Broadcasts.com - "Cybersecurity Awareness Month with Pamela Hans of Anderson Kill" (RIMScast)

News
RELATED

Cybersecurity Awareness Month with Pamela Hans of Anderson Kill

Published: Oct. 10, 2023, 8:20 a.m.

Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society.

In this episode, Justin interviews Pamela Hans of Anderson Kill on the many aspects of Cybersecurity, including who is responsible for it. (If you have a networked device, it\\u2019s you!) The discussion covers the effects of the new SEC ruling requiring many companies to report a cybersecurity event within four days of discovering that a material event has occurred, and what that means to you and your organization. Justin and Pamela also review her presentation at the RIMS Canada Conference 2023 and how a potential problem became a fun opportunity.

\\xa0

Lots to cover in today\\u2019s episode. Let\\u2019s get to it.

\\xa0

Key Takeaways:

[:01] About RIMScast.

[:14] Register for the RIMS ERM Conference 2023, which will be held in Denver, Colorado on November 2nd\\u20133rd. RIMS will also host an ERM-based tour of Ball Arena in Denver on November 1st. Limited seating is available. Visit RIMS.org/ERM to register and listen to this episode to hear the code for 10% off your registration!

[:41] About today\\u2019s episode on cybersecurity and presentation skills with Pamela Hans of Anderson Kill.

[1:01] All about exciting, upcoming RIMS events! Would you like funding to hire a risk management intern in 2024? If so, take a moment to apply for a Spencer Internship Grant. The application form will close on October 15th. The link is in this episode\\u2019s notes.

[1:28] If you will be attending RISKWORLD 2024 in San Diego, California, take a moment to sign up as a volunteer judge in the Spencer-RIMS Risk Management Challenge 2024. This is our annual international student competition. Full details can be found on the Spencer website at Spencered.org. Get involved; participate. We want to see you there!

[1:52] Head to the RIMS.org/Advocacy page to register for The RIMS Legislative Summit, which is returning to Washington, D.C. on October 25th and 26th.

[2:04] The RIMS ERM Conference 2023 will be held November 2nd and 3rd in Denver, Colorado. On November 1st, RIMS is hosting an ERM-based tour of Ball Arena, where the Denver Nuggets and Denver Avalanche play. There is limited seating. Register at RIMS.org/ERM2023. At checkout, type code 2023RIMSCAST for 10% off registration!

[2:52] The ERM Conference 2023 will be different than years past. We\\u2019ve got some great changes. Book your travel plans now! RIMS will host a Post-conference Workshop for the RIMS CRMP from 9:00 to 4:00 MT on November 4th and 5th. Save $100 when you register for the conference and workshop in one transaction. Links are in the notes.

[3:24] It is October; it\\u2019s cybersecurity awareness month in the U.S. and several other areas of the world and that\\u2019s why I\\u2019m so excited to introduce our guest, Pamela Hans, managing shareholder of the Philadelphia office of the law firm Anderson Kill. She focuses on insurance coverage, which includes cyber.

[3:45] We\\u2019re going to talk about cyber trends. I met Pamela at the RIMS Canada Conference in Ottawa last month where she was delivering a session on \\u201cGetting the Deal Done.\\u201d We\\u2019re also going to hear her tips on how to handle the curveballs that might be thrown at you ahead of a live presentation and how to turn them into opportunities.

[4:16] Justin met Pamela Hans of Anderson Kill on the last day of the RIMS Canada Conference 2023 when she was hosting a session. Pamela knows cybersecurity and October is National Cybersecurity Awareness Month in the U.S.

[5:57] The trend of the phone calls Pamela gets is all about ransomware. A threat actor freezes up the system, completely takes control, and demands a ransom in return for a description key. But the trend in cybersecurity is data breaches to steal personal data. Recently Topgolf, Freecycle, Forever21, Duolingo, and Discord.io suffered breaches.

[6:41] Those are just a few examples of cybersecurity incidents where personal sensitive data has been grabbed by the threat actor, with threats to use the data to do more damage to the individuals whose data was taken.

[7:03] Pamela has also seen distributed denial of service attacks. The army of bots seems to be increasing in number while the cost is decreasing to rent a bot to execute a distributed denial of service attack.

[7:50] When there is an exfiltration of personal data, that data can be used by the threat actor to do more damage to the individuals by impersonating the user and fraud.

[8:29] Pamela addresses the SEC rules on the disclosure of cybersecurity events and the annual obligation imposed on publicly traded and registered companies to disclose their cybersecurity governance. That has an impact on the company and its stock price. The public may then decide which companies to trust by their cybersecurity protocols.

[9:30] Justin refers to the RIMScast episode with Hilary Tuttle on the SEC cybersecurity reporting rules. They discussed the four-day reporting rule. Four days after the company finds out they were attacked in a material fashion they have to report the breach.

[10:09] Pamela notes that a material breach is one that investors would want to know about before investing in the company, as the breach may affect the value of the stock and the company. This is an important SEC rule on cybersecurity governance.

[11:41] Risk professionals should be asking questions about this rule now. Prepare to make these required reports. Run tabletop exercises with your response team. Ascertain now what \\u201cmaterial,\\u201d in the cyber context, looks like to your company. Getting ready now is important, for when you experience a cybersecurity event.

[13:23] Pamela speaks about the need for cybersecurity awareness. Any individual can be the gateway to a cybersecurity event. Everyone who has a device needs to be aware of cybersecurity risks to help prevent infiltration by cybercriminals of our phones, laptops, and businesses.

[14:54] Cybersecurity is as simple as multi-factor authentication. Don\\u2019t give away your passwords. Be thinking about cybersecurity, Don\\u2019t click on the puppy dog.

[15:58] Justin presents a special message from Bob Roitblat in case you missed his RIMScast episode.

[16:16] Bob Roitblat is excited to be the keynote speaker for the RIMS ERM Conference 2023, in Denver, on November 2nd and 3rd. His keynote is \\u201cElevate, Revolutionize, Maximize: Harnessing Innovation\\u2019s Promise.\\u201d Bob reveals what to expect and asks you to bring your \\u201cA game,\\u201d be ready to ask questions and interact to get value.

[17:34] Go to RIMS.org/ERM2023 to register. If you enter the code 2023RIMSCAST at checkout, you will get 10% off your registration! It\\u2019s value with a discount! Bob looks forward to helping you elevate and evolve your risk management processes and your career! Be there in Denver, November 2nd and 3rd! Links are in the show notes.

[18:36] Pamela reviews her career path, with degrees in civil engineering and then law school. She knew she wanted to solve technical problems for companies. Cybersecurity is a natural fit for her background. Cybersecurity is everywhere.

[21:07] Pamela foresees two things from these new reporting rules. One will be SEC subpoenas to companies for information about their cybersecurity reporting and governance. Another will be shareholder scrutiny and lawsuits around failure to disclose or poor evaluation of materiality. The rule is self-enforcing through shareholder suits.

[22:35] Pamela predicts we\\u2019ll see more D&O coverage activity because of this rule. Risk professionals need to be looking at that when renewing or placing new D&O coverage, asking their brokers about the impact of the new SEC requirement around disclosure and materiality. Risk managers will need to explain this if there is a subpoena or claim.

[23:52] Risk managers also need to be thinking of looking across the entire insurance program, to see which insurance policies may respond in the event of an SEC subpoena or a claim related to disclosure. Now is the time to prepare for what may be coming.

[24:40] Pamela says risk professionals need to ask their insurance broker what is new in their policy since last year. Are there new endorsements or policy language? New policy language or endorsements for 2024 will be enormously important. Risk managers should also run tabletop exercises with the insurance pre-approved response team.

[26:53] Risk professionals should look at your policies now to see what policies will respond if you have an SEC claim and what the policy limits are. Your policies need to be on paper, not on your computer network, and not named \\u201cCyber Policy 1,\\u201d or \\u201cCyber Policy 2,\\u201d where threat actors can find and read them on the network.

[27:54] RIMS plug time! Sponsor an episode of RIMScast! Contact us at pd@rims.org. Justin is pleased, humbled, and excited to announce that RIMS and RIMScast have won the 2023 Excellence in MarCom Award on October 24, 2023, from the New York Society of Association Executives (NYSAE)!

[28:41] On Friday, November 10th, from 10 to 11, NYSAE is presenting a virtual program called \\u201dPodcasting \\u2014 A Revenue Stream for Your Association.\\u201d Justin is honored to be one of the panelists. A link is in this episode\\u2019s notes.

[28:57] Upcoming Virtual Workshops: Visit RIMS.org/virtualworkshops to see the full calendar. Our friend Elise Farnham returns on October 24th and 25th to lead the two-day course Fundamentals of Risk Management.

[29:20] Our friend Chris Hansen was recently on RIMScast. He will be leading Managing Worker Compensation, Employer\'s Liability, and Employment Practices in the US on November 7th and 8th. Be sure to register for that course! Information about these sessions and others is on the RIMS Virtual Workshops page. Check it out and register!

[29:49] On October 12th, AXA XL returns to present Stand Tall: How to Boost your Cyber Posture Against Creative Cyber Criminals.

[30:06] On October 26th, our friends from Zurich return to present a session on PFAS,\\xa0 Forever Chemicals, and PFAS Litigation. On October 31st, Resolver returns to present Building Your Business Case for GRC Software in 2024. Metrics That Matter has Enhanced Decision-Making Across Your Cybersecurity Program on November 7.

[30:36] There is a lot of great educational content for you in the next month. Visit RIMS.org/Webinars to learn more about these webinars and to register! Links are in the show notes. Webinar registration is complimentary for RIMS members.

[31:08] About Pamela Hans presenting the last session on the last day of the RIMS Canada Conference 2023. The session was \\u201cDo You Want to Get the Deal Done? Obstacles and Opportunities in Contract Negotiation.\\u201d She had a packed house for the session. She discussed deal-breakers and opportunities.

[33:58] You have tools as a risk professional to deal with risk transfer provisions you might not want. The session talked about how to make insurance work for you in this context and how to indemnify a counterparty that is 10,000 times larger than you. How can your insurance respond to make these provisions opportunities, not deal-breakers?

[35:03] People left the session with ideas about what to ask their insurance broker and the business side, to know what they should be ready for.

[36:09] Pamela was scheduled to present with two co-presenters but neither of them could attend. For Pamela, it was an opportunity to have fun with the people who were in the room. Presentations are better when they are conversations with the people in the room. It was terrific!

[38:34] Justin suggests if you are going to present and your co-presenters back out, look at it as an opportunity. If you need additional materials get them from the organization you represent, but be confident you can do 20 minutes by yourself. Open it up to Q&A and that will take care of a lot of dialog. Pamela went past 60 minutes.

[39:18] Justin fell asleep twice in the 17-minute flight back to the U.S. He was disappointed the flight attendant didn\\u2019t wake him!

[40:54] Special thanks to Pamela Hans of Anderson Kill for joining us on RIMScast for National Cybersecurity Awareness Month coverage. The session handout from her RIMS Canada Conference session, \\u201cDo You Want to Get the Deal Done?\\u201d is available via the RIMS Canada Conference 2023 Attendees Service Center. See link in show notes.

[41:16] Go to the App Store on your phone and download the RIMS App. This is a special members-only benefit. Everybody loves the RIMS app!

[41:36] You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. RIMScast has a global audience of risk professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let\\u2019s collaborate! Contact pd@rims.org for more information.

[42:17] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. The RIMS app is available only for RIMS members! You can find it in the App Store.

[42:41] Risk Knowledge is the RIMS searchable content library that provides relevant information for today\\u2019s risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more.

[42:56] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com and in print, and check out the blog at RiskManagementMonitor.com. Justin Smulison is Business Content Manager at RIMS. You can email Justin at Content@RIMS.org.

[43:17] Justin thanks you for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe!

\\xa0

Mentioned in this Episode:

RIMS ERM Conference 2023 | Nov 2\\u20133 in Denver, CO! Enter 2023RIMSCAST at checkout for 10% off registration!

NEW FOR MEMBERS! RIMS Mobile App

RIMS Legislative Summit \\u2014 Oct 25 & 26, Washington, D.C.

RIMS-Certified Risk Management Professional (RIMS-CRMP)

Dan Kugler Risk Manager on Campus Grant

Spencer Educational Foundation \\u2014 Hire A Risk Intern 2024 | Deadline Oct. 15, 2023

Spencer-RIMS Risk Management Challenge 2024 \\u2014 Be a Case Study or Join Judging Panel!

\\u201cDo You Want To Get The Deal Done?\\u201d \\u2014 Session handouts still available via the RIMS Canada Conference Attendee Service Center

RIMScast to receive the 2023 Excellence in MarCom Award from the New York Society of Association Executives (NYSAE)!

\\u201cNYSAE Webinar: Podcasting \\u2014 A Revenue Stream for Your Association\\u201d