Cyber Risk Mitigation

Similar documents
Cyber Risks & Insurance

Cyber-Insurance: Fraud, Waste or Abuse?

Cyber & Privacy Liability and Technology E&0

CYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP

Cyber Risks & Cyber Insurance

Cyber Liability Insurance for Sports Organizations

Privacy and Data Breach Protection Modular application form

Cyber, Data Risk and Media Insurance Application form

Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data

Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity

Cyber Liability Insurance. Data Security, Privacy and Multimedia Protection

The Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage

PRIVACY AND CYBER SECURITY

ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them

Cyber Risk Management

Cyber Risk Proposal Form

Cyber Liability A New Must Have Coverage for Your Soccer Organization

JAMES GRAY SPECIAL GUEST 6/7/2017. Underwriter, London UK Specialty Treaty Beazley Group

STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH

Cyber Enhancement Endorsement

You ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017

A FRAMEWORK FOR MANAGING CYBER RISK APRIL 2015

Vaco Cyber Security Panel

Protecting Against the High Cost of Cyberfraud

CYBER AND INFORMATION SECURITY COVERAGE APPLICATION

NZI LIABILITY CYBER. Are you protected?

DEBUNKING MYTHS FOR CYBER INSURANCE

Chubb Cyber Enterprise Risk Management

Evaluating Your Company s Data Protection & Recovery Plan

ACORD 834 (2014/12) - Cyber and Privacy Coverage Section

Fraud and Cyber Insurance Discussion. Will Carlin Ashley Bauer

Insuring your online world, even when you re offline. Masterpiece Cyber Protection

What is a privacy breach / security breach?

Cybersecurity Insurance: New Risks and New Challenges

Cybersecurity Insurance: The Catalyst We've Been Waiting For

Cyber breaches: are you prepared?

At the Heart of Cyber Risk Mitigation

Cyber Security Liability:

Your defence toolkit. How to combat the cyber threat

Cyber Risk Insurance. Frequently Asked Questions

Small business, big risk: Lack of cyber insurance is a serious threat

RIMS Cyber Presentation

Tech and Cyber Claims Services

Claims Made Basis. Underwritten by Underwriters at Lloyd s, London

Cyber COPE. Transforming Cyber Underwriting by Russ Cohen

How to mitigate risks, liabilities and costs of data breach of health information by third parties

Cyber Liability Launch Event Moscow

Cyber Liability & Data Breach Insurance Nikos Georgopoulos Oracle Security Executives Breakfast 23 April Cyber Risks Advisor

IT Security. Chip Moore State Chief Information Security Officer Chris Estes State Chief Information Officer

Healthcare Data Breaches: Handle with Care.

CYBER LIABILITY INSURANCE: CLAIMS ISSUES AND TRENDS THAT AUDITORS NEED TO KNOW

A GUIDE TO CYBER RISKS COVER

CYBER INSURANCE IN IF - with a touch of Casualty - August 18 th 2017 Kristine Birk Wagner

CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING

Cyber Liability State of the Insurance Market & Risk Update Sept 8, ISACA North Texas

Cyber Liability: New Exposures

An Overview of Cyber Insurance at AIG

Add our expertise to yours Protection from the consequences of cyber risks

2015 Latin America Cyber Impact Report

Cyber Liability & Data Breach Insurance Claims

Providing greater coverage for the greater good.

HEALTHCARE INDUSTRY SESSION CYBER IND 011

Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do

HOW TO INSURE CYBER RISKS? Oulu Industry Summit

CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY

Cyber Security & Insurance Solution Karachi, Pakistan

HEALTHCARE BREACH TRIAGE

Cyber Insurance for Lawyers

Data Breach Program Pricing Companies with revenues less than $1,000,000

2015 EMEA Cyber Impact Report

We re Under Cyberattack Now What?! John Mullen, Partner/Co-founder, Mullen Coughlin Jason Bucher, Senior Underwriting Manager, Schinnerer Cyber

Cyber a risk on the rise. Digitalization Conference Beirut, 4 May 2017 Fabian Willi, Cyber Risk Reinsurance Specialist

Untangling the Web of Cyber Risk: An Insurance Perspective

APPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London

2017 Cyber Security and Data Privacy Study

CYBER LIABILITY REINSURANCE SOLUTIONS

PAI Secure Program Guide


Combined Liability Insurance for Financial Technology Companies Proposal Form

CyberPro: Insurance, Risk Management and Breach Response Services

Cyber Security Essentials for In-House Counsel

MANAGING DATA BREACH

STEPPING INTO THE BREACH A GUIDE TO CYBER AND DATA INSURANCE

Managing E-Commerce Risks

MEASURING & PRICING THE COST DRIVERS OF A CYBER SECURITY RISK EVENT

INFORMATION AND CYBER SECURITY POLICY V1.1

Does the Applicant provide data processing, storage or hosting services to third parties? Yes No

Personal Information Protection Act Breach Reporting Guide

2017 Global Cyber Risk Transfer Comparison Report

Cyber ERM Proposal Form

OLD DOMINION UNIVERSITY PCI SECURITY AWARENESS TRAINING OFFICE OF FINANCE

Cyber Insurance I don t think it means what you think it means

Electronic Commerce and Cyber Risk

Cyber Risk & Insurance

A broker guide to selling cyber insurance. CyberEdge Sales Playbook

Privacy and Security Issues Facing Qualified Retirement Plans

australia Canada ireland israel united kingdom United states Rest of world cfcunderwriting.com

IDENTITY THEFT COVERAGE ON INSURANCE POLICIES SPONSORED BY

LIABILITY INTERRUPTION OF ACTIVITIES CYBER CRIMINALITY OWN DAMAGE AND COSTS OPTION: LEGAL ASSISTANCE

Be the GAME CHANGER.

Transcription:

Cyber Risk Mitigation Eide Bailly Howalt + McDowell Insurance

Introduction Meet your presenters Eric Pulse Risk Advisory Director 20 years in the public accounting and consulting industry providing information technology risk advisory and cyber security consulting services to a variety of industries Certifications Certified Information Systems Auditor Certified Information Security Manager Certified in Risk and Information Systems Control GIAC Security Essentials Certification Certified Financial Services Auditor 2

Introduction Karen Andersen Risk Advisory Manager 20+ years of technology consulting experience across a wide variety of industries performing cyber security assessments and risk assessments Karen also provides expertise in the areas of PII, ediscovery, Data Breaches, HIPAA Assessments, Investigations, and Information Risk Assessments Certifications Certified Information Security Manager 3

Introduction Jared Ducommun Sales Executive, Property & Casualty Howalt + McDowell Insurance a Marsh McLennan Agency 16 years of experience with Internet and network infrastructure. 4

Agenda Cyber Threat Environment Challenges of Cyber Security Value of Data on the Black Market Cyber Insurance Trends Intersection of Cyber Insurance and Risk Mitigation Cyber Risk Mitigation NIST Framework It Pays to be Prepared 5

Maybe the Biggest Challenge This is core to the hacker mentality: We hack systems that can be hacked and leave the rest Sean Parker co-founder of Napster and founding president of Facebook

Cyber Challenges Threats are fluid The threat is advancing quicker than we can keep up with it. The threat changes faster than our idea of the risk. It's no longer possible to write a large white paper about the risk and relative controls to a particular system. You would be rewriting the white paper constantly..." Adam Vincent Chief Technology Officer Layer 7 7

Types of threats Common cyber threats to most organizations: Malicious software or "malware" Distributed denial of service attacks Data leakage Third-party/cloud vendor risks Mobile/web application vulnerabilities Weaknesses in project management or change management 8

Causes of Cyber Intrusions Percentage of Claims by Cause of Loss 27% Hacker 16% 12% 10% 9% 8% 18% Malware/Virus Lost/Stolen Device Staff Mistake Paper Records Rogue Employee All other causes NetDiligence 2017 Cyber Claims Study 9

Targets Smaller companies/vendors = bigger targets Solution Increased due diligence Contractual provisions requiring cyber security standards and notice of breaches Cyber security insurance requirement for vendors Information sharing 10

What s Your Data Worth? Advertised Prices on the Black Market U.S.-based credit card with verification $1-$6 An identity (including U.S. bank account, credit card, date of birth, and gov.-issued ID) $14- $18 List of 29,000 emails $5 Online bank account with $9,900 balance $300 Phishing website hosting $3-$5 Verified PayPal account with balance $50-$500 Skype account $12 One month World of Warcraft account $10 Value to a Hacker 40M records sold for $2 per $80M in profit 11

Detailed Costs Average cost of a corporate data breach $3.62 million U.S. FY 2017 average was $216 per record. U.S. FY 2016 average was $225 per record Medical information worth more than credit card data 10 times more. It can t be regenerated. Thieves use stolen medical data to order health care equipment or drugs then resell, submit made up claims with insurance companies, etc. 12

Additional Costs Direct and indirect costs incurred by the organization Forensic experts Outsourcing hotline support Providing free credit monitoring subscriptions Discounts for future products and services In-house investigations and communications Extrapolated value of customer loss resulting from turnover or diminished customer acquisition rates Don t forget counsel and any related litigation 13

Cyber Insurance Timing is everything Walter Anders, head of Hunton & Williams insurance litigation and recovery practice, says that many of those who have cyber insurance discover too late that their policies are not useful. Source: Monika Gonzalez Mesa, Daily Business Review 14

Cyber Insurance Recent Trends Roughly 80 different markets offering cyber products Pricing for cyber insurance has trended down over the years Coverages have broadened Integrated resource enhancement with coverages Increased underwriting scrutiny Cyber is not standardized Legal precedence is still being set 15

Cyber Insurance Who needs coverage? Everyone needs to have cyber insurance but here are some of the main exposures with the largest risks: Companies that have: Personally identifiable information Social Security numbers Banking information Driver s license Motor vehicle records Health histories/information Credit card information (PCI) Have network access to others (or if someone had access to yours) 16

Common Gaps in Traditional Policies General Overview: Assets Business interruption Privacy liability Network liability 17

Key Insurance Coverages Network Security Liability: Liability to a third party as a result of: Destruction of a third party s electronic data Your network's participation in denial-of-service attacks Transmission of viruses to third-party computer systems 18

Key Insurance Coverages Data Privacy Liability: Liability to a third party as a result of: Unauthorized disclosure of personally identifiable information Unauthorized disclosure of third-party confidential information in your care, custody or control Defense against regulatory actions 19

Key Insurance Coverages Crisis Management: Expenses to respond to a personal data breach event including: Computer forensic costs Notification cost including call center costs Credit monitoring and identity theft protection costs Public relations and crisis management consultancy costs 20

Key Insurance Coverages Cyber Extortion: Expenses to respond to a personal data breach event including: Computer forensic costs Notification costs including call center costs Credit monitoring and identity theft protection costs Public relations and crisis management consultancy costs 21

Key Insurance Coverages Network Business Interruption: The interruption or suspension of computer systems resulting in: Your potential loss of income Extra expense incurred to mitigate an income loss resulting from: A network security breach A network failure 22

Key Insurance Coverages Data Asset Protection: The corruption or destruction of data or computer programs incurs: Replacement, restoration, or rectification costs Costs to determine that data or programs cannot be replaced 23

Key Insurance Coverages Multimedia Liability: Liability arising from online and offline content stemming from: Infringement of intellectual property rights Invasion of privacy Defamation Negligent publication or misrepresentation 24

Key Insurance Coverages Social Engineering (Deceptive Transfer) A scheme that intentional mislead an employee into sending money or diverting a payment based on fraudulent information. Written, verbal communication 25

Cyber Loss Impact Cyber Loss Impact 26

Trends and Risk Mitigation All Industries Communication, Media and Tech Education Institutions Health Care Hospitality and Gaming Manufacturing Power and Utilities Retail/Wholesale Services 2015 Cyber Insurance Growth Rates by Industry Marsh Clients 0 10 20 30 40 50 60 70 27

Where to start Underwriters are interested in the following: Dedicated information security resources Evaluate potential risk Identify what you are trying to protect what types of data Defined information security policies and procedures Employee education Incident response plan Security measures Vendor management 28

Cyber Security Risk How Secure are Your Third-Party Partners? Functions Being Outsourced Payroll Accounting/Tax Employee benefits administration Audits Credit card processing Information technology 29

First Steps Get Your Bearings Scope of Cyber Security Assessment 1. Access Control 2. Audit and Accountability 3. Configuration Management 4. Contingency Planning 5. Incident Response 6. IT Security Planning 7. Mobile Device Management 8. Physical Security 9. Risk Management 10. System Operations 30

Basics to consider cyber readiness Evaluation of your internal readiness and understandings No one is immune Operation resiliency/redundancy Employees continual training and communication Practice incident response plan and testing Response metrics detection to action to resolution Support and forensic firms 31

Security Standards National Institute of Standards & Technology (NIST) Cyber Security Framework Identify Recover Protect Respond Detect 32

Cyber Risk Management Set the tone from the top. Identify, measure, mitigate and monitor risks. Develop risk management processes commensurate with your institution's level of risk and complexity. Align IT strategy with business strategy and account for how risks will be managed both now and in the future. Create a governance process to ensure ongoing awareness and accountability. Ensure reports to you and your board are meaningful and timely with metrics on the institution's vulnerability to cyber risks and potential business impacts. 33

Mitigating Cyber Risk Security Awareness Training Less than half of surveyed companies require security awareness training for all employees Just under one-third of respondents said that their organization required higher level executives (CEOs and C-Level) to participate Source = 2016 Experian Data Breach Resolution and Ponemon Institute Report 34

Common Cyber Insurance Objections An estimated two-thirds of businesses are without cyber insurance: National Cyber Security Alliance found that 1 in 5 small businesses fall victim to cyber crime. 60% of those businesses go out of business within six months. (Victor O Schinnerer & Co.) A firewall or router from your IT vendor protects generic antivirus and malware attacks. General liability policies lack flexibility to address new and emerging cyber breaches. The cyber world is continuing to evolve. Many carriers are changing coverages yearly. 35

Final Thoughts Summary Understand your network and possible infrastructure challenges. Training your business team on cyber threats through email, website, and social media. Work with your insurance professionals for policy guidance. Consult with companies that understand business challenges prior to cyber issues and after a threat has occurred. 36

Eric Pulse 605.997.4847 epulse@eidebailly.com Karen Andersen 612.253.6638 kdandersen@eidebailly.com

Jared Ducommun Sales Executive Property & Casualty Howalt+McDowell Marsh McLennan Agency 605-339-3874 Jared.Ducommun@marshmma.com

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback