JAMES GRAY SPECIAL GUEST 6/7/2017. Underwriter, London UK Specialty Treaty Beazley Group

Similar documents
PRIVACY AND CYBER SECURITY

Cyber-Insurance: Fraud, Waste or Abuse?

CYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP

Your defence toolkit. How to combat the cyber threat

Cyber Risk Management

STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH

LIABILITY INTERRUPTION OF ACTIVITIES CYBER CRIMINALITY OWN DAMAGE AND COSTS OPTION: LEGAL ASSISTANCE

CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY

A GUIDE TO CYBER RISKS COVER

Cyber Liability Insurance for Sports Organizations

Cyber Risks & Insurance

Cyber Risk Insurance. Frequently Asked Questions

NZI LIABILITY CYBER. Are you protected?

Cyber Security Liability:

Cyber Enhancement Endorsement

Cyber Liability: New Exposures

Cyber Liability A New Must Have Coverage for Your Soccer Organization

ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them

Insuring your online world, even when you re offline. Masterpiece Cyber Protection

Protecting Against the High Cost of Cyberfraud

At the Heart of Cyber Risk Mitigation

You ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017

Cyber Risk Mitigation

Cyber & Privacy Liability and Technology E&0

Evaluating Your Company s Data Protection & Recovery Plan

Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity

Cyber Insurance for Lawyers

CYBER LIABILITY REINSURANCE SOLUTIONS

Cyber Risks & Cyber Insurance

Cyber Liability Insurance. Data Security, Privacy and Multimedia Protection

Beazley Financial Institutions

Data Breach Program Pricing Companies with revenues less than $1,000,000

Cybersecurity Privacy and Network Security and Risk Mitigation

The Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage

HOW TO INSURE CYBER RISKS? Oulu Industry Summit

When The Wind Blows: Renewable Energy Risk Management Strategies

Chubb Cyber Enterprise Risk Management

DATA COMPROMISE COVERAGE RESPONSE EXPENSES AND DEFENSE AND LIABILITY

MANAGING DATA BREACH

Cyber breaches: are you prepared?

Add our expertise to yours Protection from the consequences of cyber risks

Healthcare Data Breaches: Handle with Care.

PAI Secure Program Guide

Cyber Security & Insurance Solution Karachi, Pakistan

Electronic Commerce and Cyber Risk

DATA COMPROMISE COVERAGE FORM

Cyber Risk & Insurance

Personal Information Protection Act Breach Reporting Guide

DEBUNKING MYTHS FOR CYBER INSURANCE

Errors and Omissions, Media and Privacy (EMP) Claims Examples

Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data

We re Under Cyberattack Now What?! John Mullen, Partner/Co-founder, Mullen Coughlin Jason Bucher, Senior Underwriting Manager, Schinnerer Cyber

ProtoType 2.0 Manufacturing E&O with CyberInfusion

Surprisingly, only 40 percent of small and medium-sized enterprises (SMEs) believe their

Cyber Liability Launch Event Moscow

Claims Made Basis. Underwritten by Underwriters at Lloyd s, London

Vaco Cyber Security Panel

Tech and Cyber Claims Services

Untangling the Web of Cyber Risk: An Insurance Perspective

Privacy and Data Breach Protection Modular application form

australia Canada ireland israel united kingdom United states Rest of world cfcunderwriting.com

Providing greater coverage for the greater good.

Cyber, Data Risk and Media Insurance Application form

Insurance Buyers News

Trends in Cyber-Insurance Coverage to Meet Insureds Needs

An Overview of Cyber Insurance at AIG

Cyber a risk on the rise. Digitalization Conference Beirut, 4 May 2017 Fabian Willi, Cyber Risk Reinsurance Specialist

STEPPING INTO THE BREACH A GUIDE TO CYBER AND DATA INSURANCE

IS YOUR CYBER LIABILITY INSURANCE ANY GOOD? A GUIDE FOR BANKS TO EVALUATE THEIR CYBER LIABILITY INSURANCE COVERAGE

Case study. Malware mayhem. A targeted ransomware attack on a technology provider opens up a can of worms

ConSept: Policy Highlights: Other Coverage Features

A FRAMEWORK FOR MANAGING CYBER RISK APRIL 2015

What is a privacy breach / security breach?

CYBER AND INFORMATION SECURITY COVERAGE APPLICATION

THE GENERAL DATA PROTECTION REGULATION

ACORD 834 (2014/12) - Cyber and Privacy Coverage Section

FIDUCIARY LIABILITY Risk review performed for: Date:

Sara Robben, Statistical Advisor National Association of Insurance Commissioners

Cyber Risk Proposal Form

Cyber Liability State of the Insurance Market & Risk Update Sept 8, ISACA North Texas


MEDIATECH INSURANCE APPLICATION THIS APPLICATION IS FOR A CLAIMS MADE POLICY PLEASE INDICATE WHICH COVERAGES ARE REQUIRED Technology and Professional

Crawford Cyber Risk Services. A definitive solution for cyber-related events

ARE YOU HIP WITH HIPAA?

Professional Indemnity and Cyber Insurance for Technology Companies Summary of cover

HEALTHCARE INDUSTRY SESSION CYBER IND 011

Insurance Requirement Provisions in Technology Contracts: Mitigating Risk, Maximizing Coverage

Cyber Liability & Data Breach Insurance Nikos Georgopoulos Oracle Security Executives Breakfast 23 April Cyber Risks Advisor

CYBER INSURANCE IN IF - with a touch of Casualty - August 18 th 2017 Kristine Birk Wagner

APPLICATION FOR DATA BREACH AND PRIVACY LIABILITY, DATA BREACH LOSS TO INSURED AND ELECTRONIC MEDIA LIABILITY INSURANCE

Media Liability Risks for Financial Advisors

CyberSelect. Policy Wording. Issued by Agile Underwriting Services Pty Ltd ABN AFSL CyberSelect v.1.9

CYBER INSURANCE GUIDE

Whitepaper: Cyber Liability Insurance Overview

CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING

Credit Card Data Breaches: Protecting Your Company from the Hidden Surprises

Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do

Fraud and Cyber Insurance Discussion. Will Carlin Ashley Bauer

OLD DOMINION UNIVERSITY PCI SECURITY AWARENESS TRAINING OFFICE OF FINANCE

SPRINT CLOUDCOMPUTE INFRASTRUCTURE SERVICES PRODUCT ANNEX

Transcription:

SPECIAL GUEST JAMES GRAY Underwriter, London UK Specialty Treaty Beazley Group All 6 Beazley Lloyd's Syndicates are rated A (Excellent) by A.M. Best Admitted Carrier in the US Beazley Ins Co rated A (Excellent) A.M. Best Specialist insurer began in 1986 and has grown to over $2.1bn in gross written premium in 2016 1

AGENDA Why cyber and data threat protection Padlock Q & A WHY CYBER AND DATA THREAT PROTECTION. 2

I GLOBAL CYBER EXPOSURES The cyber risk to business is growing in frequency and financial impact. The cost to the global economy of cybercrime has been estimated at $445 billion a year (WE 2017). This threat is varied and adaptable, easier to attack than defend. The rise of internet connected devices (IoT) gives attackers more opportunity. Not just about technology, human factor is significant. II THE CANADIAN PERSPECTIVE $7.2m Amount of money small and medium-sized businesses across Canada spent in 2016 to recover from data breaches +44% The increase in the average number of cyber attacks against small and medium-sized businesses in Canada since 2014 $278 The average cost per lost or stolen record in Canada #2 Canada s ranking in the list of the world s most affected regions for ransomware attacks Digital Privacy Act (DPA) will take effect later this year. This act mandates that all data breaches are reported. Organizations will have to notify users of any breach that that could pose a real risk or significant harm. 3

III WHAT ARE THE THREATS INSIDE THREATS Employee negligence Security failures Lost portable devices Unintended disclosures by email, fax, phone or in person Failure to encrypt portable devices Employee ignorance Improper disposal of personal information (dumpsters) Lack of education and awareness Malicious and/or nosey employees OUTSIDE THREATS Hackers Malware Phishing and spear phishing Thieves Social engineering tools Stolen portable devices Vendors/Business Associates IV WHAT IS AT STAKE? Time - Time spent on incident response is time away from day-to-day operations Money - Responding to incidents can mean legal fees, forensic investigation costs, notification and call center costs, and paying for credit monitoring, Lawsuits, Regulatory investigation, fines, corrective action, and penalties Reputation Customers trust 4

Padlock Industry leading cyber and data threat PROTECTION Coverage Structure Discussion Breach and claim scenarios Eligibility criteria Special acceptances PADLOCK CYBER & DATA THREAT PROTECTION COVERAGE SUMMARY Third Party Protection Information Security and Privacy Liability Regulatory Defense and Penalties Website Media and Content Liability First Party Protection for your Business Customers Privacy Breach Response Services PCI Fines and Penalties Cyber Extortion First Party Data Protection First Party Network Business Interruption 5

PADLOCK CYBER & DATA THREAT PROTECTION COVERAGE THIRD PARTY PROTECTION Information Security and Privacy Liability Covers damages and expenses resulting from a violation of a privacy law for: theft, loss, or unauthorized disclosure of personally identifiable non-public information or third party corporate information acts or incidents that directly result from a failure of computer security to prevent a security breach failure to timely disclose an incident in violation of any breach notice law failure to comply with that part of a business privacy policy Regulatory Defense and Penalties Covers defense expenses and penalties resulting from a regulatory proceeding resulting from a violation of privacy law PADLOCK CYBER & DATA THREAT PROTECTION COVERAGE THIRD PARTY PROTECTION Website Media and Content Liability Covers damages and expenses for one or more of the following acts committed during the course of media activities: Defamation, libel or slander Violation of the rights of privacy of an individual Invasion or interference with an individual s right of publicity Plagiarism, piracy, misappropriation of ideas Infringement of copyright Infringement of domain name, trademark, trade name, logo etc Improper deep-linking or framing within electronic content 6

PADLOCK CYBER & DATA THREAT PROTECTION COVERAGE PRIVACY BREACH RESPONSE SERVICES Privacy Breach Response Services To provide breach services that include: forensic and legal assistance from a panel of experts to help determine the extent of the breach and the steps needed to comply with applicable laws notification to persons who must be notified under applicable law credit monitoring and fraud protection services to affected individuals. Alternatively, insureds may choose to offer their customers a data monitoring service public relations expenses & crisis management consultants PCI Fines and Penalties To indemnify the insured for PCI fines and expenses that they may incur following a breach PADLOCK CYBER & DATA THREAT PROTECTION COVERAGE FIRST PARTY PROTECTION FOR YOUR BUSINESS CUSTOMERS Cyber Extortion Coverage for payments made to prevent or stop a threat to breach computer security, destroy or corrupt data, or interrupt or computer systems. First Party Data Protection First party coverage for data restoration, data recreation and system restoration, a data protection loss as a direct result of alteration, corruption, destruction, deletion or damage to a data asset, or inability to access a data asset, that is directly caused by a failure of computer security to prevent a security breach. First Party Network Business Interruption Business interruption loss, lost income and extra expenses as a direct result of an actual and necessary interruption of computer systems caused directly by a failure of computer security to prevent a security breach. 7

Padlock - Cyber and Data Protection STRUCTURE PADLOCK CYBER & DATA PROTECTION STRUCTURE UNDERSTANDING THE POLICY... THREE TOWERS OF COVERAGE Separate towers means more cover for Padlock policyholders 8

PADLOCK CYBER & DATA PROTECTION STRUCTURE UNDERSTANDING THE POLICY... THREE TOWERS OF COVERAGE PADLOCK CYBER & DATA PROTECTION STRUCTURE UNDERSTANDING THE POLICY... THREE TOWERS OF COVERAGE 9

Padlock - Cyber and Data threat Protection DISCUSSION Key Messages Common Objections Discussion Questions KEY MESSAGES THE THREAT IS REAL It s no longer a matter of if, but when it is likely that businesses at some time will be affected by a breach event The law may impose obligations upon insureds are they in a position to understand and do they have the resources required to effectively respond Business may rely on outsourced providers, but if they are entrust them with their data the business may still ultimately remain legally liable if the data is misplaced Even the most sophisticated security systems can be impacted by human error or a rogue employee VALUABLE HELP AFTER AN INCIDENT Padlock gives insureds access to a breach response services team which has handled over 5,500 breaches globally since 2009 They have the capability and expertise to support a range of insureds from large multi-nationals to micro-business The team is available to consult with the insured and liaise with vendors from the approved panel that have the knowledge and capabilities to handle the response Access to the service team is included within the policy at no charge and does not erode the policy limits 10

KEY MESSAGES PADLOCK WAS DESIGNED SPECIFICALLY FOR SMALL BUSINESS Small businesses are generally less prepared for breach response before the event and have less resources to dedicate when it occurs Accessing this experience allows the small business to carry on business without having to divert as much time and energy to dealing with the problem Small business rely on trust of their employees and do not believe their employees would either cause a breach maliciously or innocently COMMON OBJECTIONS AREN T THE EXPOSURES ALREADY COVERED UNDER THE CGL? This product often fills a gap in coverage their other general commercial policies may have excluded or are beginning to exclude cyber from these policies The GL is unlikely to pick up the first party response costs nor is the form likely to be as robust Data is not often property under CGL IS THE AUTOMATIC LIMIT A LOW STARTING POINT? Highly affordable coverage at a structure that would be unobtainable from many insurers Low friction, no additional underwriting questions to at point of sale for automatic limit Padlock has robust coverages across 3 Towers of separate and distinct aggregates, most insurers will stack all coverages in one CAD aggregate, important when benchmarking If the insured wants to complete an application then they can be underwritten for larger limits, just ask your Gore contact 11

COMMON OBJECTIONS MY CLIENTS ARE TO SMALL TO BE ON THE RADAR OF HACKERS? Media only sensationalize mega breaches. Vast majority of breaches are small (< 100,000) and boring SMEs are often low hanging fruit due to lacks security Not all attacks are bespoke, the majority are broad and indiscriminate Not all breaches are electronic in nature. 18% are physical loss WILL THE BREACH RESPONSE SERVICES TEAM MAKE DECISIONS FOR THE CLIENT The experienced breach response services team assist the insured navigate breach They help by co-ordinating and analysing the situation through the lifecycle of the breach Decision on how to respond remains with the insured Transparency and choice of selection on select service providers DISCUSSION QUESTIONS HOW PREPARED IS YOUR CLIENT FOR THE AFFECTS OF A CYBER INCIDENT? Even tight security systems can be fallible Insurance purchase should be part of their preparation WHAT ASSISTANCE DOES YOUR CLIENT NEED IN THE EVENT OF A DATA BREACH INCIDENT AND HOW DOES THAT MATCH WITH THE INSURER S OFFERING? Not all offerings are the same Broadly speaking forms range from solely reimbursement to full response service offering Padlock puts response first with a breach response services team and utilising a panel of service providers offering; Capability & Competency Capacity (outside of Conflict)Cost (preferred rates means more bang for your buck ) 12

DISCUSSION QUESTIONS WHAT IS THE TRIGGER TO DATA BREACH COVERAGE? Padlock goes beyond just providing cover for an incident to include coverage for a reasonably suspected incident DOES THE INSURER IMPOSE ANY MINIMUM SECURITY LEVEL OR PATCH REQUIREMENT WARRANTIES? Some insurers require robust and strict security controls Padlock does not impose such restrictions WHAT INFORMATION DO THEY REQUIRE IN THE UNDERWRITING PROCESS? Some insurers will need long and complicated applications We already have the information we need to provide Padlock at automatic limits Padlock - Cyber and Data threat Protection BREACH & CLAIM SCENARIOS 13

BREACH AND CLAIMS SCENARIOS #1 WANNACRY RANSOMWARE INFECTION HITS MULTIPLE INSURING AGREEMENTS The insured reported that one of its computers was infected with the WannaCry malware. The malware encrypted large chunks of data. The hackers demanded ransom payment to unencrypt. Privacy Breach Response Services To assist the insured and determine the best course of action throughout the whole response Cyber Extortion To cover ransom payments following an Extortion Threat if the insured decides to pay and that is pre-agreed by Gore First Party Data Protection To cover data restoration, data recreation and system restoration following damage to a data asset as a result of the event First Party Business Interruption To cover income loss and extra expense for the insured in their downtime following an event Information Security & Privacy If the event caused a disclosure of personally identifiable non-public information which violated Privacy Law the policy would cover damages and claim expenses for the insured BREACH AND CLAIMS SCENARIOS #2 BURGLARY PHYSICAL LOSS OF PAPER RECORDS A franchise notified their Insurer that one of its stores was broken into and a lockbox containing employee and direct deposit information was stolen. The Breach Response Service team connected the insured to privacy counsel who advised the insured that a breach of paper records containing employee personally identifiable information including social security numbers required notification under relevant provincial law. Privacy counsel drafted the legally required notifications and the Breach Response Service team arranged for credit monitoring to be offered to the affected employees and former employees. 14

BREACH AND CLAIMS SCENARIOS #3 HOTEL BREACH UNINTENDED DISCLOSURE Franchisee of hotel chain had a computer error where guests' credit card numbers, passport numbers, or driver's license numbers were entered into a field intended to house residential address information, which was then shared with marketing partners and/or used for a mailing. The Breach Response Service team connected the hotel with a law firm as well as a forensic firm, who together determined that approximately 30,000 individuals needed to be notified. The Breach Response Service team also lined up a notification and call center services vendor. One regulator opened a regulatory investigation. BREACH AND CLAIMS SCENARIOS #4 RETAIL POS BREACH EXAMPLE A small fast-food chain received a Common Point of Purchase (CPP) notice from VISA, MasterCard and Discover which indicated credit card vulnerabilities potentially related to one of the insured s restaurant locations. Breach Response Service Team recommended and connected insured with panel privacy counsel and forensics. The forensics assessment determined that approximately 6,000 cards were affected. Due to the fact that the insured did not retain customer names or addresses associated with the credit card numbers, and in order to satisfy the regulator substitute notice requirements, the insured posted notification on its website and in printed media. Costs exceeded $30,000 for legal, forensics and call center services; all services were facilitated by the Breach Response Services Team. 15

BREACH AND CLAIMS SCENARIOS #5 POTENTIAL DATA BREACH AT HOA The officer of an insured homeowners association discovered an unrecognized connection to his Dropbox account, on which homeowners association documents were stored for backup purposes. The officer and his wife were recently the victims of identity theft and were concerned that the unauthorized connection to Dropbox was how their identities were stolen. The Dropbox account contained the PII of members of the homeowners association as well as some contractors. The insured hired privacy counsel from the Breach Response Service panel, notified the affected individuals, and provided credit monitoring in connection with the notifications. Padlock - Cyber and Data threat Protection ELIGIBILITY CRITERIA 16

ELIGIBILITY CRITERIA We have a broad appetite for industry classes covering the vast majority of our policyholders. Policyholders are allocated a risk grading based on IAO code. Risk grading determines pricing structure. Padlock - Cyber and Data threat Protection HIGHER LIMITS 17

HIGHER LIMITS IF YOUR SMALL BUSINESS CUSTOMER WOULD LIKE HIGHER LIMITS OR IF THEY RE INELIGIBLE FOR THE AUTOMATIC PRODUCT: Contact your underwriter There is a short form application Additional premium would be required 18

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback