When do you go public?
After a breach occurs, one of the important questions is when does the company go public with the information.
Keefe says a company should not go
public if they cannot answer the following questions:
1. What happened?
2. Why did it happen?
3. What is your company doing to
prevent it from occurring again?
4. What does this breach mean
to my customer?
She also offers several steps that a company should take after the breach:
1. Make good on any promises such
as providing credit monitoring for
a specific period after the breach.
2. Reinforce your security
practices and retrain employees
on proper procedures.
3. Demonstrate to the public and your
constituents that the company has
taken affirmative actions and has
learned from the experience.
4. Take necessary steps to prevent
it from occurring again.
Coverage issues with
a data breach
There are several coverage issues to con-
sider with a data breach. This is new ter-
ritory for many insurers and knowing
which questions to ask will help identify
what triggers the coverage. “Start with
the fact that many insurance companies
offering cyber insurance had never faced
a claim until 2014,” says Kevin Kalin-
ich, global practice leader, network risk/
cyber insurance for Aon Risk Solutions.
“A number of key definitions are being
scrutinized for interpretation such as,
‘When was the wrongful act or incident
that triggered notice?’ and “What if the
insured requires multiple IT security ex-
perts and different specialist attorneys to
investigate and remediate the claim?’ All
[of these are] issues that are unique to cy-
Other questions to ask include whether
or not internal costs are covered if they
are less expensive and provide a better
option than hiring an outside expert.
Another issue involves whether or not
authorities request that the insured not
disclose the incident.
For publicly held companies, other
issues must be considered. “When a cyber incident results in the loss of business, such as a large customer contract
or consumers, then it is material to the
financial statements,” adds Kalinich. “If
there is a shareholder derivative action,
then it impacts the D’s and O’s. The SEC
Guidelines for public companies and the
NIST Cyber Security Framework have
established new thresholds for plaintiff’s
attorneys to allege as the minimum bars
must be met. If not, then entities may not
only be liable for the network privacy
and security incident costs, but the D’s
and O’s may be alleged to have not met
their fiduciary duties.”
5 Ways to avoid a data breach
There are now over-the-counter malware
programs available to help hackers infect
computers and grab personal identifiable
information. Beazely offers 5 steps to help
avoid a data breach:
1. Encrypt your devices
Over 73% of the breaches Beazely
consulted on in 2013 could have been
prevented if the devices involved had
been encrypted. Currently, encryption is a safe harbor under breach notification laws.
2. Keep patches up to date
Automating your patch management
programs can protect devices against
malware and hacking.
3. Use complex passwords
Algorithms can deduce passwords
and systematically cycle through different variations of words. Use a combination of letters and symbols.
4. Watch for phishing
Since most breaches occur because
of human error, employees should be
aware of the various phishing scams
and be trained on how to spot the indicators in a phishing email.
5. Before you hit send…
So far this year, 30% of the breaches
Beazley has serviced were due to unintended disclosure. Before sending an
email check the contents and the email
address to make sure you’re sending
information to the right person.
ANNOUNCING TERRY HUNT AS ATI’S NEW
VICE PRESIDENT OF SALES AND MARKETING
Inc. is very proud to
announce that Terry Hunt
has joined ATI as our new
Vice President of Sales
and Marketing. In addition
to his sales and marketing
duties he will become an integral member of our
Executive Management Team.
Jeff Moore, ATI Executive Vice President, said, “We are
excited about his addition to our team as Terry brings
with him a wealth of knowledge, extensive experience in the industry and a commitment to excellence
and customer service. He has been employed with
Crawford for the past 24 years and his strong record
of management, sales and leadership complimented
by his contacts within the industry will be a tremendous asset to our organization.”
(714) 283-9990 Office (213) 537-0000 Cell
Trust is a good thing. However,
when it comes to claims decisions,
confidence is key. U.S Forensic’s
team of experienced professional
engineers provide third party,
independent opinions as to cause and
extent of loss to provide fair dealing
to all parties. Concise. Accurate.
Defendable. Trust can be tricky—Verify
the cause and extent of damages in
your claim with U.S Forensic.
T (888) 873-6752 F (888) 436-3092
USF.indd 1 18/08/14 10:03PM