Regulatory Readiness: Leveraging Security Controls for Regulatory Success and Insurability

Craig Hoffman is a digital risk advisor engaged to guide clients on issues related to use of technology and data. He is well known for using his litigation experience and insights from helping entities address thousands of security incidents to develop prioritized privacy and cybersecurity strategies and effectively respond to security incidents. Visibility to what allows incidents to occur, outcomes of decisions made and measures taken to improve going forward from security incidents of all sizes enables Craig to immediately forecast what is coming, offer prioritized recommendations and then operationalize decisions into actions.

Craig co-leads the Digital Risk Advisory and Cybersecurity team, which helps entities address hundreds of security incidents a year and the resulting regulatory and litigation matters that follow. Clients turn to Craig to address the privacy compliance, operational and security related enterprise risks generated by their use of technology, such as data security incidents, post-incident regulatory defense and litigation, payment card network assessments, post-incident security enhancements, incident response preparedness, security and risk assessments, technology contracts and due diligence related to transactions.

In particular, Craig is internationally known as a go-to attorney for payment card security incidents after leading over 200 entities through payment card security incidents and the resulting PCI DSS revalidation process and payment card network liability assessments. Additionally, he has extensive experience with retail, restaurant, hospitality, financial services and technology companies.

Craig has conducted hundreds of incident response training and cybersecurity exercises for incident response teams, executive teams and boards of directors. These sessions help clients contextualize the critical issues and decisions they will face in an incident so they can identity how to build plans that will allow them to respond in a way that meets organizational goals, minimizes risk and protects key relationships.

Craig is ranked in Chambers USA: America’s Leading Lawyers for Business and the Legal 500, was twice chosen for the Cybersecurity Docket “Incident Response” list and has been selected multiple times as an Acritas Star and BTI Client Service All-Star. He is a featured speaker on topics such as reasonable security, incident response and other digital risk areas.

Thomas Fuhrman is Managing Director of Cybersecurity Consulting and Advisory Services at Marsh Risk Consulting (MRC). He leads MRC’s cyber risk consulting practice in North America and works across Marsh & McLennan’s operating companies on a broad range of cyber initiatives. He is a Certified Information Systems Security Professional (CISSP).

Tom is an experienced cybersecurity consultant with over 20 years in the business. He has served in consulting leadership roles as the president of Delta Risk, founder and president of 3tau LLC, and senior vice president and partner at Booz Allen Hamilton. He is an experienced cybersecurity consultant in the financial sector and has supported financial institutions ranging from global money center banks and systemically important financial institutions to large U.S. regional banks with enterprise-wide cyber risk identification and management. He advised one of the largest banks in the world on rationalizing and structuring the cybersecurity programs of their U.S. subsidiaries in the establishment of their Intermediate Holding Company.

Tom was an active contributor to the development of the NIST Cybersecurity Framework and has advised clients and boards of directors on its implementation. He is a strong advocate of the strategic management of cyber risk at the enterprise level through cyber risk quantification.

A recognized thought leader in cybersecurity, he has presented leading ideas in cybersecurity to many audiences through diverse publication channels.

Earlier in his career, he served on the staff of the White House Office of Science and Technology Policy (OSTP) where he authored the OSTP publication CYBERNATION: The American Infrastructure in the Information Age, a landmark report on critical infrastructure protection.

As a Director of Business Development at CrowdStrike, Adam focuses on the insurance and legal verticals in the Americas. His extensive cyber insurance and cyber risk management experience provides CrowdStrike partners and their clients with invaluable expertise. Adam is responsible for developing and managing relationships within these verticals as he provides stewardship, guidance and support in incident response engagements as well as proactive programs to manage cyber risks.

Prior to joining CrowdStrike, Adam was the Managing Director, Cyber Liability Practice, for Arthur J. Gallagher & Co., an international insurance brokerage firm. He was responsible for the overall direction of the Cyber Liability Practice including development of state-of-the-art product solutions, cyber risk management, incident response and preventative services, insurance gap analyses, risk exposure analysis, risk modeling, benchmarking, and best practices implementation.

In addition to leading North American business development for CrowdStrike Services, Adam is a regular speaker, contributor and Advisory Board Member for cyber conferences provided by Advisen and Net Diligence.