Cyberinsurance: Necessary, Expensive and Confusing as Hell. Presenters: Sharon Nelson and Judy Selby

Similar documents
PRIVACY AND CYBER SECURITY

Surprisingly, only 40 percent of small and medium-sized enterprises (SMEs) believe their

Cyber-Insurance: Fraud, Waste or Abuse?

The Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage

STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH

Protecting Against the High Cost of Cyberfraud

You ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017

ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them

Cybersecurity Privacy and Network Security and Risk Mitigation

CYBER AND INFORMATION SECURITY COVERAGE APPLICATION

Evaluating Your Company s Data Protection & Recovery Plan

Cyber Risks & Insurance

Cyber & Privacy Liability and Technology E&0

Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do

APPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London

Te c h n o l o g y T r e n d s a n d I s s u e s

Cyber Risk Proposal Form

CYBERINSURANCE TRENDS AND DEVELOPMENTS

Cyber Insurance 2017:

DEBUNKING MYTHS FOR CYBER INSURANCE

Your defence toolkit. How to combat the cyber threat

A GUIDE TO CYBER RISKS COVER

Does the Applicant provide data processing, storage or hosting services to third parties? Yes No

Trends, Vendor Management, and Practical Tips For In House Counsel. ACC National Capital Region October 16, 2018

Cyber ERM Proposal Form

Electronic Commerce and Cyber Risk

Claims Made Basis. Underwritten by Underwriters at Lloyd s, London

JAMES GRAY SPECIAL GUEST 6/7/2017. Underwriter, London UK Specialty Treaty Beazley Group

CYBER LIABILITY INSURANCE: CLAIMS ISSUES AND TRENDS THAT AUDITORS NEED TO KNOW

Sara Robben, Statistical Advisor National Association of Insurance Commissioners

Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity

Small business, big risk: Lack of cyber insurance is a serious threat

DATA COMPROMISE COVERAGE FORM

Cyber Security Liability:

Summary of Form Changes e-md /MEDEFENSE Plus Insurance Policy (from version P1818CE-0115 to P1818CE-0716)

FM Global. First-Party Property Cyber Coverage

CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY

Cyber Security & Insurance Solution Karachi, Pakistan

Insuring your online world, even when you re offline. Masterpiece Cyber Protection

Aon Cyber Risk and Directors & Officers Forum CRM011

The Risk-based Approach to Data Breach Response Meeting mounting expectations for effective, relevant solutions

Vaco Cyber Security Panel

Cyber Liability State of the Insurance Market & Risk Update Sept 8, ISACA North Texas

HOW TO INSURE CYBER RISKS? Oulu Industry Summit

Determining Whether You Are a Business Associate

Port Jefferson Union Free School District. Annual Risk Assessment Update Pertaining to the Internal Controls Of District Operations.

Cyber Security Insurance Proposal Form

Cyber Incident Response When You Didn t Have a Plan

Cyber Enhancement Endorsement

Cyber Risks & Cyber Insurance

NZI LIABILITY CYBER. Are you protected?

Cyber Liability & Data Breach Insurance Nikos Georgopoulos Oracle Security Executives Breakfast 23 April Cyber Risks Advisor

Will the Real Cyber Solution Please Stand Up?

Cyber Liability Insurance. Data Security, Privacy and Multimedia Protection

PAI Secure Program Guide

CyberRisk: What we know and what we don't know

When The Wind Blows: Renewable Energy Risk Management Strategies

RIMS Cyber Presentation

CYBER LIABILITY REINSURANCE SOLUTIONS

Trends in Cyber-Insurance Coverage to Meet Insureds Needs

DATA COMPROMISE COVERAGE RESPONSE EXPENSES AND DEFENSE AND LIABILITY

Cyber Risk Mitigation

ARE YOU HIP WITH HIPAA?

HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA

Cyber Insurance I don t think it means what you think it means

CYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP

Cyber Risk & Insurance

Whitepaper: Cyber Liability Insurance Overview

This article has been published in PLI Current: The Journal of PLI Press, Vol. 2, No. 2, Spring 2018 ( 2018 Practising Law Institute),

Critical Issues in Cybersecurity:

We re Under Cyberattack Now What?! John Mullen, Partner/Co-founder, Mullen Coughlin Jason Bucher, Senior Underwriting Manager, Schinnerer Cyber

An Overview of Cyber Insurance at AIG

Ball State University

MEDIATECH INSURANCE APPLICATION THIS APPLICATION IS FOR A CLAIMS MADE POLICY PLEASE INDICATE WHICH COVERAGES ARE REQUIRED Technology and Professional

Cyber breaches: are you prepared?

Data Breach Financial Protection Program Terms and Conditions

Healthcare Data Breaches: Handle with Care.

Privacy and Data Breach Protection Modular application form

APPLICATION FOR DATA BREACH AND PRIVACY LIABILITY, DATA BREACH LOSS TO INSURED AND ELECTRONIC MEDIA LIABILITY INSURANCE

Electronic Banking Service Agreement and Disclosure

Personal Information Protection Act Breach Reporting Guide

Cyber, Data Risk and Media Insurance Application form

Cyber Liability A New Must Have Coverage for Your Soccer Organization

Invas ion of Privacy, Hacking and Intellectual Property Claims : Are You Covered?

STEPPING INTO THE BREACH A GUIDE TO CYBER AND DATA INSURANCE

AXIS PRO PRIVASURE INSURA

Cyber Liability Launch Event Moscow

503 SURVIVING A HIPAA BREACH INVESTIGATION

Solving Cyber Risk. Security Metrics and Insurance. Jason Christopher March 2017

Slide 1. Slide 2. Slide 3. Identity Theft Coverage. Today s Agenda. What is Identity Theft? What is Identity Theft?

Cyber Risk Management

Chubb Cyber Enterprise Risk Management

Cyber Liability & Data Breach Insurance Claims

Technology E&O, Cyber and Privacy Insurance

2017 Cyber Security and Data Privacy Study

RISK FACTORS (INVESTORS) (Last updated June 27, 2017)

CYBER INSURANCE GUIDE

CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING

HEALTHCARE INDUSTRY SESSION CYBER IND 011

MANAGING DATA BREACH

Transcription:

Cyberinsurance: Necessary, Expensive and Confusing as Hell Presenters: Sharon Nelson and Judy Selby

Setting the stage 2018 report from PwC one-third of US businesses have some form of cyberinsurance PwC Police premiums to reach $7.5 billion by 2020 More than 60 insurance companies offering cyberinsurance 22% of solos and small firms reported having suffered a data breach. Over 1/3 of large law firms have been breached ABA 2017 TECHREPORT SEC Half of small business that are breached go out of business in 6 months

Setting the stage Insurance company Beazley fraudulent instruction incidents quadrupled in 2017 average loss $352,000 Top 3 affected sectors professional services (22%), financial services (21%) and retail (12%) Marsh survey 2017 only 19% highly confident in entity s response to a cyber incident Only 30% had an incident response plan

Necessary To manage enormous risk Technology is not a silver bullet Employees are a major risk Clicking on links/attachments Losing devices/having them stolen And much, much more... Training cuts risk, but doesn t eliminate it

Expensive Pricing all over the map $10,000 plus is normal for small firms 35% growth in cybersecurity industry 2016 Allied Market Research global market will reach $14 billion by 2022

Confusing as hell What does your current (non-cyber) policy cover? Cyber coverage is all over the map 2017 Deloitte report not enough data for reliable predictive models

Confusing as hell No apples to apples comparison Referrals from colleagues? Not so much... Applications are often 20 or more pages 2017 RAND Corp. study - only 13% of cyberinsurance policies cover cyberattacks which are considered an act of terrorism or war

Tim Francis, Vice President and Enterprises Lead for cyberinsurance at Travelers There s so much new coverage out there that hasn t been tested... One day there will be certain claims and we ll figure [out] if the words we used to convey coverage actually say what we thought they meant, which is often up to a lot of lawyers.

The 2011 Sony PlayStation network breach Cost an estimated $170 million Sony thought its general liability policy would cover Court ruled against Sony Case settled while on appeal

2013 Target breach Approximately $300 million in costs Hefty percentage of costs paid under cyberinsurance policy

First Party Coverages Privacy Breach Response Legal Forensic Notification Credit Monitoring

First Party Coverages Business Interruption Contingent Business Interruption Data Restoration Extortion Social Engineering Telecommunications Fraud

Third Party Coverages Privacy and Network Liability Media Liability Regulatory Liability PCI-DDS Fines Payment card Issuer Liability

Market Challenges No Standard Forms Tremendous Variation Among Available Policies Frequent Updating of Forms by Insurers Varying Degrees of Knowledge Among Brokers Appropriate Fit with Entire Insurance Program

Potential Pitfalls Application Responses Prior Consent Requirements Panel Firm Requirements Notice Conditions Other Insurance Condition Liability Assumed Under Contract

The 10 most common costs that people mistakenly believe are automatically covered Losses incurred during a policy "waiting time" Third-party mistakes New hardware Software upgrades Social engineering, including business e-mail compromise (BEC) attacks Bodily injury/property damage Fines and penalties issued by the Payment Card industry Reputation damage Financial loss during downtime Loss from account takeover schemes

A new challenge: GDPR coverage General Data Protection Regulation May 25, 2018 Data breach liability Data practices liability collection, storage and usage of protected data Fine and penalties up to 20 million Euros or 4% of the total worldwide annual turnover of the preceding financial year

What insurance companies may want to know Had a 3 rd party audit? Produce E-mail encrypted when warranted? Full disk encryption? How is your backup engineered?

What insurance companies may want to know Cybersecurity training? Mandatory? How often? Phishing tests? What security policies do you have? Penetration testing? Results?

What insurance companies may want to know Security software and hardware? Antimalware, data loss prevention, incident detection, etc. Had a data breach? Full details Physical security Compliance with national/international security standards? NIST cybersecurity framework, ISO 27001 Compliance with GDPR?

What insurance companies may want to know Mobile device security? BYOD allowed? Mobile device management in place? Ever made an insurance claim involving cybersecurity? Any other insurer canceled your cybersecurity policy or refused to renew your policy?

What insurance companies may want to know Vendor management Out-processing employees security steps Background check on new employees Aware of facts giving rise to possible claim at time of application?

What insurance companies may want to know Annual cybersecurity budget? Practices regarding passwords, access control, patching, upgrading outdated software What kind of data do you hold? PII, health data, financial data, etc. Assets, revenues, number of employees, proposed merger or acquisitions? Logging enabled? Retention period for log files?

What you should be asking an insurer Are the terms of the policy negotiable? Is the coverage retroactive? How far back if so? How much coverage do you need, given size, data held, etc.? Does the policy cover regulatory fines?

What you should be asking an insurer Discount if you have a 3 rd party audit and remediate any critical vulnerabilities? Other discounts? Are you covered if a vendor holding your data is breached? What actions (or inactions) of yours might void coverage? Misrepresentations on application

Cyberrisks in the courts A number of cases, insurers winning much of the time 2017:Moses Afonso Ryan 10-lawyer R.I. firm struck by ransomware Sued in federal court for $700,000 in lost billing Crippled for 3 months, paid over $25,000 Insurer Sentinel paid $20,000 (the limit) for certain computer-related losses, law firm argued that Business Income coverage required it to pay actual losses over a 12-month period

Cyberrisks in the courts Medidata Solutions wired $4.8 million after receiving e-mail from its president (not) who introduced her to an attorney (not) in an acquisition July 2017 District Judge held that e-mail spoofing constituted fraudulent entry of data, triggering protection under the computer fraud provision Also covered under the funds transfer fraud policy Appeal pending in 2 nd Circuit 2018 The Year of the Phish

Insuring companies shaming We don t insure stupid Cottage Health Systems Medical data exposed on Internet Columbia Casualty Cottage failed to follow minimum required practices spelled out in the policy Stored data unencrypted on a system accessible on the Internet The first of many sins....

Cyberinsurance companies (some of the leaders) Liberty Mutual Beazley Insurance Co. Chubb Ltd. Travelers Hiscox CNA AIG

Apple, Cisco team up with insurance companies to offer cyber policy discounts February 5, 2018 - teaming with insurer Allianz SE Primarily for businesses using their equipment, which is regarded, at least by them, as more secure Requires cybersecurity evaluation by Aon, a risk management firm

Walk carefully it s dangerous out there!

YOU play the most important part in keeping TECHSHOW exciting. Please complete the Speaker evaluation before you leave. Reserve the dates! TECHSHOW 2019: February 27 March 2, 2019

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback