Third Annual 4A Data Security & Privacy Symposium
Workshop on Cyber Risk Quantification
Hosted by Drexel LeBow

Opening Remarks
Dr. Steve Weber – Director of the Drexel University Cybersecurity Institute and Interim Head of the Department of Electrical and Computer Engineering. Introductory remarks opening the Third Annual 4A Healthcare Data Security & Privacy Symposium.

View Session

Welcome and Fountain Star Health System Case Study
Ben Goodman – Founder & CEO, 4A Security & Compliance. Overview of the Symposium Sessions and explanation of the Fountain Star Case Study from which the data being analyzed during the ensuing sessions was drawn.

Download the Fountain Star Case Study Security Profile.

Download the Presentation.

View Session

Do Some Hospital Data Breaches Lead to Increased Mortality Rates?
Dr. Sung Choi – Post Doctoral Fellow at Vanderbilt University, Owen Graduate School of Management

The risk of cyber attacks for many individuals is largely seen as an abstract privacy concern. This is a view that ignores the potential health and safety impacts of cyber risk. Dr. Choi will present pioneering research he conducted with Dr. M. Eric Johnson, Dean of the Owen Graduate School of Management, exploring the relationship between breaches of healthcare data and healthcare outcomes. Their research analyzed the question of whether hospital data breaches may adversely impact hospital mortality rates due to disruptions to provider care-practices. This study reviewed 30-day mortality rate for acute myocardial infarction using a difference-in-differences model from a national panel of hospitals from 2011 to 2015. Dr. Choi will take questions regarding their study and findings that a data breach was associated with a 0.338 to 0.446 percentage point increase in the 30-day AMI mortality rate in years after a breach.

Download: Do Hospital Data Breaches Reduce Patient Care Quality?  by Dr. Sung Choi and Dr. M. Eric Johnson, Vanderbilt University Owen Graduate School of Management.

Download the Presentation.

View Session

Using Cyber Risk Quantification for Planning and Budgeting Decisions
Moderator: Mark Eggleston, CISO and Chief Privacy Officer, Health Partners Plans
Patrick Florer, CTO and Founder, Risk Centric Security

Most cyber security purchasing decisions are based on following “best practices” and compliance requirements. Patrick Florer and Mark Eggleston will review the current data from a real healthcare system that has been provided for this workshop and discuss a decision-making process which involves actual cyber risk quantification. They will examine questions such as:
* How can I assign reasonably accurate dollar losses to my biggest risks?
* Which risks are really the ones with the highest likelihood of occuring at my organization?
* How much risk reduction (in dollars) can I achieve with a specific security control implementation?
* How can I use cyber risk quantification as a regular part of my security program?

Download the Presentation.

View Session

Cyber Value at Risk: How an Economic Model of Cyber Risk Can Help Decision-Makers
Dr. Maarten van Wieren, Managing Director, Aon Risk Services Cyber Solutions Group

Dr. Maarten van Wieren, Managing Director of Aon Risk Services Cyber Solutions Group in the Netherlands joins us to discuss how to apply the Cyber Value at Risk (CyberVaR) model to the data set provided in order to quantify the specific economic consequences of cyber risk to the organization. This approach provides information to organizations of all sizes that can help them make better decisions.

Download the Presentation.

View Session

Quantifying Legal, Regulatory and Compliance Cyber Risk
Moderator: Greg Fliszar, Member, Cozen O’Connor
Jim Caponi, VP, Chief Compliance and Privacy Officer, UHS
Darren Weis, VP, CFO, IntegriChain

Greg Fliszar leads this discussion concerning how to quantify the legal and compliance aspects of cyber risk. With HIPAA as a guide and GDPR on our doorstep, this panel brings the perspective of both inside and outside counsel, as well as a pharmaceutical data analytics company focused on maintaining security and compliance in a rapidly changing environment.

Download the Presentation.

View Session

How Much Cyber Insurance Does My Organization Really Need?
Moderator: Joshua Ladeau, Global Head of Cyber, Aspen Insurance
Charles Bellingrath, National Practice Leader: Privacy, Network Security & Technology E&O
Payal Patel, Vice President, Network Security & Privacy Practice, Marsh

Risk transfer is a critical component of any cyber risk management strategy. But few organizations have the ability to quantify their cyber risk with enough confidence to answer this fundamental question. It is even more challenging, given the rapid changes and complexity of today’s cyber insurance market. This session will begin with an analysis of the common data set provided, and then Josh Ladeau will lead this discussion, expanding toward a decision-making process that can be applied to a broad range organizational types and sizes.

Download the Presentation.

View Session

What’s an Enterprise Security Score and How Can You Use it?
Dr. Jakob Czyz,  Senior Engineer, Enterprise Security Score, FICO

FICO is probably best known for its FICO Credit Score, but after acquiring QuadMetrics last year, FICO has launched a cybersecurity score as well. Dr. Liu’s research in cybersecurity and insurance markets provided the foundation for QuadMetrics and now FICO’s offerings. Dr. Liu will review the FICO Score generated by its analysis of the organization, explain how they got it, what it means and how the information can be used.

Download the Presentation.

View Session

Quantifying Cloud Risk
Ben Goodman, CEO and Founder, 4A Security & Compliance.

Despite the proliferation of cloud security products, cloud risk remains a nebulous area (sorry, pun intended). In this session, Ben will work with the data set to review the organization’s cloud risk, how to quantify it, and what that analysis reveals about its cyber risk.

Download the Presentation.

View Session

Final Results: Cyber Risk Quantification Workshop Discussion
Moderator: Ben Goodman, CEO, 4A Security & Compliance.

This final interactive workshop discussion serves as a follow-up to all the analyses presented during the day. It will involve many of the previous speakers, along with audience participation in an attempt to “put all the pieces back together again” and create a single, coherent picture of what all these cyber risk quantification efforts mean in practical terms for the organization.

View Session