Risk & Business Magazine JGS Insurance Risk & Business Magazine Summer 2018 | Page 4

CYBER BREACH
BY: MEAGHAN TYNDALE-WILLIAMS, CLCS,
VICE PRESIDENT, JGS INSURANCE
The Cost of Noncompliance:
Do You Know Your Organization’s Responsibilities
Before And After A Cyber Breach?
M
any states have established
their own laws regarding
the actions a company must
take after a cyber breach.
In New Jersey, according to
the NJ Identity Theft Prevention Act: agencies, and local school districts in New
Jersey:
• Businesses in New Jersey are required
to respond to a data breach quickly SAKS FIFTH AVENUE AND LORD &
TAYLOR - APRIL 5, 2018
• The business must notify those
impacted through email or written
notice PANERA BREAD - APRIL 5, 2018
•
If the breach affects more than 1,000
people, the business owner must notify
all consumer-reporting agencies.
Complying with these procedures needs
to be taken very seriously. The Consumer
Fraud Act enforces data breach notification
statutes in New Jersey, and if a business
willfully, knowingly or recklessly violates
this act, the business may have to pay the
injured parties three times the damages
(plus attorney fees and court costs).
Most recently in New Jersey, the Attorney
General fined Virtua Medical Group
$418,000 for failing to protect the privacy
of 1,650 patients’ medical information.
Virtua was not the cause of the breach; the
information became exposed by a vendor.
However, Virtua had not conducted a risk
assessment, had not instituted a workforce
security awareness program and had no
contingency plan in place for information
recovery, which are violations of the NJ
Consumer Fraud Act and HIPAA.
In 2018 so far, cyber breaches have affected
the following private companies, federal
4
BEST BUY - APRIL 13, 2018
UNDER ARMOUR/MYFITNESSPAL -
APRIL 5, 2018
CAREFIRST - APRIL 5, 2018
ORBITZ - MARCH 23, 2018
WALMART PARTNER MBM COMPANY
EXPOSES DATA ON 1.3 MILLION
CUSTOMERS - MARCH 23, 2018
APPLEBEE'S - MARCH 12, 2018
2,844 NEW DATA BREACHES
CONTAINING OVER 80 MILLION
RECORDS DISCOVERED - MARCH 12,
2018
EQUIFAX - MARCH 2, 2018
NIS AMERICA - MARCH 2, 2018
UNITED STATES MARINE CORPS FORCES
RESERVE - MARCH 2, 2018
23,000 DIGITAL CERTIFICATE PRIVATE
KEYS COMPROMISED - MARCH 2, 2018
BONGO INTERNATIONAL/FEDEX -
FEBRUARY 16, 2018
US IMMIGRATION AND CUSTOMS
ENFORCEMENT - JANUARY 25, 2018 +
Most organizations have no idea that
cyber-attacks can wreak such havoc on
their bottom lines. The current laws place
the burden squarely on the shoulders of
each organization to regularly assess their
risks, implement extensive cybersecurity
systems, and enforce similar processes at
their third-party service providers. Penalties
are especially harsh if regulators believe
that a hacked organization failed to take
appropriate precautions to safeguard
personal data. Post breach, a company may
face a combination of fines and mandates to
improve cybersecurity programs.
With the updates in the current
cybersecurity laws, sole reliance on your IT
professionals is not enough.
In addition to having an insurance policy
in place to help pay for some or all of
the costs associated with a breach, all
businesses need a written cybersecurity
plan. Such a policy should cover a regular
process for identifying potential risks,
practical measures to prevent those risks
from materializing, and reference plans
to respond and recover from potential
incidents as soon as they occur. An
insurance broker knowledgeable in this area
can help you with both. +
Meaghan Tyndale-Williams began her
insurance career with Liberty Mutual in
Commercial Lines as a Direct Sales Property
& Casualty Producer. She won numerous
sales contests and awards while at Liberty
Mutual including 2008 Producer of the Year,
Millionaires Club and Liberty Top Producer
Club. In 2014, after having her first of two
children, she transitioned to JGS Insurance
to be closer to home and began her current
position as Vice President.