Cyber & Privacy Liability and Technology E&0

Similar documents
You ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017

Cyber Liability Insurance. Data Security, Privacy and Multimedia Protection

HOW TO INSURE CYBER RISKS? Oulu Industry Summit

Cyber Risk Mitigation

Cyber Risks & Insurance

The Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage

Cyber breaches: are you prepared?

Cyber-Insurance: Fraud, Waste or Abuse?

Cyber Risk Management

A GUIDE TO CYBER RISKS COVER

NZI LIABILITY CYBER. Are you protected?

Cyber Risk Proposal Form

Your defence toolkit. How to combat the cyber threat

ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them

CYBER INSURANCE IN IF - with a touch of Casualty - August 18 th 2017 Kristine Birk Wagner

CYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP

Chubb Cyber Enterprise Risk Management

Cyber Security & Insurance Solution Karachi, Pakistan

Cyber Risk & Insurance

Cyber a risk on the rise. Digitalization Conference Beirut, 4 May 2017 Fabian Willi, Cyber Risk Reinsurance Specialist

Combined Liability Insurance for Financial Technology Companies Proposal Form

Cyber Liability Launch Event Moscow

Cyber Liability A New Must Have Coverage for Your Soccer Organization

Add our expertise to yours Protection from the consequences of cyber risks

JAMES GRAY SPECIAL GUEST 6/7/2017. Underwriter, London UK Specialty Treaty Beazley Group

STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH

Cyber Risks & Cyber Insurance

HEALTHCARE INDUSTRY SESSION CYBER IND 011

PRIVACY AND CYBER SECURITY

LIABILITY INTERRUPTION OF ACTIVITIES CYBER CRIMINALITY OWN DAMAGE AND COSTS OPTION: LEGAL ASSISTANCE

When The Wind Blows: Renewable Energy Risk Management Strategies

At the Heart of Cyber Risk Mitigation

Managing E-Commerce Risks

APPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London

Cyber Liability: New Exposures

What is a privacy breach / security breach?

Cyber Liability State of the Insurance Market & Risk Update Sept 8, ISACA North Texas

Vaco Cyber Security Panel

Tech and Cyber Claims Services

Cyber Enhancement Endorsement

Cyber Risk Insurance. Frequently Asked Questions

CYBER RISK Insurance Policy

FM Global. First-Party Property Cyber Coverage

Cyber ERM Proposal Form

Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity

Healthcare Data Breaches: Handle with Care.

Crawford Cyber Risk Services. A definitive solution for cyber-related events

2015 EMEA Cyber Impact Report

CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING

HIPAA Compliance Guide

Solving Cyber Risk. Security Metrics and Insurance. Jason Christopher March 2017

Cyber Insurance Policy

Cyber Security Liability:

RIMS Cyber Presentation

INFORMATION AND CYBER SECURITY POLICY V1.1

CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY

Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data

Insuring your online world, even when you re offline. Masterpiece Cyber Protection

A FRAMEWORK FOR MANAGING CYBER RISK APRIL 2015

2015 Latin America Cyber Impact Report

Evaluating Your Company s Data Protection & Recovery Plan

CYBER INSURANCE GUIDE

Cyber Liability & Data Breach Insurance Nikos Georgopoulos Oracle Security Executives Breakfast 23 April Cyber Risks Advisor

australia Canada ireland israel united kingdom United states Rest of world cfcunderwriting.com

Cyber Risks A Reinsurer s Perspective on Exposure & Claims. EMEA Claims Conference 2018, Rüschlikon, 6th 7th March, Anthony Cordonnier

Personal Information Protection Act Breach Reporting Guide

A broker guide to selling cyber insurance. CyberEdge Sales Playbook

Privacy and Data Breach Protection Modular application form

Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do

Cybersecurity Privacy and Network Security and Risk Mitigation

Property business interruption Policy wording

Property business interruption (technology) Policy wording

CYBER RISK INSURANCE. Proposal Form

Cyber, Data Risk and Media Insurance Application form

Cyberinsurance: Necessary, Expensive and Confusing as Hell. Presenters: Sharon Nelson and Judy Selby

ConSept: Policy Highlights: Other Coverage Features

Cyber insurance: The next frontier. Cyber insurance the next frontier

Does the Applicant provide data processing, storage or hosting services to third parties? Yes No

COMMERCIAL CRIME PROTECTION INSURANCE Policy Summary

Cyber Liability Insurance for Sports Organizations

Cyber Security Insurance Proposal Form

Cyber Insurance for Lawyers

Summary of Form Changes e-md /MEDEFENSE Plus Insurance Policy (from version P1818CE-0115 to P1818CE-0716)

Electronic Commerce and Cyber Risk

HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA

CYBER AND INFORMATION SECURITY COVERAGE APPLICATION

Insurance Requirement Provisions in Technology Contracts: Mitigating Risk, Maximizing Coverage

HEALTHCARE BREACH TRIAGE

Providing greater coverage for the greater good.

Allocating Risk for Privacy and Data Security in Commercial Contracts and Related Insurance Implications

Professional Indemnity and Cyber Insurance for Technology Companies Summary of cover

Untangling the Web of Cyber Risk: An Insurance Perspective

Professional indemnity for chartered accountants Policy wording

The Guide to Budgeting for Insider Threat Management

DEBUNKING MYTHS FOR CYBER INSURANCE

Emerging legal and regulatory risks

CYBER LIABILITY REINSURANCE SOLUTIONS

What can be done to mitigate cyber risk?

2017 Global Cyber Risk Transfer Comparison Report

PROFESSIONAL INDEMNITY + BROADFORM LIABILITY INSURANCE POLICY

Transcription:

Cyber & Privacy Liability and Technology E&0 Risks and Coverage Geoff Kinsella Partner http://map.norsecorp.com http://www.youtube.com/watch?v=f7pyhn9ic9i

Presentation Overview 1. The Cyber Evolution 2. The Growing Risk 3. What are the cyber risks and costs? 4. My Insurance Market Perspective 5. Risk Management considerations 6. The role of insurance in mitigating cyber risk 7. What does Technology E&O cover? 8. Who needs Technology E&O Insurance? 9. Q&A

The Cyber Evolution Dates back to the 1990s; Evolution driven by: Internet explosion Dotcom Boom Millennium Bug Civil Law and Regulations Industry specific drivers Third Party Services

The growing risk 10%of the data currently exists was created pre-2014 90% of this data was created in the last two years Where will be by 2020?

By 2020.. the volume of data we have will increase by 50 times

Increasing importance of data and systems Introduction to Cyber Insurance Proliferation of data, and importance of privacy Technology and Innovation Reliance on networks and systems Risk and Exposure 46% of global population now online > 200,000,000,000 emails sent every day 87% of the world s population use mobile devices Source: internetlivestats.com

The cause for concern Increasing moral and legal obligation to protect our customers rights to privacy GDPR IT Security & regulation not moving as quickly as cyber criminals The rapid digitisation of consumers lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019 Systemic Exposures and Aggregation The uncertainty of how Cyber Risks affect other insurance classes Interestingly criminal activity only accounts for around 41% of cyber losses

What are cyber Risks? Hacking DDoS attacks Malware Extortion Social engineering Cyber Terrorism Insurance Triggers for cyber losses Malicious or criminal attack 41% System Glitch 29% Software bug Error in coding Source: Symnantec (2016) Operational Errors 30% Human error Rogue employees Loss or theft of devices Loss or theft of documents

Distribution of Targets chart is led by Single Individuals with 33.3%. Governments grow to 10% http://www.informationisbeautiful.net/visualizations/worlds-biggestdata-breaches-hacks/ http://www.hackmageddon.com/

INDUSTRY What are the costs? 2016 - Cost of Data Breach, per record lost Healthcare Education Financial Services Pharmaceutical Retail Communications Industrial Energy Technology Hospitality Consumer Media Transportation Research Public $80 $172 $164 $156 $148 $145 $139 $133 $131 $129 $112 $195 $208 $221 $246 $355 Source: Ponemon Institute, 2016 (Cost of data Breach Study: Global Analysis). Data based on results from 350 companies across 11 countries $0 $50 $100 $150 $200 $250 $300 $350 $400

What are Cyber Risks? First Party Loss or damage to digital assets Non-physical business interruption and extra expense Cyber extortion and cyber terrorism Reputational harm computer crime and computer attacks by third parties accidental damage or destruction of hardware administrative or operational mistakes by employees and third party providers Full system Failure

What are Cyber Risks? Third Party Security and Privacy Liability and Defence Costs Network security breaches Transmission of malicious code Damage, alter, corrupt, distort, copy, delete, steal, misuse, or destroy Third Party Digital Assets Breach of third party or employee privacy rights or wrongful disposal of data Causing DDoS attack on third party Phishing or Pharming Confidentiality Privacy regulation defence, fines and penalties Customer care & reputational expenses Notification expenses Credit monitoring PR expenses Forensics Multi-media Liability

Cyber Insurance Coverage Crisis and Event Management Security and system failures Network, system and data restoration Notification and call centre costs Fraud and extortion consultation IT forensics Liability Privacy liability Security liability Intellectual property and content Legal Expenses PR and reputation mitigation expenses Credit and Identity theft monitoring costs Financial Loss Business interruption and increased cost of working Cyber theft and extortion Fines and penalties, including PCI-DSS

Key Underwriting Considerations Revenues Hazard classes & business activities Network security Disaster recovery, business continuity & crisis management Percentage of on-line revenues Dependence on systems Internal processes, procedures & employee awareness Types & volumes of information stored & how Use of mobile devices Use of websites, extranets and third-party access Vendors Underwriters do not only focus on IT Security

Hack that changed market perception of the risk Not the usual method of hacking Hacker gained access to a HVAC vendor HVAC vendor had file detailing remote log-in details to its clients Hacker logged into Target s system The hacker was able find both personal data and payment card data Organisations need to consider vendor access to systems & how data is structured internally

Public Sector Issues Organic / independent Departmental growth Differing agendas to Risk, IT & People Data proliferation versus outsourcing Vast array of risk areas from hospitals to vehicle licencing from security to Utilities Nationalised versus privatised versus, state or federal Political targets PEST trends key issue IT Investment or lack of.

Drivers to Buy Pre, During and Post Breach Response Regulation Contract Board Peers Experience

The Buying Wild Tips West Insurers will only insure what they want to! Standalone or Blended? Do you need Insurer s response services? Never Focus on Price Triggers Should match Threat Environment Geoff s 101 Sublimits? Localised Network only? Enhancements Modular Policy Approach

Cover to look out for.. Enhancements Liability extended to cloud providers Computer crime, electronic theft & telecommunications fraud Programming and human error Cyber Terrorism Notification Costs outside policy limit voluntary or legal No unencrypted device exclusion Forensic Costs to full policy limit Social Engineering fraud Coverage for volunteers and leased employees Punitive Damages - venue System Failure unplanned outages operational errors Contingent Business Interruption What s next? SCADA & Property damage CL380 Cyber Wallets/ Cryptocurrencies Reputational Harm Crisis Management Coverages Crime Contingent Business Interruption

Industries Most Affected Hospitality accommodation food services Retail and e-tail Financial services Healthcare and social services Educational institutions IT/Technology entities Government entities Charities Anyone relying on a network Anyone relying on a system Anyone storing or processing data Anyone with a presence online

My Insurance Market Perspective http://www.youtube.com/watch?v=f7pyhn9ic9i

The Wild West!

WHY? Area of growth in depressed market; Proliferation of new entrants; High Profile Media Focus; Premium Volume Expectations: $2.5BN up from $1BN in 2012; $8BN by 2020. Young inexperienced participants Cyber Gold Rush! Is this good for you the BUYER?

Risk Management Considerations

Risk Management Considerations Must be part of your overall ERM programme Know your 1 st Party & 3 rd Party risks How much of our critical business functions are outsourced? Incident response Control access rights Identify Educate Know your crown jewels What would be motivation for an attack Employees (& stakeholders) of risks & policies How will we know? Have we got support? Have we got a plan? Insurance? How do you chose the correct indemnity limit? Allocate Responsibility post & pre breach

The role of insurance in mitigating cyber risk

Firewalls Cyber Risk Management the known costs Antivirus Staff Training Device Management Insurance as an option for cyber risk management IT Costs Policies/ Procedures Monitoring Maintenance User privileges Passwords Incident Planning BCPs DRPs

Cyber Risk Management the Unknown costs PR Expenses Crisis Management Notification Costs Extortion Insurance as an option for cyber risk management Financial Loss Fines & Penalties Fraud Consultation Credit/ID Monitoring Transmission Business Interruption Liabilities Security Extra Expense Privacy Intellectual Property

Cyber Risk Management So how and where does a cyber insurance policy fit in? Unknown Cost Known Cost

Cyber Insurance Cyber Insurance Insurance as an option for cyber risk management Enables budgeting certainty of cyber risk management programme Financial protection from unknown costs Rapid response from specialist crisis response teams Pre-, during-, and postbreach services The cyber insurance policy will only cost a fraction of the overall spend on cyber risk management

Technology E&O Insurance http://www.youtube.com/watch?v=f7pyhn9ic9i

What is Tech E&0 insurance? Tech E&O insurance is intended to cover two basic risks: (1) financial loss of a third party arising from failure of the insured s product to perform as intended or expected, and (2) financial loss of a third party arising from an act, error, or omission committed in the course of the insured s performance of services for another. Legal Liability policy: Pay sums you are legally obliged to pay (including costs & expenses) for: Negligent act, error, omissions, Misrepresentation Breach of contract Senior employee dishonesty Act or error etc. giving rise to a Civil liability. Arising out of your business activities performed for a client

Cover to look out for.. Enhancements Breach of Contract Loss of Documents Fidelity of Employees Intellectual Property Rights Products Liability Property Bodily Injury Defamation (media liability) Waiver of Subrogation Rights Refund of Fees

Who should buy Tech E&0? Traditionally designed for providers of technology services or products Companies such as data storage, web designers, software developers and hardware manufacturers, IT services companies, help desk services, domain name resellers, telecommunication resellers, network engineers etc. Lines now becoming more blurred as traditional offline companies enter the technology development/ service field Do any of your entities provide technology services? Exxon, Amex, GE, Citi, Target, JP Morgan, and Walmart are all racing to become technology companies. Telsa is a technology company racing to become a car company!

Key Underwriting Considerations Revenues by activities e.g. Hardware Own manufacturing Resale hardware Installation Maintenance Dependence on systems Software Coding or no coding Maintenance System Integration Services Consultancy /Contracting Training Hosting or processing Other considerations: Nature of Activities Client profile/ examples Number of Customers Contract examples What are consequences of failure? Losses

Blending Cyber and Technology E&O helps to alleviate the potential of losses falling between the cracks Insurers are now offering a modular approach

Questions? Insurance as an option for cyber risk management

Cyber & Privacy Liability and Technology E&0 Risks and Coverage Geoff Kinsella Partner

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback