Cyber insurance: The next frontier. Cyber insurance the next frontier

Similar documents
You ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017

S L tr lo a y t d egy s Cyber -Attack

At the Heart of Cyber Risk Mitigation

DEBUNKING MYTHS FOR CYBER INSURANCE

2015 EMEA Cyber Impact Report

Cyber & Privacy Liability and Technology E&0

Cyber-Insurance: Fraud, Waste or Abuse?

Cyber breaches: are you prepared?

A GUIDE TO CYBER RISKS COVER

Add our expertise to yours Protection from the consequences of cyber risks

Chubb Cyber Enterprise Risk Management

Cyber Liability Insurance. Data Security, Privacy and Multimedia Protection

Beazley Financial Institutions

Your defence toolkit. How to combat the cyber threat

ConSept: Policy Highlights: Other Coverage Features

Cyber Risk & Insurance

NZI LIABILITY CYBER. Are you protected?

Cyberinsurance: Necessary, Expensive and Confusing as Hell. Presenters: Sharon Nelson and Judy Selby

Cyber Enhancement Endorsement

IndustryEdge for technology companies OUR KNOWLEDGE IS YOUR EDGE

Cyber Risk Insurance. Frequently Asked Questions

Cyber Insurance. How Insuretechs Can Unlock The Opportunity

OECD PROJECT ON CYBER RISK INSURANCE

Cyber a risk on the rise. Digitalization Conference Beirut, 4 May 2017 Fabian Willi, Cyber Risk Reinsurance Specialist

Insuring your online world, even when you re offline. Masterpiece Cyber Protection

Cyber Risk. October 2017

PRIVACY AND CYBER SECURITY

Cyber Security & Insurance Solution Karachi, Pakistan

Big Data - Transforming Risk and Insurance. Driving Change

CYBER REPORT CYBER REPORT 2018

Allianz Global Corporate & Specialty Pacific. Allianz Cyber Protect Premium

RISK MANAGEMENT FRAMEWORK

LIABILITY INTERRUPTION OF ACTIVITIES CYBER CRIMINALITY OWN DAMAGE AND COSTS OPTION: LEGAL ASSISTANCE

Small business, big risk: Lack of cyber insurance is a serious threat

Surprisingly, only 40 percent of small and medium-sized enterprises (SMEs) believe their

CYBER ATTACKS AFFECTING FINANCIAL INSTITUTIONS GUS SPRINGMANN, AON PAVEL STERNBERG, BEAZLEY

Cyber Risk some strategic issues

The Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage

Expertise you need for a changing landscape

The working roundtable was conducted through two interdisciplinary panel sessions:

Cyber Risks & Insurance

Cybersecurity Insurance: New Risks and New Challenges

STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH

An Overview of Cyber Insurance at AIG

Cyber Risk Mitigation

Commercial Insurance >

Professional Indemnity and Cyber Insurance for Technology Companies Summary of cover

Insuring intangible assets: Is the insurance industry keeping pace with its customers changing requirements?

ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them

HOW TO INSURE CYBER RISKS? Oulu Industry Summit

CYBER INSURANCE IN IF - with a touch of Casualty - August 18 th 2017 Kristine Birk Wagner

COMMERCIAL CRIME PROTECTION INSURANCE Policy Summary

Sizing the Standalone Commercial Cyber Insurance Market

Cyber Liability Launch Event Moscow

2015 Latin America Cyber Impact Report

CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY

About Chubb. Chubb Limited, the parent company of Chubb, is listed on the New York Stock Exchange (NYSE: CB) and is a component of the S&P 500 index.

Cyber Security Liability:

Commercial Insurance >

Crawford Cyber Risk Services. A definitive solution for cyber-related events

JAMES GRAY SPECIAL GUEST 6/7/2017. Underwriter, London UK Specialty Treaty Beazley Group

CYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP

Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data

Solving Cyber Risk. Security Metrics and Insurance. Jason Christopher March 2017

Summary of Form Changes e-md /MEDEFENSE Plus Insurance Policy (from version P1818CE-0115 to P1818CE-0716)

Risks and uncertainties facing the business

Lloyd s Asia. Underwriting human progress

Insurance Position Paper UBI

Cybersecurity Insurance: The Catalyst We've Been Waiting For

Leisure Trusts Specialist insurance and risk management

Lloyd s Asia. Underwriting human progress. Lloyds Global Brochure - ASIA_154x233_V6.indd 1 22/08/ :51

Property business interruption Policy wording

2017 Global Cyber Risk Transfer Comparison Report

Tech and Cyber Claims Services

Combined Liability Insurance for Financial Technology Companies Proposal Form

The Continuous Evolution of the. Implications (Session Code CRM11/690)

CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY. October Sponsored by:

MARCH 2015 UK CYBER SECURITY THE ROLE OF INSURANCE IN MANAGING AND MITIGATING THE RISK

Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity

CYBER INSURANCE. Tel No: E Riley Road, Riley Road Office Park, Bedfordview, Gauteng, 2008

Westpac Banking Corporation Level 16, 275 Kent St Sydney NSW th January Mandatory Data Breach Notification

Cyber Liability Insurance for Sports Organizations

Cyber-risk and cyber-controls:

Cyber Risk Enlightenment through information risk management

Electronic Commerce and Cyber Risk

Seizing the cyber insurance opportunity

RISK MANAGEMENT FRAMEWORK

2017 Europe, Middle East & Africa Cyber Risk Transfer Comparison Report

Crossing the Breach. It won t happen to us

UNITED KINGDOM TERRORISM RISK INSURANCE PROGRAMME

Property business interruption (technology) Policy wording

Terrorism Risk Insurance in Australia

Vaco Cyber Security Panel

When The Wind Blows: Renewable Energy Risk Management Strategies

Underwriting human progress. Lloyd s Australia

(b) Event means the SAS FORUM UK 2018 held by SAS at the Vox Conference Centre, Resorts World, Birmingham B40 1PU, UK.

Enhanced Cyber Risk Management Standards. Advance Notice of Proposed Rulemaking

Client Risk Solutions Going beyond insurance. Risk solutions for Energy. Oil, Gas and Petrochemical. Start

No More Snake Oil: Why InfoSec Needs Security Guarantees

CYBER LIABILITY REINSURANCE SOLUTIONS

Transcription:

Cyber insurance the next frontier 1

Table of contents Summary 3 The Market Need 3 Cyber Risk: A Growing Concern 4 Rising Cost of Cyber Crime 5 Impact by Industry 6 Cyber Risk and Insurance 7 Cyber Risk under Traditional Insurance Cover 7 Standalone Cyber Cover 8 Recent Development in Australia 8 Considerations when Developing Cyber Insurance 9 Challenges for Insurers 9 Lack of Historic Data 9 Understanding Risk Appetite and Risk Aggregation 9 Recommendations 10 Solving the Data Challenge 10 Risk Management 10 Data Pools 10 Holistic Risk Solution 10 Conclusion 11 References 12

SUMMARY Since its inception, insurance has always served to manage risk. In the 17 th century, a fire could destroy a shop front, records, and an entire business. Fire insurance served as a means of managing this risk both financially and actively, as insurers owned fire brigades. In the 21 st century, cyber risk can equally destroy a business by destroying its records and its reputation. Beyond providing insurance, the standards and guidelines developed by the industry have the potential to define best practices and act as pseudo-regulations. Organisations need a means to manage cyber risk outside of their risk appetite; the insurance industry can fulfil this need. Whilst cyber insurance fulfils a market need, it is also an opportunity for growth for insurance providers. Market saturation in the insurance industry has meant that insurers have found organic growth difficult to attain. Insurers that can identify emerging areas and successfully navigate these trends will be better placed for growth. Insurers looking to capitalise on the growing cyber insurance market, and develop it into a profitable and sustainable line of business, must come to terms with the complexity of cyber risk. The market need Cyber risk has emerged as one of the top challenges faced by companies worldwide. A string of high-profile data breaches have populated news headlines across the globe, including those involving Target in 2013, Sony Pictures Entertainment in 2014, and the Ashley Madison website in 2015. In Australia, David Jones and Kmart both suffered data breaches in October 2015. Statistics from the Australian Cyber Security Centre (ACSC) show that, during 2014, authorities responded to 11,733 reported cases of cyber incidents affecting Australian businesses. In the current cyber landscape, cyber attacks on businesses now appear to be inevitable. For businesses, being attacked is no longer a matter of if but when. Companies are now more conscious of cyber risk, with a 2015 survey of major Australian businesses conducted by the ACSC showing that 77 per cent of respondents have a cyber security incident response plan in place. The issue of cyber risk has extended beyond the realms of IT and has become a strategic business issue. Company boards and C-level executives are becoming actively involved in cyber risk management decisions. The increased awareness of cyber risk has also generated increased interest in cyber insurance as a mechanism for risk transfer. The UK government has actively encouraged the role of insurance in managing and mitigating cyber risk. According to Fitch Ratings, cyber cover represents a key growth opportunity for the insurance industry, and many insurers have sought to take advantage of this by offering cyber risk insurance products. While the cyber insurance market is still relatively small, it is experiencing exponential growth with PwC estimating that the global cyber insurance market will triple in size from US$2.5 billion in 2014 to US$7.5 billion by 2020. A large Australian insurance broker estimates that its gross written premium for cyber policies will increase from AU$15 million in 2015 to AU$25 million in 2016. There are two types of companies: those who have been hacked, and those who don t yet know they have been hacked. John Chambers, Executive Chairman and former CEO of Cisco Estimated Size of Global Cyber Insurance Market PwC US$2.5bn in 2014 to US$7.5bn in 2020 ABI Research US$10bn in 2020 Lloyds US$85bn Some commentators have raised concerns that insurers potentially face an aggregated risk from catastrophic cyber attacks that have a systemic impact. Insurers will need to find a balance between providing cyber policies that address their client s needs and finding an acceptable level of exposure to their cyber insurance portfolio. In order to do this, insurers will need to gain a better understanding of the cyber risk landscape. 3

Cyber risk: A growing concern According to the Allianz Risk Barometer 2016, a survey based on the responses of more than 800 risk experts from over 40 countries, cyber risk is now a top-three global business risk and the top long-term risk. This concern is not limited to a specific industry; cyber risk achieved a top-five ranking in the financial services, manufacturing, power, and transportation industries. This increased concern regarding cyber risk is not unfounded. A 2015 UK survey of 664 organisations, conducted by PwC, found that 90 per cent of large organisations and 74 per cent of small businesses suffered a security breach. Closer to home, a 2015 survey of 149 major Australian businesses across 12 industry sectors found that 50 per cent of respondents had suffered a breach. Companies are responding to this growing threat by spending more on information security. The 2015 ACSC survey found that 56 per cent of respondents reported an increased expenditure on cyber security. This represents a significant increase from the 2013 survey result of 27 per cent. In a separate estimate in 2015, Gartner predicted that annual information security spend for Australian companies will grow by 7.4 per cent, which is well above the 4.7 per cent worldwide growth average. Top 10 Global Business Risks for 2016 Business Interruption 38% Market Developments 34% Cyber Incidents 28% Changes in Legislation and Regulation Natural Catastrophes Macroeconomic Developments 22% 24% 24% Loss of Reputation or Brand Value Fire, Explosion 16% 18% Theft, Fraud and Corruption Political Risks 11% 11% 0% 5% 10% 15% 20% 25% 30% 35% 40% Source: Allianz Percentage of Respondents Listing as a Top Risk 4

Rising cost of cyber crime The 2015 Cost of Cyber Crime Study: Australia is the fourth annual study of Australian companies conducted by the Ponemon Institute. It found that the average annualised cost of cyber crime in Australia rose 13 per cent from AU$4.27 million in 2014 to AU$4.9 million in 2015. The 2015 study used a sample of 28 Australian-based organisations with an annualised cost of cyber crime ranging from AU$0.79 million to AU$18 million. Other key findings of the 2015 Cost of Cyber Crime Study included: Cyber crime costs vary by organisational size with a positive relationship between organisational size and annualised cost. However, per capita cost for small organisations was significantly higher than larger organisations ($1,919 versus $372). Cyber crimes are requiring longer to resolve, with the average time to resolve a cyber attack now 31 days up from 23 days in 2014. The average cost incurred over this period has also significantly increased by 47 per cent to AU$419,542. Cyber crime affects all industries, but to different degrees. Organisations in the energy and utilities, financial services, and technology industries experienced substantially higher cyber crime costs than organisations in media, consumer products, and retail. 5

Impact by industry The diagram below summarises the different impacts that cyber attacks have on different industries. When developing policies, insurers need to recognise that the risk and potential claims from some industries can be substantially greater than for others. Source: Centre for Internet Safety Case Study: Target Breach 2013 In 2013, Target Corporation suffered a data breach of 40 million payment card information records and 70 million personally-identifiable information records. As of December 2015, Target has estimated that it had accrued US$290 million in expenses as a result of the breach. Just US$90 million will be covered by insurance. The total amount includes a US$67 million settlement of class action lawsuits brought by Visa Inc. on behalf of banks, and other issuers of credit and debit cards, a US$10 million settlement with shoppers, and a US$39 million settlement with MasterCard and other issuing banks not covered by other class actions. Target was reported to have been insured across a number of providers. It was self-insured for US$10 million of cyber coverage and held policies of US$15 million with Ace Ltd, US$10 million with American International Group Ltd, US$10 million with Axis Capital Holdings Ltd, and US$40 million among four unidentified insurers. Target was also reported to have US$60 million of directors and officers liability (D&O) insurance, of which US$10 million was self-insured, US$25 million with American International Group Ltd, US$15 million with Ace Ltd, and US$15 million with The Travelers Companies Inc. 6

Cyber risk and insurance Since its inception, insurance has existed to mitigate the consequences of an adverse event by transferring the risk to a third party, i.e. the insurer. Cyber risk insurance is no different; it aims to transfer the adverse consequences of a cyber incident from the policyholder to the underwriter of the insurance policy. Interestingly, 52 per cent of CEOs and CIOs of large UK-based organisations thought that their organisation had insurance that would cover them in the event of a cyber breach. However, the percentage of firms with cyber cover (under standalone cover or implicit in other policies) was only 10 per cent. Furthermore, the actual penetration of standalone cyber insurance products for UK large businesses was closer to 2 per cent. These results reflect the inadequacy of traditional insurance policies at protecting against cyber risk, and a need for insurers to provide policyholders with a clearer picture of what is covered under existing policies. A better understanding of coverage will let policyholders make informed decisions about the role of insurance in their broader cyber risk-mitigation strategy. It is also important for insurers to examine their existing exposure to cyber risk under their traditional policies and include it when examining their appetite for cyber risk. This is the case even if the insurer has no intention to provide standalone cyber insurance cover. Cyber risk under traditional insurance cover Traditional insurance cover was not designed to protect against cyber risk and many underwriters have introduced specific exclusions for losses incurred as a result of a cyber incident. The following section examines the treatment of cyber claims under traditional insurance policies. Property: Damage to software and data as a result of a cyber attack is usually not covered as they are deemed to be intangible forms of property. Some policies also have specific exclusions removing cyber attack triggers for physical asset damage (e.g. the perils exclusion under s7(a)(ii) of the Mark IV Industrial Special Risks policies that form the basis of many property insurance policies for large businesses). Business interruption: Cover is for lost revenue and additional costs incurred. Most traditional policies are not triggered by cyber attacks that do not cause physical damage. General liability: This covers third-party liabilities for physical property damage, bodily injury, and advertising injury. However most general liability policies have introduced an exclusion of coverage for claims arising from unauthorised access or disclosure of personal information. Errors and omissions/professional indemnity: This cover is for third-party liabilities arising from the performance of professional services. Cover may be restricted to liability claims from customers and not affected employees. Terrorism reinsurance scheme: Under the terrorism reinsurance scheme, reinsurance is available to primary insurers for commercial property and associated business interruption loss associated with a declared terrorist incident. However, loss arising from a computer crime is specifically excluded in Schedule 1 of the regulations. Therefore, losses arising from cyber incidents are unlikely to be covered under the terrorism reinsurance scheme. 7

Standalone cyber cover Outside of traditional insurance policies, many insurers now offer extensions to traditional policies and standalone products to cover the following loss categories. Some of the loss categories below are often bundled together under a cyber policy while others are optional extras. Some of these losses are completely insurable while others are subject to sub-limits. When underwriting policies, insurers will need to determine the appropriate mix of these loss categories to cover. Loss Category Data and software loss Business interruption Cyber extortion Cyber crime Breach of privacy Network failure liabilities Brand damage Physical asset damage Death and bodily injury Intellectual property theft Forensic and response costs Legal costs Cover The cost of reconstituting data and/or software that has been corrupted or deleted. The loss of revenue or additional expenses incurred due to the unavailability of IT systems or data as a result of cyber attacks or other non-malicious IT failures. The cost of expert handling for extortion and the ransom payment. The direct financial loss arising from the use of computers to commit fraud or theft of money, securities, or other properties. The cost to investigate and respond to privacy breaches, notification costs, and fines from regulators, and third-party liability claims arising from the incident. Third-party liabilities arising from a failure of security that causes network systems to be unavailable to third parties. The loss of revenue arising from an increase in customer churn or reduced transaction volumes that are directly attributable to the publication of a security breach event. First-party loss due to destruction of physical property resulting from cyber attacks. Third-party liability for death or bodily injury resulting from cyber attacks. The loss of value of an IP asset. The cost incurred to investigate and resolve the cyber incident and minimise post-incident losses. The legal cost of defence or settlement of third-party claims. Recent development in australia A recent development in the Australian regulatory landscape that is likely to impact the adoption of cyber insurance products is the mandatory notification requirement proposed under the Privacy Amendment (Notification of Serious Data Breaches) Bill 2015. Under the proposed scheme, organisations with annual turnover of AU$3 million or more will need to notify affected individuals of a serious data breach. The bill defines a serious data breach as one where there is a real risk of serious harm to any of the individuals whose information has been the subject of the breach. Should this Bill be passed, organisations that are subject to a data breach will face increased costs and reputational damage, which could give organisations more reason to take up cyber insurance cover as part of their risk mitigation strategy. Under the current legislation, corporations are liable to fines of up to AU$1.8 million for breaches of the Privacy Act. Mandatory notification will bring Australia in line with other jurisdictions such as Canada, the European Union, and certain states in the United States. 8

Considerations when developing cyber insurance Given the complexity of cyber risks, there are a number of issues that insurers will need to consider when developing their cyber insurance policies. A quick analysis of the existing products has shown that most insurers offer policies that have a similar set of covered items and exclusions. The variance between the policies is in whether sub-limits have been applied to certain loss categories. Individual insurers and the insurance industry as a whole will need to determine what role they wish to play in the risk management process. By adopting standard terms and conditions that dictate the security standards policyholders need to comply with (e.g. firewalls, hosting locations, etc.), insurers have the potential to assume a pseudo-regulatory role that shapes how businesses manage their cyber risk. Furthermore, by packaging their insurance product with incident-response services that mitigate the costs of a breach, insurers can provide a holistic risk solution to their clients. Challenges for insurers Lack of historic data A commonly-raised issue regarding the underwriting of cyber insurance policies is the lack of historic data on cyber risk. While many surveys regarding the cost of cyber crime have been conducted, these surveys sample a selected number of organisations. As a result, the findings are descriptive rather than normative, and cannot be used as a statistical basis for actuarial analysis. This lack of data makes it difficult for insurers to accurately price cyber insurance policies, so many insurers have tended to take a conservative approach. Analysing the pricing of cyber insurance cover has shown that the rate on line (premium divided by limit of indemnity purchased) for the primary layer for cyber insurance (part of the policy that pays first in case of a loss) is three times higher than for general liability cover and six times higher than property. The pricing for cyber insurance across firms is also much flatter than that of general liability and property insurance. Together, these have a negative impact on cyber insurance, with a higher price likely to discourage take-up and the lack of price differentiation reducing the incentive for policyholders to improve their security posture to save on premiums. Understanding risk appetite and risk aggregation The non-physical nature of cyber risk and the interconnectedness of the digital world means that a single cyber event can affect thousands of policyholders in different geographical locations. As a result, an insurer may find themselves subject to catastrophic losses due to the aggregation of risk across its clients. It is, therefore, important for insurers to understand the potential for risk aggregation and clearly understand the possible maximum loss it would face if a systemic event were to occur. This will let insurers balance their exposure with their appetite for cyber risk. Some have suggested that the aggregation of risk is too great for the private sector and that a government backstop is required. However, a recent report suggests that, although the estimated possible maximum loss of 20 billion for a single cyber event is greater than that of a nuclear event, it is well within the 65 billion insurance/reinsurance capacity for a natural catastrophe such as a Tokyo or California earthquake. 9

Recommendations Solving the data challenge The lack of historical data has two broad potential solutions. Risk management Throughout the history of developing insurance policies, actuaries have at times been challenged with the lack of historic data. Underwriters need to recognise that, in the rapidly-changing threat landscape, historic data is less important than a thorough understanding of cyber risks, probability, and the ability to mitigate cyber risks. Underwriters looking to price policies can engage cyber security experts who understand the threats. IT security experts can provide a security assessment of potential policyholders. Maturity statements that compare a company s security posture against industry standards can be used as inputs in the screening process. Assessment reports can also include roadmaps for how a policyholder can achieve industry standards. This has the benefit of reducing risk for the insurer and can potentially lower premiums for the insured at renewal. For smaller organisations where the cost of a comprehensive security assessment may be prohibitive, insurers can work with cyber security experts to develop standard security surveys that can ascertain the security posture of the policyholder. In the absence of historical data, some insurers have developed modelling tools based on Monte Carlo simulations to evaluate the potential loss exposure from cyber risk. Data pools Another solution to the data challenge is for the insurance industry to collaborate and pool anonymised data. By working with government agencies such as the ACSC, insurance companies can get access to data from reported incidents. A third potential source of data are cybersecurity providers who will be able to provide insurers with anonymised data from customer security logs. Holistic risk solution Insurance companies have the opportunity to provide a holistic solution to cyber risk. By bundling ancillary services such as threat intelligence and digital attack simulations to their cyber risk product, they can offer policyholders additional value and reduce the likelihood of successful attacks against the insured. By gathering threat intelligence, insurers can create a threat map that profiles a client s position. Following that, insurers could conduct a risk assessment. This may include activities such as penetration testing, security audits, and white hat hacking campaigns to get a clear view of the client s risk profile. As a final step, ongoing training is essential for the insurer, the brokers they work with, and for clients, who may be entitled to reduced premiums if they have certain requirements in place such as security certifications and accreditations. In the event of a cyber breach, it is in the insurer s and insured s best interests to mitigate the losses arising from the attack. However, the vast majority of organisations do not have the adequate expertise to handle a cyber incident effectively to minimise damage. Therefore it is necessary to engage an incident response team that can be deployed to manage the adverse consequences of a breach. 10

An independent third party will also need to be engaged to provide post-incident investigation. At this stage, the cyber security expert will operate as a claims assessor, gathering evidence and determining the root cause of the incident, as well as expected and covered losses, and costs of the breach. Assess Support Respond Pre Coverage Policy and Product Development Maturity Assessment Conclusion During Coverage Prevention and Defence Post Incident Forensics Claims Assessment Cyber insurance is an emerging product that is likely to grow exponentially over the next few years. In fact, it is likely to grow much faster than other insurance products such as automobile, life, or home and contents insurance. Once people and businesses genuinely understand the scope and severity of the threat they are exposed to, demand is likely to accelerate rapidly. Insurers looking to capitalise on this new revenue stream will need to act swiftly and develop a strategy around cyber insurance. A thorough understanding of cyber risk and a partnership with cyber security experts will be critical to success. While insurers may look to hire these skills in-house, this approach could be hindered by the ongoing shortage of cyber security skills in the market. The other option is for insurers to partner with organisations that can provide the insight and advice that they need with policy development and claims assessment. 11

References Allianz, Allianz Risk Barometer Top Business Risks 2016, January 2016 Australian Cyber Security Centre, 2015 Cyber Security Survey: Major Australian Businesses, December 2015 Australian Government and Australian Reinsurance Pool Corporation, Cyber Terrorism and Australia s Terrorism Insurance Scheme: Physical Destructive Cyber Terrorism is a Gap in Current Insurance Coverage, March 2016 CERT Australia, Cyber Crime & Security Survey Report 2013, May 2014 Fitch, The Rise of Cyber Insurance: Growth Opportunity Paired with Incalculable Threat, March 2015 Gartner, Forecast Analysis: Information Security Worldwide, 2Q15 Update, September 2015 Greenwald J, Target has $100M of cyber insurance, $65M of D&O cover: Sources, Business Insurance, 14 January 2014, Accessed 18 February 2016, http://www.businessinsurance.com/article/20140114/news07/140119934 HM Government and Marsh, UK Cyber Security: the role of insurance in managing and mitigating the risk, March 2015 Insurance Information Institute, Cyber Risk: Threat and opportunity, October 2015 Liew R, Aon finds cyber insurance a booming trade as hacks spike, Australian Financial Review, 14 September 2015, Accessed 18 Feb 2016, http://www.afr.com/technology/aon-finds-cyber-insurance-a-booming-trade-as-hacks-spike-20150910-gjjk20 Ponemon Institute, 2015 Cost of Cyber Crime: Australia, September 2015 PricewaterhouseCoopers, Information Security Breaches Survey 2015, June 2015 PricewaterhouseCoopers, Insurance 2020 & beyond: Reaping the dividends of cyber resilience, September 2015 PricewaterhouseCoopers, Top Issues The promise and pitfalls of cyber insurance, January 2016 Stempel J and Rose N, Target in $39.4 million settlement with banks over data breach, Reuters, 2 December 2015, Accessed 18 Feb 2016, http://www.reuters.com/article/us-target-breach-settlement-iduskbn0tl20y20151203 Stewart E, Cyber attack insurance growing fast, ABC News, 9 October 2015, Accessed 18 February 2016, http://www.abc.net.au/news/2015-10-09/cyber-attack-insurance-growing-fast/6842744 About DXC DXC Technology (NYSE: DXC) is the world s leading independent, end-to-end IT services company, helping clients harness the power of innovation to thrive on change. Created by the merger of CSC and the Enterprise Services business of Hewlett Packard Enterprise, DXC Technology serves nearly 6,000 private and public sector clients across 70 countries. The company s technology independence, global talent and extensive partner alliance combine to deliver powerful next-generation IT services and solutions. DXC Technology is recognized among the best corporate citizens globally. For more information, visit www.dxc.technology. www.dxc.technology 2017 DXC Technology Company. All rights reserved. DXC_CSC-363. March 2017

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback