March 22, 2018


Drexel LeBow Hall, Philadelphia


CLEs and CPEs


Faculty of Global Experts

Plan to attend / Earn CLEs and CPEs

The term "cyber risk quantification" is trending higher these days, but there is still a big gap when it comes to finding practical insight about how an organization can actually make better decisions or achieve a better understanding of its cyber risk. Providing just such practical insight is the goal of the 3rd Annual 4A Data Security & Privacy Symposium, Cyber Risk Quantification Workshop at Drexel LeBow in Philadelphia on March 22, 2018.

This year, we have assembled a group of specialists from multiple disciplines including risk management, cyber security, economics, law, insurance, compliance, healthcare and technology. We have given them access to the current data set from a large, U.S. healthcare system and asked these experts to share their insights, analyses, methods and results with attendees of this one-of-a-kind event. Attendees will hear from some of the world's leading cyber risk experts on various aspects of objective cyber risk analysis, with an emphasis on practical applications.

Cyber risk is constantly changing, so it is even more crucial for organizations to develop and refine the tools and expertise required to identify and quantify their cyber risk on an ongoing basis. Developing such an objective cyber risk quantification function spans multiple disciplines, including information security, privacy, legal liability, regulatory compliance, insurance pricing, underwriting, enterprise risk management, corporate governance, and several others.

Join us for a full day of fascinating conversation at the 3rd Annual 4A Data Security & Privacy Symposium, Cyber Risk Quantification Workshop. This event will be hosted by Drexel University, LeBow College of Business, Corporate and Executive Education and the Drexel University Cybersecurity Institute. All sessions and networking events will be held at the Grand Meeting Room and Terrace, Gerri C. LeBow Hall, 3220 Market St, Philadelphia, PA 19104.


Event Price list / registration fee options

Students, Academic, 
Gov't, Non-Profit

Scholarships and
Group Discounts Available

General Conference Registration

Scholarships and
Group Discounts Available

Risk Managers, 
Healthcare Providers

Scholarships and
Group Discounts Available

4A Data Security & Privacy Symposium Agenda /
view schedule

"Introductory Remarks"

Introductory remarks from Steven Weber, Director of the Drexel University Cybersecurity Institute and Interim Head of the Department of Electrical and Computer Engineering.

"Do Some Hospital Data Breaches Lead to Increased Mortality Rates?"

The risk of cyber attacks for many individuals is largely seen as an abstract privacy concern. This is a view that ignores the potential health and safety impacts of cyber risk. Dr. Choi will present pioneering research he conducted with Dr. M. Eric Johnson, Dean of the Owen Graduate School of Management, exploring the relationship between breaches of healthcare data and healthcare outcomes. Their research analyzed the question of whether hospital data breaches may adversely impact hospital mortality rates due to disruptions to provider care-practices. This study reviewed 30-day mortality rate for acute myocardial infarction using a difference-in-differences model from a national panel of hospitals from 2011 to 2015. Dr. Choi will take questions regarding their study and findings that a data breach was associated with a 0.338 to 0.446 percentage point increase in the 30-day AMI mortality rate in years after a breach.

"Using Cyber Risk Quantification for Planning and Budgeting Decisions"

Most cyber security purchasing decisions are based on following "best practices" and compliance requirements. Patrick Florer and Mark Eggleston will review the current data from a real healthcare system that has been provided for this workshop and discuss a decision-making process which involves actual cyber risk quantification. They will examine questions such as:
* How can I assign reasonably accurate dollar losses to my biggest risks?
* Which risks are really the ones with the highest likelihood of occuring at my organization?
* How much risk reduction (in dollars) can I achieve with a specific security control implementation?
* How can I use cyber risk quantification as a regular part of my security program?

"Cyber Value at Risk: How an Economic Model Can Help Decision-Makers"

Dr. Maarten van Wieren, Managing Director of Aon Risk Services Cyber Solutions Group in the Netherlands joins us to discuss how to apply the Cyber Value at Risk (CyberVaR) model to the data set provided in order to quantify the specific economic consequences of cyber risk to the organization. This approach provides information to organizations of all sizes that can help them make better decisions.

"Coffee Break"

This is a short break to refresh, mingle or grab some more nourishment. Coffee and light snacks will be served on the Terrace. It's also another chance to see what our carefully selected exhibitors have to show.

"Quantifying Legal, Regulatory and Compliance Cyber Risk"

Analyzing the data set, Greg Fliszar will lead this discussion about how to quantify the legal and compliance aspects of cyber risk. With HIPAA as a guide and GDPR on our doorstep, this panel brings the perspective of both inside and outside counsel, as well as a company dedicated to helping organizations become compliant.

"How Much Cyber Insurance Does My Organization Really Need?"

Risk transfer is a critical component of any cyber risk management strategy. But few organizations have the ability to quantify their cyber risk with enough confidence to answer this fundamental question. It is even more challenging, given the rapid changes and complexity of today's cyber insurance market. This session will begin with an analysis of the common data set provided, and then Josh Ladeau will lead this discussion, expanding toward a decision-making process that can be applied to a broad range organizational types and sizes.

"Lunch - Round Table Discussions"

Six discussion topics will be hosted by a speaker from the morning sessions during lunch on Wednesday. The topics are: The Impact of Data Breaches on Healthcare Outcomes; Cyber Value at Risk ; Quantifying Legal/Regulatory/Compliance Cyber Risk; Using Cyber Risk Quanitification for Planning and Budgeting; Cyber Insurance & Cyber Risk Quanitification. Please select your first and second preference for topics on your registration form and we will do our best to accomodate everyone. Topics will be assigned to attendees on a first come, first served basis and attendees will be given table assignments at on-site registration. Each lunch table will display a table topic sign and attendees will proceed to their corresponding lunch table.

"What's An Enterprise Security Score and How Can You Use It?"

FICO is probably best known for its FICO Credit Score, but after acquiring QuadMetrics last year, FICO has launched a cybersecurity score as well. Dr. Liu's research in cybersecurity and insurance markets provided the foundation for QuadMetrics and now FICO's offerings. Dr. Liu will review the FICO Score generated by its analysis of the organization, explain how they got it, what it means and how the information can be used.

"Quantifying Cloud Risk"

Despite the proliferation of cloud security products, cloud risk remains a nebulous area (sorry, pun intended). In this session, Ben will work with the data set to review the organization's cloud risk, how to quantify it, and what that analysis reveals about its cyber risk.

"Coffee Break"

This is a short break to refresh, mingle or grab some more nourishment. Coffee and deserts will be served on the Terrace. It's also another chance to see what innovations our carefully selected exhibitors are showing.

"Final Results: Cyber Risk Quantification Workshop Discussion"

This final interactive workshop discussion serves as a follow-up to all the analyses presented during the day. It will involve many of the previous speakers, along with audience participation in an attempt to "put all the pieces back together again" and create a single, coherent picture of what all these cyber risk quantification efforts mean in practical terms for the organization.

"Symposium Networking Reception"

Meet with the Symposium Faculty and other attendees while enjoying complimentary wine and cheese on The Terrace, directly outside.

Event Sponsors / Sponsorship Opportunities

Testimonials / See What People Say About Last Year's Event!

4A Symposium / Faculty

Dr. Maarten van Wieren

Managing Director

Aon Risk Services | Cyber Solutions Group

Dr. Sung Choi

Postdoctoral Fellow

Vanderbilt Owen Graduate School of Management



Cozen O'Connor

Payal Patel

Vice President


Jakub "Jake" Czyz

Senior Engineer, Enterprise Security Score


Kevin Leninger

Co-Founder & Chief Executive Officer


James Caponi

Chief Compliance and Privacy Officer


Chas Bellingrath

Principal Broker / National Practice Leader: Cyber/Tech


Joshua Ladeau

Senior Vice President, Cyber

Aspen Insurance

Mark Eggleston

Vice President, Chief Information Security Officer and Privacy Officer

Health Partners Plans


Director and
Interim Department Head

Drexel University Cybersecurity Institute

Patrick Florer

CTO and Cofounder

Risk Centric Security

Ben Goodman

CEO & Founder

4A Security & Compliance

CLE's and CPE's / Get the credit you deserve

This 3rd Annual 4A Data Security & Privacy Symposium is produced in conjunction with Drexel LeBow School of Business, Corporate and Executive Education as well as the Drexel Cybersecurity Institute. Attendees who wish to receive CLE's or CPE's must select that option on their Registration Form in advance, and sign in and out of the conference sessions. Instructions will also be provided at the Symposium. 

Learn More

Event FAQS / find your answers

Drexel LeBow is conveniently located in the University City district of Philadelphia. There are several easy ways to get to Philadelphia, Drexel LeBow, and to the many historic sites nearby.

Drexel's Gerri C. LeBow Hall is just 2 blocks from the 30th Street Amtrak Station which is a hub for travel between major cities across the U.S.

Philadelphia International Airport (8500 Essington Avenue) is a short cab or train ride from Drexel, with direct and connecting flights all over the U.S. and the world.

Greyhound (1001 Filbert Street) Economical travel from Philadelphia to all over the country.

BoltBus and Megabus (John F. Kennedy Boulevard and 30th Street) Providing low-cost transportation between Philadelphia, New York City, Boston, Washington, D.C., Pittsburgh, and other locations.

For directions, click here

There are several hotels in the area to choose from. For a special Drexel Symposium Discount, please reserve your room through the following links:

Complementary meals and snacks are provided for registered attendees. A Cocktail Reception will also be held directly after the main conference at The Terrace, just outside the conference hall. Food will be served as follows:

March 22
7:30 am – 8:30 am Breakfast/Registration

11:00 am – 11:15 am Vendor Expo/Coffee

12:00 pm - 1:00 pm Luncheon and Round Table Discussions

2:45 pm – 3:10 pm Vendor Expo/Coffee

5:00 pm – 6:30 pm Cocktail Party and Prizes

We request presentation slides from speakers and we upload them to the conference website. We do not receive slides from every speaker, and some speakers to not allow distribution of their slides. This is at the discretion of the individual speaker.

Yes! The 4A Data Security and Privacy Symposium is approved to earn CLE and CPE credit through Drexel University, Corporate and Executive Education.

Legal Counsel

Privacy Officers

Information Security Professionals

Insurance Professionals

Risk Officers

Big Data Scientists


The 4A Security & Privacy Symposium does not offer refunds. If you cannot attend, you may request a credit for a future event or you may transfer your registration to another person.

SEPTA is Philadelphia's public transportation system that utilizes subways, trains, buses, and trolleys to take you wherever you want to go in the city and surrounding suburbs. The fare is $2.25 in cash around the city, or you can purchase tokens ahead of time from the vending machine at the Creese Information Desk, at some SEPTA stops, and at some stores. Fares to the suburbs are higher and vary by zone.

Market-Frankford Line – Partially following Market Street east-west, it goes from Frankford Transportation Center (east) to 69th Street (west) with stops near campus (34th and Market Streets and 30th Street Station). The El signs are blue.

Broad Street Line – Following Broad Street north-south, it goes from Fern Rock Station (north) to AT&T Station (south). The Subway signs are orange.

Trolleys – There are five numbered trolley routes that begin and end at 13th and Market Streets and that pass Drexel (33rd and Market Streets and 30th Street Station). Signs are green.

Buses – The bus routes go through every neighborhood in the city. Routes 21, 30, 31, 42, and the LUCY loops are convenient to Drexel's campus. More routes are available from 30th Street Station. Route signs are posted on poles near street corners.

Regional Rail – The Regional Rail trains provide service to the surrounding suburbs from 30th Street Station, University City, Suburban Station, and Market East. The Airport Line has trains to and from Center City every half hour.

The 4A Data Security and Privacy Symposium is designed to stimulate dialog among professionals who see this as an interdisciplinary field and who want to learn from each other.

Information Security Professionals

Privacy Professionals


Hospitals & other Healthcare Providers

Data Scientists


Federal & State Policy Makers

Risk Management Professionals

Insurance Professionals



Compliance and Audit

Machine Learning & AI


State, Regional & Community-Based Health Information Organizations

A lot! Food, art, music, entertainment, history, sports - and Philadelphia is a very accessible city. It's a beautiful time of year too. Bring your partner and make a holiday of it. Check out the Visit Philly website to see what's happening while you're here or to plan your trip in advance.