Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.
-
Upload
lewis-joseph -
Category
Documents
-
view
216 -
download
1
Transcript of Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.
![Page 1: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/1.jpg)
Finance and Governance Workshop
Management of a Data BreachJames Webster
Hiscox Insurance
![Page 2: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/2.jpg)
Question
What industry makes up the highest percentage of
investigations?
![Page 3: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/3.jpg)
Answer
Source: Trustwave 2013 Global Security Report
![Page 4: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/4.jpg)
Question
What is the average timeframe from an initial breach to
detection?
![Page 5: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/5.jpg)
Answer
210 days
Source: Trustwave 2013 Global Security Report
![Page 6: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/6.jpg)
Question
What are the most common methods of detection?
![Page 7: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/7.jpg)
Answer
Source: Trustwave 2013 Global Security Report
![Page 8: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/8.jpg)
Question
From which country do most attacks originate?
![Page 9: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/9.jpg)
Answer
Source: Trustwave 2013 Global Security Report
![Page 10: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/10.jpg)
Question
What percentage of breaches involve a third party
responsible for system support, development or maintenance?
![Page 11: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/11.jpg)
Answer
Source: Trustwave 2013 Global Security Report
![Page 12: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/12.jpg)
Question
What is the average cost per compromised record after a
data breach?
![Page 13: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/13.jpg)
Answer
Source: 2013 Cost of Data Breach Study, Ponemon Institute
![Page 14: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/14.jpg)
Question
What is the average cost per data breach incident?
![Page 15: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/15.jpg)
Answer $3.14 million (£2.05 million) in the UK
Source: 2013 Cost of Data Breach Study, Ponemon Institute
![Page 16: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/16.jpg)
Question
Which industries have the highest breach costs?
![Page 17: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/17.jpg)
Answer Hospitality:
£68 per record
Public services:
£48 per record
Source: 2013 Cost of Data Breach Study, Ponemon Institute
![Page 18: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/18.jpg)
Question
What is the most common cause of data breaches?
![Page 19: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/19.jpg)
Answer
Source: 2013 Cost of Data Breach Study, Ponemon Institute
![Page 20: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/20.jpg)
Guess who?
20
![Page 21: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/21.jpg)
Management of a data breach
![Page 22: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/22.jpg)
Breakfast with MalcolmTeam trainingCoffee with Alan from BarclaysCall Jenna Murray re: licensingLunch with Board
Review outsourcing agreement and call with the lawyersMeeting with Arnold re: finance(do not miss!)Conference call with Heads of DepartmentDiscuss conference call with FDTom’s appraisal
![Page 23: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/23.jpg)
Management of a data breach
• Importance of Incident Response Plans– Containment and recovery – Assessment of ongoing risk – Notification of breach– Evaluation and response
These are not linear activities, following one another in orderly sequence.......
![Page 24: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/24.jpg)
Breakfast with MalcolmTeam trainingCoffee with Alan from BarclaysCall Jenna Murray re: licensingLunch with Board
Review outsourcing agreement and call with the lewyersMeeting with Arnold re: finance(do not miss!)Conference call with Heads of DepartmentDiscuss conference call with FDTom’s appraisal
Re-arrange for Friday
Jill – rearramge this please Handover to John
Move to tomorrow (pm)
![Page 25: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/25.jpg)
Management of a data breach
• Containment and recovery
– Decide who is to take the lead in investigating– Establish who needs to be informed (internally and
externally – separately from any formal notifications) – Identify actions to recover loss and/or limit damage– Consider whether appropriate to inform the police
![Page 26: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/26.jpg)
Breakfast with MalcolmTeam trainingCoffee with Alan from BarclaysCall Jenna Murray re: licensingLunch with Board
Review outsourcing agreement and call with the lawyersMeeting with Arnold re: finance(do not miss!)Conference call with Heads of DepartmentDiscuss conference call with FDTom’s appraisal
Re-arrange for Friday
Jill – rearrange this please Handover to John
Jill – send my apologies
Move to tomorrow (pm)
Move to Monday – tell HR
July
Send apologies!!
![Page 27: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/27.jpg)
Management of a data breach• Risk Assessment
– What sort of data is involved? – What level of sensitivity is it?– What is your best assessment of what has happened to the data (in
terms of unauthorised parties who have access to it, and for how long they have had access)?
– What is its value to the unauthorised party? what harm could come to the affected individuals?
– How much data is involved?– Are there wider consequences e.g. risk to public health?– Should passwords be changed or banks contacted?
![Page 28: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/28.jpg)
Anniversary today!!Jill – can you rearrange dinner for tomorrow and please send Trudy some flowers?
Data protection training (until 12.30)
Lunch with TomLunch with Arnold re: financeMeeting with Jenna Murray
Oursourcing Agreement!
Pick up kids (Trudy at
hairdressers)
JILL CANCEL EVERYTHING!!!
![Page 29: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/29.jpg)
Management of a data breach
• Notification– ICO notification: telecoms sector and public bodies
must notify. Other sectors currently voluntary regime– FCA and other regulators: sector-specific rules apply– Individuals: "will notification help them?" is the ICO's
overriding concern
Conclusion: notification is not an end in itself
![Page 30: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/30.jpg)
Management of a data breach• Notification Content
– “How and when" details and overview – Affected data, affected number of individuals– Breach response so far, mitigation steps taken so far– Security measures in place– Whether individuals have been informed– Whether there has been media coverage– Whether investigation is being carried out, and if so, when is it due
and in what format– Whether other regulators or the police have been informed– What future preventive measures you plan– Is there any other information that would be useful?
![Page 31: Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.](https://reader031.fdocuments.us/reader031/viewer/2022032702/56649cf45503460f949c2f2e/html5/thumbnails/31.jpg)
Thank you