Embed Size (px)
Citation preview
505 North 20th Street Birmingham, Alabama 35203 Telephone: 205-795-6588 csattorneys.com
2016 Primerus Defense Institute Convocation
April 14-16, 2016
Keeping a Step Ahead of the Challenges of Cyber Liability
“Skillful in attack whose opponent does not know what
to defend; skillful in defense whose opponent does not
know what to attack.”
Sun Tzu
Recently targeted by hackers according to abovethelaw.com and The Wall Street Journal
Akin Gump Strauss Hauer & Feld
Allen & Overy
Baker & Hostetler Baker Botts
Cadwalader Wickersham & Taft
Cleary Gottlieb Steen & Hamilton
Covington & Burling
Cravath Swaine & Moore
Davis Polk & Wardwell
Debevoise & Plimpton
Dechert
DLA Piper
Ellenoff Grossman & Schole
Freshfields Bruckhaus Deringer
Fried Frank Harris Shriver & Jacobson
Gibson Dunn & Crutcher
Goodwin Procter
Hogan Lovells
Hughes Hubbard & Reed
Jenner & Block
Jones Day
Kaye Scholer
Kirkland & Ellis
Kramer Levin Naftalis & Frankel
Latham & Watkins
McDermott Will & Emery
Milbank Tweed Hadley & McCloy
Milbank Tweed Hadley & McCloy
Morgan Lewis & Bockius
Morrison & Foerster
Nixon Peabody
Nixon Peabody
Paul Hastings Paul Weiss Rifkind Wharton & Garrison
Pillsbury Winthrop Shaw Pittman
Proskauer Rose Ropes & Gray
Schulte Roth & Zabel
Seward & Kissel
Shearman & Sterling
Sidley Austin
Simpson Thacher & Bartlett
Skadden Arps Slate Meagher & Flom
Sullivan & Cromwell
Vinson & Elkins
Wachtell Lipton Rosen & Katz
Weil Gotshal & Manges
White & Case
Wilkie Farr & Gallagher
So far, reports indicate that these attacks were successful on:
• Cravath Swaine & Moore LLP
• Weil Gotshal & Manges LLP
• In fact, by one account, 80 of the largest 100 firms in the U.S. have been
hacked since 2011.
• And that doesn’t even get us to…
• “The Panama Papers” (Mossack Fonesca)
• Which is being attributed to a hack on the firm’s email server
Last fall, an ABA survey indicated that:
• One in four law firms with at least 100 attorneys have experienced a breach
due to hackers, website attacks, break-ins, or lost or stolen devices.
• 58% of respondents said that their firms did not have a dedicated CISO or
other staff member charged with data security.
• 47% said their firms had no data breach response plans.
• “Unfortunately, it is equally likely that employee and client records were also
accessed, making them prime targets for further spear phishing and social
engineering attacks.”
• Remember the recent revision to Comment 8 to ABA Model Rule 1.1 (“To
maintain the requisite knowledge and skill, a lawyer should keep abreast of
changes in the law and its practice, including the benefits and risks associated
with relevant technology…”).
Introduction of the panelists
Topics
Social engineering still works, but the bad guys are getting more sophisticated
Fostering a culture of security
What are carriers and underwriting looking at now?
Prepare for incidents
Resources to call upon (there’s more help available than you realize)
Attacker
capabilities
Company A
capabilities
2016
The gap
2006
Company A continues to invest in technology and resources in response to Security threats
However, the increase in number and sophistication of threats has outpaced the investment
As a result, the gap between attacker capabilities and Company A’s capabilities has been increasing
Accelerating Threats and Resulting Risk
Company A information security maturity
Dete
cti
on
an
d
res
po
nse
Req
uir
ed
cyb
er
ca
pab
ilit
ies
Current state
capabilities
Target state
capabilities
Activate Adapt Anticipate
Closing the Gap
Develop capabilities faster than the adversaries
The gap
Pre
ve
nti
on
A
cti
ve
defe
nse
Joseph DePaul
APRI Group, Inc.
Executive Vice President
www.aprigroup.com
Joe DePaul is an expert in cyber risk and liability, and is a frequent author and speaker on the
topic. He has also participated in White House discussions related to President Obama’s
Cybersecurity Framework and the Department of Homeland Security’s NIST Guidelines. He is
currently chair of the Claims and Litigation Management (CLM) Alliance’s Cyber Risk
Committee. He is past chair of CLM’s E&O Committee. Prior to joining APRI, Joe was a Senior
Vice President/Team Leader for the Willis Cyber and E&O Group in NYC, and the Managing
Director for the Cyber Risk Services Group at Arthur J. Gallagher. He started his career in
underwriting with Gulf Insurance/Travelers. Joe later held positions as Vice President with
Marsh, Aon and AmWIns Group.
Jeffrey Hertrich
AF Group
Managing Assistant, General Counsel
www.AFGroupInsurance.com
Founded in 1912, AF Group (Lansing, MI) and its subsidiaries are a premier provider of
innovative solutions. Rated “A-“ (Excellent) by A.M. Best, AF Group is a nationally recognized
holding company conducting business through its brands: Accident Fund, United Heartland,
CompWest, and Third Coast Underwriters.
Jeffrey began his career in 2010 with AF Group. In his current role, he is responsible for
managing corporate litigation matters, compliance, corporate governance, and transactional
matters. Recently, Jeffrey oversaw the creation of a U.K. subsidiary that participates in the
Lloyd’s of London syndicates.
A large part of his Corporate Compliance responsibilities include information security. He was
recently the executive sponsor of AF Group’s information security initiative which was tasked
with completely overhauling their current security program.
Jeffrey holds a J.D. from Western Michigan Thomas M. Cooley Law School and a B.S. in
Economics from Michigan State University.
J. Paul Zimmerman
Christian & Small
Partner
www.csattorneys.com
Paul Zimmerman’s practice includes commercial and complex litigation and insurance
defense, as well as covenant not to compete, trade secret, and squeeze out claims. He leads
the Firm’s Electronic Discovery Practice Group, is a member of the Firm’s Cyber Liability
Practice Group and Technology Committee. Paul advises clients regarding breach preparation
and response, data security, and cyber litigation.
