Broker offers help for outsourcing risk and data breach response
Lockton, the world's largest privately held insurance broker, is launching a unique set of risk management services to help companies address outsourcing risk and corporate response plans for data breaches.
These services are supported by leading cyber insurance underwriters at Lloyd?s - ACEGlobal Markets, Brit Syndicates Limited, Hiscox - and legal and security experts.
The two services, “Vendor Risk Management and Contract Governance” and “Designing aSecurity Breach Incident Response Plan”, address the increasing scope of risks associated with outsourcing/off-shoring critical business and information technology (IT) functions.
This affects the international business community from both the client and vendor perspective.
A wide variety of industries including financial services, retailing, healthcare, utilities, and hospitality/travel outsource core functions.
The risks associated with outsourcing may be identified too late in the procurement process to properly handle duediligence, contract, and vendor insurance issues.
Likewise, U.S. organizations alone reported more than 600 security breaches in 2008 involving personally identifiable financial and/or medical information.
This demonstrates the pressing need for a corporate plan to address the major costs of notification and creditmonitoring and protection services after a data breach.
Lockton?s experience is that most companies lack such plans, and therefore have increased exposure to potential litigation or regulatory investigation, as well as the cost of notification to comply with more than 44 U.S. state laws.
Mandatory notification requirements are likely to be introduced in other countries around the world as well.
Lockton will launch a series of workshops, as well as individual client consultations, toprovide tools, access to experts, and best practices to enable a cross-functional risk team to develop and implement an effective vendor risk management and security breach incident response plan.
Lockton?s goal is to facilitate initial discussion and support to risk management, legal, IT, internal audit, and operations in:
* Creating a multi-functional task force to define and lead the project
* Defining key elements of the plan
* Providing access to specialized external IT and legal resources
* Offering tools, best practices white papers, and contract wordings (including draft insurance clause for vendors)
Offering review of insurance policies regarding cyber, professional liability, and operational risks Lockton executive director Emily Freeman, who leads the broker?s Technology, Media, and
Telecom Practice in London, said: “As insurance brokers supporting our client?s riskmanagement efforts, the Lockton program is both innovative and timely.
Many organizations remain critically unprepared for risk issues with outsourcing to third parties and data transfers outside of their country of domicile. Unfortunately, security breaches, either direct or through vendors, happen with increasing frequency and severity.
Preplanning is a necessity if business activities involve personally identifiable financial, personal or medical data.”
Rick Dakin, a forensic expert and President and Co-Founder, Coalfire Systems, Inc., said:
“Information risk and compliance management programs are key drivers at the enterprise level for many organizations in response to a wave of significant data breaches and increasingly stringent data privacy regulations.
"After the fact, executives from thesecompromised organizations often express a sincere wish for someone to help them understand these risks and associated mitigation strategies before and after the incident.
"The fastest growing part of Coalfire?s business is forensic analysis and e-discovery to support incident response efforts. The Lockton approach mitigates risk by adding insurance to augment controls deployed through internal programs and service providers.”
No comments yet