Allianz Global Corporate & Specialty Cyber Liability Launch Event Moscow AGCS November 2016
Cyber Insurance market Stand Alone Business USA USA Started in the early to mid 1990 s 50 Started + carriers in the early to mid 1990 s Over 50 + $750m carriers capacity available Reasonably Capacities well of 1bn developed available market but Reasonably penetration well still developed relatively low More market than but $2.5 penetration bln premium still income, relatively double low digit growth rate Europe Only picked up from around 2010 30 + carriers Over $750m capacity available Market immature recent changes in legislation will spur growth. Between $250m and $500m, income, double digit growth rate
Typical Cyber Threats
Significant Data Breaches Data breaches are increasingly common and affect all industries in all geographies, the main causes are; Hackers Accidental leakage Malicious Insiders All of which are made easier by poorly designed and/or maintained information security management systems (ISMS). This website gives a good idea of the scale of the problem: http://www.informationisbeautiful.net/visualizatio ns/worlds-biggest-data-breaches-hacks/
Risk management A well designed and implemented information security management system (ISMS) can mitigate many of the risks, however it can never guarantee immunity from hacking, as such encryption will become more important as it may render data valueless. 80% of attacks can be prevented by good risk management Source: CESG: The information security arm of GCHQ
Legislative Landscape GDPR provides for to up to 5% of global turnover as a fine A raft of Federal legislation including HIPAA (Health Insurance Portability and Accountability Act) COPPA (Children s Online Privacy Protection Act) GLBA (Gramm Leach Bliley Act) FCRA (Fair Credit Reporting Act) etc. Nearly all States have specific data protection law in addition to Federal law which creates strict liability for data loss, and has mandatory notification provisions and provides for significant regulatory powers. Main piece of legislation is the General Data Protection Regulation which comes fully into force in May 2018. It applies to data controllers and processors and has many stringent provisions including mandatory notification of regulators and all data subjects (with certain caveats) GDPR; up to 4% of global turnover as a fine!
The Allianz Solution Third party liability First party liability Regulatory Privacy Breach Data Breach of confidential client information Network security liability Media Liability Notification costs and other response costs PCI fines Business Interruption (BI) loss Restoration Costs Consultants costs (to quantify loss) Hacker Theft Cover Cyber extortion Crisis Communication Defence Costs for regulatory proceedings Fines & penalties as the result of a prosecution by the regulator
The Allianz Solution State of the art comprehensive cover. Tailor made coverage solutions for more complex risks. E100m capacity per risk can be deployed Global coverage and expanding local solutions Comprehensive panel of IT forensic, Legal and Notification partners Detailed risk dialogues can be conducted via Allianz Risk Consulting (ARC) engineers
Nigel Pearson Global Head of Fidelity nigel.pearson@allianz.com +44 (0)203 451 3259
Thank you
Back up slides
Typical Cyber Risks & Insurance Solutions Risks Data loss Business Interruption Property damage Extortion Theft Identity theft Reputational damage IPR loss of trade secrets and confidential information Regulatory actions and associated fines and penalties (inc. PCI fines) Cyber Insurance Solutions Y Cyber (& maybe E&O) Y Cyber (non physical damage BI) N cover in property policy? Y Cyber (& KR&E) Y Cyber (& Commercial Crime) Y Cyber (& IDT policy) Y Cyber limited cover (& Reputational policy) Y Cyber limited cover (E&O & IPR policy) Y Cyber(potentially E&O)
Typical Cyber Risks & Insurance Solutions Risks Breach of contract (E&O) Product recall Terrorism Notification costs and other response costs Forensic IT costs Media liability Network security liability D&O liability Cyber Insurance Solutions N (E&O policy) (Cyber partially) N (PL policy) Y (not physical damage though) Y (may also be covered in a E&O policy) Y (may also be covered in a E&O policy) Y (E&Opotentially & Media liability policy) Y (E&O potentially) N (maybe under D&O)