CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING

Similar documents
Defending Litigation After a Data Breach

Cyber Risks & Insurance

What is a privacy breach / security breach?

CYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP

Critical Issues in Cybersecurity:

Cyber Liability Launch Event Moscow

ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them

DEATH, TAXES AND DATA BREACH: THE LEGAL LESSONS

Cyber Risks & Cyber Insurance

We re Under Cyberattack Now What?! John Mullen, Partner/Co-founder, Mullen Coughlin Jason Bucher, Senior Underwriting Manager, Schinnerer Cyber

CyberRisk: What we know and what we don't know

Invas ion of Privacy, Hacking and Intellectual Property Claims : Are You Covered?

Cyber Enhancement Endorsement

Cyber Liability Insurance for Sports Organizations

Cyber Insurance 2017:

Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity

Paul Jones, Jones & Co. Kathleen Rice, Faegre Baker Daniels, LLP

Cyber & Privacy Liability and Technology E&0

Designing Privacy Policies and Identifying Privacy Risks for Financial Institutions. June 2016

Privacy and Data Breach Protection Modular application form

Credit Card Data Breaches: Protecting Your Company from the Hidden Surprises

CYBER LIABILITY REINSURANCE SOLUTIONS

Cyber, Data Risk and Media Insurance Application form

PRIVACY AND CYBER SECURITY

Cyber Risk Proposal Form

Protecting Against the High Cost of Cyberfraud

Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data

Emerging legal and regulatory risks

IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION

Cyber Liability A New Must Have Coverage for Your Soccer Organization

Data Breach and Cyber Risk Update November 17, 2011

Cyber Risk Mitigation

CASE 0:14-md PAM Document Filed 07/10/15 Page 1 of 14 EXHIBIT 1

At the Heart of Cyber Risk Mitigation

Cyber Liability & Data Breach Insurance Claims

CYBERINSURANCE TRENDS AND DEVELOPMENTS

Chubb Cyber Enterprise Risk Management

The Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage

Healthcare Data Breaches: Handle with Care.

CYBER CLAIMS BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIMS & LEGAL GROUP

Aon Cyber Risk and Directors & Officers Forum CRM011

Cyber breaches: are you prepared?

Case 2:16-cv ROS Document 1 Filed 09/07/16 Page 1 of 20

When The Wind Blows: Renewable Energy Risk Management Strategies

IDENTITY THEFT COVERAGE ON INSURANCE POLICIES SPONSORED BY


Hot Topics in Software as a Service and Cloud

The Cyber Insurance Broker Conundrum

IS YOUR CYBER LIABILITY INSURANCE ANY GOOD? A GUIDE FOR BANKS TO EVALUATE THEIR CYBER LIABILITY INSURANCE COVERAGE

Cyber Risk & Insurance

Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do

Claims Made Basis. Underwritten by Underwriters at Lloyd s, London

Cyber-Insurance: Fraud, Waste or Abuse?

Evaluating Your Company s Data Protection & Recovery Plan

2015 EMEA Cyber Impact Report

JAMES GRAY SPECIAL GUEST 6/7/2017. Underwriter, London UK Specialty Treaty Beazley Group

Data Breach Financial Protection Program Terms and Conditions

Allocating Risk for Privacy and Data Security in Commercial Contracts and Related Insurance Implications

Insurance Buyers News

Medical Data Security Beyond HIPAA: Practical Solutions for Red Flags and Security Breaches. April 3, 2009

Understanding Cyber Risk in the Dental Office. Melissa Moore Sanchez, CIC

Your defence toolkit. How to combat the cyber threat

Cyber Risk Management

UNITED STATES DISTRICT COURT NORTHERN DISTRICT OF GEORGIA ATLANTA DIVISION. Plaintiffs, Defendant.

MEDIATECH INSURANCE APPLICATION THIS APPLICATION IS FOR A CLAIMS MADE POLICY PLEASE INDICATE WHICH COVERAGES ARE REQUIRED Technology and Professional

Vaco Cyber Security Panel

CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY

STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH

Cyber Liability Insurance. Data Security, Privacy and Multimedia Protection

BREACH MITIGATION EXPENSE COVERAGE

Surprisingly, only 40 percent of small and medium-sized enterprises (SMEs) believe their

Cyber a risk on the rise. Digitalization Conference Beirut, 4 May 2017 Fabian Willi, Cyber Risk Reinsurance Specialist

Case 3:13-cv Document 49 Filed 07/18/13 Page 1 of 39 PageID #: 959

LICENSE AGREEMENT. Security Software Solutions

MANAGING DATA BREACH

You ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017

Cyber Risk Insurance. Frequently Asked Questions

Cybersecurity, Privacy and Communications Webinar: Financial Privacy Primer

Combined Liability Insurance for Financial Technology Companies Proposal Form

Cybersecurity Curveballs in Vendor Risk Management Programs

University Data Policies


CYBERSECURITY AND PRIVACY: REDUCING YOUR COMPANY S LEGAL RISK. By: Andrew Serwin

Cyber Insurance for Lawyers

Anatomy of a Data Breach

Data Thefts and Protecting Client Tax Information

Personal Information Protection Act Breach Reporting Guide

CYBER INSURANCE IN IF - with a touch of Casualty - August 18 th 2017 Kristine Birk Wagner

A FRAMEWORK FOR MANAGING CYBER RISK APRIL 2015

DATA COMPROMISE COVERAGE RESPONSE EXPENSES AND DEFENSE AND LIABILITY

LIABILITY INTERRUPTION OF ACTIVITIES CYBER CRIMINALITY OWN DAMAGE AND COSTS OPTION: LEGAL ASSISTANCE

UNITED STATES DISTRICT COURT EASTERN DISTRICT OF TENNESSEE AT CHATTANOOGA

The Risk-based Approach to Data Breach Response Meeting mounting expectations for effective, relevant solutions

APPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London

Cyber Risk Insurance Policy Application

Testimony. Submitted for the Record. American Bankers Association. Financial Institutions and Consumer Credit Subcommittee

Cyber Security & Insurance Solution Karachi, Pakistan

Summary of Form Changes e-md /MEDEFENSE Plus Insurance Policy (from version P1818CE-0115 to P1818CE-0716)

DEBUNKING MYTHS FOR CYBER INSURANCE

Providing greater coverage for the greater good.

Transcription:

CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING 2015 Verizon Data Breach Report 79,790 security incidents 2,122 confirmed data breaches Top industries affected: Public, Information, and Financial Services (same as prior years) But numbers show that no industry is immune

Verizon Report: Threat Actors Verizon Report: Threat Actions

Verizon Report: Incident Types 2015 Ponemon Cost of Data Breach Study $217 average cost per lost or stolen record Healthcare, pharmaceutical, financial, energy, and transportation, communications and education tend to have higher costs Incident response plan, extensive use of encryption, employee training, board level involvement, and insurance protection had most significant impact on reducing costs

Cyber/Data Privacy Products First Party Coverage Breach Response Forensics Notification Legal representation Crisis Management Reconstitution of electronic records Property coverage Computer systems Machinery Business interruption Lost profits Third Party Coverage Response to regulatory investigation Defending against lawsuits Cyber Market Issues Carriers dropping from the cyber market Mergers of insurance carriers Varying products by company Varying policy language by company

Underwriting Cyber What were the major underwriting concerns regarding cyber threats in 2014? Have they changed? How are those concerns being addressed in the underwriting process? Where was the underwriting data coming from? Who Was Buying Cyber Big companies v. small to midsize companies Was it industry specific? What were the driving forces for the purchasing decisions? What products were sold? How much is dependent on the agent/broker? Stand alone policies v. endorsements Is any of this changing?

Types of Data Breach Cases Stolen or lost computer cases Big factor: was data encrypted How stolen or what happened with it afterwards Hacking incidents Payment cards systems Password theft Theft of financial data Publication of personal information Often arises in medical context Non profit posting of tax records Federal law Applicable Law HIPAA/HITECH The Stored Communications Act (SCA) The Fair Credit Reporting Act (FCRA) The Gramm Leach Bliley Act (GLBA) State law Consumer protection or unfair trade practices Negligence Breach of express or implied contract Invasion of privacy Self regulation: PCI DSS

Standing and Theories of Harm Theories of Harm Lost time and inconvenience Emotional distress Decreased economic value of PII Denied benefit of the bargain Statutory damages Clapper v. Amnesty International USA, 133 S. Ct. 1138 (2013) expenditure of money to prevent surveillance was a form of manufactured standing Resnick v. AvMed, 693 F.3d 1317 (11th Cir. 2012) Two laptops stolen from corporate office with names, SSNs, addresses, and phones Injury: plaintiffs were victims of identity theft and suffered monetary damages Bank accounts and credit cards opened Home address changed with USPS E*Trade account opened and overdrawn Causation: allegations of negligent care for laptops, no encryption, and timing of ID theft

Willingham v. Global Payments, Inc., 2013 WL 440702 (N.D. Ga. 2013) SCA claim: GPI not an ECS and did not knowingly divulge data to hackers FCRA claim: GPI not a CRA and did not furnish data to hackers it was stolen Georgia UDTPA: injunctive relief to prevent future injury is sole remedy, but data already stolen Negligence: no duty of care and no evidence of what would be commercially reasonable methods to safeguard data Contract: plaintiffs not third party beneficiaries Remijas v. Neiman Marcus Grp., LLC, No. 14 3122 (7th Cir. 2015) First circuit court post Clapper to confer standing based on possibility of future harm Neiman Marcus customers should not have to wait until hackers commit identity theft or credit card fraud in order to give the class standing. Mitigation costs can support injury in fact where harm is imminent, and suggested that offer of credit monitoring and ID theft protection to all customers was telling.

Today s Cyber Threats Malicious activity by hack-tivists Website defacements Denial of service (DDOS) attacks Destruction of information and systems Financial crimes and other frauds Theft of confidential business information and proprietary technology Looking Forward Current Trends Products Growth of cyber towers Expansion of coverage afforded First Party Third Party In what way will the coverage expand? Are there any risks that have become uninsurable?

Looking Forward Current Trends Underwriting Choosing risks Pricing Overlapping coverage and its impact on placement Position in the tower Willingness to manuscript policies Looking Forward Current Trends FTC v. Wyndham Worldwide Corp., No. 14 3514 (3rd Cir. 2015) failure to follow published privacy policies or take reasonable measures to safeguard data can constitute an unfair trade practice Baker Hostetler report: regulators investigated 31% of breaches; AG offices investigated 5%; and OCR investigated 100% of medical breaches

Target and Home Depot Litigation U.S. Dist. Court for Minnesota certified class action of banks and credit unions for restitution in Target data breach litigation But Home Depot recently filed motion to dismiss lawsuit by banks, arguing The banks are sophisticated financial institutions asking the court to shift to Home Depot expenses they allegedly incurred as a result of their commercial decisions following a criminal's theft of data from Home Depot." Other Issues on Horizon Chip and PIN transition effective Oct. 1 Internet of Things litigation Technology getting ahead of regulation FTC and State AG focus Cyber security meets product liability U.S. Hotel and Resort Management, Inc. v. Onity, Inc. (D. Minn. July 30, 2014) Is vulnerability to hacking a defect? Is defect alone an injury? Is warranty against hacking implied?

The Future of Cyber Crime More elaborate and more sophisticated Attacks that are industry wide and impact our economy Theft of trade secrets and intellectual property National security implications Terrorism Closing Questions Will a federal notification statute be enacted? Will uniform policy language and definitions be developed? What direction are we heading?

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback