Ted Schaer and Beth Fitch are trial lawyers with 33 years of insurance defense experience and have the AV Preeminent rating. They have litigated numerous multi-million dollar cases ranging from catastrophic injuries to data privacy class action. They serve as the Deans of the CLM School of Cyber Claims and are certified by the International Association of Privacy Professionals. The CIPP/US certification is the preeminent privacy credential in the US private sector. Beth and Ted counsel companies on data privacy, cyber risk mitigation, and insurance risk transfer strategies, and serve as data breach coaches.
CYGIENE™: Threat Impact Assessment An innovative Approach to Cost-Effective Cyber Risk Mitigation
TED SCHAER Zarwin Baum DeVito Kaplan Schaer Toddy (215)569-2800 tmschaer@zarwin.com
BETH FITCH Righi Fitch Law Group (602)385-6782 beth@righilaw.com
Cyber security attacks can result in substantial financial and legal risks to businesses. The greatest financial risks are reputational harm and business disruption. CygieneTM is a holistic and sustainable cyber security program developed to mitigate the risk of a cyber-attack. CygieneTM security is the protection of information in order to minimize loss, unauthorized access or misuse. CygieneTM risk mitigation is the process of assessing threats and risk to information and implementing the procedures and controls to preserve the information and reduce the risk of financial harm.
Financial Risks from Cyber Attacks and Network Failures Operational Disruption:
Complete shutdown of the network and access to data and information assets needed to run the business.
Human capital costs:
Financial Risk Mitigation: Financial risk mitigation is achieved by implementing enterprise wide controls and risk transfer strategies. Understanding how your supply chain and vendors cyber security impacts your bottom line. Implementing data privacy policies and best practices that are aligned with overall financial goals and regulatory compliance. Driving enterprise wide compliance with data privacy best practices.
Redirecting of employees time to restore operations result in overtime costs and disrupts productivity.
Implementing a vendor vetting process to ensure vendors are utilizing cyber security best practices.
Redirecting of sales force and senior executive team to respond to client/customer inquiries and demands and media.
Shifting financial risk of cyber breaches to vendors through contract provisions. Mitigating the financial harm through procurement of proper cyber insurance.
Unexpected (Unbudgeted) Expenses:
Infusion of capital to restore or replace critical technology that was destroyed by attack.
Cyber Threat Impact Assessment: $5,000
Payment of employee overtime.
The first step to mitigate against financial harm is for your company to undergo a cyber threat impact assessment to evaluate enterprise wide security controls to protect against cyber threats and vulnerabilities.
Payment of outside technology expenses, legal fees, and crisis management costs. Payment of ransoms
1.
• Interview stakeholders to evaluate whether data privacy and cyber security policies and practices align with overall company financial goals • Analyze a completed comprehensive cyber survey to identify weaknesses that originate from business processes and employee practices
Reimbursement of clients/customers for monies diverted in wire fraud transfers
Reputational Harm:
Failure to protect the privacy of your clients and customers erodes their trust and confidence which invariably result in customers/clients taking their business elsewhere and loss of revenue.
Lawsuits:
Class actions and individual lawsuits against the company for exfiltration of PII, PCI, and PHI Derivative shareholder lawsuits against company and directors and officers.
Conduct organization 360 View:
2.
Conduct a technical vulnerability scan to determine the
company’s technology weaknesses that can be exploited by external threat actors and hackers
3.
Review insurance profile to evaluate adequacy of insurance coverage
for financial harm from cyber breaches 4.
Review a representative vendor contract to evaluate the
risk exposures and adequacy of risk transfer strategies