First-Party Property Cyber Coverage
Introduction Cyber is Board of Directors level concern #1 issue for commercial insurance industry Everyone on steep learning curve
Objective and Agenda Understand differences between first party property cyber and third party cyber coverage - Walk through our findings - Discuss first party property cyber coverage s - Risk manager considerations
Cyber Risk Market Research Market maturity curve Current state of cyber insurance market Introductory Growth Maturity Decline
Cyber Risk Market Research Insurance purchases highly dependent on industry Industries with large amounts of personal and financial info purchase insurance at higher frequency Lack of confidence in products offered % of companies purchasing cyber insurance
Overview What is a cyber attack What is covered What is not covered Coverage differentiators
What Is a Cyber Attack Two Broad Categories 1. Introduction of malware (malicious code) a. Virus, spyware, Trojan horses b. Targeted hacking activity 2. Denial-of-Service Attacks
What Is Covered 1. Physical loss or damage to data a. Destruction, distortion or corruption of data, including from a malware event b. Resulting damage to property other than data on an all-risk basis 2. Time element loss resulting from denial-of-service attacks 3. Property damage and time element loss due to cloud or data services interruption
Malware Coverage
Loss or Damage to Data Data, Programs or Software coverage Data is covered property Restoration includes research and engineering Temporary costs to defend against a cyber attack Covered anywhere in policy s territory
Loss or Damage to Data Insured Location Damage to data Covered Resulting damage to other property Covered Cost to repair, replace or restore the data Covered
Loss or Damage to Data Customer or Supplier CTEE Utility - SI Insured Location Service Interruption (SI) loss Covered Third Party Contingent Time Element Extended (CTEE) loss Covered
Loss or Damage to Data Insured Location Data Center Damage to data is covered anywhere in Policy territory Covered
Loss or Damage to Data When data is damaged by malware 48-hour waiting period/time qualifier Monetary deductible
Loss or Damage to Data Loss Example Hacker infiltration over a period of months Wiper malware introduced Data deleted and overwritten Backups destroyed Network down for months
Loss or Damage to Data Typical data loss costs Identify and remediate malware Temporary Repairs to prevent further damage Repair of Data, Programs or Software Expedite permanent repair/replacement of DPS
Loss or Damage to Data Typical data loss costs Temporarily protect/preserve DPS against immediately impending threat Enhancement of security system and hardware
Resulting Damage
Resulting Damage Covered under the base form All-risk coverage under the Insuring Agreement Applies to property other than data Not sublimited to Data, Programs or Software limit Example: attacks on industrial control systems
Resulting Damage Examples: 2014: German Steel Mill 2010: Iranian Uranium Enrichment Plant (the Stuxnet worm)
Resulting Damage The Stuxnet Worm
Denial-of-Service Coverage
Denial-of-Service Coverage Computer Systems Non-Physical Damage coverage TE loss due to failure of system to operate No physical loss or damage required Temporary costs to defend against a cyber attack Trigger: Malicious act directed at Named Insured Insured s electronic data processing equipment or media
Denial-of-Service coverage 48-hour waiting period/time qualifier Monetary deductible
Denial-of-Service Attacks Everyday computers infected Synchronized army of attackers Traffic surge at target website
Denial-of-Service Attacks HACKER REFLECTOR REFLECTOR REFLECTOR REFLECTOR REFLECTOR REFLECTOR REFLECTOR REFLECTOR TARGET
Denial-of-Service Attacks Loss example Severe spike in internet traffic to company websites Overwhelmed network and data center Inaccessible internet services and mobile applications Attack lasted 20 hours
Cloud Coverage
Interruption of Cloud/Data Services Off Premises Data Services coverage Property Damage and Time Element loss Accidental event trigger Coverage applies worldwide Interruption of satellite services included
Interruption of Cloud/Data Services 24-hour waiting period/time qualifier Monetary deductible
Cyber attack Insured Location Property damage Covered Actual loss sustained and Extra Expense Covered Cloud Provider Coverage applies worldwide, including satellites
What s Not Covered
What s Not Covered Third-party liability Compromised data/personal information Consumer notification costs Copying and publishing of proprietary data Media liability Cyber extortion expenses
How does this coverage dovetail with standalone cyber?
If data, programs or software is Property Liability Corrupted Erased Altered/distorted Destroyed Stolen Copied Locked/encrypted where is it covered?
Other possible consequences Property Liability Resulting damage Breach expenses Business interruption Damaged reputation Legal damages Regulatory fines
Risk Manager Considerations Lots of confusion about cyber risk and coverage Clients don t know what they currently have Everyone wants in Increased client requests for risk assessment help Understand what you currently have Determine what you would like to have Treat like property/casualty Look for the broadest coverage in each area
Francis M. Desousa Operations Vice President Senior Business Development Executive 25050 Country Club Blvd. Suite 400 North Olmsted, OH 44070 T: 216-898-4430 C: 703-926-2598 F: 216-362-4825 E: francis.desousa@fmglobal.com