next Target, http://media.klgates.com/klgatesmedia/epubs/GBR_July2014/
INSURING AGAINST CYBER RISKS
klgates.com 56
![Page 58: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/58.jpg)
“We note that your network-security insurance coverage is subject to a $10 million deductible. Please tell us whether this coverage has any other significant limitations. In addition, please describe for us the 'certain other coverage' that may reduce your exposure to Data Breach losses.”
Target Form 10-K (March 2014)
INSURING AGAINST CYBER RISKS
klgates.com 57
![Page 59: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/59.jpg)
• Directors' and Officers' (D&O)
• Errors and Omissions (E&O)/Professional Liability
• Employment Practices Liability (EPL)
• Fiduciary Liability
• Crime Retail Ventures, Inc. v. National Union Fire Ins. of Pittsburgh, Pa., 691 F.3d 821
(6th Cir. 2012) (DSW covered for expenses for customer communications, public relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its blanket crime policy)
• Property
• Commercial General Liability (CGL)
INSURING AGAINST CYBER RISKS
klgates.com 58
![Page 60: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/60.jpg)
• Coverage B Provides Coverage for Damages Because of “Personal and Advertising Injury”
• “Personal and Advertising Injury”: “[o]ral or written publication, in any manner, of material that violates a person's right of privacy”
• What is a “Person’s Right of Privacy”?
• What is a “Publication”?• Does the Insured Have to “Do” Anything Affirmative and Intentional to Get
Coverage?
INSURING AGAINST CYBER RISKS
klgates.com 59
![Page 61: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/61.jpg)
• Coverage A Provides Coverage for Damages Because of “Property Damage”
• “Property Damage”: “Loss of use of tangible property that is not physically injured”
INSURING AGAINST CYBER RISKS
klgates.com 60
![Page 62: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/62.jpg)
POTENTIAL LIMITATIONS OF “LEGACY” COVERAGE
klgates.com 61
![Page 63: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/63.jpg)
POTENTIAL LIMITATIONS OF “LEGACY” COVERAGE
klgates.com 62
![Page 64: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/64.jpg)
ISO states that “when this endorsement isattached, it will result in a reduction ofcoverage due to the deletion of anexception with respect to damagesbecause of bodily injury arising out of lossof, loss of use of, damage to, corruption of,inability to access, or inability to manipulateelectronic data.”
POTENTIAL LIMITATIONS OF “LEGACY” COVERAGE
klgates.com 63
![Page 65: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/65.jpg)
POTENTIAL LIMITATIONS OF “LEGACY” COVERAGE
klgates.com 64
![Page 66: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/66.jpg)
– Zurich American Insurance Co. v. Sony Corp. of America et al.
POTENTIAL LIMITATIONS OF “LEGACY” COVERAGE
klgates.com 65
![Page 67: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/67.jpg)
klgates.comback
REMEMBER THE SNOWFLAKE
![Page 68: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/68.jpg)
klgates.com 67
• Privacy and Network Security– Generally Covers Third-Party Liability Arising from Data Breaches and Other Failures to
Protect Confidential, Protected Information, as well as Liability Arising from Security Threats to Networks, e.g., Transmission of Malicious Code
• Regulatory Liability– Generally Covers Amounts Payable in Connection with Administrative or Regulatory
Investigations
• PCI-DSS Liability– Generally Covers Amounts Payable in Connection with PCI Demands for Assessments,
Including Contractual Files and Penalties, for Alleged Non-compliance with PCI Data Security Standards
• Media Liability– Generally Covers Third-Party Liability Arising from Infringement of Copyright and Other
Intellectual Property Rights, and Torts Such as Libel, Slander, and Defamation Arising from the Insured's Media Activities, e.g., Broadcasting and Advertising
THIRD PARTY COVERAGE
![Page 69: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/69.jpg)
klgates.com 68
• Crisis Management– Generally Covers “Crisis Management” Expenses That Typically Follow in the Wake of a
Breach Incident, e.g., Breach Notification Costs, Credit Monitoring, Call Center Services, Forensic Investigations, and Public Relations
• Network Interruption– Generally Covers First-Party Business Income Loss Associated with the Interruption of
the Insured's Business Caused by the Failure of Computer Systems
Digital Asset Generally Covers First-Party Cost Associated with Replacing, Recreating, Restoring and
Repairing Damaged or Destroyed Programs, Software or Electronic Data
Extortion Generally Covers Losses Resulting from Extortion, e.g., Payment of an Extortionist's
Demand to Prevent a Cybersecurity Incident
Reputational Harm
FIRST PARTY COVERAGE
![Page 70: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/70.jpg)
klgates.com 69
• First-Party Property Damage and Business Interruption ~$350M• Third-Party Bodily Injury and Property Damage ~$100M
[T]his policy will drop down and pay Loss caused by a Security Failure [a failure or violation of the security of a Computer System that: (A) results in, facilitates or fails to including Electronic Data stored within that Computer System)]; and/ormitigate any: (i) unauthorized access or use; (ii) denial of service attack; or (iii) receipt, transmission or behavior of a malicious code] that would have been covered within an Underlying Policy, as of the inception date of this policy, had one or more of the following not applied:A. a Cyber Coverage Restriction [a limitation of coverage in an Underlying
Policy expressly concerning, in whole or in part, the security of a Computer System (
B. a Negligent Act Requirement [a requirement in an Underlying Policy that the event, action or conduct triggering coverage under such Underlying Policy result from a negligent act, error or omission].
DIC COVERAGE
![Page 71: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/71.jpg)
klgates.com
AVOID THE TRAPS
![Page 72: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/72.jpg)
klgates.com 71
![Page 73: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/73.jpg)
POLICY EXAMPLE 1
72klgates.com
![Page 74: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/74.jpg)
POLICY EXAMPLE 2
73klgates.com
![Page 75: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/75.jpg)
POLICY EXAMPLE 2
74klgates.com
![Page 76: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/76.jpg)
POLICY EXAMPLE 2
75klgates.com
![Page 77: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/77.jpg)
klgates.com 76
![Page 78: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/78.jpg)
POLICY EXAMPLE 1
77klgates.com
![Page 79: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/79.jpg)
POLICY EXAMPLE 1
78klgates.com
![Page 80: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/80.jpg)
POLICY EXAMPLE 1
79klgates.com
![Page 81: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/81.jpg)
POLICY EXAMPLE 2
80klgates.com
![Page 82: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/82.jpg)
POLICY EXAMPLE 2
81klgates.com
![Page 83: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/83.jpg)
POLICY EXAMPLE 3
82klgates.com
![Page 84: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/84.jpg)
POLICY EXAMPLE 3
83klgates.com
![Page 85: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/85.jpg)
POLICY EXAMPLE 3
84klgates.com
![Page 86: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/86.jpg)
klgates.com 85
![Page 87: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/87.jpg)
POLICY EXAMPLE 1
86klgates.com
![Page 88: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/88.jpg)
POLICY EXAMPLE 1
87klgates.com
![Page 89: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/89.jpg)
POLICY EXAMPLE 2
88klgates.com
![Page 90: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/90.jpg)
POLICY EXAMPLE 2
89klgates.com
![Page 91: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/91.jpg)
POLICY EXAMPLE 2
90klgates.com
![Page 92: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/92.jpg)
klgates.com 91
![Page 93: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/93.jpg)
POLICY EXAMPLE
Any member of the “Control Group.” e.g., CEO, CFO ,RM, CRO, CIO, GC
92klgates.com
![Page 94: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/94.jpg)
![Page 95: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/95.jpg)
POLICY EXAMPLE 1
94klgates.com
![Page 96: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/96.jpg)
POLICY EXAMPLE 2
95klgates.com
![Page 97: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/97.jpg)
POLICY EXAMPLE 3
96klgates.com
![Page 98: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/98.jpg)
Request a “Retroactive Date” of at Least a Year
klgates.com 97
![Page 99: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/99.jpg)
klgates.com 98
BEWARETHE
FINE
REMEMBER THE DEVIL IS IN THE DETAILS
![Page 100: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/100.jpg)
“A well-drafted policy will reduce the likelihood that an insurer will be able to avoid or limit insurance
coverage in the event of a claim.”
Roberta D. Anderson, Partner, K&L Gates LLP (May 28, 2015)
klgates.com 99
![Page 101: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/101.jpg)
![Page 102: Thursday, May 28, 2015 After Anthem: Cybersecurity, Data ......2. Alert and activate everyone on the response team, including external resources, to begin executing your preparedness](https://reader034.vdocuments.net/reader034/viewer/2022050300/5f69dda0aaee8b07431801ca/html5/thumbnails/102.jpg)