Live through your first Cyber Breach!

Live through your first Cyber
Breach!
Moderator: Jacqueline Detablan, Vice
President, AIG
Gary Solway, Partner, Bennett Jones LLP
Kevvie Fowler, Partner, KPMG LLP
The breach landscape
CarPhone
Warehouse
2.4M
Ashley
Madison
32M
OPM
25M
Anthem
78.8M
Premera
11M
Sony
80K
TripAdvisor
(Viator) 1.4M
iCloud
Unknown
JP Morgan
Chase
83M
Staples
1.16M
Home Depot
109M
2014
Michaels
3M
Schnucks
2.4M
Other
Financial data
Pictures, video
Payment card records,
documents, email account numbers
Target
110M
Facebook
6M
SnapChat
4.6M
Adobe
38M
2013
Breaches of recognized
companies involving at least
1M records by size and type
Adult Friend
Finder
4M
CareFirst
2.4M
2015
Top data breaches
2013 – Present
Yahoo
22M
AOL
20M
Evernote
50M
Ubuntu
1.82M
Living
Social
50M
Ebay
145M
UBISOFT
58M
Personal & Health data
Health & medical insurance claims,
PII, SIN, usernames & passwords
© 2014 KPMG LLP, a Canadian limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights
reserved.
Breaches are at an all time
high and criminals more
than every are targeting
personal and health data:
▪ for direct sale
▪ for extortion
▪ for health insurance fraud
▪ to bypass financial fraud
detection systems
2
The breach lifecycle
Timely and ef f ective
management of a
breach throughout the
lif ecy cle will reduce
ov erall impact.
Source: Data Breach Response & Investigations
Kevvie Fowler (ISBN: 0128034513)
© 2 0 1 4 KPM G L L P, a Ca na d ia n l i mi ted l ia b il i ty pa rtn ers hi p an d a me m be r firm of the KPMG n e two rk o f i n de p en d en t me mb e rfi rms affi li a ted wi th KPMG In te rna tio n al Co op e rati ve (“KPMG In te rna tio n al ”), a Swi s s e nti ty. All ri gh ts
re s e rv e d .
1
The Scenario….
•
•
•
•
Loss of laptop bag
Cause of Loss: Human error
International implications
Lack of encryption
Takeaways on Cyber Security – Legal
Perspective
1. The first step is to understand how is
information handled within the organization.
What information exists, who has it, why do
they have it, do they need to have it, is it
restricted access/encrypted/online?
Takeaways on Cyber Security – Legal
Perspective , cont…
2. The board has oversight for risk – it needs to
be involved.
3. Cyber security is a multi-disciplinary exercise
– it needs to involve the whole organization
and legal advisors.
Takeaways on Cyber Security – Legal
Perspective , cont…
4. To act quickly in response to a cyber security
problem, advance planning is critical.
5. Compulsory notification of regulators and
those whose personal information was
disclosed is becoming widespread. Need to
plan for that.
Takeaways on Cyber Security –
Forensics Perspective
1. Identify the data that is important to your
organization as well as the data that is
desirable to criminals.
2. Define a defencible position to assist in data
protection and to demonstrate proper due
diligence in the event of breach
Takeaways on Cyber Security –
Forensics Perspective, cont…
3. Your breach response program is your last
line of defence. Ensure it is tailored to your
organization and adequately tested.
4. Perform post-mortem reviews after material
breaches to improve your resiliency against
future incidents.
Questions?
American International Group, Inc. (AIG) is a leading global insurance organization serving customers in more than 100 countries and jurisdictions. AIG companies serve commercial, institutional, and individual
customers through one of the most extensive worldwide property-casualty networks of any insurer. In addition, AIG companies are leading providers of life insurance and retirement services in the United States.
AIG common stock is listed on the New York Stock Exchange and the Tokyo Stock Exchange.
Additional information about AIG can be found at www.aig.com | YouTube: www.youtube.com/aig | Twitter: @AIGinsurance | LinkedIn: http://www.linkedin.com/company/aig
AIG is the marketing name for the worldwide property-casualty, life and retirement, and general insurance operations of American International Group, Inc. References to “we”, “us”, “our” or any like term shall be a
reference to AIG as defined above, namely American International Group, Inc., together with its affiliates and subsidiaries, as required by the context. AIG Insurance Company of Canada is the licensed underwriter
of AIG Property-Casualty insurance products in Canada. Coverage may not be available in all provinces and territories and is subject to actual policy language. Non-insurance products and services may be
provided by independent third parties. The AIG logo and AIG are trademarks of American International Group, Inc., used under license by AIG Insurance Company of Canada. Additional information about AIG
Canada can be found at www.aig.ca
The data contained in this presentation is for general informational purposes only. The advice of a professional insurance broker and counsel should always be obtained before purchasing any insurance product or
service. The information contained herein has been compiled from sources believed to be reliable. No warranty, guarantee, or representation, either express or implied, is made as to the correctness or sufficiency
of any representation contained herein.
© American International Group, Inc. All rights reserved.”
French Language Disclaimer for Presentations
“L’American International Group, Inc. (AIG), est l’une des principales sociétés d’assurance internationales, desservant des clients dans plus de 100 pays et juridictions. Les sociétés d’AIG desservent des clients
commerciaux, institutionnels et individuels par l’intermédiaire de l’un des réseaux mondiaux d’assurance biens et responsabilité les plus étendus parmi tous les assureurs. De plus, les sociétés d’AIG sont des chefs
de file en matière de fourniture de services d’assurance vie et de retraite aux États-Unis. Les actions ordinaires d’AIG sont négociées sur la bourse de New York et de Tokyo.
Vous pouvez obtenir de plus amples renseignements sur AIG en consultant les sites suivants : www.aig.com | YouTube: www.youtube.com/aig | Twitter: @AIGinsurance | LinkedIn: www.linkedin.com/company/aig
AIG est le nom commercial utilisé dans le cadre des activités mondiales d’assurance biens et responsabilité, d’assurance vie et de régimes de retraite, ainsi que d’assurance générale de l’American International
Group, Inc. Par « nous », « nos » et « notre » ou toute autre expression semblable, nous entendons la société AIG, telle que définie ci-dessus, c’est-à-dire l’American International Group, Inc. collectivement avec
ses sociétés affiliées et ses filiales, selon les exigences du contexte. La Compagnie d’assurance AIG du Canada est le souscripteur autorisé des produits d’assurance d’AIG Biens Responsabilités au Canada. La
protection pourrait ne pas être disponible dans toutes les provinces ou tous les territoires et celle-ci est assujettie aux conditions des polices en vigueur. Des produits et des services non liés au domaine de
l’assurance pourraient être fournis par des tierces parties indépendantes. Le logo d’AIG et le nom AIG sont des marques de commerce déposées de l’American International Group, Inc., utilisées sous licence par
La Compagnie d’assurance AIG du Canada. Pour obtenir de plus amples renseignements sur AIG Canada, visitez notre site Internet à l’adresse suivante : www.aig.ca.
Les informations fournies dans cette présentation sont données à titre d’information seulement. Avant de souscrire à un produit ou service d’assurance, vous devrez toujours obtenir les conseils d’un courtier
d’assurance professionnel et les conseils juridiques. Les informations contenues dans le présent document ont été recueillies auprès de source jugées fiables. Aucune garantie ou déclaration, expresse ou implicite,
n’est faite quant à l’exactitude ou la suffisance de toute information figurant dans la présente.
© American International Group, Inc. Tous droits réservés.