Cyber insurance, security and data integrity insights
|
|
- Diane Wade
- 6 years ago
- Views:
Transcription
1 Cyber insurance, security and data integrity insights 1
2 Executive summary: insights into cybersecurity and risk As cyber threats have become more pervasive, persistent and sophisticated, information security has become a business imperative for all industries. Unlike companies in other sectors, however, insurers must gain a deeper understanding of cyber threats as they develop cyber liability policies. These products are evolving to include not just technology companies, but all organizations that collect, store and process data from their customers. Businesses must take a proactive approach to cybersecurity rather than waiting for a breach to occur and then acting on it. When it comes to information security, insurers must stay ahead of the ever shifting cyber threats by maintaining the triad of confidentiality, integrity and availability of systems and data. No one escapes cyber risk. Every company is vulnerable to cyber threats. In the vibrant global cyber insurance market of the future, risk management of a data breach must be built into policy at the board level, and not just a concern of the IT departments. This will give the reinsurance industry and capital markets confidence, and confirm to regulators and rating agencies that enterprise risk management (ERM) has been included in cyber liability coverage. 2
3 Key actions for insurers to take To achieve Cybersecurity, insurers must: To mitigate cyber risks, insurers must: Develop and implement a long-term, enterprise-wide security program that addresses processes, controls, organization and governance, as well as reporting, metrics, privacy and data protection Invest in cybersecurity and do a better job of articulating and demonstrating the value proposition Establish a framework of continuous improvement in analytics and reporting, people, processes and technology Design and execute solutions to measure, monitor and report on the effectiveness of security programs Refine strategies based on changing threats, risks and business imperatives Integrate cyber risks into a broader enterprise risk management approach, including risk modeling and transfer Gain specific understanding of risks related to data breaches, supply chains, emerging digital technologies and rapid-growth markets Track and monitor cyber liability regulation and rating issues and developments Accept that all insured infrastructure is a target, with the highest value assets the most frequent targets Remain alert to changing trends and emerging threats within the market and ensure that policy terms and conditions do not increase exposure Embrace a cyber risk center of excellence approach that extends across customer, risk-centric and financial activities 3
4 Achieving cybersecurity Emerging cyber threats Financial institutions have developed applications for mobile payment and other transactions. While these applications represent innovation, the institutions never planned on supporting mobile banking. Consequently, digital exchanges via the mobile transaction network are at a higher risk of compromise and/or manipulation by exploiters with increasingly sophisticated tools and skills. Moreover, infrastructure and storage outsourcing efforts supporting these applications put organizations further at risk as cloud service providers have different security mechanisms. Other challenges (and reasons for concern) for insurers: There is a large gap between the nature of new threats and the capabilities available to detect attacks, monitor (and stop) unauthorized exfiltration and secure information. Few insurers have direct insights into the cyber liabilities surrounding intangible digital assets. Many do not have the tools to provide the direct real-time awareness necessary to calculate risks to insured digital assets stored by cloud service providers or enterprise networks. There is increased awareness that companies should be accountable for private records and the security of data collected from their customers. Research shows: Nearly 95% of all enterprise networks have been compromised by external attackers. Only 3% of organizations felt safe against insider threats. Hundreds of millions of consumers have had their identity information compromised. The financial and reputational losses to businesses and shareholders stretching into the tens of billions of dollars annually. Insurers should expect that insured infrastructure will be compromised at some point. The more important and valuable the data assets are (IP, customer and supplier base, etc.), the more likely a compromise will occur. As exposure has evolved, so have policies. Since exposure exists for any organization that handles private information, insurance companies have been tasked with creating a new type of policy. The rapid adoption of mobile and digital devices in emerging markets is fostering new product development, along with new security and privacy measures. 4
5 Achieving cybersecurity Pillars of information security Prevents the disclosure of information to unauthorized individuals or systems Confidentiality Security model Availability Integrity Makes sure that computing systems, security controls and communication channels are functioning correctly Maintains the accuracy and consistency of systems and data over the entire lifecycle the most critical pillar but a gaping hole today 5
6 Achieving cybersecurity Data Integrity What it is: Data integrity is the ability to independently prove what happened in a digital infrastructure, determine the impact of a security incident and distribute the liability for a data breach. This proof is currently hard to obtain from internal systems, and it becomes increasingly complicated with organizational reliance on outsourced cloud infrastructure and trusted administrators. New methods are needed to definitely identify the cause of compromise, the assets affected, when the compromise occurred and if insured assets were exposed outside the organization. Why it matters: It s a prerequisite for ensuring confidentiality. Without it, encryption is worse than useless, bringing a false sense of security that can lead to a breach. It brings auditability and transparency of evidence to governance frameworks (for both public and private sectors). Data integrity enables an independent audit of digital assets prior to a data breach and clearer visibility into impacts when breaches occur. 6
7 Achieving cybersecurity Getting to data integrity: keyless signature infrastructure Most breaches today go unnoticed until long after they occur and the damage has been done. Active integrity involves continuous verification of the integrity of data in storage using keyless signatures. A disruptive new technology standard, keyless signature infrastructures (KSI) can effectively address some cyber liability issues by enabling mutual auditability of information systems add clearer visibility into the cause of a breach incident. Further, KSI mitigates the risk of breach escalation in real time and provides indemnification against subrogation and other legal claims. A managed security service resulting from the implementation of KSI, marks a new era for insurers. How KSIs work: Unlike digital certificates, keyless signatures never expire. People are not required in the signing process. Use of keyless signatures strengthens legal non-repudiation for data at rest. There are no keys to be compromised and/or keys to revoke. During a breach, active integrity can be provided with cyber alarms and correlated to other network events by auditors, network operations centers and security operations centers delivering real-time, continuous monitoring and verification of data signed with keyless signatures. Keyless signatures change the security paradigm by ensuring visibility into the cause of breaches Keyless ignature = :39: :39: suporte6 pam_unix(cron:session): session closed for user root :09: :09: suporte6 pam_unix(cron:session): session opened for user root by (uid=0) :09: :09: suporte6 (root) CMD ([-x /usr/lib/php5/maxlifetime ] && [-d /var/lib/php5 ] && find /var/lib/php5/ -type :09: :09: suporte6 pam_unix(cron:session):session closed for user root Each record is :12: :12:03 12: suporte6 mauricio: TTY=pts/1 ; PWD=/etc/rsyslog.d ; USER=root ; COMMAND=/usr/bin/killall kmysqladmin signed by keyless :17: :17: suporte6 pam_unix(cron:session): session opened for user root by (uid=0) signature :17: :17: suporte6 (root) CMD ( cd/&& run-parts report /etc/cron.hourly) :17: :17: suporte6 pam_unix(cron:session): session closed for user root :39: :39: suporte6 pam_unix(cron:session): session opened for user root by (uid=0) :39: :39: suporte6 (root) CMD ([-x /usr/lib/php5/maxlifetime ] && [-d /var/lib/php5 ] && find /var/lib/php5/ -type Electronic ata Signed lectronic ata :09: :09: suporte6 (root) CMD ([-x /usr/lib/php5/maxlifetime ] && [-d /var/lib/php5 ] && find /var/lib/php5/ -type :09: :09: suporte6 pam_unix(cron:session):session closed for user root :09: :09: suporte6 mauricio: TTY=pts/1 ; PWD=/etc/rsyslog.d ; USER=root ; COMMAND=/usr/bin/killall kmysqladmin :17: :17: suporte6 pam_unix(cron:session): session opened for user root by (uid=0) :17: :17: suporte6 (root) CMD ( cd/&& run-parts report /etc/cron.hourly) :17: :17: suporte6 pam_unix(cron:session): session closed for user root :39: :39: suporte6 pam_unix(cron:session): session opened for user root by (uid=0) :39: :39: suporte6 (root) CMD ([-x /usr/lib/php5/maxlifetime ] && [-d /var/lib/php5 ] && find /var/lib/php5/ -type 7
8 Achieving cybersecurity KSI in action Estonia: NATO headquarters for Cybersecurity Estonia solved the data integrity issue following a disabling cyber attack in By integrating KSI into networks, every component, configuration and digital asset can be tagged, tracked and located with real-time verification no matter where that asset is transmitted or stored. With real-time awareness, incident response, data loss prevention, investigation and/or network resilience, it is now possible to detect and react to any misconfiguration, network, component or application failure in the country. It has irrefutable transparent evidence to independently verify and enable trust in transactions and interactions on their networks. No keys or encryption just mathematical proof of everything that happened. 8
9 Achieving cybersecurity Big data security challenges In the past, large financial risk models and risk-scenario simulations have taken days to run, slowing the delivery of urgently needed information to the C-suite. Running models in the cloud across multiple processors, where the modeling software can process successfully across multiple cores, means large models can now be run in a matter of minutes. But once the model data enters the cloud, can it be trusted? Machine-to-machine and autonomous sensor data being managed by machines assumes the security protocols and handling of machine-generated data are rock solid and invulnerable to compromise. That s a dangerous assumption. KSI and emerging data integrity standards will change the perception that data in the cloud is less secure than in corporate data centers. Real-time, continuous integrity monitoring and tamper detection capabilities like those enabled by KSI are necessary to protect the big data repositories that make up the cloud. Further, KSI allows companies to manage big data through four dimensions: Velocity Variety Volume Veracity 9
10 Achieving cybersecurity Innovation through analytics: the time is now Insurance master databases are one of the biggest sets of data in any sector and are growing exponentially thanks to telematics, social media, unstructured data and the like. Leading insurers are changing their vision to a managementby-data-analytics approach to customers, risk assessment and financial analysis. Big data will undoubtedly reshape the insurance industry. For years, the industry has had big data but did not know it or use it. The wake-up call is here, and it is time for re-evaluating and re-tooling analytical capabilities. More predictive modeling Better forecasting through deeper in-depth statistical analysis across the enterprise Moving beyond a simple one-on-one relationship of server to data storage Those are the capabilities innovation through analytics can enable and how data can become a single holistic global and enterprise resource. 10
11 Mitigating cyber risk Cyber risk in the context of ERM Insurers manage many risks aligned to their risk profiles and appetites. Visionaries and early adopters do so dynamically by use of mathematics (stochastically or actuarially) and simulations for the future based on the historical loss data in order to correlate all the risks of the enterprise into one holistic view. Factors to consider include: Cyber risk. Operational risk affects every organization on an equal basis and is often quantified as a percentage of gross written premiums. Cyber risks are no different from any other risk in terms of risk management and transfer Cyber risk must not be viewed as separate from other types of risks. Risk mitigation. Insurance and reinsurance are not alternatives to ERM. Risk transfer programs should be used to address structural residual risk, and risk management best practices can ease the process of finding the right cover at the right price with reinsurance optimization. Such an approach must be applied to cyber risk. Risk modeling. Dynamic risk modeling can enhance effective risk management best practices, modeling the likelihood of small claims from data breaches, as well as the impact of long-tail or black swan events. Early adopters are also experimenting with other risk transfer mechanisms include cyber captives, specialpurpose vehicles (SPVs) and sidecars. We are early in a long-term and necessary evolution where cyber risk can and must be managed within the broader context of ERM. Dynamic risk modeling tools are necessary to gain detailed visibility into value at risk. 11
12 Mitigating cyber risk Security issues affecting reinsurers As the stability mechanism for solvency in the insurance industry and the link to the capital markets and pension funds, the reinsurance industry must also be focused on cyber risks. Emerging technology threat: the industry must model cyber risks in correlation to other risks, including in the solvency, risk-based capital arena with long-tail exposure reduction. Reinsurers need to understand cyber risk independently of the insurer to create the right protection mechanisms, cyber models and rating bands. An incentive to invest: it is difficult for governments to determine if a cyber attack is an attack on a company or on a country. New mandatory data breach laws will force organizations to report data breaches within a specified period or face heavy fines (up to 10% of gross annual income). Ignorance that a data breach occurred is not an acceptable excuse. Cyber catastrophe models and databases: nearly 60 insurers write some form of cyber insurance coverage outside of errors and omissions insurance (E&O). The reinsurance industry needs to look at the effect of large aggregated cyber attacks that can affect the capital and stability of the risk industry. Cyber attacks and data breaches are black-swan events not unlike natural disasters that will: Help create cyber XL rates (excess of loss) for reinsurance to move away from quota share reinsurance Cause the cyber reinsurance industry to mature in the same way it did for natural catastrophe lines Include legal expenses, as these are particularly perilous to solvency and to the proper reserving of claims (the ability to pay) over a period 12
13 Mitigating cyber risk Supply chain risk Cyber liability regulation and rating Recent natural catastrophe events have shown what can happen to the global supply chain in terms of disruption. A severe cyber-attack would affect the global supply chain, especially around commercial and industrial internet usage. The insurance industry knows that the outsource service provider is the main cause of supply chain disruption, which often happens simultaneously when increasing weather disruption brings cyber and climate risks together in one event. When service providers outsource to each other, it sends a red alert to the industry. Data integrity needs to be embedded in the enterprise, as well as with IT vendors they outsource to and those outsourcers in turn engage. Technology, in conjunction with cyber attacks and service providers, makes up the majority of all supply chain disruptions. Rating agencies can have an economic effect on countries and corporations by making rating changes based on an event. The rating of insurers is also at risk if they do not provide mitigation advice to customers. They may struggle to get reinsurance capacity, expose themselves to more risk and lose access to A -rated capital. It is in everyone s interest in the regulatory and rating space to understand the standards and value that they bring to the table. Currently, rating agencies view cyber risk as a primary threat to solvency because of the significant, rapid and unexpected impact of an event and, in some cases, the ability to react to that event. For natural catastrophes, rating agencies look at the use of catastrophe event models that are created by third-party vendors and rely on vendor research and data accuracy. However, in the case of cyber risk, the catastrophe is the data itself. That requires a broader rating approach for example, with a data-scoring rating mechanism added to overall ERM ratings. The speed of regulatory change in data breach reporting will lead to increased cyber liability coverage and even mandatory insurance in some cases. 13
14 Mitigating cyber risk Best practices and the center of excellence Cyber risk leaders in insurance will likely embrace a center of excellence across customer, risk-centric and financial activities, thereby linking security analytics and big data with fraud investigations. This will further the trend toward intelligence-driven security plans in order to protect digital information assets. The Center of Excellence for Insurance Big Data Security, Technology Governance and Compliance can help you create a holistic, technology-enabled, business-driven strategy. Customer Need: trust Risk centric Need: knowledge Financial Need: transparency Distribution channel cross sell/up sell Underwriting Rating and regulation Customer lead identification Product design and innovation Asset liability matching Marketing campaign analysis Pricing and deductibles Reinsurance optimization Segmentation Reinsurance strategy Portfolio and asset optimization Know thy customer (KYC) Telematics M2M Risk-based capital pricing Lifetime value Catastrophe models Financial modelling Retention and lapse Reserving and claims Mac economics Fraud, SIU and forensics Embedded value subrogation/recovery 14
15 Mitigating cyber risk How EY assists with effective cyber risk management EY s information security services help our clients to assess their security strategies, processes and infrastructure to manage risk and enable compliance with applicable laws and regulations. This includes testing for security exposures and business risks created by vulnerabilities or inadequate systems, applications and network devices. Leading practices should include: A pragmatic, risk-based information security strategy that integrates solutions to address business needs, compliance requirements and ERM objectives Listening to what is going in the market, understanding security information trends and threats, and adjusting the risk assessment accordingly Continually reassessing new technologies and the threat landscape to confirm that focus is on the right priorities Executive and board support that leverages the expertise of partners and vendors and defines which security functions sit in-house instead of outsourced and in the cloud Assurance that information security is an integral part of the risk management function, not a stand-alone unit that fails to involve the business in the process 15
16 Learn more Key Contacts: Shaun Crawford Global Insurance Leader David Piesse International Insurance Society (IIS) Ambassador for Asia Pacific and Insurance Lead at Guardtime Mitigating cyber risk for insurers Part 2: Insights into cyber security and risk 2014 For insights into cybersecurity download Part 1: Cyber insurance, security and data integrity > For insights mitigating cyber risk download Part 2: Mitigating cyber risk for insurers > EY.com/insurance/cyber EY Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com EYGM Limited. All Rights Reserved. EYG no: EG NY ED none This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.
Implementing behavioral analytics to drive customer value: Insurers cannot afford to wait.
Implementing behavioral analytics to drive customer value: Insurers cannot afford to wait. 2 A case for behavioral analytics and automated response imagine Two customers phone into your call center. One
More information2014 EY US life insuranceannuity
2014 EY US life insuranceannuity outlook Market summary Evolving external forces and improved internal operating fundamentals confront the US life insurance-annuity market at the onset of 2014. Given the
More informationBetter-working insurance: moving blockchain from concept to reality
Better-working insurance: moving blockchain from concept to reality Imagine a different kind of insurance industry, one where all parties in the insurance value chain have the same risk data at the same
More informationORSA reports: gaps and opportunities
ORSA reports: gaps and opportunities Market benchmarking of ORSA reports for Singapore general insurers Industry-wide Own Risk and Solvency Assessment (ORSA) 1 2 Contents 1 Executive summary 2 Our assessment
More informationManaging operational tax risk through technology
Managing operational tax risk through technology EY Africa Tax Conference September 2014 Panel Daryl Blakeway Director Tax Performance Advisory Leader EY South Africa Anthony Davis Director Tax Performance
More informationThe Internet of Everything: Building Cyber Resilience in a Connected World
The Internet of Everything: Building Cyber Resilience in a Connected World The Internet of Things (IoT) is everywhere, ushering in a technological revolution at lightning speed. According to an Oliver
More informationA FRAMEWORK FOR MANAGING CYBER RISK APRIL 2015
APRIL 2015 CYBER RISK IS HERE TO STAY Even an unlimited budget for information security will not eliminate your cyber risk. Tom Reagan Marsh Cyber Practice Leader 2 SIMPLIFIED CYBER RISK MANAGEMENT FRAMEWORK
More informationIs the future of shipping in ships and ports, or chips and blocks?
Is the future of shipping in ships and ports, or chips and blocks? Shipping is an industry that s hard to change, but new market opportunities and new technologies are making transformation inevitable.
More informationClaims transformation. EY claims capability
Claims transformation EY claims capability Global insurance industry trends claims transformation According to the market point of view, claims transformation will be the focus of innovation and investment
More informationThe Proactive Quality Guide to. Embracing Risk
The Proactive Quality Guide to Embracing Risk Today s Business Uncertainties Are Driving Risk Beyond the Control of Every Business. Best Practice in Risk Management Can Mitigate these Threats The Proactive
More informationCyber Risk Enlightenment through information risk management
Cyber Risk Enlightenment through information risk management www.pwc.com.au Cyber Risk Enlightenment through information risk management Managing cyber risk in a way that makes sense to everyone in the
More informationNext-Gen Contract Management
AN EXL WHITE PAPER Next-Gen Contract Management Leverage Your Contract Database to Serve as a Strategic Asset and Competitive Differentiator Written by: Nancy Saltzman General Counsel and Chief Compliance
More informationCyber Insurance I don t think it means what you think it means
SESSION ID: GRC-T10 Cyber Insurance I don t think it means what you think it means John Loveland Global Head of Cyber Security Strategy & Marketing Verizon Enterprise Solutions Plot A brief history of
More informationSharing insights on key industry issues*
Insurance This article is from a PricewaterhouseCoopers publication entitled Insurancedigest Sharing insights on key industry issues* European edition September 2008 Is your ERM delivering? Authors: Robert
More informationCompetition, compliance & cost continue to challenge the c-suite of Australian insurers
Competition, compliance & cost continue to challenge the c-suite of Australian insurers The Australian insurance market is reasonably well capitalised and profitable, but it remains highly dynamic. C-suites
More informationRethinking the success of bancassurance. EY survey identifies trends and challenges of this unique business model as it applies in Brazil
Rethinking the success of bancassurance EY survey identifies trends and challenges of this unique business model as it applies in Brazil Contents 1 About the survey 2 Executive summary 4 Key theme 1 Bancassurance
More informationHow to review an ORSA
How to review an ORSA Patrick Kelliher FIA CERA, Actuarial and Risk Consulting Network Ltd. Done properly, the Own Risk and Solvency Assessment (ORSA) can be a key tool for insurers to understand the evolution
More informationCyber-risk and cyber-controls:
Cyber-risk and cyber-controls: 1 Insurance alone is not enough Cyber-risk has become one of the most significant topics in boardrooms around the world. The threat is indeed, very real. Consequently, in
More informationThe agent of the future
The of the future Korea EY survey highlights need for customer-centric innovation and personalized sales support The of the future is emerging as a proactive advisor in a digital world. ii The of the future
More informationANTI-FRAUD CODE CONTENTS INTRODUCTION GOAL CORPORATE REFERENCE FRAMEWORK CONCEPTUAL FRAMEWORK ACTION FRAMEWORK GOVERNANCE STRUCTURE
ANTI-FRAUD CODE CONTENTS INTRODUCTION GOAL CORPORATE REFERENCE FRAMEWORK CONCEPTUAL FRAMEWORK ACTION FRAMEWORK GOVERNANCE STRUCTURE PREVENTION, DETECTION, INVESTIGATION AND RESPONSE MECHANISMS APPLICATION
More information7 STEPS TO BUILD A GRC FRAMEWORK FOR BUSINESS RISK MANAGEMENT BUSINESS-DRIVEN SECURITY SOLUTIONS
7 STEPS TO BUILD A GRC FRAMEWORK FOR BUSINESS RISK MANAGEMENT BUSINESS-DRIVEN SECURITY SOLUTIONS TO MANAGE INFORMATION RISK AND KEEP YOUR ORGANIZATION MOVING FORWARD, YOU NEED A SOLID STRATEGY AND A GOOD
More informationOptimizing and balancing corporate agility for insurers
Optimizing and balancing corporate agility for insurers Table of contents 04 Executive summary 06 Addressing strategic uncertainty 07 Structuring assessments of strategic uncertainty 10 Corporate agility
More informationBall State University
PCI Data Security Awareness Training Agenda What is PCI-DSS PCI-DDS Standards Training Definitions Compliance 6 Goals 12 Security Requirements Card Identification Basic Rules to Follow Myths 1 What is
More informationGUIDELINE ON ENTERPRISE RISK MANAGEMENT
GUIDELINE ON ENTERPRISE RISK MANAGEMENT Insurance Authority Table of Contents Page 1. Introduction 1 2. Application 2 3. Overview of Enterprise Risk Management (ERM) Framework and 4 General Requirements
More informationCybersecurity Insurance: New Risks and New Challenges
SESSION ID: SDS1-F01 Cybersecurity Insurance: New Risks and New Challenges Mark Weatherford Chief Cybersecurity Strategist varmour @marktw The cybersecurity market in the Asia Pacific region contributes
More informationCybersecurity Insurance: The Catalyst We've Been Waiting For
SESSION ID: CRWD-W16 Cybersecurity Insurance: The Catalyst We've Been Waiting For Mark Weatherford Chief Cybersecurity Strategist varmour @marktw Agenda Insurance challenges in the market today 10 reasons
More informationundiscovered opportunities insurance analytics Advanced analytics for insurance
undiscovered opportunities insurance analytics Advanced analytics for insurance unlock value profitable growth deep experience We work with insurers to find opportunities that deliver profitable growth
More informationGet Smarter. Data Analytics in the Canadian Life Insurance Industry. Introduction. Highlights. Financial Services & Insurance White Paper
Get Smarter Data Analytics in the Canadian Life Industry Highlights Several key findings emerged from the SMA research: The primary focus for sophisticated analytics in L&A has traditionally been in the
More informationT A B L E of C O N T E N T S
INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT THE FIFTH ANNUAL SURVEY ON THE CURRENT STATE OF AND TRENDS IN INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT Sponsored by October 2015
More informationMaking Predictive Modeling Work for Small Commercial Insurance Risk Assessment
WHITE PAPER Making Predictive Modeling Work for Small Commercial Insurance Risk Assessment Best practices from LexisNexis Risk Solutions AUGUST 2017 Executive Summary While predictive modeling has proven
More informationFour key capabilities for the future of underwriting. Findings from the EY-CPCU Society underwriting survey
Four key capabilities for the future of underwriting Findings from the EY-CPCU Society underwriting survey Executive summary An expanding value proposition for underwriting As the insurance industry continues
More informationMeeting the challenges of the changing actuarial role. Actuarial Transformation in property-casualty insurers
Meeting the challenges of the changing actuarial role Actuarial Transformation in property-casualty insurers 1 As companies seek to drive profitable growth, both short term and long term, increasing the
More information2014 EY Canadian life insurance outlook
2014 EY Canadian life insurance outlook Encouraging signs, but will insurers seize opportunities? Market summary The 2014 Canadian life insurance market is expected to build upon the positive economic
More informationImprove business results by first improving your vendor selection
Improve business results by first improving your vendor selection Executive summary Don t let your legacy be your legacy systems. For years, life insurance companies have been unable to leverage many
More informationRecord to report. Are you audit ready?
Record to report Are you audit ready? Panel Moderator Panel Cleedon Botha Anselme Patipewe Njiakin Stephen Ntsoane EY South Africa Director EY Cameroon Associate Director EY South Africa Director Sean
More informationCybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do
ARTICLE Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do By Gene Griggs and Saad Gul This article analyzes cybersecurity issues for retirement plans. Introduction
More informationFraud Investigation & Dispute Services Corporate misconduct individual consequences
Fraud Investigation & Dispute Services Corporate misconduct individual consequences Canadian highlights of EY s 14 th Global Fraud Survey Foreword In the aftermath of recent major terrorist attacks and
More informationFROM 12 TO 21: OUR WAY FORWARD
FROM 12 TO 21: OUR WAY FORWARD MESSAGE FROM THE BOARD Weldon Cowan, chair of the board of directors The board of directors shares the corporation s excitement about the next phase of the From 12 to 21
More informationThe Components of a Sound Emerging Risk Management Framework
North American CRO Council The Components of a Sound Emerging Risk Management Framework December 6, 2012 2012 North American CRO Council Incorporated chairperson@crocouncil.org North American CRO Council
More informationSmall business, big risk: Lack of cyber insurance is a serious threat
Small business, big risk: Lack of cyber insurance is a serious threat October 2018 Sean Kevelighan Chief Executive Officer seank@iii.org James Lynch, FCAS, MAAA Chief Actuary jamesl@iii.org Jessica McGregor
More informationRobots join the team. Automation, transformation and the future of actuarial work for insurers
v2 Robots join the team Automation, transformation and the future of actuarial work for insurers istock watermarks on images will be removed once images are purchased. Images are $24 each for a total of
More informationAligning Risk Management with CU Business Strategy
Aligning Risk Management with CU Business Strategy Managing your most pressing risks CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited 2016 CUNA Mutual Group, All Rights
More informationThe OCEG Open Risk Classification using XBRL
The OCEG Open Risk Classification using XBRL Yuji Furusho Fujitsu Research Institute Agenda Overview Governance Risk and Compliance Brief Introduction Standards Initiatives Business Standards, XBRL and
More informationAdvisory Standards I. GOVERNMENT REGULATIONS & GOVERNING DOCUMENTS
Advisory Standards I. GOVERNMENT REGULATIONS & GOVERNING DOCUMENTS The AGRiP Advisory Standards covering Government Regulations and Governing Documents address the legal requirements placed on pool formation
More informationTailored and experiential training for the insurance industry
Tailored and experiential training for the insurance industry We believe in learning by doing. Our experiential approach to learning helps engage participants at a deep level and ensure they gain practical
More informationAlternative Investments Advisory Services. kpmg.com
Alternative Investments Advisory Services kpmg.com Alternative investment opportunities are in great demand as investors seek out consistent, riskadjusted returns. But great demand for your business often
More informationGuidewire ClaimCenter. Adapt and succeed
Guidewire ClaimCenter Adapt and succeed Today s Challenge It s a fact that claims handling accounts for your highest cost. It also presents your greatest opportunity for satisfying customers and securing
More informationDigital insurance: How to compete in the new digital economy
Digital insurance: How to compete in the new digital economy The traditional insurance company is set up to best serve a type of customer that, in the very near future, may no longer exist. Demographic
More informationKeynote Address by Mr John Leung, CEO, Insurance Authority 12th Asian Insurance CFO Summit th May 2018, Hong Kong
Keynote Address by Mr John Leung, CEO, Insurance Authority 12th Asian Insurance CFO Summit 2018 24th May 2018, Hong Kong Recent Developments of the Hong Kong Insurance Industry and the Insurance Authority
More informationOECD PROJECT ON CYBER RISK INSURANCE
OECD PROJECT ON CYBER RISK INSURANCE April 2016 Introduction 1. Cyber risks pose a real threat to society and the economy, the recognition of which has been given increasingly wide media coverage in recent
More informationKey Themes. Organizational Dynamics and Effective Risk Management. Organizational Alignment. Risk Management Effectiveness
Key Themes Organizational Alignment Risk Management Effectiveness Organizational Dynamics and Effective Risk Management Data, Analytics, and Technology Building a Cyber Risk Framework 1 Organization: Where
More informationTechnology, governance and risk: can new thinking on three issues bring retirement security for millions?
Technology, governance and risk: can new thinking on three issues bring retirement security for millions? Global pension and retirement market outlook Contents 3 5 6 Executive summary Governance structures
More informationData Analytics and Unstructured Data Actuaries 2.0
Data Analytics and Unstructured Data Actuaries 2.0 David Brown, KPMG Gary Richardson, KPMG 13 June 2014 Empowering Underwriters to listen to the whole data conversation High volume, velocity, variety New
More informationInvestor Presentation. March 2017
Investor Presentation March 2017 Safe Harbor Statement Safe Harbor statement under Private Securities Litigation Reform Act of 1995: This presentation contains forward-looking statements, including statements
More informationCredit Card Handling Security Standards
Credit Card Handling Security Standards Overview This document is intended to provide guidance regarding the processing of charges and credits on credit and/or debit cards. These standards are intended
More informationERM and ORSA are they the same? Focus on Active Risk Management
ERM and ORSA are they the same? Focus on Active Risk Management Doug Caldwell Chief Risk Officer ING Asia Pacific Session Number: TBR4 Joint IACA, IAAHS and PBSS Colloquium in Hong Kong www.actuaries.org/hongkong2012/
More informationOptimizing the actuarial modeling environment
Optimizing the actuarial modeling environment Actuarial IT architecture considerations around loose and tight coupling By Tim Pauza, William Cember and Sanjo Yogiaveedu Introduction Working with models
More informationEU-US Insurance Dialogue Project: New Initiatives for Focus Areas for 2018
EU-US Insurance Dialogue Project: New Initiatives for 2017 2019 Focus Areas for 2018 The EU-US Insurance Dialogue Project (EU-US Project) began in early 2012, as an initiative by the European Commission,
More informationOperational Risk Management
Operational Risk Management An Iceberg but Icebergs can melt DMF Stakeholders Forum Berlin, May 2013 Mike Williams mike.williams@mj-w.net Operational risk is: The risk of loss (financial or nonfinancial)
More informationReporting climate change risk
Reporting climate change risk A step-by-step guide to implementing the Financial Stability Board Task Force Recommendations for disclosing climate change risk Contents The Financial Stability Board Task
More informationBuilding the Vision: A Look into the Future of an Efficient Insurance Data & Analytics Market
Building the Vision: A Look into the Future of an Efficient Insurance Data & Analytics Market Peter Lynch Executive Vice President, Insurance 25 APRIL 2015 TransUnion is a leading global provider of risk
More informationThe Art of Conversation. kpmg.com/uk/insurance
The Art of Conversation kpmg.com/uk/insurance 2015 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative
More informationWhy Risk Management is Treasury s Biggest Priority
should be Why Risk Management is Treasury s Biggest Priority Presented by Bob Stark Vice President, Strategy Treasury = Risk Management Everything in treasury also helps manage risk Cash & Liquidity (risk)
More informationINSURTECH OUTLOOK. Executive Summary september 2016
INSURTECH OUTLOOK Executive Summary september 2016 BRUNO ABRIL Global Head, Insurance The Insurance Industry is gradually reinventing itself to respond to the digital transformation challenge, incorporating
More informationFraud risk management. Oil and gas sector
Fraud risk management Oil and gas sector Fraud risk management oil and gas sector Contents Why should you be concerned about fraud risks? 1 Key risks in the oil and gas sector 2 Five key factors your business
More informationIT Risk in Credit Unions - Thematic Review Findings
IT Risk in Credit Unions - Thematic Review Findings January 2018 Central Bank of Ireland Findings from IT Thematic Review in Credit Unions Page 2 Table of Contents 1. Executive Summary... 3 1.1 Purpose...
More informationStochastic Analysis Of Long Term Multiple-Decrement Contracts
Stochastic Analysis Of Long Term Multiple-Decrement Contracts Matthew Clark, FSA, MAAA and Chad Runchey, FSA, MAAA Ernst & Young LLP January 2008 Table of Contents Executive Summary...3 Introduction...6
More informationRisk-based capital and governance in Asia-Pacific: emerging regulations
Risk-based capital and governance in Asia-Pacific: emerging regulations 1 Changing regulations in a changing market Across the Asia-Pacific region, countries are reviewing their approach to regulation
More informationCyber ERM Proposal Form
Cyber ERM Proposal Form This document allows Chubb to gather the needed information to assess the risks related to the information systems of the prospective insured. Please note that completing this proposal
More informationRapid returns for the insurance industry with Atos Fraud & Claims Management
Fraud & Claims Management Rapid returns for the insurance industry with Atos Fraud & Claims Management Trusted partner for your Digital Journey The state of play Insurers are being squeezed from every
More informationblockchain bitcoin cryptography currency Blockchain: The Next Big Digital Disruptor for CFOs cryptocurrency exchange transaction financial market
cryptography business digital virtual currency network transaction internet coin cryptocurrency market blockchain ledger data exchange electronic payments business technology money contract transaction
More informationERM and the new world of insurance regulation. Where insurers should focus now to find business value
ERM and the new world of insurance regulation Where insurers should focus now to find business value Enterprise risk management is a common denominator Reform efforts have much in common, including enhanced
More informationAccelerating expansion in Japan Risk management frameworks at a glance
Accelerating expansion in Japan Risk management frameworks at a glance Executive summary Our enterprise risk management report focuses on risk and regulation in the Japanese insurance market and a new
More informationInsuring your online world, even when you re offline. Masterpiece Cyber Protection
Insuring your online world, even when you re offline Masterpiece Cyber Protection Protect your online information from being an open network 97% of Chubb clients who had a claim paid were highly satisfied
More informationSixth Annual Benchmark Study on Privacy & Security of Healthcare Data
Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: May 2016 Ponemon Institute Research Report
More informationSession 73 PD, Predictive Modeling for the Marketing Actuary. Moderator: Maria Patricia Marcelo Arellano, FSA, CERA, MAAA
Session 73 PD, Predictive Modeling for the Marketing Actuary Moderator: Maria Patricia Marcelo Arellano, FSA, CERA, MAAA Presenters: Andy Ferris, FSA, FCA, MAAA Sarah R. Hinchey, FSA, CERA Patrick Sugent
More informationWhy CISOs Should Embrace Their Cyber Insurer
6 Steps to Start Working Together Today Cyber Security risk management is undergoing one of the most important shifts in recent memory; however, this shift is not being driven by the information security
More informationBetter-working insurance: moving blockchain from concept to reality
Better-working insurance: moving blockchain from concept to reality Imagine a different kind of insurance industry, one where all parties in the insurance value chain have the same risk data at the same
More informationMANAGE RISK WORLDWIDE
MANAGE RISK WORLDWIDE Zurich International Programs Corporate customers At Zurich, we re proud of our ability to help protect businesses that operate internationally. For nearly 40 years, we have built
More informationBlockchain. How this technology could impact the CFO
Blockchain How this technology could impact the CFO What is blockchain? Blockchain technology is a way to structure data without the need for a central authority. A blockchain is a distributed database
More informationCrossing the Breach. It won t happen to us
Crossing the Breach P R O T E C T I N G F R O M D ATA B R E A C H E S I S M O R E T H A N A N I. T. I S S U E WHITE PA P E R V E S T I G E D I G I TA L I N V E S T I G AT I O N S Crossing the Breach It
More informationPrudential Standard GOI 3 Risk Management and Internal Controls for Insurers
Prudential Standard GOI 3 Risk Management and Internal Controls for Insurers Objectives and Key Requirements of this Prudential Standard Effective risk management is fundamental to the prudent management
More informationTHE BLOCKCHAIN DISRUPTION. INSIGHT REPORT on Blockchain prepared by The Burnie Group
THE BLOCKCHAIN DISRUPTION INSIGHT REPORT on Blockchain prepared by The Burnie Group NOVEMBER 2017 BUILDING VALUE Business networks create value. The efficiency of business networks is a function of the
More informationH 7789 S T A T E O F R H O D E I S L A N D
======== LC001 ======== 01 -- H S T A T E O F R H O D E I S L A N D IN GENERAL ASSEMBLY JANUARY SESSION, A.D. 01 A N A C T RELATING TO INSURANCE - INSURANCE DATA SECURITY ACT Introduced By: Representatives
More informationPAI Secure Program Guide
PAI Secure Program Guide A complete guide to understanding the Payment Card Industry Data Security Requirements (PCI DSS) and utilizing the PAI Secure Program Welcome to PAI Secure, a unique 4-step PCI-DSS
More informationThe money in motion opportunity. Capturing the opportunities for increasing assets and enhancing relationships as investors move into retirement
The money in motion opportunity Capturing the opportunities for increasing assets and enhancing relationships as investors move into retirement Look for the other publications in this series: Goals-based
More informationCyber COPE. Transforming Cyber Underwriting by Russ Cohen
Cyber COPE Transforming Cyber Underwriting by Russ Cohen Business Descriptor How tall is your office building? How close is the nearest fire hydrant? Does the building have an alarm system? Insurance companies
More informationThe Digital Insurer. The Art of the Possible. 10/02/17 Avril Castagnetta, Senior Manager
The Digital Insurer The Art of the Possible 10/02/17 Avril Castagnetta, Senior Manager What if the insurance value chain Product Marketing and distribution Underwriting Policy admin Claim management Corporate
More informationSociety of Actuaries - ERM Forum, 10 May 2016 A regulatory perspective on consumer risk
Society of Actuaries - ERM Forum, 10 May 2016 A regulatory perspective on consumer risk Helena Mitchell Head of Consumer Protection: Supervision Division Contents What is conduct risk and consumer risk?
More informationEmbrace the Solvency II internal model
October 2011 Embrace the Solvency II internal model Executive summary Insurers continue to question the benefits of Solvency II and whether the internal model will justify its considerable cost. Embracing
More informationHow Will the Distributed Ledger Change the Customer Experience?
THE BLOCKCHAIN EFFECT: How Will the Distributed Ledger Change the Customer Experience? Scott Furlong ISG White Paper 2018 Information Services Group, Inc. All Rights Reserved Introduction As we march toward
More informationBig Data - Transforming Risk and Insurance. Driving Change
Big - Transforming Risk and Insurance George Attard Head of Aon Benfield Analytics, International Catastrophe Risk Management Market Challenges Lack of risk awareness Low disposable income High concentrations
More informationYou ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017
You ve been hacked Riekie Gordon & Roger Truebody & Alexandra Schudel Why should you care? U$4.6 - U$121 billion - Lloyds U$45 billion not covered 2 The plot thickens 2016 Barkly Survey: It s a business
More informationThe UK s new corporate criminal offense. How adopting a robust risk-based approach could open the pathway for future global compliance
The UK s new corporate criminal offense How adopting a robust risk-based approach could open the pathway for future global compliance (CCO) of the failure to prevent the facilitation of tax evasion entered
More informationReimagining customer relationships. Asia-Pacific
Reimagining customer relationships Asia-Pacific 2 Executive summary Two years after EY s inaugural Global Consumer Insurance Survey, results from the 2014 survey confirm that the insurance industry is
More informationTransforming claims through predictive modelling
October 2011 Insurance Agenda Transforming claims through predictive modelling Claims departments are under increasing pressure to produce better loss ratios. Predictive modelling enables claims departments
More informationAchieving convergence of finance, risk and actuarial functions: beyond transformation
Achieving convergence of finance, risk and actuarial functions: beyond transformation Achieving convergence of finance, risk and actuarial functions Beyond transformation 1 Achieving convergence of finance,
More informationSTEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH
STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH 2 THE CYBER AND DATA RISK TO YOUR BUSINESS This digital guide will help you find out more about the potential cyber and data risks to your business,
More informationCompany Overview. August 6, 2018
Company Overview August 6, 2018 This presentation contains forward-looking statements. All statements contained in this presentation other than statements of historical facts, including, without limitation,
More informationThe working roundtable was conducted through two interdisciplinary panel sessions:
As advancements in technology enhance productivity, develop new businesses and enhance economic growth, malicious actors continue to advance as well, seeking to exploit technology for any number of criminal
More information