Cyber Threats to the Energy Industry
|
|
- Reynard Willis
- 6 years ago
- Views:
Transcription
1 Cyber Threats to the Energy Industry Willis Towers Watson 2017 Energy Conference September 21 st, 2017 willistowerswatson.com 2017 Willis Towers Watson. All rights reserved.
2 Agenda 1. Today s Panel 2. Cyber Risk Exposure Environment for Energy Companies 3. Assessing Your Cyber Risk 4. Compensating Controls & Underwriting Criteria 5. Loss Recovery Strategies willistowerswatson.com 2017 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 2
3 Today s Panel willistowerswatson.com 2017 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 3
4 Rob Barberi Rob serves as a Cyber Security & Professional Liability risk specialist, based in Willis Towers Watson s Boston office and focuses on Cyber and Professional Liability risk advisory. He has broad experience negotiating, structuring and placing Network Security, Privacy Liability and Professional Liability insurance programs, focusing primarily on companies with large, complex exposures. Rob has a broad knowledge of insurance company claims handling for cyber insurance and has spent considerable time developing manuscript policy wording to address specific insured needs. He is a regular speaker at industry conferences and actively consults with the US Treasury regarding systemic cyber risks. Rob works closely with numerous companies in the energy sector, serving as a National Cyber Resource for Cyber Energy Risks at Willis Towers Watson. Prior to joining Willis Towers Watson in 2009, he worked at Aon Corporation as a Broker in their Financial Services Group. Previously, Rob was an Associate in Aon s Global Client Network, focusing primarily on the placement and servicing of large international property and casualty programs for Fortune 500 companies. Rob received his B.A. in International Politics & Economics from Middlebury College and his M.B.A. from Boston University with a concentration in Corporate Strategy. willistowerswatson.com 2017 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 4
5 David White Founder and Chief Operating Officer, Axio Axio believes that cyber risk is solvable with an integrated approach that aligns strong cybersecurity with financial hedging strategies Developed Axio s foundational process for cyber risk management and has delivered it to many clients in critical infrastructure sectors, including energy Leads Axio s service business, focused on cybersecurity improvements and cyber risk mgmt. Collaborates on Axio s software platform development to provide security and risk leaders with actionable insight, planning, and reporting for cybersecurity and cyber risk Prior to founding Axio, was a cybersecurity researcher at Carnegie Mellon University Co-authored the CERT Resilience Management Model (RMM) a formal maturity model for managing operational risk Was chief architect on the US Department of Energy s Cybersecurity Capability Maturity Model (C2M2), which is widely used in US energy sector willistowerswatson.com 2017 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 5
6 Garin Pace Garin Pace is a Cyber Product Leader at AIG, responsible for cyber exposure in the Financial Lines and Property products globally. In this role, Garin is responsible for shaping and driving the underwriting strategy for all cyber perils, and ensuring all cyber underwriting tools and processes are consistently leveraged across the portfolio. Garin joined AIG in 2005 as a Professional Liability underwriter and has held various positions of increasing responsibility since. Most recently, Garin was Head of Underwriting Excellence - Cyber, responsible for the underwriting strategy and training for the cyber insurance product in North America. Garin holds a Bachelor s of Science degree in Chemical Engineering from Tufts University. willistowerswatson.com 2017 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 6
7 Michael Guy Expertise: Michael Guy is the Cyber Team Lead for Canada and has worked to develop the quality standards of the CTA Incident Management Process. His cyber practice includes oversight on incidents of malware, ransomware, phishing, whaling, fraudulent funds transfer and privacy breach related to SME commodity programs, institutional (hospitals, colleges, etc.), gaming facilities, manufacturing operations and telecom providers. He has handled notable cyber breach incidents including involvement in high value class action lawsuits. Michael started his insurance career in 1994 working as a insurance adjuster for a large national adjusting firm holding various roles including leading a team managing Corporate Accounts for specialty lines claims. Michael has also held the position of Claims Manager at a national Insurer before joining Charles Taylor Adjusting in Since 2014, he has been in the role of Vice President Branch Manager of the Toronto, Ottawa and Montreal offices. Claims handling includes numerous large and complex losses across Canada involving Commercial / Industrial Property and Business Interruption, Construction, Crisis Management, Products Liability, Pollution Liability (industrial, pipeline, rail), and Cyber.. Professional Qualifications: Bachelor of Business Administration (Hons.) Wilfrid Laurier University Fellow Chartered Insurance Professional (FCIP) - Insurance Institute of Canada Canadian Risk Management (CRM) - Global Risk Management Institute Risk Management Certificate - University of Calgary 2016 Willis Towers Watson Plc. All rights reserved. Proprietary and Confidential.
8 Compliance Complexities NERC California s 20 CIS Controls GDPR Privacy Shield PIPEDA Industry Regulation HIPAA FTC & FCC HITECH Privacy Laws/ Regulations GLBA PCI-DSS Compliance US State Breach Notification Laws willistowerswatson.com 2017 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 8 8
9 Advanced Persistent Threats (Examples) The Ransomware Crisis BlackEnergy Trojan Sandworm Stuxnet Shamoon 2016 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 9
10 Critical Infrastructure Threats DHS is responsible for safeguarding our Nation s CI from physical and cyber threats. DHS created the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) to reduce industrial control system risks within and across all critical infrastructure and key resource sectors. In 2016, ICS-CERT received and responded to 290 incidents reported by assets owners and industry partners, coordinated 390 vulnerabilities, analyzed 100 malware samples. The Energy Sector accounted for 59 of the 290 incidents. Spear Phishing was involved in 26% of the 290 incidents reported, making it the leading access vector. Also in 2016, ICS-CERT responded to the first known cyberattack to result in physical impact to a power grid. ICS-CERT Most Notable Recent Alerts Alert (ICS-ALERT C) Petya Malware Variant (Update C) Original release date: June 30, 2017 Last revised: July 10, 2017 ICS-CERT is aware of reports of a variant of the Petya malware that is affecting several countries. ICS-CERT is releasing this alert to enhance the awareness of critical infrastructure asset owners/operators about the Petya variant and to identify product vendors that have issued recommendations to mitigate the risk associated with this malware. After initial infection, the affected system scans the local network(link is external) for additional systems to infect via Port 139/TCP and 445/TCP, prior to encrypting files and overwriting the Master Boot Record (MBR) or wiping sectors of the disk drive(link is external). There are several reports(link is external) that suggest that the Petya variant s creators intend it to be destructive(link is external) in nature, rather than a traditional, economically motivated ransomware. Alert (ICS-ALERT ) SDG Technologies Plug and Play SCADA XSS Vulnerability Original release date: October 15, 2015 NCCIC/ICS-CERT is aware of a public disclosure of a cross-site scripting vulnerability with proof-of-concept (PoC) exploit code affecting SDG Technologies Plug and Play SCADA, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product. According to this report, the vulnerability is exploitable by inserting malicious script in the HTML request to web servers Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 10
11 IOT in the Energy Industry Increased automation Lowered drilling and transportation costs Increased productivity and safety for workers Use of robotics for efficiency and safety Convergence of Operational Technology (OT) and Information Technology (IT) Motivated by ease of remote access Costly to manage separate networks Process Control Networks (PCN) Observe and control environmental factors (air quality, detection of gases) Monitor equipment status (temperature, fuel consumption) Research and Development Designs and build plans for equipment Exploration and resource quality data Corporate communications Improved communications across geographically dispersed organizations 2016 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 11
12 Assessing Your Cyber Risk willistowerswatson.com 2017 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 12
13 Notices Copyright 2017 Axio Global, Inc. Axio is a registered trademark of Axio Global, Inc. NO WARRANTY: THIS AXIO GLOBAL MATERIAL IS FURNISHED ON AN AS-IS BASIS. AXIO GLOBAL MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. AXIO GLOBAL DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. Internal use: Permission to reproduce this material and to prepare derivative works from this material for use inside your organization is granted, provided the copyright and No Warranty statements are included with all reproductions and derivative works. External use: This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for such permission should be directed to info@axio.com. Axio Overview 08/17/17 13
14 Example Cyber Events
15 Petya/Nyetya/Not Petya 27 June 2017 Data wiper disguised as a ransom-worm Originated in Ukraine but spread globally Exploited the Eternal Blue vulnerability (NSA) 2M computers within 2 hours of release Many prominent firms were impacted; Cyence estimates $850M in damages Motive and origin are a mystery, but many believe that it was targeted to damage Ukraine or serve as a smokescreen [Sulleyman 2017], [Polityuk 2017], [Moise 2017], [Loftus 2017], [Frenkel 2017], [Perlroth 2017], [Barlyn 2017] KUB Workshop 15
16 Coordinated Attack Ukrainian Power Outage, Dec 2015 Highly coordinated manual efforts were synchronized against three power distribution utilities 225,000 customers lost power for < 6 hrs 135 MW 1. SCADA hijack with malicious operation to open breakers 2. Disconnected backup power & flooded call centers to delay outage response 3. Corrupted firmware on communication devices at substations and wiped workstations & servers to amplify attack Results could be more impactful in US due to our heavy reliance on automation and relative inexperience with manual operations. Axio Overview 08/17/17 16
17 Ukrainian Power Outage 2016 Automated transmission attack 1.25-hour outage at one transmission substation outside Kiev, Dec MW power loss = 1/5 of power necessary for Kiev Automated, modular attack tools indicate a dramatic increase in sophistication Attacks at the transmission level have more widespread impact Axio Overview 08/17/17 17
18 Axio Foundation Three simple steps to better understand and address cyber risk
19 RISK Risk Reduction Curve Optimizing the next investment Invest in Capability Sustain Capability Invest in Transfer 1. Early capability improvements have high payoff in risk reduction 2. Payoff flattens as capability increases CYBERSECURITY CAPABILITY 5. Invest accordingly 4. Insurers want insureds to be on the flatter part of the capability curve 3. Insurance transfers impact and results in a quantum risk reduction Axio Overview 19
20 Solving Cyber Risk TM Foundational Process Exposure Quantification Answering Three Fundamental Questions What is my cyber exposure? What is at risk? Cyber Program Evaluation Insurance Analysis and Stress Test Are my cyber defense and response capabilities mature? Do I have the financial ability to recover from an event? Axio Overview 08/17/17 20
21 Tangible Impacts Financial Impacts Develop & Quantify Cyber Loss Scenarios Identify several high-impact, notional, feasible cyber loss scenarios specific to your organization/operations First Party Third Party Estimate impact for selected scenarios using a structured impact taxonomy Four quadrant model All impacts from any cyber event can be categorized into these quadrants Exposure Quantification Axio Overview 08/17/17 21
22 Top Quadrants: Financial Impacts Some of these impacts are data-breach centric; many could apply to any event. Financial Impacts First Party Impacts Response costs: forensics, notifications, credit monitoring Legal expenses: advice and regulatory filings Lost income from network or computer outages, including cloud Theft of funds or securities Cost of restoring lost data Cyber extortion expenses Value of stolen Exposure Quantification intellectual property Other financial Third Party Impacts Consequential lost income Restoration expenses Legal defense Civil fines and penalties Shareholder losses Other financial damages Axio Overview 08/17/17 22
23 Bottom Quadrants: Tangible Impacts These impacts are of increasing concern to all companies, especially critical infrastructure Tangible Impacts First Party Impacts Mechanical breakdown of your equipment Destruction or damage to your facilities or other property Environmental cleanup of your property Lost income from physical damage to your (or dependent) equipment or facilities (business interruption) Bodily injury to your employees Other tangible damages Third Party Impacts Mechanical breakdown of others equipment Destruction or damage to others facilities or other property Environmental cleanup of others property Bodily injury to others Product liability Product recall expenses Other tangible damages Exposure Quantification Axio Overview 08/17/17 23
24 Cybersecurity Program Evaluation Are my cyber defense and response capabilities mature? Program Element Maturity Use a framework or model to evaluate cyber security program Consider multiple evaluations in large organizations for internal benchmarking Use results to identify and prioritize improvements The C2M2 is a solid resource for efficient programmatic review Cyber Program Evaluation Axio Overview 08/17/17 24
25 Tangible Financial Review & Stress Test Insurance Portfolio Review all insurance policies to understand cyber coverage or exclusion Stress test insurance portfolio with the loss scenarios Affirmative (favorable) 1 st Party 3 rd Party Cyber Inclusion Silence Policy Languag e Silence Uncertainty Cyber Exclusion Partial Strong/clear (i.e., CL 380) Insurance Analysis and Stress Test Axio Overview 08/17/17 25
26 Tangible Impacts Financial Impacts Stress Testing Informs Balance Sheet Impact First Party Third Party Quadrant impact: $55,000,000 Insurance: $20,000,000 Balance sheet impact: $35,000,000 Quadrant impact: $5,000,000 Insurance: $5,000,000 Balance sheet impact: $0 Event Totals Gross impact: $295,000,000 Quadrant impact: $175,000,000 Insurance: $150,000,000 Balance sheet impact: $25,000,000 Quadrant impact: $60,000,000 Insurance: $50,000,000 Balance sheet impact: $10,000,000 Insurance: $225,000,000 Balance sheet impact: $70,000,000 Insurance Analysis and Stress Test Axio Overview 08/17/17 26
27 Tangible Impacts Financial Impacts Cyber Peril Coverage Options First Party Intellectual Property Third Party Traditional Cyber Insurance Broad market Important for all firms with a data breach exposure Forensics, data restoration, PR, and extortion coverage are more broadly applicable Exclusion buyback, DIC, & Standalone Coverage Emerging market Important for firms with exclusions in property or casualty coverage Affirmative coverage for bricking of computers is also available Insurance Analysis and Stress Test Axio Overview 08/17/17 27
28 Compensating Controls & Underwriting Criteria willistowerswatson.com 2017 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 28
29 Willis Towers Watson 2017 Energy Conference 2017
30 Tangible Financial Cyber Coverage is Evolving Lines between policies are blurring 1 st Party Damages 3 rd Party Damages Newer Property Policies Newer FL offerings, including AIG s CyberEdge Plus Casualty Property policies are increasingly providing coverage for data, even when there is no real property damage (FM, and AIG s Property Performance forms starting in 2014). Some FL-based Cyber policies are extending cover to bodily injury and tangible property damage. AIG s CyberEdge Plus extends the CyberEdge coverage down to the lower left and right quadrants (to cover cyber physical ) 30
31 3 1 Underwriting Criteria 1 2 Submission requirements & underwriting standards vary: From Insurer to Insurer different Insurers see different risk indicators From risk to risk, including: By size By threat/industry By asset applicability (e.g., ICS vs PoS) By coverage (cyber-physical vs non-physical, 1 st vs 3 rd, etc) Most underwriting involves: Evaluation of threat: how much does applicant deviate from Insurer s baseline threat assessment Evaluation of impact: type of data, criticality of systems Evaluation of risk reduction efforts: infosec maturity/governance, control effectiveness, passive safety controls for cyber-physical
32 Controls What Underwriters Look For Governance, Culture & Training Who is the org s information security leader? Do they have adequate resources and authority? How is information security measured and communicated to the BoD? Does the org have an information security management system? Do employees receive security awareness training? How does the org practice incident response? Technical Controls Does the org: manage all devices on the network? manage the security configuration of devices? log important events, and analyze those logs for unusual behavior/signs of attack? use MFA to authenticate users for critical systems and remote access? have a process to secure data at rest? segment critical systems? 32
33 Segmentation Traditionally air gapped OT is increasingly joined to IT for automation Flat networks expose OT environment to IT environment s risk No opportunity to apply OT-specific ACLs Any failure in IT environment malicious or not likely to impact OT environment Easier for attackers to pivot to their goal 3 rd -Party Control Network (OT) RISK Business Network (IT) PLC PLC HMI Control Server RISK Workstations, servers, databases, printers Internet 33
34 Segmentation Segmentation provides enhanced security visibility Easier to pick out unusual traffic Sneakernet still a risk, but likely less dependency on removable media Solutions such as data diodes can allow one way flow of data for reporting Control Network (OT) Monitoring system SIEM: security information and event management Business Network (IT) 3 rd -Party PLC PLC HMI Control Server DMZ Workstations, servers, databases, printers Internet 34
35 American International Group, Inc. (AIG) is a leading international insurance organization serving customers in more than 130 countries and jurisdictions. AIG companies serve commercial, institutional, and individual customers through one of the most extensive worldwide property-casualty networks of any insurer. In addition, AIG companies are leading providers of life insurance and retirement services in the United States. AIG common stock is listed on the New York Stock Exchange and the Tokyo Stock Exchange. Additional information about AIG can be found at YouTube: LinkedIn: AIG is the marketing name for the worldwide property-casualty, life and retirement, and general insurance operations of American International Group, Inc. For additional information, please visit our website at All products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Products or services may not be available in all countries, and coverage is subject to actual policy language. Non-insurance products and services may be provided by independent third parties. Certain property-casualty coverages may be provided by a surplus lines insurer. Surplus lines insurers do not generally participate in state guaranty funds, and insureds are therefore not protected by such funds. The data contained in this presentation are for general informational purposes only. The advice of a professional insurance broker and counsel should always be obtained before purchasing any insurance product or service. The information contained herein has been compiled from sources believed to be reliable. No warranty, guarantee, or representation, either expressed or implied, is made as to the correctness or sufficiency of any representation contained herein. American International Group, Inc. All rights reserved. 35
36 Loss Recovery willistowerswatson.com 2017 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only. 36
37 Charles Taylor Adjusting -Cyber Overview -Incident Response Plan willistowerswatson.com
38 Charles Taylor Group - global insurance sector focused The leading specialist provider of professional services to clients throughout the global insurance market Professional Services Management Services provides end-to-end management of insurance companies and associations Adjusting Services provides loss adjusting services across the aviation, energy, marine, property, casualty and special risks sectors Insurance Support Services provides a range of outsourced professional, technology and support services Life Owns and consolidates international life insurance businesses, which are primarily in run-off 1884 CT established 71 Offices 169m 2016 revenue 1,800 Employees 28 Countries 100 % Focus willistowerswatson.com 38
39 CTA Loss Adjusting Business Model Knowledge Offer unmatched level of deep technical expertise across all four of the main product areas in insurance. Talent Identify and develop next generation of loss adjusting talent. Global Network Expand geographic footprint to maintain local presence whilst connected to the global insurance hubs. Client Centricity Ensure we remain client centric and that both client service and value are at the heart of all the things that we deliver. Innovation Use the best of Charles Taylor to develop innovative solutions that improve our efficiency and advance the technological capabilities of our client. willistowerswatson.com Market Relevant Services Use our extensive network to identify emerging risks and invest in market relevant services e.g. cyber risk. Copyright 2017 Charles Taylor plc All Rights Reserved. 39
40 What is Cyber all about? Cyber Agenda Review Cyber Risk Exposure compliance, persistent threats, critical infrastructure threats, IOT Assessing Cyber Risk The Axio Foundation Exposure Quantification Cyber Program Evaluation Insurance Analysis and Stress Test Financial / Tangible Compensating Controls & UW Criteria evolving cyber coverage, blurred lines, UW risks What does it all mean? Resiliency solutions to inside and outside threats Protecting digital assets, physical assets, and information Ensuring business continuity Understanding what the wizard does behind the curtain! willistowerswatson.com 40
41 Severity Historical State of Cyber Vandalism / Disruption Worms Viruses Cybercrime Spyware / Bots Cyberespionage and Cybercrime APT Zero-Day Targeted Attacks Dynamic Trojans Stealth Bots POS Ransom-ware ICS/ SCADA Weaponized Malware Manufacturing Power grids Time Frame willistowerswatson.com Source WGM Holdings LLC Cyber Security Information Security and Risk Management 41
42 Success in Mitigation and Handling Losses/Incidents Cyber Early enactment of the Cyber Response Plan Contingency planning to maintain operations Tight contractual wordings for risk avoidance / risk transfer with customer / suppliers Adequate financial resources to respond swiftly internal coffers Corporate culture of protection with BOD buy-in Early FNOL engagement of Incident Response Team Pre-loss working relationship with Incident Response Team vendors Skilled Incident Response Team vendor panel Well defined and understood insurance program / coverage willistowerswatson.com 42
43 Cyber Response Plan and Additional Actions Preparedness Cyber Response Plan Avoid dwell time Extensive encryption Back-up, back-up, back-up People = greatest risk Invest Employee training Budget for IT systems and safeguards Procure specific insurance protection or finance for coverage shortfalls Pre-selected and vetted vendors willistowerswatson.com 43
44 Cyber Response Plan and Additional Actions Notification / Legal Arena When and how to notify: Clients Regulators Third Parties New legislation Class Actions Sanctions Fines and Penalties Protect Reputation Risk Competitors pounce to take market share Competing / Overlapping coverage Assess priority and multi-policy involvement pre-incident willistowerswatson.com 44
45 Lessons Learned Experience from Cyber Incident Handling Claims under Traditional Cyber Products Cost benefit analysis needs to be part of the Cyber Response Plan Buy coverage for business needs Communication is key Timely root cause investigation by an IT Forensic expert Evolving Product Considerations Report losses to all insurers silent cyber risk Standard wording and terminology sought by the marketplace Plain language policy wording is more flexible Compensating Contracts and SLAs willistowerswatson.com 45
46 CTA Cyber Expertise Key Points More than 35 specialist adjusters / Incident Managers (IMs) in the world to assist Recognized global expertise Multilingual claims / IM response Focal points in Asia, Australia and New Zealand, USA, Canada and Europe, with one global point of contact Dedicated triage call centre Dedicated address ( cyber@ctplc.com) linking the specialist adjusters 24/7/365 response willistowerswatson.com 46
47 CTA Cyber Incident Management Process IM Notification Stage 1 Global Notification to CTA Andrew Shepherd & Laetitia Fouquet Charles Taylor Adjusting Ltd 88 Leadenhall Street London, UK EC3A 3BA T: +44 (0) E: cyber@ctplc.com Canada Michael Guy Charles Taylor Adjusting Ltd 700, 260 Bay Street Toronto, Ontario, T: E: cyber@ctplc.com / michael.guy@ctplc.com willistowerswatson.com 47
48 Incident Manager Role IM Preliminary Investigation Stages 2 to 4 Incident Manager - coordinate and communicate the information to the vendors Contingency Planning Source Consulting Vendors IT Forensics, PR, Forensic Accounting, Quantity Surveyors, Legal, etc. Assess current legal and regulatory obligations Understanding of financial and tangible / physical exposures across multiple industry sectors. Swift management to avoid issues with the media. Stage 4 CTA appoints relevant vendors Stage 3 CTA contacts insured Stage 2 CTA allocate Incident Manager willistowerswatson.com 48
49 Incident Management Process IM Stages 1 to 9 Stage 9 Wrap up/ Further Actions Stage 8 Conference call CTA, Legal, IT, Forensics Stage 7 Legal & CTA liaise Stage 6 IT Forensics & CTA liaise Stage 5 IT Forensic contacts Insured Stage 4 CTA appoints relevant vendors Stage 3 CTA contacts insured Stage 2 CTA allocate Incident Manager Stage 1 Notification to CTA willistowerswatson.com 49
50 Why CTA? Recognized name trusted and accepted by the global Insurance industry including underwriters, claims personnel, brokers and third party administrators. Unrivalled breadth and depth of expertise across Property, Casualty, Technical & Special Risks, Energy, Marine and Aviation. Extensive network of global offices strategically placed where our clients need us. Flexible commercial arrangements aligned to the value we provide to your Business. We enhance the claims experience of your clients through our technology powered solutions and service delivery. Viable long term partner to both Procurement and the Business - we combine breadth of services, product expertise and geographic reach, with the next generation of adjusting talent. willistowerswatson.com 50
Cyber Risk & Insurance
Cyber Risk & Insurance Digitalization in Insurance a Threat or an Opportunity Beirut, 3 & 4 May 2017 Alexander Blom - AIG 1 Today s Cyber Presentation Cyber risks insights from an insurance perspective
More informationAn Overview of Cyber Insurance at AIG
An Overview of Cyber Insurance at AIG Michael Lee, MBA Cyber Business Development Manager AIG 2018 Brittney Mishler, ARM Cyber Casualty Underwriting Specialist AIG Cyber Insurance It s a peril, not a product
More informationDEBUNKING MYTHS FOR CYBER INSURANCE
SESSION ID: GRC-F02 DEBUNKING MYTHS FOR CYBER INSURANCE Robert Jones Global Head of Financial Lines Specialty Claims AIG Garin Pace Cyber Product Leader AIG @Garin_Pace Introduction What Is Cyber Insurance?
More informationSolving Cyber Risk. Security Metrics and Insurance. Jason Christopher March 2017
Solving Cyber Risk Security Metrics and Insurance Jason Christopher March 2017 How We Try to Address Cyber Risk What is Cyber Risk? Definitions Who should be concerned? Key categories of cyber risk Cyber
More informationCyber a risk on the rise. Digitalization Conference Beirut, 4 May 2017 Fabian Willi, Cyber Risk Reinsurance Specialist
Cyber a risk on the rise Digitalization Conference Beirut, 4 May 2017 Fabian Willi, Cyber Risk Reinsurance Specialist Cyber data breaches reaching a new level 1 000 000 000 Source: http://money.cnn.com/2016/09/22/technology/yahoo-data-breach/
More informationCyber-Insurance: Fraud, Waste or Abuse?
SESSION ID: STR-F03 Cyber-Insurance: Fraud, Waste or Abuse? David Nathans Director of Security SOCSoter, Inc. @Zourick Cyber Insurance overview One Size Does Not Fit All 2 Our Research Reviewed many major
More informationJAMES GRAY SPECIAL GUEST 6/7/2017. Underwriter, London UK Specialty Treaty Beazley Group
SPECIAL GUEST JAMES GRAY Underwriter, London UK Specialty Treaty Beazley Group All 6 Beazley Lloyd's Syndicates are rated A (Excellent) by A.M. Best Admitted Carrier in the US Beazley Ins Co rated A (Excellent)
More informationCybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do
ARTICLE Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do By Gene Griggs and Saad Gul This article analyzes cybersecurity issues for retirement plans. Introduction
More informationCrawford & Company (Canada) Inc. Cyber Loss Management Program
Crawford & Company (Canada) Inc. Cyber Loss Management Program About Crawford & Company (Canada) Inc. Crawford & Company (Canada) Inc. is an independent provider of claims management solutions that has
More informationRisk Soup Du Jour Cyber panel discussion
Risk Soup Du Jour Cyber panel discussion Elicia Waggener Risk and Insurance Manager, Freeport LNG Alex Philips Chief Information Officer, National Oilwell Varco David White Founder & Chief Operating Officer,
More informationCrawford & Company (Canada) Inc. Cyber Loss Management Program
Crawford & Company (Canada) Inc. Cyber Loss Management Program About Crawford Crawford & Company (Canada) Inc. is an independent provider of claims management solutions that has specialized in claims and
More informationAdd our expertise to yours Protection from the consequences of cyber risks
CyberEdge THIS INFORMATION IS INTENDED FOR INSURANCE BROKERS AND OTHER INSURANCE PROFESSIONALS ONLY Add our expertise to yours Protection from the consequences of cyber risks What is CyberEdge? 2 CyberEdge
More informationCyber Enhancement Endorsement
Cyber Enhancement Endorsement What is Cyber Risk? Why should I buy Cyber Risk insurance? What is the cost? Why should I buy Great American s product? Who do I contact to learn more about Cyber Risk Insurance?
More informationYour defence toolkit. How to combat the cyber threat
Your defence toolkit How to combat the cyber threat Contents The threat of cyber crime 4 How UK businesses are targeted 6 Case studies 8 Why cyber security is so important to manufacturers now 10 The
More informationVaco Cyber Security Panel
Vaco Cyber Security Panel ISACA Charlotte Chapter December 5 th, 2017 Vaco is an international talent solutions firm headquartered in Nashville, Tennessee, with more than 35 locations around the globe.
More informationYou ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017
You ve been hacked Riekie Gordon & Roger Truebody & Alexandra Schudel Why should you care? U$4.6 - U$121 billion - Lloyds U$45 billion not covered 2 The plot thickens 2016 Barkly Survey: It s a business
More informationClient Risk Solutions Going beyond insurance. Overview
Client Risk Solutions Going beyond insurance Overview For nearly a century AIG has handled millions of business insurance claims throughout the world, giving us a vast storehouse of data and insights across
More informationTrends in Cyber-Insurance Coverage to Meet Insureds Needs
Trends in Cyber-Insurance Coverage to Meet Insureds Needs Linda Wendell Hsu Selman Breitman LLP 33 New Montgomery Street, Sixth Floor San Francisco, CA 94105 (415) 979-0400 lhsu@selmanlaw.com William A.
More informationProtecting Against the High Cost of Cyberfraud
Protecting Against the High Cost of Cyberfraud THE ROLE OF CYBER LIABILITY INSURANCE IN YOUR RISK MANAGEMENT STRATEGY Paying the Price...2 The Ransomware Scourge...3 Policy Provisions...3 Management Liability...4
More informationTech and Cyber Claims Services
Tech and Cyber Claims Services Insurance Tech, Cyber Claims and our Breach Response Service The technology industry is a significant area of expertise for the Firm where we advise on contentious and non-contentious
More informationRIMS Cyber Presentation
RIMS Cyber Presentation Forrest Pace Cyber & Strategic Risk Leader South Zone AIG Property Casualty Forrest.Pace@aig.com 1 Bio Forrest Pace is the Cyber and Strategic Risk Leader for the South Zone, coordinating
More informationCyber & Privacy Liability and Technology E&0
Cyber & Privacy Liability and Technology E&0 Risks and Coverage Geoff Kinsella Partner http://map.norsecorp.com http://www.youtube.com/watch?v=f7pyhn9ic9i Presentation Overview 1. The Cyber Evolution 2.
More informationClaims Made Basis. Underwritten by Underwriters at Lloyd s, London
APPLICATION for: NetGuard Plus Claims Made Basis. Underwritten by Underwriters at Lloyd s, London tice: The Policy for which this Application is made applies only to Claims made against any of the Insureds
More informationTHE GENERAL DATA PROTECTION REGULATION
THE GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ORGANISATIONS IN THE MIDDLE EAST The General Data Protection Regulation (GDPR) is a major revision to data protection laws in the EU and has potential
More informationSTEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH
STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH 2 THE CYBER AND DATA RISK TO YOUR BUSINESS This digital guide will help you find out more about the potential cyber and data risks to your business,
More informationS L tr lo a y t d egy s Cyber -Attack
Lloyd s Cyber-Attack Strategy 02 Introduction The focus of this paper is on insurance losses arising from malicious electronic acts, referred to throughout as cyber-attack. The malicious act is the proximate
More informationCyber Risks & Insurance
Cyber Risks & Insurance Bob Klobe Asst. Vice President & Cyber Security Subject Matter Expert Chubb Specialty Insurance Legal Disclaimer The views, information and content expressed herein are those of
More informationClient Risk Solutions Going beyond insurance. Risk solutions for Real Estate. Start
Client Risk Solutions Going beyond insurance Risk solutions for Real Estate Start Partnering to Reduce Risk Real estate owners, operators, managers and developers act vigorously to maintain profitability
More informationClient Risk Solutions Going beyond insurance. Risk solutions for the Manufacturing sector. Start
Client Risk Solutions Going beyond insurance Risk solutions for the Manufacturing sector Start Partnering to Reduce Risk Manufacturers are faced with a myriad of challenges including a rapid pace of innovation,
More informationCyber Liability State of the Insurance Market & Risk Update Sept 8, ISACA North Texas
Cyber Liability State of the Insurance Market & Risk Update Sept 8, 2016 ISACA North Texas Agenda Introduction Cyber Liability Overview State of Insurance Regulatory Update Questions and Discussion 2 Speakers
More informationCommercial Insurance >
Commercial Insurance AIG Commercial Insurance combines one of the world s farthest reaching property casualty networks with our diversified, multichannel distribution network to offer our customers a broad
More informationA GUIDE TO CYBER RISKS COVER
A GUIDE TO CYBER RISKS COVER Cyber risk the daily business threat to SMEs Cyber risks and data security breaches are a daily threat to everyday business. Less than 10% of UK companies have cyber insurance
More informationAPPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London
APPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London SECTION I. GENERAL INFORMATION 1. Name of Applicant: Physical Address: (as it should appear
More informationClient Risk Solutions Going beyond insurance. Risk solutions for Financial Institutions. Start
Client Risk Solutions Going beyond insurance Risk solutions for Financial Institutions Start Partnering to Reduce Risk Financial Institutions compete vigorously to maintain profitability and deliver superior
More informationThe working roundtable was conducted through two interdisciplinary panel sessions:
As advancements in technology enhance productivity, develop new businesses and enhance economic growth, malicious actors continue to advance as well, seeking to exploit technology for any number of criminal
More informationClient Risk Solutions Going beyond insurance. Risk solutions for the Healthcare sector. Start
Client Risk Solutions Going beyond insurance Risk solutions for the Healthcare sector Start Partnering to Reduce Risk Healthcare and life sciences companies face a wide array of risk challenges, stemming
More informationClient Risk Solutions Going beyond insurance. Risk solutions for Energy. Oil, Gas and Petrochemical. Start
Client Risk Solutions Going beyond insurance Risk solutions for Energy Oil, Gas and Petrochemical Start Partnering to Reduce Risk AIG s Client Risk Solutions (CRS) partners with organizations to build
More informationChubb Cyber Enterprise Risk Management
Chubb Cyber Enterprise Risk Management Fact Sheet Financial Lines Chubb Cyber Enterprise Risk Management When it comes to a data security breach or privacy loss, it isn t a matter of if it will happen
More informationClient Risk Solutions Going beyond insurance. Risk solutions for Retail. Start
Client Risk Solutions Going beyond insurance Risk solutions for Retail Start Partnering to Reduce Risk Retail companies compete vigorously to deliver superior service to customers with diverse and everchanging
More informationBank of America Merrill Lynch Future of Financials Conference 2018
Bank of America Merrill Lynch Future of Financials Conference 2018 Jason Witty EVP, Chief Information Security Officer November 5, 2018 U.S. BANCORP Forward-looking Statements and Additional Information
More informationCybersecurity Insurance: New Risks and New Challenges
SESSION ID: SDS1-F01 Cybersecurity Insurance: New Risks and New Challenges Mark Weatherford Chief Cybersecurity Strategist varmour @marktw The cybersecurity market in the Asia Pacific region contributes
More informationClient Risk Solutions Going beyond insurance. Risk solutions for Construction. Start
Client Risk Solutions Going beyond insurance Risk solutions for Construction Start Partnering to Reduce Risk AIG s Client Risk Solutions (CRS) team builds long-term relationships with organizations to
More informationHealthcare Data Breaches: Handle with Care.
Healthcare Data Breaches: Handle with Care November 13, 2012 ID Experts Webinar www.idexpertscorp.com The material presented in this presentation is not intended to provide legal or other expert advice
More informationCYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP
CYBER LIABILITY INSURANCE OVERVIEW FOR Prepared by: Evan Taylor NFP Targeted Industries Business Sector Financial Services 10% Non-Profit 11% Retail 10% Other 37% Other 18% Type of Data PII 40% Professional
More informationSara Robben, Statistical Advisor National Association of Insurance Commissioners
Moderated by Daniel Eliot, Director Small Business Programs National Cyber Security Alliance Sara Robben, Statistical Advisor National Association of Insurance Commissioners Angela Gleason, Senior Counsel
More informationCyber Risk Mitigation
Cyber Risk Mitigation Eide Bailly Howalt + McDowell Insurance Introduction Meet your presenters Eric Pulse Risk Advisory Director 20 years in the public accounting and consulting industry providing information
More informationPRIVACY AND CYBER SECURITY
PRIVACY AND CYBER SECURITY Presented by: Joe Marra, Senior Account Executive/Producer Stoya Corcoran, Assistant Vice President Presented to: CIFFA Members September 20, 2017 1 Disclaimer The information
More informationCyber Risk Insurance. Frequently Asked Questions
Cyber Risk Insurance Frequently Asked Questions Frequently Asked Questions What is Cyber Risk? Why should I buy Cyber Risk Insurance? What is the cost? Who is Great American Insurance? Why should I buy
More informationSurprisingly, only 40 percent of small and medium-sized enterprises (SMEs) believe their
When It Comes to Data Breaches, Why Are Corporations Largely Uninsured? Under Attack and Unprepared: Argo Group Cyber Insurance Survey 2017 Surprisingly, only 40 percent of small and medium-sized enterprises
More informationCYBER LIABILITY REINSURANCE SOLUTIONS
CYBER LIABILITY REINSURANCE SOLUTIONS CYBER STRONG. CYBER STRONG. State-of-the-Art Protection for Growing Cyber Risks Businesses of all sizes and in every industry are experiencing an increase in cyber
More informationHOW TO INSURE CYBER RISKS? Oulu Industry Summit
HOW TO INSURE CYBER RISKS? Oulu Industry Summit 2017 6.10.2017 Panu Peltomäki Liability and Financial Lines Practice Leader Marsh Oy Marsh A Leader in Quality, Scope, and Scale GLOBAL RISKS OF CONCERN
More informationCommercial Insurance >
Commercial Insurance AIG Commercial Insurance combines one of the world s farthest reaching property casualty networks with our diversified, multichannel distribution network to offer our customers a broad
More informationCyberMatics SM FAQs. General Questions
CyberMatics SM FAQs General Questions What is CyberMatics? Like telematics for auto insurance, CyberMatics is a technology-driven process to help clients understand their current cyber risk as seen by
More informationThe Internet of Everything: Building Cyber Resilience in a Connected World
The Internet of Everything: Building Cyber Resilience in a Connected World The Internet of Things (IoT) is everywhere, ushering in a technological revolution at lightning speed. According to an Oliver
More informationWe are the world s largest insurance organization, with more than 64,000 employees across the globe. This guide explains what we re about and what
Welcome to AIG 2 We are the world s largest insurance organization, with more than 64,000 employees across the globe. This guide explains what we re about and what you can expect from us. It s a changing
More informationAt the Heart of Cyber Risk Mitigation
At the Heart of Cyber Risk Mitigation De-risking Cyber Threats with Insurance Vikram Singh Abstract Management of risks is an integral part of the insurance industry. Companies have succeeded in identifying
More informationLarge Limits Playbook. Building Successful Partnerships with Large Limit Clients
Large Limits Playbook Building Successful Partnerships with Large Limit Clients Unlocking $2.5 Billion in Capacity As organizations grow, so does their need for quality, uniform insurance coverage limits.
More informationIT Risk in Credit Unions - Thematic Review Findings
IT Risk in Credit Unions - Thematic Review Findings January 2018 Central Bank of Ireland Findings from IT Thematic Review in Credit Unions Page 2 Table of Contents 1. Executive Summary... 3 1.1 Purpose...
More informationClient Risk Solutions Going beyond insurance. Risk solutions for Energy. Chemical. Start
Client Risk Solutions Going beyond insurance Risk solutions for Energy Chemical Start Partnering to Reduce Risk AIG s Client Risk Solutions (CRS) partners with organizations to build long-term relationships
More informationOvercoming Enterprise Disruptions
Overcoming Enterprise Disruptions New Risk Tools Help Companies with the Uninsurable March 2011 Lockton Companies The commercial and operational realities of today s global business Emily Freeman Executive
More informationChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them
ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them PROVIDED BY HUB INTERNATIONAL October 25th, 2016 W W W. C H I C A G O L A N D R I S K F O R U M. O R G AGENDA 1. The evolution of
More informationCybersecurity Insurance: The Catalyst We've Been Waiting For
SESSION ID: CRWD-W16 Cybersecurity Insurance: The Catalyst We've Been Waiting For Mark Weatherford Chief Cybersecurity Strategist varmour @marktw Agenda Insurance challenges in the market today 10 reasons
More informationA FRAMEWORK FOR MANAGING CYBER RISK APRIL 2015
APRIL 2015 CYBER RISK IS HERE TO STAY Even an unlimited budget for information security will not eliminate your cyber risk. Tom Reagan Marsh Cyber Practice Leader 2 SIMPLIFIED CYBER RISK MANAGEMENT FRAMEWORK
More informationConSept: Policy Highlights: Other Coverage Features
An ever changing and increasingly regulated business environment presents a plethora of risks and threats for Companies, who face potential litigation, financial loss, discrimination claims or on-line
More informationAllianz Global Corporate & Specialty Pacific. Allianz Cyber Protect Premium
Allianz Global Corporate & Specialty Pacific Allianz Cyber Protect Premium Contents Allianz Cyber Protect Premium... 3 Comprehensive protection for your business... 3 What is the full impact of a cyber
More informationCyber Risk Management
Cyber Risk Management Privacy & Data Protection Agenda 2 Introductions Risk Management 101 Defining & Quantifying a Breach Prevention, Mitigation & Transfer Strategies Finance Strategy- Cyber Insurance
More informationCyber Risks A Reinsurer s Perspective on Exposure & Claims. EMEA Claims Conference 2018, Rüschlikon, 6th 7th March, Anthony Cordonnier
Cyber Risks A Reinsurer s Perspective on Exposure & Claims EMEA Claims Conference 2018, Rüschlikon, 6th 7th March, Anthony Cordonnier Cyber: a claims sprint through the last year (and a bit ) Source: wikipedia.org
More informationLargest Risk for Public Pension Plans (Other Than Funding) Cybersecurity
Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity 2017 Public Safety Employees Pension & Benefits Conference Ronald A. King (517) 318-3015 rking@ I am convinced that there are only
More information2015 EMEA Cyber Impact Report
Published: June 2015 2015 EMEA Cyber Impact Report The increasing cyber threat what is the true cost to business? Research independently conducted by Ponemon Institute LLC and commissioned by Aon Risk
More informationA broker guide to selling cyber insurance. CyberEdge Sales Playbook
A broker guide to selling cyber insurance CyberEdge Sales Playbook IN 5 Cyber is consistently one of the top three risks businesses face, with the average cost of a breach at approximately $4.3 million.
More informationSixth Annual Benchmark Study on Privacy & Security of Healthcare Data
Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data Sponsored by ID Experts Independently conducted by Ponemon Institute LLC Publication Date: May 2016 Ponemon Institute Research Report
More informationBRIDGING THE GAP OF GRIEF WITH BUSINESS-DRIVEN SECURITY. Mohammad Alazab Enterprise Security Architect
BRIDGING THE GAP OF GRIEF WITH BUSINESS-DRIVEN SECURITY Mohammad Alazab Enterprise Security Architect 1 TODAY S SECURITY ISN T WORKING 70% 90% Compromised in the last year 1 80% Are unsatisfied CISO s
More informationHEALTHCARE INDUSTRY SESSION CYBER IND 011
HEALTHCARE INDUSTRY SESSION CYBER IND 011 Speakers: Jody Westby, Chief Executive Officer, Global Cyber Risk René Siemens, Partner, Covington & Burling LLP Brent Rieth, Senior Vice President and Team Leader,
More informationCAPITAL WORKPAPERS TO PREPARED DIRECT TESTIMONY OF GAVIN H. WORDEN ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY BEFORE THE PUBLIC UTILITIES COMMISSION
Application of SOUTHERN CALIFORNIA GAS COMPANY for authority to update its gas revenue requirement and base rates effective January 1, 219 (U 94-G) ) ) ) ) Application No. 17-1- Exhibit No.: (SCG-27-CWP)
More informationT A B L E of C O N T E N T S
INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT THE FIFTH ANNUAL SURVEY ON THE CURRENT STATE OF AND TRENDS IN INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT Sponsored by October 2015
More informationCybersecurity Privacy and Network Security and Risk Mitigation
Ask the Experts at fi360 2016 Cybersecurity Privacy and Network Security and Risk Mitigation Gary Sutherland, NAPLIA CEO Brian Edelman, Financial Computer Inc. CEO Paul Smith, AIF NAPLIA SVP SEC s 1st
More informationCyber Security & Insurance Solution Karachi, Pakistan
March 2017 Cyber Security & Insurance Solution Karachi, Pakistan Ram Garg CFA, MBA Financial & Casualty Line J B Boda & Co (Singapore) Pte Ltd Karachi Insurance Institute Agenda Cyber Risk - Background
More informationCyber & Network Risk. Products & Services
Cyber & Network Risk Products & Services We offer our insureds and broker partners a dedicated, industry recognized team backed by the scale, ratings and financial stability of one of the largest global
More informationCyber COPE. Transforming Cyber Underwriting by Russ Cohen
Cyber COPE Transforming Cyber Underwriting by Russ Cohen Business Descriptor How tall is your office building? How close is the nearest fire hydrant? Does the building have an alarm system? Insurance companies
More information2015 Latin America Cyber Impact Report
2015 Latin America Cyber Impact Report Sponsored by Aon Risk Services Independently conducted by Ponemon Institute LLC Publication Date: June 2015 2015 Latin America Cyber Impact Report Ponemon Institute,
More informationCyber Security Liability:
www.mcgrathinsurance.com Cyber Security Liability: How to protect your business from a cyber security threat or breach. 01001101011000110100011101110010011000010111010001101000001000000100100101101110011100110111
More informationInsuring your online world, even when you re offline. Masterpiece Cyber Protection
Insuring your online world, even when you re offline Masterpiece Cyber Protection Protect your online information from being an open network 97% of Chubb clients who had a claim paid were highly satisfied
More informationComplex and large loss claims solutions
Complex and large loss claims solutions Significant complex losses present different challenges and expectations. Vericlaim Canada understands that the essential requirements of managing large loss claims
More informationIndustryEdge for technology companies OUR KNOWLEDGE IS YOUR EDGE
IndustryEdge for technology companies OUR KNOWLEDGE IS YOUR EDGE OUR KNOWLEDGE IS YOUR EDGE IndustryEdge At Travelers, we recognise that no two industries are the same and that dealing with the complexities
More information2018 Cyber & Tech Liability Risk Transfer Update Part 2
2018 Cyber & Tech Liability Risk Transfer Update Part 2 For: PARMA February 15, 2018 (Revised 2.19.2018) Copy of handout at www./parma2.pdf By: Robert J. Marshburn, CRM, CIC, ARM, CRIS, CISC, CCIP R. J.
More informationCase study. Malware mayhem. A targeted ransomware attack on a technology provider opens up a can of worms
Case study Malware mayhem A targeted ransomware attack on a technology provider opens up a can of worms Ransomware is one of the fastest growing forms of cybercrime in the world. According to our own claims
More informationHIPAA Compliance Guide
This document provides an overview of the Health Insurance Portability and Accountability Act (HIPAA) compliance requirements. It covers the relevant legislation, required procedures, and ways that your
More informationEnhanced Cyber Risk Management Standards. Advance Notice of Proposed Rulemaking
Draft 11/29/16 Enhanced Cyber Risk Management Standards Advance Notice of Proposed Rulemaking The left column in the table below sets forth the general concepts that the federal banking agencies are considering
More informationLloyd s Asia. Underwriting human progress
Lloyd s Asia Underwriting human progress What is Lloyd s? Lloyd s is the world s specialist insurance and reinsurance market. With expertise earned over centuries, Lloyd s is the foundation of the insurance
More informationThe Continuous Evolution of the. Implications (Session Code CRM11/690)
The Continuous Evolution of the Internet of Things and Insurance Implications (Session Code CRM11/690) Speakers: Denise C. Schlitt, Director, Global Risk Management NCR Corporation Fredrik Motzfeldt -
More informationGlobal Property Construction
Global Property Construction Overview From Ground-Breaking to Sky-Scraping Every stage of a construction project, from planning and design to final inspections and operation, is accompanied by numerous
More informationLloyd s Asia. Underwriting human progress. Lloyds Global Brochure - ASIA_154x233_V6.indd 1 22/08/ :51
Lloyd s Asia Underwriting human progress Lloyds Global Brochure - ASIA_154x233_V6.indd 1 22/08/2016 10:51 What is Lloyd s? Lloyd s is the world s specialist insurance and reinsurance market. With expertise
More informationData Security Addendum for inclusion in the Contract between George Mason University (the University ) and the Selected Firm/Vendor
Data Security Addendum for inclusion in the Contract between George Mason University (the University ) and the Selected Firm/Vendor This Addendum is applicable only in those situations where the Selected
More informationEvaluating Your Company s Data Protection & Recovery Plan
Evaluating Your Company s Data Protection & Recovery Plan CBIA Cybersecurity Webinar Series 11AM 12PM Part V. Presented by: Stewart Tosh Charles Bellingrath Date: December 7, 2017 Today s presenters Stewart
More informationNZI LIABILITY CYBER. Are you protected?
NZI LIABILITY CYBER Are you protected? Any business that operates online is vulnerable to cyber attacks and data breaches. From viruses and hackers to employee error and system damage, your business is
More informationFM Global. First-Party Property Cyber Coverage
First-Party Property Cyber Coverage Introduction Cyber is Board of Directors level concern #1 issue for commercial insurance industry Everyone on steep learning curve Objective and Agenda Understand differences
More informationJeffrey A. Slotnick CPP, PSP Ron Worman, The Sage Group The ESRM Commission
1 E N T E R P R I S E S E C U R I T Y R I S K M A N A G E M E N T : A N I N T R O D U C T I O N A N D P R O B L E M B A S E D E X E R C I S E Jeffrey A. Slotnick CPP, PSP Ron Worman, The Sage Group The
More informationCyberinsurance: Necessary, Expensive and Confusing as Hell. Presenters: Sharon Nelson and Judy Selby
Cyberinsurance: Necessary, Expensive and Confusing as Hell Presenters: Sharon Nelson and Judy Selby Setting the stage 2018 report from PwC one-third of US businesses have some form of cyberinsurance PwC
More informationCyber ERM Proposal Form
Cyber ERM Proposal Form This document allows Chubb to gather the needed information to assess the risks related to the information systems of the prospective insured. Please note that completing this proposal
More informationRISK FACTOR ACKNOWLEDGEMENT AGREEMENT
RISK FACTOR ACKNOWLEDGEMENT AGREEMENT Risk Factors. AN INVESTMENT IN FROG PERFORMANCE, LLC. INVOLVES HIGH RISK AND SHOULD BE CONSIDERED ONLY BY PURCHASERS WHO CAN AFFORD THE LOSS OF THE ENTIRE INVESTMENT.
More information