Cyber Risk & Insurance

Similar documents
An Overview of Cyber Insurance at AIG

THE GENERAL DATA PROTECTION REGULATION

DEBUNKING MYTHS FOR CYBER INSURANCE

Solving Cyber Risk. Security Metrics and Insurance. Jason Christopher March 2017

Add our expertise to yours Protection from the consequences of cyber risks

Cyber & Privacy Liability and Technology E&0

Cyber-Insurance: Fraud, Waste or Abuse?

CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY

CYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP

A broker guide to selling cyber insurance. CyberEdge Sales Playbook

Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity

ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them

Cyber a risk on the rise. Digitalization Conference Beirut, 4 May 2017 Fabian Willi, Cyber Risk Reinsurance Specialist

LIABILITY INTERRUPTION OF ACTIVITIES CYBER CRIMINALITY OWN DAMAGE AND COSTS OPTION: LEGAL ASSISTANCE

Cyber Liability A New Must Have Coverage for Your Soccer Organization

Insuring your online world, even when you re offline. Masterpiece Cyber Protection

Tech and Cyber Claims Services

Cyber Security & Insurance Solution Karachi, Pakistan

Commercial Insurance >

Cyber Risks & Insurance

You ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017

Your defence toolkit. How to combat the cyber threat

NZI LIABILITY CYBER. Are you protected?

A FRAMEWORK FOR MANAGING CYBER RISK APRIL 2015

Cyber Insurance for Lawyers

RIMS Cyber Presentation

JAMES GRAY SPECIAL GUEST 6/7/2017. Underwriter, London UK Specialty Treaty Beazley Group

Client Risk Solutions Going beyond insurance. Risk solutions for the Healthcare sector. Start

At the Heart of Cyber Risk Mitigation

Chubb Cyber Enterprise Risk Management

STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH

Cyber Risk. October 2017

Cyber breaches: are you prepared?

Cyber Risks & Cyber Insurance

HEALTHCARE INDUSTRY SESSION CYBER IND 011

A GUIDE TO CYBER RISKS COVER


Cyber Enhancement Endorsement

HOW TO INSURE CYBER RISKS? Oulu Industry Summit

AIG Multinational Insurance. Six considerations for a multinational insurance program.

Cyber Risks A Reinsurer s Perspective on Exposure & Claims. EMEA Claims Conference 2018, Rüschlikon, 6th 7th March, Anthony Cordonnier

Client Risk Solutions Going beyond insurance. Risk solutions for Energy. Oil, Gas and Petrochemical. Start

Cyber Security Liability:

Protecting Against the High Cost of Cyberfraud

CYBER INSURANCE IN IF - with a touch of Casualty - August 18 th 2017 Kristine Birk Wagner

The Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage

Client Risk Solutions Going beyond insurance. Risk solutions for Real Estate. Start

CyberMatics SM FAQs. General Questions

CYBER LIABILITY: TRENDS AND DEVELOPMENTS: WHERE WE ARE AND WHERE WE ARE GOING

Cyber & Network Risk. Products & Services

CYBER INSURANCE. Tel No: E Riley Road, Riley Road Office Park, Bedfordview, Gauteng, 2008

Commercial Insurance >

Conditions Of Use Disclaimer

Beazley Financial Institutions

Cyber Risk Insurance. Frequently Asked Questions

PRIVACY AND CYBER SECURITY

Client Risk Solutions Going beyond insurance. Risk solutions for Retail. Start

Surprisingly, only 40 percent of small and medium-sized enterprises (SMEs) believe their

Client Risk Solutions Going beyond insurance. Overview

MANAGING DATA BREACH

CYBER AND INFORMATION SECURITY COVERAGE APPLICATION

T A B L E of C O N T E N T S

Cyber Risk Management

ConSept: Policy Highlights: Other Coverage Features

Cyber Risk Mitigation

Cybersecurity Privacy and Network Security and Risk Mitigation

CYBER INSURANCE GUIDE

Healthcare Data Breaches: Handle with Care.

Cyber Threats to the Energy Industry

Cyber insurance: The next frontier. Cyber insurance the next frontier

Claims Made Basis. Underwritten by Underwriters at Lloyd s, London

Evaluating Your Company s Data Protection & Recovery Plan

Property Performance Policy Summary of 2017 Coverage Enhancements

Crawford & Company (Canada) Inc. Cyber Loss Management Program

Crawford Cyber Risk Services. A definitive solution for cyber-related events

Untangling the Web of Cyber Risk: An Insurance Perspective

Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data

Summary of Form Changes e-md /MEDEFENSE Plus Insurance Policy (from version P1818CE-0115 to P1818CE-0716)

IS YOUR CYBER LIABILITY INSURANCE ANY GOOD? A GUIDE FOR BANKS TO EVALUATE THEIR CYBER LIABILITY INSURANCE COVERAGE

Client Risk Solutions Going beyond insurance. Risk solutions for Financial Institutions. Start

Cyberinsurance: Necessary, Expensive and Confusing as Hell. Presenters: Sharon Nelson and Judy Selby

2015 Latin America Cyber Impact Report

2015 EMEA Cyber Impact Report

Crawford & Company (Canada) Inc. Cyber Loss Management Program

Whitepaper: Cyber Liability Insurance Overview

2018 Cyber & Tech Liability Risk Transfer Update Part 2

Data Breach Program Pricing Companies with revenues less than $1,000,000

Client Risk Solutions Going beyond insurance. Risk solutions for Construction. Start

Be the GAME CHANGER.

Cyber Exposures: The Importance of Risk Identification and Transfer. Presented By: Joe Weipert

Large Limits Playbook. Building Successful Partnerships with Large Limit Clients

Privacy and Data Breach Protection Modular application form

Cyber Liability Launch Event Moscow

Client Risk Solutions Going beyond insurance. Risk solutions for the Manufacturing sector. Start

The Internet of Everything: Building Cyber Resilience in a Connected World

Allianz Global Corporate & Specialty Pacific. Allianz Cyber Protect Premium

Personal Information Protection Act Breach Reporting Guide

Cyber, Data Risk and Media Insurance Application form

Cyber Liability State of the Insurance Market & Risk Update Sept 8, ISACA North Texas

APPLICATION for: TechGuard Liability Insurance Claims Made Basis. Underwritten by Underwriters at Lloyd s, London

Transcription:

Cyber Risk & Insurance Digitalization in Insurance a Threat or an Opportunity Beirut, 3 & 4 May 2017 Alexander Blom - AIG 1

Today s Cyber Presentation Cyber risks insights from an insurance perspective Cyber insurance journey till date Cyber insurance journey ahead of us AIG Claims experience End to end risk management solution 2

Threat Actors Criminals Hacktivists Spies Military Insiders Terrorists 3

2016 Trends and Factoids Ransomware is the #1 security issue clients are dealing with 1 300% Growth in cyber attacks against Internet of Things devices (IoT s) in 2016 7 1.2M Approximate number of new malware or variants on average each day 1 209 days the average time from initial infection until discovery of breach 5 $4.3M Average cost of a breach 3 Cyber is the #1, 2, or 3 risk businesses globally face 4 Percent of businesses attacked that are small or medium in size: 2 62% 1 Privacy Rights Clearing House Symantec (2016) Internet Security Threat Report retrieved from www.symantec.com/security-center 2 Crowdstrike (2015) Global Threat Report retrieved from www.crowdstrike.com/global-threat-report-2015/ 3 IBM (2016) Cost of a Data Breach Study retrieved from www.ibm.com/securitydata-breach/ 4 AON (2015) Global Risk Management Survey retrieved from www.aon.com/2015globalrisk 5 Verizon (2016) Verizon Data Breach Incident Report retrieved from www.verizonenterprise.com/resources/reports/rp_dbir_2016_report_en_xg.pdf 6 Privacy Rights Clearing House (2016) Data Breaches in Educational Institutions retrieved from https://fightingidentitycrimes.com/data-breaches-educational-institutions/ 6 DarkNet Reading (2016) Manufacturers Suffer Increase in Cyber Attacks retrieved from http://www.darkreading.com/vulnerabilities---threats/manufacturers-suffer-increase-in-cyberattacks/d/d-id/1325209 7 BetaNews (January 2017) Cyberattacks against Internet of Things (IoT) devices tripled in 2016 retrieved from http://betanews.com/2017/01/11/cyberattacks-iot-devices/ 4

Cyber Risks (source General Sir Richard Barrons KCB CBE) $3 Trillion: Cost to the global economy from cyber crime in 2015. Likely to double by 2021. Cyber insurance premiums to reach $20 billion by 2026. 60% of UK small businesses experienced a cyber attack in 2014, at an average cost of 90,000. Hiring a botnet costs $38/hr and the average cost to a target company is $55,000. Top 5 sectors: Healthcare, Manufacturing, Financial Services, Govt., Transport. Most common attack methods: Insider, DDoS, Malware. 5

The rise of Internet of Things (IoT) Internet-connected wonderland of devices 6

Cyber Loss Spectrum Losses due to cyber events (data breaches, destructive attacks, and other unauthorized access or use of your computer systems) can be categorized into these four quadrants: 1 st Party Damages (To Your Organization) 3 rd Party Damages (To Others) Financial Damages Tangible (Monetary) Damages 7

CyberEdge Comprehensive and easy to understand Incident triggers Breach of Personal and Corporate Information Security Failure System Failure 8

Notifying a Cyber Breach 24/7 Claims Notification Legal Services (Norton Rose Fulbright) Involvement of Legal Counsel Privilege IT Specialist (KPMG) Forensic analysis to establish the nature of the breach Claims Handler Coordination of response. Contact with Insured 9

Notification and the first 72 hours Information Stage 0-24 hours Nature and origin of the problem Loss or theft of data Inappropriate access - hacking/deception Equipment failure Human error Unforeseen fire/flood Information to obtain Is there a DPO/DRP? Who is in the communication loop? IT provision in house/contractors? In what jurisdiction are the servers? What data has been lost? Do passwords/privileges need to be changed? 10

Notification and the first 72 hours Containment and analysis Containment & mitigation - immediate action Isolation of the network Back up tapes Is back up compromised? Limitation steps Data analysis What type of data? Is data secure/encrypted? Who owns the data? Wider/PR consequences Risk of identity fraud Notification requirements 11

Ongoing breach What other services might be required? Reputational Protection Notification costs Credit monitoring Identity theft insurance Data Protection Third Party cover Cyber Extortion Digital media Business Interruption Outsource Service Provider 12

Financial / 1st Party Damages Available Insurance 1 st Party Damages (To Your Organization) 1 st Party Damages (To Your Organization) 3 rd Party Damages (To Others) Response costs: forensics, credit monitoring, notifications, crisis management, public relations Legal expense: advice and defense Revenue losses from network or computer outages, including cloud Cost of restoring lost data Cyber extortion expenses AIG offers this coverage as a part of CyberEdge, in the Event Management, Network Interruption, and Cyber Extortion coverage sections. 13

Tangible (Monetary) Financial / 3rd Party Damages Available Insurance 1 st Party 3 rd party entities may seek to recover: Consequential revenue losses 1 st Party Damages (To Your Organization) 1 st Party Damages (To Your Organization) 3 rd Party Damages (To Others) Restoration expenses Legal expenses Their credit monitoring costs Value of their intellectual property stolen from you 3 rd party entities may issue or be awarded civil fines and penalties. AIG offers this coverage as a part of CyberEdge, in the Security and Privacy Liability coverage section. 14

AIG claims experience 15

Recent Energy & Utility Breaches In The News Ukraine December 2015 & December 2016 Three distinct coordinated efforts against multiple utilities SCADA system cyber intrusion Infected workstations & servers Blinded power dispatchers 225,000 customers effected Opened breakers to cause outage Flooded call centers to delay outage reports BlackEnergy malware was involved, but likely did not cause the outage A second attack took place and blacked-out Kiev in December 2016 7 7 Ukraine s Power Grid Gets Hacked Again, a Worrying Sign for Infrastructure Attacks retrieved from https://www.bleepingcomputer.com/news/government/cyber-attack-causes-second-power-grid-outage-in-the-ukraine-in-the-past-year/ 16

Tangible (Monetary) / 1st Party Damages Available Insurance 3 rd Party Property policies and fidelity/crime policies may cover these cyberperil losses. Potential pitfalls: Silence Cyber exclusions Other applicable exclusions (data, terrorism, etc.) (Traditional) cyber policies typically exclude bodily injury (BI), property damage (PD), Theft of Funds and Intellectual Property & Reputation value loss Theft of Funds of your monies, securities, funds, etc. Destruction or damage to your facilities or other property Reputational Harm to your operation (valuation) Lost revenues from physical damage or reputational harm Your Intellectual Property compromise, both value and use Financial 17

Financial 1 st Party Tangible (Monetary) / 3rd Party Damages Available Insurance Mechanical breakdown of others equipment Destruction or damage to others facilities or property Theft of Funds of customers, in your custody Lost revenues from physical damage Bodily injury to others Other policies may cover these cyber losses; subject to the same potential issues as Property. (Traditional) cyber policies typically exclude bodily injury (BI) and property damage (PD) 18

End-to-End Risk Management Approach Prevention Insurance Coverage Breach Resolution Team Education via CyberEdge, RiskTool, and erisk Hub Third-Party Loss Resulting From a Security or Data Breach 24/7 Breach Support Compliance via RiskTool Direct First-Party Costs of Responding to a Breach Legal and Forensics Services Assessment via K2 Intelligence, Bitsight, IBM, Axio, and RSA Security Lost Income and Operating Expense Resulting From a Security or Data Breach Notification, Credit, and ID Monitoring Call Center Protection via RiskAnalytics Shunning Tool Threats to Disclose Data or Attack a System to Extort Money Crisis Communication Experts Consultation by KPMG Online Defamation and Copyright and Trademark Infringement Over 15 Years Experience Handling Cyber-Related Claims 19

Contact Information Alexander Blom Head of Financial Lines, MENA AIG MEA Limited, Dubai +971 56 681 5564 alexander.blom@aig.com Aisling Malone Professional Indemnity & Cyber Lead, MENA AIG MEA Limited, Dubai +971 56 682 8399 aisling.malone@aig.com 20

Whilst every effort has been taken to ensure the accuracy of the information in these pages, we make no representation and/or warranty express or implied that the financial information and/or information is correct, complete or up to date. The financial information and/or information is subject to change at any time without notice. You should not take (or refrain from taking) any action in reliance on the financial information and or information and we will not be liable for any loss or damage of any kind (including, without limitation, damage for loss of business or loss of profits) arising directly or indirectly as a result of such action or any decision taken. American International Group, Inc. (AIG) is a leading international insurance organization serving customers in more than 130 countries.. AIG companies serve commercial, institutional, and individual customers through one of the most extensive worldwide property-casualty networks of any insurer. In addition, AIG companies are leading providers of life insurance and retirement services in the United States. AIG common stock is listed on the New York Stock Exchange and the Tokyo Stock Exchange. Additional information about AIG can be found at www.aig.com YouTube: www.youtube.com/aig Twitter: @AIG_LatestNews LinkedIn: http://www.linkedin.com/company/aig AIG is the marketing name for the worldwide property-casualty, life and retirement, and general insurance operations of American International Group, Inc. For additional information, please visit our website at www.aig.com. All products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Products or services may not be available in all countries, and coverage is subject to actual policy language. Non-insurance products and services may be provided by independent third parties. Certain property-casualty coverages may be provided by a surplus lines insurer. Surplus lines insurers do not generally participate in state guaranty funds, and insureds are therefore not protected by such funds.

Energy & Utility Breaches in The News Saudi Aramco August 2012 August 15, 2012 Islamic holy day Insider deployed Shamoon wiper malware at Saudi Aramco Destroyed data on 30,000 computers, rendering them inoperable Computers needed to be replaced! 10-day recovery; oil production not impacted Similar attack on RasGas, Qatari Natural Gas Company, 2 weeks later 8 More attacks using Shamoon2 wiper malware surfaced in late 2016 and early 2017 9 8 Natural gas giant RasGas targeted in cyber attack retrieved from https://www.scmagazine.com/natural-gas-giant-rasgas-targeted-in-cyberattack/article/543425/ 9 Shamoon disk-wiping malware resurfaces with renewed cyberattacks on Saudi Arabia retrieved from http://www.ibtimes.co.uk/shamoon-diskwiping-malware-resurfaces-renewed-cyberattacks-saudi-arabia-1594494 22

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback