Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity

Similar documents
Cyber-Insurance: Fraud, Waste or Abuse?

PRIVACY AND CYBER SECURITY

Data Breach Program Pricing Companies with revenues less than $1,000,000

Cybersecurity Privacy and Network Security and Risk Mitigation

CYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP

The Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage

NZI LIABILITY CYBER. Are you protected?

Cyber Risks & Cyber Insurance

Cyber Security Liability:

Cyber Insurance for Lawyers

STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH

LIABILITY INTERRUPTION OF ACTIVITIES CYBER CRIMINALITY OWN DAMAGE AND COSTS OPTION: LEGAL ASSISTANCE

Cyber breaches: are you prepared?

Cyber Liability A New Must Have Coverage for Your Soccer Organization

Cyber Risk Mitigation

Cyber Liability Insurance. Data Security, Privacy and Multimedia Protection


A GUIDE TO CYBER RISKS COVER

Cyber Risks & Insurance

You ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017

ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them

CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY

CYBER LIABILITY REINSURANCE SOLUTIONS

JAMES GRAY SPECIAL GUEST 6/7/2017. Underwriter, London UK Specialty Treaty Beazley Group

Privacy and Data Breach Protection Modular application form

Cyber Enhancement Endorsement

Cyber, Data Risk and Media Insurance Application form

Cyber Risk & Insurance

Protecting Against the High Cost of Cyberfraud

Add our expertise to yours Protection from the consequences of cyber risks

Allianz Global Corporate & Specialty Pacific. Allianz Cyber Protect Premium

Cyber Risk Proposal Form

Electronic Commerce and Cyber Risk

Cyber Liability: New Exposures

Cyber & Privacy Liability and Technology E&0

Chubb Cyber Enterprise Risk Management

At the Heart of Cyber Risk Mitigation

A FRAMEWORK FOR MANAGING CYBER RISK APRIL 2015

Cyber Liability Insurance for Sports Organizations

MEDIATECH INSURANCE APPLICATION THIS APPLICATION IS FOR A CLAIMS MADE POLICY PLEASE INDICATE WHICH COVERAGES ARE REQUIRED Technology and Professional

Whitepaper: Cyber Liability Insurance Overview

Cyber Risk Management

CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING

Cyber Liability Launch Event Moscow

Cyber Risk Insurance. Frequently Asked Questions

Cyber Security & Insurance Solution Karachi, Pakistan

Sara Robben, Statistical Advisor National Association of Insurance Commissioners

Surprisingly, only 40 percent of small and medium-sized enterprises (SMEs) believe their


ACORD 834 (2014/12) - Cyber and Privacy Coverage Section

CYBER AND INFORMATION SECURITY COVERAGE APPLICATION

ANALYSIS & ASSESSMENT OF TECHNOLOGY FROM A BOARD S PERSPECTIVE STEPHANIE L. BUCKLEW SLB CONSULTING

Evaluating Your Company s Data Protection & Recovery Plan

Errors and Omissions, Media and Privacy (EMP) Claims Examples

Solving Cyber Risk. Security Metrics and Insurance. Jason Christopher March 2017

NAIC BLANKS (E) WORKING GROUP

Your defence toolkit. How to combat the cyber threat

Cyber Security Insurance Proposal Form

STEPPING INTO THE BREACH A GUIDE TO CYBER AND DATA INSURANCE

Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do

CyberPro: Insurance, Risk Management and Breach Response Services

CAPITAL WORKPAPERS TO PREPARED DIRECT TESTIMONY OF GAVIN H. WORDEN ON BEHALF OF SOUTHERN CALIFORNIA GAS COMPANY BEFORE THE PUBLIC UTILITIES COMMISSION

Fraud and Cyber Insurance Discussion. Will Carlin Ashley Bauer

APPLICATION FOR DATA BREACH AND PRIVACY LIABILITY, DATA BREACH LOSS TO INSURED AND ELECTRONIC MEDIA LIABILITY INSURANCE

HEALTHCARE INDUSTRY SESSION CYBER IND 011

Combined Liability Insurance for Financial Technology Companies Proposal Form

Claims Made Basis. Underwritten by Underwriters at Lloyd s, London

IDENTITY THEFT COVERAGE ON INSURANCE POLICIES SPONSORED BY

2017 Global Cyber Risk Transfer Comparison Report

Untangling the Web of Cyber Risk: An Insurance Perspective

Cyberinsurance: Necessary, Expensive and Confusing as Hell. Presenters: Sharon Nelson and Judy Selby

Cyber Liability State of the Insurance Market & Risk Update Sept 8, ISACA North Texas

Insuring your online world, even when you re offline. Masterpiece Cyber Protection

AXIS PRO PRIVASURE INSURA

A New Era In Information Security and Cyber Liability Risk Management. A Survey on Enterprise-wide Cyber Risk Management Practices.

Insurance Coverage Playbook for Unions in the 21 st Century: Is There A Silver Lining

Managing E-Commerce Risks

Emerging legal and regulatory risks

Cybersecurity Curveballs in Vendor Risk Management Programs

NON-PROFIT INSURANCE 101. Presented by Jamie Saunders and Jeff McCann

PAI Secure Program Guide

Information Security and Third-Party Service Provider Agreements

2015 Latin America Cyber Impact Report

MANAGING DATA BREACH

Invas ion of Privacy, Hacking and Intellectual Property Claims : Are You Covered?

Vaco Cyber Security Panel

INTRODUCTION... ERROR! BOOKMARK NOT DEFINED. YOUR ORGANIZATION... ERROR! BOOKMARK NOT DEFINED. EXPERTISE... ERROR! BOOKMARK NOT DEFINED.

HOW TO INSURE CYBER RISKS? Oulu Industry Summit

IS YOUR CYBER LIABILITY INSURANCE ANY GOOD? A GUIDE FOR BANKS TO EVALUATE THEIR CYBER LIABILITY INSURANCE COVERAGE

ConSept: Policy Highlights: Other Coverage Features

2017 Cyber Security and Data Privacy Study

Does the Applicant provide data processing, storage or hosting services to third parties? Yes No

Be the GAME CHANGER.

OLD DOMINION UNIVERSITY PCI SECURITY AWARENESS TRAINING OFFICE OF FINANCE

The Smartest Employee Benefit Is Identity Theft Management

ProtoType 2.0 Manufacturing E&O with CyberInfusion

Tech and Cyber Claims Services

Data Security Addendum for inclusion in the Contract between George Mason University (the University ) and the Selected Firm/Vendor

DEBUNKING MYTHS FOR CYBER INSURANCE

ZURICH LAWYERS PROFESSIONAL LIABILITY INSURANCE APPLICATION

Transcription:

Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity 2017 Public Safety Employees Pension & Benefits Conference Ronald A. King (517) 318-3015 rking@

I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again. Former FBI Director Robert Mueller RSA Cybersecurity Conference March 2012 2

2017: Equifax: 143 million accounts affected X-Box: 1.2 million accounts affected 2016: Yahoo!: 500 million accounts stolen ( state-sponsored actor allegedly responsible) Verizon Enterprise Solutions: 1.5 million accounts affected 2013: Target: 40 million credit and debit card accounts taken ($252 mil cost/$90 mil covered) IF A BREACH OCCURS, EXPECT LITIGATION (LIKELY CLASS ACTION) 3

THREAT ACTORS Cybercriminals Hackers Hactivists Government surveillance State sponsored / condoned espionage Insiders (disgruntled/dishonest/bored/untrained) 4

SECURITY REQUIREMENTS Third Parties Firewalls Assign Responsibility Patching Monitor + Update Risk Assessment Passwords Background Checks Limit Access Encryption Comprehensive Plan Need to Know Technical Administrative Physical Training 5

KEY SECURITY QUESTIONS Have you performed a risk assessment? Do you have an actionable incident response plan? What tools do you have to manage situations/consequences? Do your processes allow for effective management in crisis? Have you identified key personnel in the event of a crisis? Have you trained your employees lately on cybersecurity? Have you updated your privacy policy? Do you have a recent terms & conditions on your site? Would you consider yourself security aware? If you answered NO to any of these, why is that? 6

RISK ASSESSMENT Step 1: Identity Information Assets (data, software, hardware, appliances and infrastructure) Step 2: Classify Information Assets Step 3: Identify Security Requirements (statutes/regulations, contracts, common law, organization needs) Step 4: Identify Risks 7

INCIDENT RESPONSE PLANS Preparing for WHEN a business will be breached, not IF your organization may be breached Words to Live by: Identify & Protect + Detect, Respond & Recover 8

PUBLIC PENSION SYSTEMS Personally Identifiable Information ( PII ) to consider: Social Security Numbers Dates of Birth Addresses Bank Account Information Protected Health Care Information (administration of disability benefits) 9

PUBLIC PENSION SYSTEMS (CONT.) Unique Challenges Antiquated IT systems Reliance on plan sponsors data management systems Limited resources Trustee buy-in Recruiting, attracting and retaining qualified staff 10

CYBERSECURITY ASSESSMENTS 11

CYBERSECURITY INSURANCE Even with an incident response plan and cybersecurity tools in place, you should still consider cybersecurity insurance as a fail safe to protect your business from cyber risks Standalone coverage usually Helps companies recover faster from data loss owing to a security breach or other cyber event Transfers some of financial risk of security breach Investigate current coverage before you apply Know the limitations of your coverage (likely will not cover theft of intellectual property) 12

TYPES OF INSURANCE Data breach/ privacy crisis management Multimedia/ Media liability coverage Extortion liability coverage Network security liability 13

INSURANCE CONSIDERATIONS Security controls to reduce premiums Undertaking a security risk review Assistance to improve information governance and information security Malicious act by employees Uncertainty about breaches prior to coverage Media protection Response plans/ roles of outside professionals Litigation/ Defense costs Choosing a broker 14

CYBER LIABILITY PROGRAM (1/2) NCPERS has partnered with Ullico and Arthur J. Gallagher & Co. to create a proprietary Cyber Liability policy with preferred rates and a simplified 5-question application process. The program is designed to provide limits ranging from $250,000 to $2MM with higher limits available upon request and a broad range of deductibles beginning as low as $2,500. Coverage includes: Privacy liability. Losses arising from failure to protect sensitive personal or health information in electronic or hard copy format. Includes regulatory defense and settlement Breach Notification. Data Breach counsel to provide immediate triage and consultation. Data Breach network of experts providing crisis management services including legal, computer forensics, regulatory and individual notification guidance, call center, credit monitoring and identity restoration services. Multimedia Liability. Coverage for claims related to multimedia activities such as defamation, libel, plagiarism or copyright infringement. 15

CYBER LIABILITY PROGRAM (2/2) Coverage includes (cont.): System Damage. Restore, re-collect, and replace data. Hire specialists, investigators, forensic auditors, and loss adjusters to review to substantiate the loss. Business Interruption. Net income policyholder would have earned. Loss of Business Income including normal operating expenses that were incurred or affected by the event. Regulatory Actions. Coverage for civil regulatory actions, expenses related to information requests, compensatory awards, and regulatory penalties and fines to the extent permitted by law. Cyber Threats & Extortions. Monies paid by policyholder following threat. PCI Fines. Fines and penalties from non-compliance with Payment Card Industry Data Security Standards. 16

QUESTIONS? Ronald A. King (517) 318-3015 rking@ 17

THANK YOU Legal Disclaimer: This document is not intended to give legal advice. It is comprised of general information. Persons facing specific issues should seek the assistance of an attorney.

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback