Cyber Risk. October 2017

Size: px

Start display at page:

Download "Cyber Risk. October 2017"

Eustace Elliott
6 years ago
Views:

1 Cyber Risk October 2017

2 The Cyber Landscape

3 Dimensions to cyber risk Who is likely to target your clients Which jurisdictions do they operate in? Threat Types What is their line of business? Geography How good are they in preventing and detecting an attack? Sector Security 3

4 Threat Types Organised crime Global, difficult to trace and prosecute Motivation: Financial advantage Impact to business: Financial loss Competitors Competition or rivalry Motivation: Gain business edge Impact to business: IP theft, reputation damage Who would target you, your clients and why? The insider Intentional or unintentional Motivation: Grudge, financial gain Impact to business: Distribution or destruction, theft of information, reputation loss Hacktivism Hacking inspired by ideology Motivation: Shifting allegiances dynamic, unpredictable Impact to business:public distribution, reputation loss State-sponsored Espionage and sabotage Motivation: Political advantage, economic advantage, military advantage Impact to business:disruption or destruction, theft of information, reputational loss 4

5 CYBER UNDERWORLD 2017 KPMG Management & Risk Consulting Sdn. Bhd., a company incorporated under Malaysian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG 2016 International ), KPMG LLP, a Swiss a UK entity. limited All rights liability reserved. partnership Printed in Malaysia. and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative 5

6 Ransomware Major growth in range of groups and tools since Oct 2015 Particular threat to hospitals 44% of business hit in last 24 months Most pay up Small ransoms often only 1 bitcoin Large scale extortion attacks 6

7 CYBER UNDERWORLD 2017 KPMG Management & Risk Consulting Sdn. Bhd., a company incorporated under Malaysian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG 2016 International ), KPMG LLP, a Swiss a UK entity. limited All rights liability reserved. partnership Printed in Malaysia. and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative 7

8 CEO Frauds Criminals now looking beyond financial sector CEO and business compromise fraud now rampant Sophisticated social engineering Networks of call centres FBI warn received fraud reports totalling $3.1 Billion Recent example of $44 million fraud Attacks now tailored to firms, their business and their employees 8

9 CYBER UNDERWORLD 2017 KPMG Management & Risk Consulting Sdn. Bhd., a company incorporated under Malaysian law and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG 2016 International ), KPMG LLP, a Swiss a UK entity. limited All rights liability reserved. partnership Printed in Malaysia. and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative 9

10 Persistent and targeted attacks SWIFT attacks followed Attempted $951M fraud at Bank of Bangladesh Speculation over criminal and State links and flow down of techniques $81M successfully transferred to Philippine casinos Other SWIFT attacks followed Weak links? Carbanak signalled a new type of attack Persistent and stealthy 10

11 Geographic Distribution >30% 25-30% 20-25% 15-20% 10-15% 5-10% Microsoft Security Intelligence Report 20 Malw are encounter rates Q

12 The Underwriting Landscape

13 The Underwriting Landscape The current coverage landscape may be split into the following areas with coverages across 1 st Party and 3 rd Party. SME Non-SME US Non US 1 st Party 1 st Party 3 rd Party 1 st Party 1 st Party covers: - Ransomware - Cyber extortion - Network breakdown - Costs of reconstituting data - Remediation costs 3 rd Party covers: - Network liability - Data breach - Multimedia - Breach of privacy 13

14 New opportunities are emerging in insurance Development of cyber insurance may follow several waves, gradually expanding from core propositions focusing on digital assets to new products covering other types of assets and evensome non-cyber perils Other intangible assets Wave 1 enhancing core propositions with strong crisis management serv ices. Product development Privacy breach Cyber crime & fraud Physical BI with cyber peril Extortion Cyber BI Data & software loss Cyber physical damage Network Security liability IP theft Rep harm Wave 1 Wave 2 Wave 3 Wave 4 Wave 2 improv ing risk modelling and cov erage. Wave 3 expanding to other assets with cy ber triggers. Wave 4 - innov ating to dev elop products to address market gaps. Wave 5 considering to expand scope to cov er other intangible assets with non-cy ber perils. Time horizon 14

15 Insurance Company Organisational Design Today s Insurance company Property Casualty Financial lines Speciality Crisis Management Others Cyber Cyber Cyber Cyber Tomorrow s Insurance Company Personal lines products Cyber Centre of Excellence Commercial lines products 15

16 Underwriting and Claims Considerations Initial Risk Assessment Process needs to be quick and not intrusive Difference between SME vs Large SME risks can be managed via a finite number of questions in most cases. Large risks require a larger set of questions. Questionnaires/Interviews On-line assessments External penetration assessments (using 3rd party vendors) Full reviews Underwriting Judgement Challenges of Initial Risk Assessment Reliance of 3rd party data Data only provides a snapshot Insufficient data Previous step does not absolve responsibility of underwriter Underwriter s judgement and skill Assess data Map exposures to coverage offered by policy Large vs SME View on accumulation Claims What does the customer need? SME Dedicated hotline Incident response/crisis Management, NOT indemnity Large Corporates In house teams to deal with initial response Need expert support Some indemnity element Data is available Able to create a view on a client s capabilities: Documentation and process reviews Training Incident response procedures Systems But limitations could exist (e.g. outside-in view only) Pricing Process Limited data on new coverages Issues with historical data 16

17 Bringing it all together Cyber modelling should be based on a detailed assessment of the threats, activations and motivations underpinning potential attacks; and builds up elements of risk based on detailed intelligence from our cyber experts. Threats Assets Actors Counters Cyber Insights by Sector Identif y the most common threats to organisations, depending on their sector. Lev erage threat intelligence and historical data to identif y credible threats. Valued assets v ary f rom organisation to organisation, howev er, there tend to be similarities within each sector. Use industry experience to map the ty pical v alued assets f or a sector. This can then be conf irmed with each indiv idual prospectiv e policy holder. Organisations can be more susceptible to hacktivists, criminals or state sponsored attacks, to name a f ew, depending on the sector they operate. Use threat data and past incidents to identif y the potential actors behind cy ber attacks. Understand the maturity of dif f erent sectors. Determine credible scenarios of cy ber ev ents f or each sector. Scenarios Construct f orward looking scenarios based on 2 approaches:. Use an existing cy ber ev ent and associated losses and extrapolate to f orm an extreme event which has not been observ ed y et. Use an existing large ev ent as the starting point and then consider if a cy ber attack could be the root cause of a future event of a similar nature. If the answer is y es, then use the ev ent loss prof ile to inf orm the scenario. Modelling Combine cy ber insights and knowledge of the industry, such as: companies in the industry, sy stems or third party v endors employ ed, security v ulnerabilities in the sector, known attacks and measures the companies are taking to def end (or not). Try to assign f requency and sev erity assumptions to the chosen scenario based on detailed analy sis and expert judgement. ( KPMG International ), a Swiss entity. All rights reserved. 17

18 Frequency Severity Approach Frequency Define the Risk Segment Determine relevant threats for each Risk Segment Annual probability of successful attack from available data/insights - A% DDoS - B% Malware - C% Extortion Adjust for: Forward looking view of risk (Threat Intelligence Reports) Judgement Scoring Selected Parameters (annual probability of successful attack) X% DDoS Y% Malware Z% Extortion Selected Variability +-% +-% +-% Individual Risk Pricing Validation of reserving Sector Country Company profile Counters DDoS Ransomware Extortion Terrorism Severity SIMULATIONS IELR testing Capital Modelling Look at what the immediate effect is on the company Collect information that is a proxy for this effect Create model points from each of the relevant threats to estimate costs split by heads of damage: Breach costs Fines Liability Selected Parameters DDoS $ $ $ Malware $ $ Extortion $ $ $ Selected Variability +-% +-% +-% 18

19 kpmg.com/uk The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliatedwith KPMG International Cooperative The KPMG name and logo are registered trademarks or trademarks of KPMG International. Create KGS: CRT067112D

Cyber Risk & Insurance

Cyber Risk & Insurance Digitalization in Insurance a Threat or an Opportunity Beirut, 3 & 4 May 2017 Alexander Blom - AIG 1 Today s Cyber Presentation Cyber risks insights from an insurance perspective