Data Breach: Protecting Your Business - NFIB · Protecting Your Business: Cyber Liability Insurance • Insurance coverage designed to protect a business from liability associated

Participate on Twitter: Follow @nfiblive and use hashtag #nfibliveDownload slides at: http://www.nfib.com/

Data Breach: Protecting Your Business

Dillon BehrExecutive Lines Broker

Risk Placement Services, Inc.


Meet Our Speaker

Dillon BehrExecutive Lines BrokerRisk Placement Services, Inc.• Previously worked as Cyber Security threat Intelligence Analyst for Discover

Financial Services and the US government.• Focused on finding cyber liability and breach response solutions for clients of

all types and sizes. • Risk Placement Services (RPS) is a Managing General Agent/Underwriting

Manager and nationally focused wholesale insurance broker. – Ranked in the top five in every insurance industry category and have

been consistently ranked as the largest MGA in the country for several years.

– Known for doing the right thing even if it means referring business to a competitor


What is a Data Breach?

A data breach is any exposure of private or confidential information held by an entity (business, government, nonprofit, etc.) and includes:

– Private Personal Information such as:• Personally Identifiable Information (PII)• Protected Health Information• Account Information

– Confidential Company Data such as:• Business Plans• Client Lists

A data breach does not have to involve a computer or a crime!


Typical Causes of Breaches

• Missing or stolen laptop or storage device• Mis-mailing• Erroneous Data Posting• Compromised System (Hacking)• Loss or Theft of Physical Documents• Lost Back-up Data or Tape• Third-Party Vendor• Improper Document/Equipment Disposal• Insider


• Responsibility for another’s data breach• Law suit defense• Fines and penalties• Website and systems interruption

• Loss of income• Digital forensics• Notifications and credit monitoring• Restoration of data• Ransomware• Cyber Deception

Other Types of Exposures


Legal Requirements

• Federal legislative framework for the protection of PII resembles a patchwork quilt

• No dedicated data protection law• Regulations are primarily by industry, sector-by-sector • Laws and regulations developed at both the federal and state

levels• Enforced by federal and state authorities, but most suits are

civil, not criminal (HIPAA is exception)

Stricter laws are coming!!! It’s just a matter of time.


Most small businesses are NOT prepared for a data breach

Is Your Business Prepared?

47 U.S. States, D.C., Guam, Puerto Rico and the Virgin Islands require notification of security breaches involving PII

60% of all targeted data breach attacks struck small and medium sized organizations(2015 Symantec Internet Security Threat Report)

60% of SMBs that suffer a breach go out of business(Protecting Small Business Against Emerging and Complex Cyber Attacks – House Committee on Small Business, 2013)

$3.79M = Average total cost of a data breach(2015 Ponemon-IBM Total Cost of a Data Breach Study)


Protecting Your Business:Data Handling Practices & Guidelines

• Identify all PII• Minimize use, collection, and retention of PII• Categorize PII by confidentiality impact level• Apply appropriate safeguards

• Develop Policies and Procedures• Training• De-identify• Control Access (mobiles too)• Transmission Confidentiality (encryption)• Audits

• Develop Incident Response Plan• Close coordination of Senior officers / counsel


Suspect a Breach?

Who will:• Determine if breach actually

occurred?• Clean up the systems and

restore data?• Notify customers?• Provide legal guidance and

protection?• Advise in a ransom scenario?• Pay for all of this?


Protecting Your Business:Cyber Liability Insurance

• Insurance coverage designed to protect a business from liability associated with:

• Unauthorized release of confidential information

• Violation of a person’s rights to privacy

• Personal injury in an electronic/social media environment

• Intellectual property infringement

• Violations of state or federal privacy laws

• Out-of-pocket expenses incurred to make the above problems go away



Liability (3rd-Party)Privacy Liability – private info gets out, client gets sued.

Privacy Regulatory Claims Coverage – private info gets out, gov’t investigates/fines.

Security Liability – network gets breached, network transmits virus, etc. client gets sued.

Multimedia Liability – client responsible for IP infringement or personal injury online environment, clients gets sued.

First-PartySecurity Breach Response Coverage – legal assistance, IT forensics, notification expense, PR, credit monitoring, call center services, etc.

Cyber Extortion – expenses associated to mitigate an extortion threat or ransom

Business Income and Digital Asset Restoration – lost $ due to covered network disruption

PCI DSS Assessment – fines/penalties associated with breach of cardholder data

Cyber Deception (optional) – loss of $ the insured willingly releases, based on fraudulent instruction



Things to consider when exploring your options:

•Understand your exposure•Number and type of records •Current security posture•Financial

•What limits for each coverage are necessary? Are sub-limits sufficient?•Are Extortion, Forensics, Restoration, Remediation and Response all covered?•Does policy offer breach response services or just indemnification?•How does this policy integrate with your Incident Response Plan?•Are value-added services available?



NFIB CAN HELP! Access to cyber liability insurance is offered as a benefit of membership.

• Industry-leading coverage• Voluntary notification even if not required by law• Coverage for 3rd party vendors handling personally identifiable info• Broad Multimedia Liability covers Insured’s websites, social media, etc.• PCI Assessment sub-limit automatically included• Coverage for loss of confidential data in any form – paper or electronic• Dependent Business Interruption – full policy limits• Cyber Deception endorsement available

Learn more and apply for coverage at nfibcyber.com


For more information about cyber liability insurance contact:

SelectSolutions855-200-5313nfibcyber.com


Additional NFIB.com Resources

Please leave this blank