Terrorism and Cyber the fast changing landscape it is not just about privacy anymore

Similar documents
Cyber Risks A Reinsurer s Perspective on Exposure & Claims. EMEA Claims Conference 2018, Rüschlikon, 6th 7th March, Anthony Cordonnier

NHC Cyber Insurance, Service and Incident Response. 19. oktober 2017

Solving Cyber Risk. Security Metrics and Insurance. Jason Christopher March 2017

Cyber a risk on the rise. Digitalization Conference Beirut, 4 May 2017 Fabian Willi, Cyber Risk Reinsurance Specialist

Special risks contacts. SPECIAL RISKS

Aon Risk Solutions. Global Broking Centre ALPHA AON S GLOBAL TERRORISM & POLITICAL VIOLENCE SOLUTION INTERNATIONAL

PROCOVER PROFESSIONAL INDEMNITY (CIVIL LIABILITY) INSURANCE POLICY WORDING

Terrorism, Zika, CBI - Business Operations Impacted Without Physical Damage? Now What?

LEGAL IMPLICATIONS FOR THE SHIPPING INDUSTRY

Cybersecurity Insurance: The Catalyst We've Been Waiting For

Terrorism Risk and Insurance Markets in 2012

DECLARATIONS. Limits of Liability in respect of each Occurrence and in the aggregate: Underlying Amount(s) or Each Occurrence Retention:

UK Terrorism Threat Landscape: Where Next Post Westminster, Manchester and London Bridge? LMA Terrorism Panel Forum

ACCIDENTAL DEATH. yourself & your family PROTECT against the unexpected.

Overview The risk of terrorism, lone wolf style events, sabotage, war and political instability continues to grow across the globe.

Business/Corporate/Purchasing Liability Waiver Insurance Wording

S L tr lo a y t d egy s Cyber -Attack

MOTOR EXCLUSIONS CLAUSE

NOT ALL DISASTERS ARE MADE BY MOTHER NATURE

ConSept: Policy Highlights: Other Coverage Features

DECODER INSURANCE POLICY. Issued by NMS INSURANCE SERVICES (SA) LIMITED DECODER INSURANCE POLICY

Cyber Liability State of the Insurance Market & Risk Update Sept 8, ISACA North Texas

Cybersecurity Insurance: New Risks and New Challenges

Active shooter and assailant

CYBER INSURANCE IN IF - with a touch of Casualty - August 18 th 2017 Kristine Birk Wagner

The Arab Spring. Outline

ARAB WAR RISKS INSURANCE SYNDICATE (AWRIS)

Panel 2: Cybersecurity Insurance and the Nebulous Risk of Cyberwar and Cyberterrorism

FINE ARTS DEALERS INSURANCE POLICY

Cyber Silent Exposure in Industrial Property A representative discussion for the entire industry? Simon Dejung

You ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017

Cyber Security Liability:

Insuring your online world, even when you re offline. Masterpiece Cyber Protection

UK Terrorism Insurance. Product Brochure

At the Heart of Cyber Risk Mitigation

Employers Liability Policy

Cyber Liability A New Must Have Coverage for Your Soccer Organization

SASRIA LIMITED Reg. No. 1979/000287/06

Product Innovation. Crisis Management. Aon London Global BrokingCentre

Inperio Limited, 150 Minories, London, EC3N 1LS, United Kingdom Tel +44 (0)

TERRORISM VERSUS POLITICAL VIOLENCE ARE YOU COVERED?

Public and Products Liability Policy Excess Liability

NATIONAL TERRORISM RISK INSURANCE PROGRAMMES OF OECD COUNTRIES WITH GOVERNMENT PARTICIPATION MAIN FEATURES

Terrorism Insurance. Port Administration and Legal Issues Seminar. 11 th July James Dover Aon Crisis Management

Terrorism Risk Insurance in Australia

War, Terrorism and Political Violence (WTPV) STAND SECURE AGAINST THE EVOLVING THREAT

TRACK & TOW POLICY WORDING

GENERAL EXCLUSIONS. b) the production, use or storage of nuclear material.

INSURANCE SCHEDULE PORTS AND TERMINALS PACKAGE INSURANCE CONSORTIUM AT LLOYD'S

Cyber-Insurance: Fraud, Waste or Abuse?

Zurich Engineering Business Interruption Insurance. Policy Wording

MASTERCARD TITANIUM CARD UNITED ARAB EMIRATES. EFFECTIVE DATE OF COVER 1 st April 2016 SUMMARY OF COVER. Per aggregate: 2,000

CONFERENCE ON CATASTROPHIC RISKS AND INSURANCE November 2004 TERRORISM INSURANCE : AN OVERVIEW OF THE PRIVATE MARKET.

HOW TO INSURE CYBER RISKS? Oulu Industry Summit

1937 Waterborne Agreement precluded Lloyd s underwriters from insuring land-based war risks.

Vaco Cyber Security Panel

Specified Items in Transit Insurance. Product Disclosure Statement

GENERAL EXCEPTIONS, CONDITIONS AND PROVISIONS

HIPAA SECURITY RISK ANALYSIS

SECURITY INCIDENT RESPONSE PEACE OF MIND IN A CHANGING WORLD

Hole In One Policy Wording

CYBER CRIME: THE ACHILLES HEEL OF THE BUSINESS WORLD

CYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP

Whitepaper: Cyber Liability Insurance Overview

Liberty International Underwriters. Excess Liability Policy

A Practical Framework for Assessing Emerging Risks

DEBUNKING MYTHS FOR CYBER INSURANCE

Commercial Insurance General exceptions, conditions and provisions

Cyber Risk: A Survivors. Guide for Title Goes Here

Life insurance. Policy wording

Catastrophic Health Insurance

CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING

Product liability and related coverage through insurance

NBCR terrorism issues OECD December 5, 2012 F. VILNET

HEALTHCARE INDUSTRY SESSION CYBER IND 011

SECTION GENERAL EXCEPTIONS, CONDITIONS and PROVISIONS

Healthcare Data Breaches: Handle with Care.

A GUIDE TO CYBER RISKS COVER

Circular Ref: 3/13 FEBRUARY 2013

A FRAMEWORK FOR MANAGING CYBER RISK APRIL 2015

Warranted not to abandon in case of capture, seizure or detention, until after condemnation of the property insured.

OECD PROJECT ON CYBER RISK INSURANCE

Cyber Insurance I don t think it means what you think it means

Cyber Risk Mitigation

Cyber Incident Response When You Didn t Have a Plan

Statutory Liability Policy

a) Employers Liability Insurance Policy Wording

Capital Disability and Impairment Benefit LIFE INVESTMENTS HEALTH CORPORATE PROPERTIES ADVICE

ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them

Chubb Global Markets. Our portfolio

Does it pay to be cyber-insured

ENTERPRISE RISK MANAGEMENT (ERM) The Conceptual Framework

Overview The risk of terrorism, lone wolf style events, sabotage, war and political instability continues to grow across the globe.

South China Insurance Ship Operator Excess Chassis Liability Clause. Applying to EXCESS PROTECTION AND INDEMNITY

An Overview of Cyber Insurance at AIG

Mandatory Club Clauses 2018

Cyber Security & Insurance Solution Karachi, Pakistan

Pluvius Policy Wording

Professional insurance portfolio Policy wording

Period of Insurance: From: per Risk note issued by Equity Insurance Agency)

Transcription:

Terrorism and Cyber the fast changing landscape it is not just about privacy anymore

www.miller-insurance.com Terrorism - conventional exposures and responses Miller Insurance Services LLP is authorised and regulated by the Financial Conduct Authority

www.miller-insurance.com 2

www.miller-insurance.com Physical loss or damage caused by Terrorism is nothing new In South Africa the internal civil strife and external conflicts spilling over international and Homeland borders led to the creation of SASRIA a South African government backed programme. - The private market supports and complements

www.miller-insurance.com Private Market offers multiple complementary options: - Physical Damage - Business Interruption - Contingent Business Interruption - Ingress/Egress - Liabilities - Captive Wraps - International - Other tailored and integrated coverages (see later slides) - Capacity available: USD billions per location/event

www.miller-insurance.com ARNDALE CENTRE, MANCHESTER, UK Total economic damage in excess of USD 1.5 billion 5

www.miller-insurance.com UK has experienced a series of terrorist attacks Response Pool Re a government backed programme. - The private market supports, complements and competes with the programme.

www.miller-insurance.com BALI 7

www.miller-insurance.com Attacks targeting the tourist sector by causing loss of life among international tourists Tourists visiting dropped by 60% Culturally difficult for government to introduce a Terror programme

www.miller-insurance.com 9

www.miller-insurance.com US government introduces TRIA - Private market complements and competes with the programme

www.miller-insurance.com 11

www.miller-insurance.com The changing terrorism landscape- differing responses Paris Charlie Hebdo Massacre - Al Qaida claim responsibility Deemed to be an act of terrorism by GAREAT (French government programme) Sydney Hostage Siege - ISIL sympathiser. Declared to be a terrorist act for insurance purposes by Australian treasurer Boston Marathon (not declared a TRIA qualifying event) 12

www.miller-insurance.com 13

www.miller-insurance.com Words Matter- Devil is in the detail 1990/91 Desert Shield became Desert Storm Acts by Iraqi secret agents war or terror? 2011 Egypt riots on a street escalates to Insurrection President George W. Bush declared War President Obama softened his language around cyber attacks from overseas War or not?

www.miller-insurance.com Definitions Terrorism - The unofficial or unauthorized use of violence and intimidation in the pursuit of political aims Terror - The use of extreme fear to intimidate people: weapons of terror A new type of terrorism is evolving. 15

Evolving Cyber Threats: A Framework, A Methodology, and Insurance

Core Points Cyber Threats Evolving Faster Than Controls Public Cybersecurity Frameworks Alone are not Enough Current Methodologies That Provide Underwriters Needed Data are Sparse

The Life Insurance Comparison

Considerations How do you assess risk to address ALL the ways cyber attacks are being planned and executed? Invest in people, technology, and process? People: Insider Threat Technology: Data Security, Mobility, Physical Security Process: Internal Business Operations, 3 rd Parties Align security with the business? Assessment that is rooted in industry standards Prioritize and balance capability with security (ROI) Build in and Share? Actionable threat intelligence Increase maturity of control performance

Our View Holistic multi-domain analyst-driven assessment requiring reasonable time commitment from individual customer POCs 6 Top-level Domains Insider Threat Data Security Physical Security Internal Business Operations External Business Operations Mobility Module Add-ons Address Industry Specific Nuances Critical Infrastructure/SCADA HIPAA PCI/PII Data is collected via combination of analyst driven discussion with key personnel, customer-provided answers and analyst observation.

In Closing Early trends we are seeing Security Investments vs Vulnerabilities vs Breaches Cross-industry comparison Chasing the attacker

Cyber Insurance Discussion

RISK ENVIRONMENT Massive privacy claims catching up to markets in 2014; although exploits have been around for some time Carriers/clients still concerned about this; however, risks is shifting from privacy around PII, PHI, and vandalism, to Extortion Espionage/theft of Intellectual Property Sabotage and full scale business interruption/degradation of bandwidth Intense Reputational harm Property Damage and Bodily Injury 23

PRIVACY LIABILITY & INFORMATION SECURITY INSURANCE MARKET OVERVIEW Retail and Hospitality: The cyber market is experiencing an intense hardening, primarily in the retail / hospitality space. The rise in frequency and severity of data breaches continues at an alarming pace. There has been, on average, one breach in each of the last 11 months with claim payments exceeding $10mm (many over $50mm) with many more where there has been some carrier payout Approximately $200mm for total market capacity (US, London, Bermuda) for all coverage grants, excess of sizable retentions Non-Retail Insurance: Up to $400mm - $500mm in capacity for both first and third party insuring agreements, excess of sizeable retention (loss experience on privacy claims bleeding over in terms of retention, but capacity still there)

SAMPLE CYBER EXCLUSIONS & LIMITATIONSknow what you are buying CL 380 Exclusion (appearing on property, casualty, and terrorism policies at Lloyds in particular; mostly limited to Oil & Gas thus far) in no case shall this insurance cover loss damage liability or expense directly or indirectly caused by or contributed to by or arising from the use or operation, as a means for inflicting harm, of any computer, computer system, computer software program, malicious code, computer virus or any other electronic system. Cyber terrorism limitation (on some cyber policies) does not include any such activities which are part of or in support of any military action, war or warlike operation. War exclusion excludes Any Act of Terrorism, strike or similar labor action, war, invasion, act of foreign enemy, hostilities, or warlike operations (whether declared or not). 25

IMPORTANT CARVE BACKS to shoot for... (Sample language) Cyber Terrorism - an act or series of acts of any person or group(s) of persons, whether acting alone or on behalf of or in connection with any organisations(s), committed for political, religious or ideological purposes including but not limited to the intention to influence any government and/or to put the public in fear for such purposes by using activities perpetrated electronically or otherwise that are directed towards the destruction, disruption or subversion of communication and information systems, infrastructure, computers, the internet, telecommunications or electronic networks and/or its content thereof or sabotage and/or threat therefrom.

OVERSIGHT AND REGULATION Focus on Critical Infrastructure DHS oversight and authority has grown substantially Focus on information sharing and real-time threat analysis Concerns over privacy and financial/reputational repercussions DHS has insurance industry working group on cyber-security HHS, state AGs, FTC, SEC, others. 27

INDUSTRY FACING SIGNIFICANT CHALLENGES Policies untested regarding terrorism Cyber-terrorism, cyber warfare, state-sponsored, declared vs. undeclared? War/Terrorism exclusions in reinsurance treaties Tacking on non-privacy risk to already pained market; challenges in valuing true business interruption loss Aggregation issues could have a big impact: forcing major carriers and Lloyds syndicates to look at P&C, D&O, Crime, and K&R policies where there is potential overlap and either exclude cyber or charge appropriate premium for the risk forcing underwriters who don t understand cyber to price the risk and claims adjusters who don t understand cyber to adjust complicated cyber-related claims 28

INDUSTRY FACING SIGNIFICANT CHALLENGES Game changers? Target - Potentially paves the way for Card Issuers to go directly to merchants for reissuance expenses Anthem - Anthem agreed to deal with HIPAA/HHS around breach notice/response issues on behalf of all insureds; however, may be state regulations that trump HIPAA federal statute for plan sponsor; additional fiduciary responsibilities under ERISA may push companies to want to get in front of Anthem s response time; as a result hundreds of cyber policies have been put on notice 2014 German steel mill attack- Only the second time where cyber attack was confirmed to have caused physical damage to infrastructure 29

John Eltham D. +44-20-7031-2689 C. +44-773-300-1307 John.eltham@miller-insurance.com Mary Guzman D. 404-497-7535 C. 404-290-8155 mguzman@mcgriff.com Mark Lopes D. 202-629-1960 x330 mlopes@tscadvantage.com 30

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback