TEN CYBER-CRISIS BEFORE NOW

ACTIONS
THE HEAVYWEIGHTS WEIGH IN
Firestorm recently held the first of its kind, virtual cyber exercise with expert panelists from
technology, insurance and financial sectors. This document gathers the best thought leadership from
all participants and addresses the critical questions of a Cyber Breach Crisis.

1000 Holcomb Woods Parkway | Suite 130 | Roswell, GA 30076 | 770-643-1114 | Fax: 1-800-418-9088 | www.firestorm.com

TEN CYBER-CRISIS

BEFORE NOW
ACTIONS
THE HEAVYWEIGHTS WEIGH IN

WHAT IS A CYBER
BREACH?
Cyber Breach is a term
that describes a crime

INTRODUCTION- CYBER BREACH

which may involve IT

Today, 80 percent of the value of corporate assets has shifted from physical
to virtual. Accordingly, the business risk has increased dramatically over the
last two decades. A cyber breach is a business problem, not an IT problem.

hardware, software or

Corporations face accelerated, complex, sophisticated attacks resulting in

expanding impacts. A characteristic of cyber-breaches is that they penetrate
an organizations perimeter data security defenses through multiple channels
to exploit all layers of information security. Unfortunately, if a sophisticated
attacker targets an organization, they will be able to breach the data security
in place. Your focus must be on response.

access to data. Just as

Armed Robbery implies

the use of a weapon to
steal, Cyber Breach
implies the use of IT.

What are the most critical components of an incident response plan?

Preparedness starts with a strong incident response plan

that highlights roles and responsibilities when it comes to
responding to a breach. The organization needs to
understand escalation procedures that involve identifying,
investigating, and reporting confirmed data breaches.
Responsibilities include forensic investigation to validate a
breach, authority to declare a data breach, reporting the
breach to appropriate authorities and the organizations
customers. Thomas Tollerton, DHG
What follows next are ten common questions related to Cyber Breach and
answered by our panel of experts from the technology, insurance, finance
and crisis industries. Our experts are:

When you
outsource
services,
you do not
outsource
liability.
Shannon Groeber, JLT
USA

1
This document Copyright 2015, Firestorm. For a presentation of this or a like webinar for your organization, please contact us at firestorm.com

Shannon Groeber, Senior Vice President

Cyber and E&O Practice, JLT USA
Shannon has over eleven years of experience in the insurance industry focused exclusively
on complex Cyber and E&O placements, and related exposures including Media Liability,
Intellectual Property Infringement and Miscellaneous Professional Liability.

Steve Bridges Esq., Senior Vice President

Cyber and E&O Practice, JLT USA
Steve has over ten years of experience in the insurance industry as a Cyber and E&O
specialist. His experience spans across all industries with respect to cyber and E&O
insurance, including exposure assessment, negotiation, structure and placement of
coverage, and claims guidance and assistance.
Stacey Giles, Director
Enterprise Solutions, MIR3
Stacey Giles brings 20 years of exemplary experience to the MIR3 management team. She
joined the company eight years ago as a sales executive, and since that time she has been
instrumental in managing strategic and high-value enterprise accounts such as Bank of
America, VISA, Shell International, ExxonMobil, and Chevron.
Thomas Tollerton, CISSP, CISA, QSA
Manager, IT Advisory - Cybersecurity at Dixon Hughes Goodman LLP
Thomas is a manager in DHGs IT Advisory Services Group and has over 12 years of
experience in a broad range of cybersecurity services, including risk advisory, technical
infrastructure assessments, and compliance audits.
Jack Healey, CPA/CFF, CFE
Mr. Healey has trained Board of Directors and Executives in Cyber Breach Incident
Response Plans. As a COO/ CFO and Corporate Secretary of a public company, Jack brings a
unique perspective to address the financial, governance and human elements that impact
a business.
Jim Satterfield
President, Chief Operating Officer, Firestorm
James (Jim) W. Satterfield is the President/COO and co-founder of Firestorm. Jim is a
nationally recognized expert, keynote speaker and presenter on crisis management, threat
assessment, disaster preparedness and business continuity planning.

2
This document Copyright 2015, Firestorm. For a presentation of this or a like webinar for your organization, please contact us at firestorm.com

1. How do organizations look beyond IT security when assessing their cyber

breach risks?
Shannon Groeber, JLT USA: Assessing your cyber breach risk requires a much broader focus than just IT security.
In todays world, any organization with electronic data or network connectivity faces the possibility of a cyber
incident. In order to understand the risk, it is essential to understand what valuable assets you hold, and how an
attack will impact your organization. How dependent are you upon networks and systems in order to deliver
your product or service? Can you quantify and qualify the data that your organization manages and holds? Do
any third parties have access to your data or systems? If so, are they contractually responsible should they suffer
an incident that impacts your organization? These and many other questions are a crucial first step in
determining the scope of what could go wrong and what the costs might be. After assessing the impact of a
cyber incident, organizations can then focus on IT and non-IT security, education and training, proper
governance and controls, and other measures that create a holistic strategy to protect against cyber incidents.
Thomas Tollerton, DHG: Executive leadership must understand that an effective cybersecurity program is a
process, not an end state. Leadership must constantly maintain awareness of threats and always be seeking to
improve processes and technology to addressing evolving and maturing threats to the organizations data and
systems.
Jack Healey, Firestorm: Organizations that focus solely on IT security have failed to recognize that Cyber Breach
Risks are actually nothing more than human risks. Most, if not all breaches, are due to human error. The more
sophisticated your organization's defenses, the more sophisticated the attack.
Social engineering approaches such as enticing an associate to click on a link, or sending via a misspelled or
compromised email account are simple ways to breach a company. With the introduction of BYOD (Bring your
own device- laptops, PDAs Apple Watches) and telecommuting, the risks of an associate allowing a breach is
more prevalent today than any other time. The bad news is, it will get worse before it gets better. Organizations
need to recognize that we are talking about human risk, and training is the answer.

2.

What actions can an organization take that clearly demonstrate to

consumers and regulators that the organization has taken anticipatory steps to
address cyber security threats?

3
This document Copyright 2015, Firestorm. For a presentation of this or a like webinar for your organization, please contact us at firestorm.com

Steve Bridges, JLT USA: Though most regulators will be examining an organizations practices retrospectively,
we are seeing an expansion of legislation and regulatory actions that are prospective in nature. Regardless,
regulators will look to organizational commitment to cyber security from the highest levels in determining
whether an organization is or has properly addressed cyber security. Board level involvement and board
committee participation are important. An organizations resource commitment both people and money into
this issue will also be examined. Regulators will also look to industry specific rules on security practices things
like PCI, HIPAA, or NIST compliance and will want to see evidence of third party assessments, testing, and
similar proactive measures that demonstrate an organizations commitment to prevention.
Companies with a comprehensive cyber security strategy including
physical security (such as fences, cameras and motion detectors);
perimeter security (including firewalls, unified threat management,
and intrusion prevention and detection); authentication (or twofactor authentication for employees with access to sensitive data);
endpoint security (such as encryption and anti-virus software); and
monitoring (including data logging, packet inspection and network
traffic monitoring) will shine.
Shannon Groeber, JLT USA: On the consumer side, it is much more
difficult to convince consumers that you are addressing cyber
security prior to an incident. Things like strong privacy policies, a
commitment to encryption, and educational efforts to share with
consumers that your organization takes security seriously are all
helpful. Unfortunately, most evidence suggests that consumers only
care about security after a data breach. Consumers tire of demands
that they update passwords or that they answer security questions.
Typically, they just want to complete their transaction with your
company as swiftly as possible. Meeting the balance between an
efficient transaction and rigorous security is a key challenge for most
organizations.

Thomas Tollerton, DHG:

Objective, third party
assessments of
cybersecurity posture are
not only helpful in
identifying gaps in
cybersecurity functions,
but also in providing
reassurance to an
organizations
stakeholders that
leadership takes threats
seriously. Reports such as
SSAE16 provide such
assurance.

Jack Healey, Firestorm: Organizations who wish to achieve Best in Class should focus on the elements of a
well-designed Cyber Risk Program. This begins with comprehensive IT Intrusion and Detection controls, a Cyber
Breach Incident Response Plan, Cyber Awareness Training, and Cyber Breach Scenario Testing for all associates,
board members and third parties, and performing After Action (Hot Wash) events. These plans are not static,
they need to evolve as technology and threats change and keep pace with the most recent scams and intrusion
tactics. A great resource to track these tactics is the FBIs Cyber Task Force on the FBIs web page. In addition,
larger organizations may wish to undergo a SOC 1 (Service Organization Controls) or SOC 2 evaluation by their
outside auditors. These reports test the overall IT infrastructure and IT controls and provide third parties with a
report. It is a Good Housekeeping seal of approval for IT controls.

4
This document Copyright 2015, Firestorm. For a presentation of this or a like webinar for your organization, please contact us at firestorm.com

3.

What is the best approach to educating employees about appropriate

handling and protection of sensitive data?

Shannon Groeber, JLT USA: Like learning any skill, repetition is the key, but organizations risk employees tuning
out the message if education is done poorly. A demonstrated commitment at the top levels of the organization
will aid in the success of your educational efforts. In addition, education around the costs of failing to handle
data appropriately will also be helpful.
Similar to many other events that threaten an organizations reputation, successful prevention measures are
ingrained in an organizations culture. When employees at every level of the organization can understand the
harm associated with deviating from preventative measure, and feel empowered to protect the brand from a
cyber (or other damaging) event, education and training transitions from another corporate requirement to the
backbone of the organization. Living and demonstrating the prevention measures through every level of the
organization by way of example helps to instill those behaviors like all other elements of corporate culture,
actions are more powerful than words.
Thomas Tollerton, DHG: Awareness begins from the top of an organization. Executive leaders need to believe in
the importance of their leadership; in understanding current threats and appropriate user behaviors in order to
more effectively motivate employees to maintain their own awareness. Employees tend to respond to engaging
and dynamic awareness education that communicates how heightened awareness helps protect the individuals
confidential data, as well as corporate data.
Jack Healey, Firestorm: Education should take place at all levels of the organization and be both General Cyber
Security Awareness as well as Specific Functional Detection and Prevention training.
General Awareness covers:
a.
b.
c.
d.
e.
f.
g.

What data is considered sensitive and why;

what company data is encrypted,
who has access to the data,
how the data is transferred internally and externally,
where and how data is retained ,
how data should be destroyed,
and General Security such as the use of passwords, use of dual authentication of the most sensitive
or vulnerable data (e.g. cash); BYOD policies, use of firewalls and anti-virus software at home and on
all BYOD devices, social engineering awareness, see something say something; use of help desk and
other resources the organization has in place.

Specific Functional Detection and Prevention training is geared towards a specific job function; as an example,
how can an Administrative Assistant recognize a fraudsters attempt to gain information about an organization
(calls asking the name of the CFO and treasurer to institute a wire transfer fraud)? Human Resource, Supply
Chain, Finance and Legal departments should have intensive training since they maintain some of the most
valuable data or will be involved in a Cyber Breach if one occurs.

5
This document Copyright 2015, Firestorm. For a presentation of this or a like webinar for your organization, please contact us at firestorm.com

4.

How can organizations ensure that everyone knows what to do in the event

of a breach?
Jim Satterfield and Jack Healey, Firestorm: In the event of a Breach, an organization should have a Cyber Breach
Incident Response Plan (CIRP). This plan is detailed, provides for escalation of risk and assigns responsibility. A
plan identifies the team that will manage the data breach and should include all business disciplines.
Many times associates include IT, HR and legal, but overlook finance, customer service, and procurement
(supply chain). A CIRP covers the management and communication of a breach to stakeholders. It will address,
before a breach occurs, such issues of when to notify the Board, when to contact law enforcement, what type of
breach constitutes a significant breach (a lost laptop versus a loss of all customer data), and provides for post
breach After Action (hot wash) to review the breach. Most of the plans that Firestorm has written are well over
100 pages long, easily indexed and provide the guiding principles and level of specificity to allow a response
team to have confidence in their actions. A CIRP should be tested, and reviewed by the Board of Directors. The
CIRP also mandates the inclusion of third parties such as experts in Cyber law, Cyber forensics and Cyber
insurance.
Steve Bridges, JLT USA: At this point, many companies do have a formalized plan in place to help organize
response (and those that dont should begin putting one in place). Chaos tends to ensue when a plan is never
tested. Companies should create a response plan that includes key leadership responsibilities and a list of third
party vendors with contracts in place, but should also identify a single decision maker that will have ultimate
authority after input from the requisite experts. It is also essential to ensure employees know when to escalate a
particular incident so that it can receive the appropriate attention from the crisis response panel.
Thomas Tollerton, DHG: While ensuring that everyone knows how to respond to a security incident is virtually
impossible, leadership can evaluate security awareness within the organization through performance of social
engineering testing. Social engineering tests simulate attack scenarios, such as phishing email campaigns or
fraudulent phone calls (vishing) and records the results related to
how employees respond to such attacks.

5.

What is the best way for an organization to

identify if it has acquired new areas or levels of

risk?
Thomas Tollerton, DHG: Understanding evolving risk requires
awareness of changing and enhanced business processes and
technologies. In addition to evolving threat actors, changes to the

IF YOU OPENED
YOUR
ORGANIZATIONS
DOOR FOR BUSINESS
THIS MORNING, YOU
ACQUIRED NEW RISK.
JACK HEALEY, FIRESTORM

6
This document Copyright 2015, Firestorm. For a presentation of this or a like webinar for your organization, please contact us at firestorm.com

way an organization functions, its physical locations, and new technology infrastructure are all factors that can
change the risks an organization faces with regard to protecting sensitive information. Management must
consider all of these factors when performing ongoing assessments of cybersecurity risk.
Shannon Groeber, JLT USA: Cyber risk is dynamic and the threat is ever changing. Various areas of expertise
throughout the organization should be focused on issues within their domain IT, HR, compliance, legal, etc.
Companies who are leaders in addressing cyber security and cyber risk have implemented a governance
structure that is able to gather information from these groups and utilize it across the organization. All too
often, organizations overlook the need to periodically assess their risk if not on a constant basis, at critical
timeframes, and with a documented and methodical process.
Because the risk is dynamic, the exposure identification process must be, also. Leaders in exposure identification
also treat the process as a critical function within an organization - employing an individual or committee with a
clear job function to constantly assess exposure, as opposed to unofficially adding to an already overburdened
employee with a number of other responsibilities.

6.

How can an organization hold its vendors and partners to their same high

standards?
Steve Bridges, JLT USA: Similar to other risk avoidance and prevention measures, a thorough plan includes due
diligence on the front end, and contractual protections on the back end. It is critical that all vendors who may
have access to data or systems are evaluated to ensure they will perform in the manner that they promise. This
can include demonstrating that certain designations or certificates have been achieved, copies of third party
assessments, etc.
Once you are satisfied with the assurances they give you, contracts with vendors or business partners who touch
your client or confidential information must require the vendor or business partner to protect the data they
touch. Increasingly, the contractual language is more than the standard provide appropriate security controls
and forward thinking companies are requiring certain standards that can include segregation of data, limitations
on where the data can be housed geographically, and detailed requirements as to security practices.
Shannon Groeber, JLT USA: For a number of reasons, it makes sense to also include right to audit language
that allows you to review your vendor or business partners security practices and procedures. Adding the
language does not require you to audit, but simply gives you the right to do so. It allows a company to identify
(and then eliminate) risky vendors and partners, supports your compliance obligations, and strengthens your
own security practices and procedures.
Like all contracts, your ability to secure this contractual right will depend on the terms of the deal, but this
request is becoming more common in with larger companies with considerable amounts of PII who outsource
some or all of their data management services. Remember, when you outsource services, you do not outsource
liability.

7
This document Copyright 2015, Firestorm. For a presentation of this or a like webinar for your organization, please contact us at firestorm.com

Thomas Tollerton, DHG: Effective vendor management begins with a consistent process for performing due
diligence on a third partys cybersecurity program. Asking the right questions, such as whether the organization
has implemented its own risk assessment process and established a plan for addressing high residual risk can go
a long way to understanding whether vendors consider cybersecurity as part of their organizations operation.
Jack Healey and Jim Satterfield, Firestorm: The number one conduit for a Cyber Breach incident has been
through the supply chain. The most recent Ponemon study stated that 57% of all retailers who had been
breached said that it was a direct result of a supplier. You should understand your suppliers Cyber IQ. Do they
have strong IT Intrusion and Detection controls in place, Cyber Awareness Training, Cyber Incident Response
Plans which have been tested and have they performed an After Action program? You can ask for a SOC 1 or
SOC 2 report, or inquire regarding NIST protocols, but you should assume that they will be breached. The speed
at which they detect, respond, mitigate and restore services is important to you. Then you need to ask about
their supply chain. What actions have they taken to assess their suppliers Cyber IQ?

7.

How can an organization best mitigate

BYOD risks?
Shannon Groeber, JLT USA: First, organizations must understand
the magnitude of their own risk. Who is using their own device?
Are they owned by the company or the employee? What kind of
data is on them and are they encrypted? Having a complete
understanding of these questions is a key cyber risk
management best practice. Then companies must have the ability to wipe devices in the event a device is lost or
an employee leaves. Finally, its crucial to secure and separate environments between personal and
professional.
Thomas Tollerton, DHG: When an organization decides to implement a BYOD program, consideration for
effective monitoring controls must be part of the plan. Access must be limited such that IT has visibility into all
users and personal devices that have access to corporate resources, and that IT has the ability to immediately
revoke access as needed. Additionally, users must understand their responsibilities for physically securing their
devices and not sharing access to personal devices when sensitive corporate data is accessed on such devices.

8.

How do I determine what cyber insurance coverage my organization

needs?
Shannon Groeber and Steve Bridges, JLT USA: Cyber threats are a reality for any organization, and proactively
addressing cyber concerns is essential to companies in a variety of industries. Forward thinking companies are
utilizing cyber insurance as part of a holistic and proactive cyber risk management plan. However, the cyber
insurance market is inundated with brokers, insurance carriers and service providers, and its difficult to

8
This document Copyright 2015, Firestorm. For a presentation of this or a like webinar for your organization, please contact us at firestorm.com

determine which is the right fit based on your needs not all participants in this dynamic field carry the same
expertise.
The best way to understand your cyber insurance needs is to work with an insurance broker who specializes in
cyber coverage on a full time basis. The broker should help you collaboratively identify potential cyber
exposures by reviewing your services, customer base, contracts, and security practices, to name a few critical
areas of focus. The most effective risk transfer solutions are usually borne from roundtable discussions with Risk
Management, Information Security, Legal (responsible for contractual requirements and compliance with
vendors and customers), and the individual or team members responsible for regulatory compliance, among
other relevant functions based on your unique business. This will drive coverage negotiations and help in
determining which additional resources will be most impactful.

9.

What role should insurance play in the cyber crisis process?

Shannon Groeber, JLT USA: A well-crafted risk transfer solution carries a number of benefits both pre and post
breach. Throughout the process of placing coverage, you should benefit from working with a skilled broker that
can help you quantify and assess your risk, provide feedback, education and consultation on emerging risks and
how you compare to peers, and help anticipate the ever-evolving insurance market. Once an event occurs, the
insurance program in place should help you facilitate a response, should a turnkey solution be best suited for
your firm, or provide the funds to quickly and appropriately minimize the overall harm without further
interference if thats a better fit. In short, the insurance should be integrated into your breach response process,
but should not impede it. Unfortunately, the proliferation of insurance options can sometimes result in an
insured buying a policy based on price or other factors without the guidance of a broker that is proficient in
cyber placement, and without understanding how the policy functions. The combination can cause further
exacerbation of the event itself.

10: What can I do now to be ready to effectively communicate before, during, and
after a cyber crisis?
Stacey Giles, MIR3: Before a crisis, establish a system for providing up-to-the-minute information for all your
stakeholders through every possible mode, like email, text, phone, etc. Make sure your contact data is current
and complete, and be sure to provide a way for message recipients to respond. Create message templates that
align with your companys core values so that when the pressure is on, a message can quickly be adapted to fit
the situation.
During the event its important you monitor and react appropriately to recipient responses while continuing to
provide direction and updates. Use your system to provide just the right information for each group of
recipients, and use a call-bridge system to quickly pull together decision makers on a conference call. After a
crisis its always a good idea to send follow-up messages to assess losses, reconnect with your team refocus
everyone on safely resuming productivity.

9
This document Copyright 2015, Firestorm. For a presentation of this or a like webinar for your organization, please contact us at firestorm.com

PREDICT.PLAN.PERFORM.
At Firestorm, we employ a PREDICT.PLAN.PERFORM. methodology to analyze and enhance the Cyber Crisis
planning process. The process should be evaluated for the five stages of a crisis with distinct decisions to be
made, actions taken, and communications in each stage:

Preaction
Onset
Impact
Response & Recovery
Post-Consequence Management

10

Many organizations think of Cyber Breach as an IT issue. Cyber Breach is a Business Crisis-Risk and as such
it is the responsibility of:
o The Board of Directors
o Senior Management (CXO)
o IT (CISO)
o Functional Areas
Legal
Internal Audit
Customer Service/Sales
Procurement/Supply Chain
Human Resources
Research and Development
Finance
Treasury
Risk/Insurance
Operations
Logistics/Distribution
Warehouse

This document Copyright 2015, Firestorm. For a presentation of this or a like webinar for your organization, please contact us at firestorm.com

NOTE:
Firestorm has used the generic term cyber breach to conveniently represent incidents that could negatively
impact your company, with respect to the following:

All company information assets including hardware, network infrastructure, software, electronic and
physical data, and human knowledge;
Communication, storage, and processing of data by any means resulting from your company
actions/obligations; and
Unauthorized security events resulting from intentional or unintentional electronic or human actions

Firestorm recommends a cyber-risk analysis of your companys existing cyber-breach plans/processes/

procedures. This review must include your documentation associated with data security and crisis management
response processes and procedures, as it relates to cyber-breach incidents. The analysis should focus on the
organizational structure, employees, technology infrastructure, clients, suppliers, operations and other business
risks associated with the data security process. The analysis must include functional, structural, security,
systems, response, facilities, and communications perspectives.
Upon completion of the analysis, you will be positioned to understand the current state of your existing data
security and cyber-breach crisis management response environment.
The analysis should include the following:
Identification of cyber-breach exposures;
Impact assessment of cyber-breach events;
Response and recovery priorities;
Mitigation of existing exposures; and
Response & recovery strategy selection.

What do you need?

A.

Cyber Breach Awareness Indicators Matrix

A Cyber Breach Awareness Indicators Matrix is designed to provide your employees with a tool to identify
events which may indicate that a cyber breach has occurred.
B.

Cyber Breach Response Activation Matrix

A detailed Cyber Breach Response Activation Matrix identifies the considerations and triggers needed for
leadership, response, and communications. This process provides guidelines for escalation, based upon
potential for a cyber breach. The activation triggers will not override or supersede any existing policies currently
in place for communications and coordination.
C.

Cyber Breach Response Roadmap

Focus of the Cyber Breach Response Roadmap is directed on the notification, containment, response, and
recovery of a cyber-breach incident.
The Roadmap should include:

Team members identified with two (2) alternates for each

Role & Responsibilities

11
This document Copyright 2015, Firestorm. For a presentation of this or a like webinar for your organization, please contact us at firestorm.com

D.

Checklist actions to be taken at each of the five (5) phases of activation: Preaction, Onset,
Impact Assessment, Response & Recovery, and Post-Event
Cyber Breach Awareness Indicators and Activation Matrices
Incident Tracking Forms

Cyber Breach Crisis Communications Plan with Message Maps

Your company has established tools to address communication. Those tools must be integrated into a
comprehensive enterprise Cyber Breach Crisis Communication Plan that will help you address internal and
external communication during any cyber-breach incident. The plan will ensure that your company retains
control of the narrative in any situation and not be forced into a potentially damaging response mode.
The Cyber Breach Crisis Communications Plan will document protocols, tailored to Coordination, Crisis, and
Compliance, that will guide your company in promptly sharing information with all stakeholders during a cyberbreach incident, as required.

The 3 Cs of Cyber Breach Crisis Communications

Coordination Communicate internally to direct coordination activities regarding cyber breach
response and recovery.
Crisis Provide communications to address the potential crisis impacts on brand and reputation.
Compliance Communications responsibilities related to compliance notification to those parties who
are impacted (or potentially impacted) by a cyber breach. These communications serve the dual
purposes of notification and remedy actions to mitigate or prevent potential impacts.

12
This document Copyright 2015, Firestorm. For a presentation of this or a like webinar for your organization, please contact us at firestorm.com

Learn more about Firestorm and our Partners

With more than 1,800 people in 12 states, Dixon Hughes Goodman ranks
among the nations top 20 public accounting firms. Offering
comprehensive assurance, tax and advisory services, DHG focuses on
major industry lines and serves clients in all 50 states as well as
internationally. Visit www.dhgllp.com for additional information.

JLT Specialty USA is the U.S. platform of the leading specialty business
advisory firm Jardine Lloyd Thompson Group. JLT experts have deep
industry and product experience serving leading U.S. and global firms. JLT
is one of the worlds leading providers of insurance, reinsurance and
employee benefits-related advice, brokerage and associated services. Visit www.jltus.com

MIR3 is the premier provider of Intelligent Notification and response

software for business operations, including crisis management, IT service
management, corporate communications, customer relations, supply
chain management, event management, or any area that needs reliable
two-way notification for groups from one to many thousands. Visit www.mir3.com

Firestorm

transforms

crisis

into

value.

The

Firestorm

PREDICT.PLAN.PERFORM. methodology combines C-Suite level consulting,

dynamic software solutions, and proven crisis management expertise to
empower clients to create resilient organizations. Firestorm is a
nationally recognized leader in Crisis Management, Continuity Planning, Critical Decision Support, Crisis
Response, Crisis Communications, Crisis Public Relations, and Consequence Management. We are the Crisis
Coach - (800) 321-2219. Visit us on the web at www.firestorm.com

13
This document Copyright 2015, Firestorm. For a presentation of this or a like webinar for your organization, please contact us at firestorm.com