Managing E-Commerce Risks

Similar documents
Cyber Liability: New Exposures

Cyber Liability A New Must Have Coverage for Your Soccer Organization

Cyber Liability Insurance. Data Security, Privacy and Multimedia Protection

NZI LIABILITY CYBER. Are you protected?

Privacy and Data Breach Protection Modular application form

Cyber, Data Risk and Media Insurance Application form

Cyber & Privacy Liability and Technology E&0

Cyber Risk Insurance. Frequently Asked Questions

West Marine Products Inc. $250 West Marine Gift Card Sweepstakes Official Rules


A GUIDE TO CYBER RISKS COVER

INFORMATION AND CYBER SECURITY POLICY V1.1

Cyber Risks & Insurance

Cyber Enhancement Endorsement

Property business interruption Policy wording

Cyber Security Liability:

ProtoType 2.0 Manufacturing E&O with CyberInfusion

THE HARTFORD CYBERCHOICE 2.09 SM

Cyber Risk Proposal Form

Property business interruption (technology) Policy wording

CYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP

Philips Lumify Service Subscription Agreement

Cyber-Insurance: Fraud, Waste or Abuse?

Combined Liability Insurance for Financial Technology Companies Proposal Form

ACCOUNT OPENING AGREEMENT ONLINE TRADING

MAGNOLIA CREATIVE DEPARTMENT PRESENTS: A DIFFERENT KIND OF JOB FAIR Terms and Conditions

LIABILITY INTERRUPTION OF ACTIVITIES CYBER CRIMINALITY OWN DAMAGE AND COSTS OPTION: LEGAL ASSISTANCE

You ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017

Professional Indemnity and Cyber Insurance for Technology Companies Summary of cover

Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity

Cyber Risk Mitigation

CYBER AND INFORMATION SECURITY COVERAGE APPLICATION

At the Heart of Cyber Risk Mitigation

Snap Schedule 365 Subscription Agreement

Cyber Insurance for Lawyers

APPLICATION FOR DATA BREACH AND PRIVACY LIABILITY, DATA BREACH LOSS TO INSURED AND ELECTRONIC MEDIA LIABILITY INSURANCE

ACORD 834 (2014/12) - Cyber and Privacy Coverage Section

Property business interruption (charity and not for profit) Policy wording

australia Canada ireland israel united kingdom United states Rest of world cfcunderwriting.com

Professional indemnity for chartered accountants Policy wording

Cyber Liability Insurance for Sports Organizations

Computer Cyber Insurance

Add our expertise to yours Protection from the consequences of cyber risks

Terms & Conditions of Use

Cyber Exposures: The Importance of Risk Identification and Transfer. Presented By: Joe Weipert

IBM Agreement for Services Acquired from an IBM Business Partner

School District of Palm Beach County

PRIVATE CHOICE PREMIER SM POLICY FOR COMMUNITY BANKS

The Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage

Tech and Cyber Claims Services

A Review of Actual Fraud Cases in 2017 FRAUD REVIEW

Insuring your online world, even when you re offline. Masterpiece Cyber Protection

TERMS AND CONDITIONS OF SERVICE 1. DEFINITIONS: Affiliate means any entity which directly or indirectly owns or controls, is controlled by, or is

JAMES GRAY SPECIAL GUEST 6/7/2017. Underwriter, London UK Specialty Treaty Beazley Group

This Agreement contains the general terms, conditions and service descriptions governing each City National Bank Treasury Management Service (a

Federal Reserve Banks Operating Circular No. 5 ELECTRONIC ACCESS

Chubb Cyber Enterprise Risk Management

THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY.

Schedule A THE MAZDA DESIGNED TO DRIVE CONTEST RULES

Cyber Risk Management

Policy Wording. CyberEdge. Table of Contents

Mears Terms and Conditions of Use Agreement. Agreement Between Customer and Mears. Use of the Website. Prohibitions on Misuse

Personal Online User Agreement

Form #CYBER-100 (Rev. Nov 6, 2017) Cyber Liability Claims Made and Reported

PROFESSIONAL INDEMNITY + BROADFORM LIABILITY INSURANCE POLICY

AXIS PRO TechNet Solutions TM Application

THE KITCHENAID HOME TO WIN CONTEST OF THE WEEK RULES

ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them

HOW TO INSURE CYBER RISKS? Oulu Industry Summit

Private Investment Fund Liability Insurance Management and Professional Liability Coverage Part

THE CANADIAN TIRE CONTEST CELEBRATING THE RELEASE OF DISNEY/PIXAR S CARS 3 CONTEST RULES

SPRINT CLOUDCOMPUTE INFRASTRUCTURE SERVICES PRODUCT ANNEX

Cyber breaches: are you prepared?

TERMS OF USE AGREEMENT

Jay Honda FREE Car Payments Sweepstakes. Official Rules

ACS SCHOOLS POLICY WORDING

IDENTITY THEFT COVERAGE ON INSURANCE POLICIES SPONSORED BY

Cyber Insurance Policy

B-LIGHTERS TERMS OF SERVICE

TERMS OF USE. Unless otherwise noted, all tickets, goods, and services sold on the TicketBiscuit platform adhere to a NO REFUNDS, NO EXCHANGES policy.

Safeguarding Your Organization: Understanding Soccer Insurance Coverages. Presented by:

RISK FACTOR ACKNOWLEDGEMENT AGREEMENT

participate in the Program after such modification, you are hereby deemed to have agreed to such modification.

Colorado Courts E-Filing User Agreement - Terms and Conditions of Use Last Updated: 11/1/2017

CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING

U.S. Eagle Federal Credit Union Mobile Banking Agreement

WIN A BOLD NEW FASHION WARDROBE BROUGHT TO YOU BY SPARKLING ICE CONTEST RULES

Your defence toolkit. How to combat the cyber threat

GOTTA LOVE HAWAII CONTEST RULES

Terms and Conditions Cyber Enterprise Risk Management Insurance

APPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London

Schedule A STONELEIGH-RENO CONTEST RULES

MARSHALLS GET THE LOOK CONTEST RULES

Hosting Hosting Terms of Service Author: Date:

Solving Business Challenges with Technology

SAUCIEST FOOTBALL PARTY OF THE YEAR WITH FRANK S REDHOT SAUCE RULES

The Red Dot 21 design portal General Terms and Conditions for manufacturers, designers, design studios and publishers

Evanston Insurance Company Markel American Insurance Company Markel Insurance Company

PROFESSIONAL AND TECHNOLOGY BASED SERVICES, TECHNOLOGY PRODUCTS, COMPUTER NETWORK SECURITY, AND MULTIMEDIA AND ADVERTISING LIABILITY INSURANCE POLICY

MEDIATECH INSURANCE APPLICATION THIS APPLICATION IS FOR A CLAIMS MADE POLICY PLEASE INDICATE WHICH COVERAGES ARE REQUIRED Technology and Professional

Transcription:

Managing E-Commerce Risks, Chartered Insurer ACII (UK), CPCU (USA), ARe (USA), ARM (USA), FIII (India). MBA Email: manoj@einsuranceprofessional.com

E-Commerce and Risk Management E-Commerce is the delivery of information, products, services or payments via telephone lines, computer networks or any other electronic means. Types of risks Business Risk & Accidental Risk (Accidental loss & Business loss) Risk Management is the process of making and implementing decisions that will minimize the adverse effects of accidental and business losses on an organization. (kumanoj@hotmail.com) 2

Organization of the Presentation Magnitude of the problem Identification of Risks Case Specifics Some Examples Treatment of the Risk Risk Control Risk Financing Trends Recommendations (kumanoj@hotmail.com) 3

Magnitude of the Problem 600 Million users Absence of a uniform law No credible loss data, undetected for long Love Bug 45 Mio computers, $15 Bio in losses, 20 countries FBI Survey $266 Mio loss due to cyber crime Breach of security in 7 out of 10 systems in US 74% acknowledged financial losses Over $30 Bio is lost per year due to electronic fraud (kumanoj@hotmail.com) 4

Magnitude of the Problem In 1999, about 2 Mio credit card fraud in Europe alone 67% of Fortune 500 companies have been hacked. Average losses between $250,000 to $500,000. Examples include Microsoft, Amazon, ebay, Buy.com, Yahoo, CNN, Etrade E-commerce transactions has grown from $200 Bio in 1999 to $700 Bio in 2000 and is likely to exceed $1 Trio by the close of 2001. (kumanoj@hotmail.com) 5

Risk Identification First Party Risks Property Risks Business Interruption Third Party Risks Legal Liability (kumanoj@hotmail.com) 6

First Party Risks (1) Physical damage to host computer and network equipment theft, destruction, alteration Breaches of security by employees, former employees or contract professionals - easier Hacking by outsiders Destruction of computer network due to viruses, e.g., Melissa, Love Bug, etc. Destruction of credit card and related information leading to lost sales (kumanoj@hotmail.com) 7

First Party Risks (2) DOS / DDOS Distributed Denial of Service Attack CNN, Ebay, Yahoo Lost new E-Commerce customers due to various forms of disruptions - Valuations will be affected Theft of intellectual property, trade secrets and other confidential information stored on computer networks Computer Fraud Extortion CD Universe (kumanoj@hotmail.com) 8

First Party Risks (3) Programming errors Cost of litigating against those who have infringed on company intellectual property Cost to restore damaged Web site / network Cost to repair or upgrade security systems / firewalls after the breach of a security Business Interruption & Loss of Reputation Extra expenses arising out of disruptions to intranets and Extranets (kumanoj@hotmail.com) 9

Third Party Risks (1) Misuse of credit card numbers or credit history information of customers Transmission of computer viruses Infringement of Copyright, trademark & patent Piracy, misappropriation or other intellectual property violations Defamation libel (written) and slander (oral) Advertising injury including false or misleading advertising (kumanoj@hotmail.com) 10

Third Party Risks (2) Legal liability for the content of emails Cyber Squatting - Madonna Meta Tag Abuse Playboy in 1997 Public disclosure of private facts Hacker access to wrongful information e.g., Pair Gain on Bloomberg; and failure to remove this information promptly Defence Costs (kumanoj@hotmail.com) 11

Case Specifics Service Providers - ISPs Hosts, Infrastructure Providers Solution Providers Developers Content Providers Software Tool Providers Advertisers Publishers NY Times Users Website Owners (kumanoj@hotmail.com) 12

Some Examples (1) Defamation Norwich Union reached a Pound 450,000 out-ofcourt settlement with Western Provident Association after Emails suggesting that W.P. was under investigation by DTI were found circulating at NU. (kumanoj@hotmail.com) 13

Some Examples (2) Hacking & Fraud A disgruntled computer hacker took revenge on the creator of an IT security by changing his bank details and making it impossible for him to sell his house to get a mortgage The hacker added 6 default notices of nonpayment and a County Court judgement to the victim s financial records (kumanoj@hotmail.com) 14

Some Examples (3) Viruses (1) An Email virus called Melissa (in March 1999) brought almost 60 major companies in the USA to a halt as well as affecting thousands more throughout world. One victim was the Governor of North Dakota, who sent a list of pornographic sites to confused constituents and party donors (kumanoj@hotmail.com) 15

Some Examples (4) Viruses (2) - April 1999 Allied communications during the Balkan conflict were hit by viruses. The US defence department stated that all base to base email between US marine units world-wide had been silenced by Melissa. NATO's web site was hit by a cyber attack by Papa, Melissa s more pernicious cousin (kumanoj@hotmail.com) 16

Treatment of Risk Risk Control Avoidance Loss Prevention Loss Reduction Segregation or Duplication Contractual Transfer of Risk Risk Financing Retention Transfer of Risk (Contractual Transfer, Insurance) (kumanoj@hotmail.com) 17

Risk Control 1. Copying data onto backup sources 2. Duplication of hardware & software 3. Firewall 4. Virus detection software 5. VPN Virtual Private Networking 6. Access Control & User Identification 7. Physical Security Audits 8. Email Policy Content Security 9. Training & Education (kumanoj@hotmail.com) 18

Risk Financing Contractual Transfer of Risks Cyber Insurance Availability Pricing Non-standard Non-traditional Jurisdiction Security Audit Valuation (kumanoj@hotmail.com) 19

Recent Trends Formation of IT-ISAC in Feb. 2000 (Information Sharing & Analysis Centre) 19 Companies including IBM, Microsoft, Cisco and others Domain Registration Earlier only Network Solutions Inc. Now Internet Corporation for Assigned Names & Numbers - ICANN Uniform Domain Name Dispute Resolution Policy by ICANN WAP & SMS Increased Risks (kumanoj@hotmail.com) 20

Recommendations A top down view driven by high level business security Alignment with organization s overall risk and security policy Security & Risk Management to be seen as people problem, not just a technology issue Identify dangers internally as well as externally Consider unintentional danger as well as malicious and planned attack (kumanoj@hotmail.com) 21

Thank You!

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback