Lockton is launching a set of risk management services to help companies address outsourcing risk and corporate response plans for data breaches.These services are supported by cyber insurance underwriters at Lloyd’s -- ACE Global Markets, Brit Syndicates Limited, Hiscox -- and legal and security experts.
The two services, “Vendor Risk Management and Contract Governance” and “Designing aSecurity Breach Incident Response Plan,” address the increasing scope of risks associated with outsourcing/off-shoring critical business and information technology (IT) functions. This affects the international business community from both the client and vendor perspective. A wide variety of industries including financial services, retailing, healthcare, utilities, and hospitality/travel outsource core functions. The risks associated with outsourcing may be identified too late in the procurement process to properly handle due diligence, contract, and vendor insurance issues.
Likewise, U.S. organizations alone reported more than 600 security breaches in 2008 involving personally identifiable financial and/or medical information. This demonstrates the pressing need for a corporate plan to address the major costs of notification and credit monitoring and protection services after a data breach. Lockton’s experience is that most companies lack such plans, and therefore have increased exposure to potential litigation or regulatory investigation, as well as the cost of notification to comply with more than 44 U.S. state laws. Mandatory notification requirements are likely to be introduced in other countries around the world as well.
Lockton will launch a series of workshops, as well as individual client consultations, to provide tools, access to experts, and best practices to enable a cross-functional risk team to develop and implement an effective vendor risk management and security breach incident response plan. Lockton’s goal is to facilitate initial discussion and support to risk management, legal, IT, internal audit, and operations in:
- Creating a multi-functional task force to define and lead the project
- Defining key elements of the plan
- Providing access to specialized external IT and legal resources
- Offering tools, best practices white papers, and contract wordings (including draft insurance clause for vendors)
- Offering review of insurance policies regarding cyber, professional liability, and operational risks.
.jpg)
No comments:
Post a Comment