Insurance and Cyber Security Risk
|
|
- Charlotte Edith Dalton
- 8 years ago
- Views:
Transcription
1 Helping clients build operational capability in cyber security. A DELTA RISK VIEWPOINT Insurance and Cyber Security Risk Bringing cyber security under the umbrella
2 About Delta Risk is a global provider of cyber security and risk management services to commercial and government clients. We believe that an organization s approach to cyber security should be planned, managed, and executed within a tailored and organization-specific program. We help guide organizations to succeed in today s cyber environment by building on the people, processes, and technology they already have All rights reserved.
3 Insuring against cyber security risks is an idea whose time has come. How far can it go? T he use of insurance policies for managing cyber security risks is common today and demand is escalating rapidly. Business leaders want options for transferring cyber risk to insurance carriers. Insurance brokers and carriers want to broaden the range of profitable products they can offer to customers. Cyber professionals want more insurance choices because they know they cannot mitigate every risk. Although cyber insurance only emerged as a salable product on a large scale in the first years of the 2000 s, it is available today in many forms and through many providers. Annual premiums industry-wide have topped $2 billion with year-over-year growth of more than 20%. With the insurance industry overall growing at annual rates in the low single digits, the high rate of growth in cyber premiums is remarkable. And most observers agree that cyber insurance has yet to achieve its full potential for carriers, brokers, and customers alike. However, this industry is still at an early stage of development. Despite its rapid advance there remain undercurrents of uncertainty about the economics, about what insurance products would be the most successful, and about how cyber insurance should fit into a broad enterprise risk management agenda. Intrusions, data breaches, denial of service, and other cyber attacks threaten every business and institution in cyberspace. Major breaches have sent shockwaves through multiple industries and cyber incidents are in the headlines regularly. Risk management has never been more important. With complete prevention of cyber attacks being unrealistic, the idea of insuring against potential losses in cyberspace is very appealing. This Delta Risk Viewpoint advances the idea that there are four communities that have a vested interest in developing cyber insurance as a vital risk management resource. The four communities insureds (and potential insureds); carriers; brokers; and cyber security professionals all have different perspectives but share a common desire for more robust cyber insurance offerings. This Viewpoint recommends actions for each of these four communities to position cyber security insurance to help deal with the ever-present risks in cyberspace. Page 1
4 Cyber Insurance Today Cyber insurance can be a risk management option for any organization that operates on the Internet forprofits, nonprofits, colleges and universities, healthcare institutions, charities, associations, and others. 1 If the operation depends on cyberspace, the inherent risks must be faced. Many carriers today offer insurance policies for cyber risks under names such as network security liability insurance, privacy liability coverage, and technology liability insurance. Sometimes cyber coverage is within the scope of, or is offered as an option or an enhancement to, an existing policy such as business owner, business interruption, or professional liability. Additionally, some cyber coverage may already exist in the personal injury portion of an existing general liability policy, although it is probably limited. The types of cyber coverage most commonly available today are outlined in the inset box. Insurance coverage by itself is not a cure-all for cyber security risks. First and foremost, preventive measures are needed in the form of security controls management, operational, and technical. Such controls can address some but not all of the risk. The potential costs due to the Losses Often Addressable by Cyber Risk Insurance Policies Data breach-related liabilities Breach remediation costs such as the costs of: Crisis management Forensic investigation costs incurred to determine the existence or cause of a breach Public relations Customer notification Customer credit monitoring Data restoration Coverage for Identity Theft Resolution Services Defending lawsuits Judgments and settlements Responding to regulatory investigations Network extortion threat and reward payments Regulatory fines, penalties, and associated costs Claim expenses or legal expenses incurred in the defense of a claim Reputational losses, including damaged relationships and opportunities, both consumer and business Business interruption income loss remaining (or residual ) risk are among those that may be addressable by insurance. And while a deliberate decision not to insure against these costs may be appropriate, ignoring the residual risk is to tacitly self-insure a dangerous approach. Impediments to growth Several factors are currently moderating the growth of cyber security insurance. Although some of these factors may fall away with time, others are fundamental and will continue to influence growth for the long term. These factors include: Economics. In general, insurance is a highly competitive regulated industry with a high-volume, lowmargin business model. With any new product the first question for sellers is, Can we sell it profitably? and for buyers, Is it worth the money? Both of these questions can be answered with a cautious yes in cyber today. The newness of both the risks of cyberspace and the idea of providing insurance for them present initial uncertainties that will only be dispelled with market experience. The insurance industry depends on reliable actuarial data for profitability. Such data is lacking in cyber, which introduces uncertainty into the design and pricing of coverage options. The challenge of setting rates for cyber insurance products is compounded because the field is so dynamic. To date, competitive 1 Small and mid-size businesses, which frequently do not have the resources to invest in robust security controls, should carefully consider cyber insurance as a way to reduce their exposure to cyber attacks that could seriously damage their viability. Page 2
5 pressures have been exerting downward influence on rates while the shortage of empirical data and claims history has tended to push them up. Another fundamental challenge in cyber is the question of the insurability of cyber risks. Cyber insurance comes perilously close to violating some of the traditional tenets of insurable risk. For example: Are the losses calculable? In cyber, some potential losses are fairly easy to estimate (e.g., breach notification costs) and others nearly unobtainable (e.g., costs of reputational damage). Are the probabilities of loss calculable? Current statistical models are not as sophisticated in cyber as they are for other insurance products. Cyber breaches in many respects are all but inevitable, but a better mathematical understanding of the actual probabilities will increase the insurability margin. Are the losses accidental? The most pressing cyber risks are caused by human threat actors. Attacks generally follow certain patterns but are not accidental. Many insurance products in other domains that are successful today began similarly at the edge of insurability. The industry is now grappling with how to expand the envelope of insurability of cyber risks, both in the field as a whole as well as in the enterprises of their individual customers. The key to success is in the precision of the statistical model. Understanding risk exposures. Insurance is designed to cover the losses (i.e., costs) of adverse incidents. Developing a crystallized understanding of potential losses due to cyber risk exposures is difficult for insureds and insurers alike. Ascertaining the cyber risk profile of an enterprise is traditionally done through a risk assessment. However, there are many forms of assessment in use for different purposes in cyber security and not all provide the information that underwriters need to write policies. For example, quantifying potential losses in financial terms is often overlooked in many cyber risk assessments. Even so, a detailed assessment of an organization s cyber security posture is generally not cost-effective for making an underwriting decision. Economics demands that this decision be made reliably but inexpensively, and both carriers and brokers are developing innovative approaches for achieving this. Today questionnaires are often a central part of cyber insurance applications with the applicant selfreporting the data requested. The questions are designed to capture the indicators that support underwriting. It is not necessary that they be comprehensive or to the depth that may be needed for other purposes. Whether through a full assessment or a questionnaire, any such data capture is but a snapshot in time. In cyber, the rate of change of key parameters is very high compared with other risk areas. Besides the change associated with its newness, the cyber environment is inherently dynamic due to the high rates of change in the tactics of threat actors, regular and routine changes in network configuration and the patch status of systems, and technology changes, as well as the level of expertise of the security operations staff and those who monitor network security. This rate of change is one reason that management of cyber risks is difficult and it also complicates underwriting. Insufficient actuarial data that correlates cyber events with cyber controls. Risk exposure notwithstanding, underwriters ultimately rely on statistical analysis of actuarial data built up over many years from large populations to be able to target insurance products and set rates. Of prime importance is empirical data that links the robustness of risk management measures with outcomes. With life insurance, for example, a vast amount of actuarial data enables the use of easily measured parameters such as age, gender, weight, blood pressure, and tobacco and alcohol usage as decisive attributes for insurance eligibility up to certain Page 3
6 levels. This degree of precision is not yet possible in cyber. The issue is not that actuarial scientists are lost when it comes to cyberspace. Rather, the issue is that more complete data would allow them to improve their statistical models and sharpen product offerings with more precise rate structures. There is plenty of room for innovation and companies today are experimenting with different approaches. Limited cyber talent focused on the insurance issue. Enterprises of all kinds are realizing that qualified cyber security practitioners are in high demand and that finding the right talent in the right location is difficult. Of great importance is the fact that the cyber security workforce is not monolithic: there are many specialties across the spectrum from policy to operations, and shortages of talent exist in all of them. A particular shortage in the cyber field is of those who can effectively integrate cyber security risk with the enterprise-level management of risk, which is central to the insurance value proposition. Four Players There are four players who have a stake in cyber security insurance, each with a different vantage point: insureds, insurance brokers, insurance carriers, and the cyber security professional community. All are learning about applying insurance to cyber risk. All need each other. The urgency felt in these communities for expanded applications of insurance is further fueled by the relentless threat, the drive for adoption of new technologies that often increase risk exposure, and competitive pressures on all sides. See Figure 1. Offer Market demand Knowledge of specific business environment and internal operations and priorities Internal perspective on cyber risk management Insureds Need Expanded risk management solutions Figure 1. Relationships in Cyber Insurance How Four Communities Can Help Each Other Interaction drives improved cyber security insurance solutions Offer Understanding of client needs Relationships with carriers and clients Knowledge of cyber insurance policy options Pre- and postbreach risk management services Brokers Need Increased understanding of cyber security Knowledge of constantly evolving policy options Cyber Security Professionals Offer Understanding of cyber security Knowledge of cyber threats and mitigation approaches Need Greater understanding of insurance as an instrument of risk management Interactions of four communities Insureds, Brokers, Carriers, and Cyber Security Professionals will help bring about their common desire for more robust cyber insurance options. Offer Cyber insurance products Relationships with brokers and clients Cyber posture data of current insureds Carriers Need More comprehensive empirical data relating security controls with outcomes Notes:! Offer and Need refer to the two ends of the value exchange for each of the four communities.! The value exchange occurs over time through business interactions in the market and through deliberate consultative initiatives, publications, presentations, and other dialog. Legend Involved community Flow of value Insureds. The insureds are those who have cyber security insurance or wish to obtain it to help manage their cyber risks. To make good decisions about insurance, insureds and potential insureds must be smart shoppers. They should: Page 4
7 Understand risk and exposure. The most important step for potential insureds to take before shopping for cyber insurance is to develop a good understanding of their organizations risk exposures and the potential costs associated with them. Transferring residual risk to an insurer only makes sense when there is already a broad understanding of the risk posture. The insured should deepen its understanding of risk in terms of potential losses as well as the probability of their occurrence. If the potential loss is high and the probability is also high, it is generally premature for the organization to be seeking insurance. The first priority would be to implement additional security controls to bring the likelihood of loss down. What Insureds Should Do Understand cyber risk and exposure Integrate cyber security with enterprise risk management Develop cyber resilience being able to continue or resume operations in the aftermath of a breach Engage a specialist broker who is knowledgeable in cyber and can identify policies that align with your specific needs Understand policy terms, limits, and exclusions Not all cyber risk assessments are alike. Analyses performed under the title of cyber risk assessment can be designed for a range of important purposes. Objectives may include, for example, understanding the effectiveness of security controls; identifying weaknesses in operational processes; identifying training gaps. These types of assessment, while needed by the organization, do not typically quantify potential losses and their likelihood, which reduces their utility for making insurance decisions. Integrate cyber security with enterprise risk management. Business leaders recognize the impact that a cyber attack can have on the operations of the organization as well as on the bottom line. However, cyber security risk management often does not have a seat at the Enterprise Risk Management table. If an organization is ready to consider cyber insurance, it should do so in the broad risk management context that only exists at executive levels. Cyber insurance should be addresses at this level as an integral part of the overall management of cyber security risks. 2 Develop cyber resilience. Potential insureds should realize that the tradespace for defending against cyber attack is broader than just implementing protective measures. Detection, Response, and Recovery are key because cyber defenses can never be foolproof. 3 Resilience is the ability to continue or recover operations in the aftermath of a breach. By focusing on resilience, insureds can greatly improve their risk posture as well as the insurability of those risks. Thorough planning and preparedness efforts for post-breach actions can help control costs and hasten recovery in the usually chaotic post-breach environment. Engage a knowledgeable broker. Acquiring cyber insurance is an important enterprise move that should be done systematically. To identify the best policy options there is no substitute for the experience and knowledge of a qualified insurance broker. With an increasing number of carriers and expanding policy options, potential insureds should not go it alone. A knowledgeable broker can help in many ways, such as engineering risk, identifying coverage needs, researching and advising on policy choices, and negotiating with carriers for customized coverage. Many brokers also offer advisory and assistance services for the management of risk before a breach and for response and recovery afterwards, which can be very valuable for the insured. 2 See the Delta Risk Viewpoint, The Elephant in the ORM Room: Cyber Security and Operational Risk Management in Financial Services 3 The NIST Cybersecurity Framework published in 2015 by the National Institute of Standards and Technology (NIST) sets forth an organizing concept for cyber security consisting of five elements: Identify, Protect, Detect, Respond, Recover. This framework is useful for understanding security strengths and weaknesses, structuring investments, and communicating risk posture internally and externally. Page 5
8 Understand policy terms and exclusions. As with any insurance, cyber insurance policies contain limitations and exclusions that could present unexpected gaps in coverage. Terms and exclusions can vary widely but are of particular importance in cyber insurance because its newness and uncertainties drive carriers to pay extra attention to managing their exposure. Example exclusions include: Data breaches at third-parties. Many enterprises today have extensive network connections with business partners, vendors, suppliers, and others such as cloud service providers and business application hosting services. Are breaches of the insured s data at these entities covered? Geographic limitations. Cyberspace may be borderless in concept, but systems and data reside in physical locations. Is the insured s data covered when it is located or processed in a different country or legal jurisdiction? Retroactive coverage. Many breaches today are not discovered for days, weeks, or months after the actual occurrence. If a pre-existing breach is discovered after a policy is written, is it covered? Ongoing risk management requirements. Policies may specify certain requirements for the maintenance of an acceptable risk posture throughout the period of insurance coverage. Is there a standard-of-due-care requirement that must be met to keep the policy active and how is it measured? Insureds should work with their brokers and legal counsel to understand exclusions and ensure they have the coverage they need. Insurance Brokers. Brokers assist clients not only with the selection of insurance but frequently offer a wide range of related services to help clients manage risks. Brokers also play a key role in advancing insurance as a cyber risk management tool. Insurance brokers should: Increase depth of in-house cyber security expertise. Both cyber risks and cyber insurance are here to stay. Deep knowledge of the challenges and issues in cyber security, the needs of clients, and major trends in the field will enable the broker to provide better and more differentiated service. Provide advisory services to help clients understand, engineer, and manage their cyber risks. Those brokers who already provide advisory services should consider expanding them to help clients with cyber security risk management. Most organizations have difficulty dealing with cyber security as the What Brokers Should Do Increase depth of in-house cyber security expertise Provide advisory services to help clients understand, engineer, and manage their cyber risks Find efficient ways to continuously or regularly measure enterprise cyber risk enterprise risk it is, often seeing it strictly as an IT problem and missing its potential strategic impacts. Considering cyber in an insurance context with the assistance of a knowledgeable broker can help organizations to internalize cyber s enterprise-level implications. Find efficient ways to continuously or regularly measure enterprise cyber risk. Measuring an organization s cyber risk posture so that it can be tightly managed is something that virtually all organizations struggle with today. Cyber security at the enterprise level is complex, multi-faceted, highly dynamic, and difficult to measure. Yet it is in everyone s interest to have the means to continuously monitor risk posture in an automated, repeatable, and dependable manner. This desired state will only be achieved through evolutionary development, and brokers who have cyber expertise are in a strong position to help this evolution along. Page 6
9 Insurance Carriers. Cyber insurance today is a profitable and growing line of business for many carriers. The challenge is to continue and expand this success. Actuarial data accumulates in tandem with market experience with product performance. Carriers should: Continue to innovate. The cyber insurance market is rife with innovation as carriers compete for market share in this new domain. Key areas where innovation can differentiate a carrier include efficiently measuring risk exposure and quality of security controls, defining boundaries of coverage and price point, and refinement of actuarial models. Over time the industry will amass incident data and claims history that will help them evaluate product performance and refine approaches. In the long run more standardization of the cyber security insurance lexicon, policies, and claims practices will emerge, but for the near term innovation will drive the industry. What Insurance Carriers Should Do Examine underwriting and claims management and experiment with innovative products Increase the depth of cyber expertise in the underwriting field Follow industry trends in regulatory compliance for cyber and tailor products to be compatible with these mandates Find efficient ways to continuously or regularly measure enterprise cyber risk Increase the depth of cyber expertise in the underwriting field. Underwriters have deep understanding of risk and are uniquely skilled in data analytics. They know their business. Nonetheless, while cyber security has many similarities to other risk areas, it has some unique features that may call for the use of different statistical analysis techniques. For example, in cyber a single attack could affect a large number of insureds simultaneously. Or a client s risk exposure could change dramatically due to routine network or personnel changes. Or a new threat could appear that increases the insurer s exposure unexpectedly. Or threats could be negated in one enterprise because another enterprise shared threat intelligence data. Actuaries and claims management personnel would benefit from having people with current expertise in cyber security operations as integral members of the team or readily available. Follow regulatory trends. The trend across all industry sectors is towards increasing regulatory requirements for cyber security. Without doubt, regulatory requirements drive priorities and risk management approaches in the affected industry sectors. For industries that are not directly regulated, the Federal Trade Commission has recently assumed an oversight role, and has initiated lawsuits against companies for inadequate cyber security controls. Such actions have been taken pursuant to FTC s authority to police unfair trade practices. These factors and the broader trends they are part of directly inform insurance, both in the design of policies and in the management of claims. Work on finding solutions that continually or regularly evaluate risk exposure. Today s methods of evaluating risk exposure are clumsy and slow when compared with the rates of change in the highly dynamic cyber environment. Developing and widely deploying solutions for the continuous monitoring of cyber security controls is recognized as a grand challenge within the cyber security community. Achieving it would be a boon for enterprises of all kinds as well as their insurers because ideally it would enable risk management to keep pace with the changing risk conditions that are intrinsic to cyberspace. Cyber Security Professionals. Cyber security professionals, whether in industry, professional services, government, or academia, should accept a share of the cyber insurance challenge and become part of the solution. Though not usually thought of in this way by today s cyber security practitioners, cyber insurance is just as much a part of the cyber security field as are traditional topics such as encryption, vulnerability management, access control, and intrusion detection. Cyber security professionals should: Learn about cyber insurance. Cyber people should become knowledgeable and help those in the insurance industry understand what makes an enterprise secure and how security can be efficiently measured. Page 7
10 Understand how insurance can help manage cyber risks and learn to speak the language of enterprise risk and to engage at senior levels on these topics. Advise executive leadership on cyber risk management. Be able to advise clients on the options for transferring risk. Business leaders are realizing that cyber security is a top-level business concern that requires a whole-company approach. While the business leaders are frequently not well versed in cyber security, cyber security professionals often do not have a sufficient understanding of the priorities and decision models of the organization s leadership. And cyber people often do not speak the language of business leaders. This communications gap works against the effective management of cyber security. Engage with brokers and carriers. Advance the understanding of cyber security among insurance brokers and carriers through publications, presentations, deliberate consultative initiatives, and other dialog. Take every opportunity to learn from brokers and carriers about how they view risk. Learn from brokers how the engineering of risk can be applied to cyber. Tailor risk assessments and other enterprise diagnostic assessments to be meaningful in an underwriting context. In particular, devise new ways of reliably identifying the probability of cyber events and the potential financial cost (impact) they would yield. A caution for professional services firms Providers of cyber security professional services should be aware that all 50 states require those who accept a commission, service fee, or other valuable consideration for selling, soliciting, or negotiating insurance to be licensed. Those providing advisory services related to cyber insurance must understand and respect these boundaries. Remaining Challenges Among the major long-term challenges to normalizing cyber insurance are three related issues. These issues have serious implications for the future of cyber insurance. Accumulation risk and cyber catastrophe What Cyber Security Professionals Should Do Become knowledgeable in cyber insurance its capability and limitations and understand how it can serve as a tool for the enterprise management of cyber risk Advise executive leadership (C-Suite, CSO, CRO, GC, etc) on the management of cyber risks Engage with the insurance industry (brokers and carriers) and help them understand what the cyber professional community can offer Cyberspace presents a type of risk that commands attention from insurers: those occurrences that could affect a large number of insureds simultaneously. This is called accumulation risk and might theoretically present a shock loss for insurance carriers a loss that is so significant as to have a material impact on the profitability of an underwriter. Hypothetical examples include: A widespread botnet-driven distributed denial of service attack, which could put a large number of insureds offline for an extended period of time A zero-day exploit against a widely deployed operating system or key business application A systemic attack on a cloud provider that affects a large portion of its customer base The potential for such a catastrophic event and its actual dimensions can be postulated and simulated, but that still leaves much uncertainty. The basic approach that the insurance industry takes to the possibility of shock losses is reinsurance, but the unknowns in cyber complicate this solution as well. Page 8
11 Reinsurance Reinsurance is insurance for the insurer a risk management approach in which a carrier purchases insurance from another carrier to reduce its large portfolio risks. Reinsurance is starting to become a part of the cyber insurance landscape and is expected to emerge as a major component of cyber insurance in the long term. Reinsurers are currently cautious because of the unknowns associated with accumulation risk in cyber. Additionally, the wide variety of policy constructs, terminology, and exclusions in policies currently being issued makes understanding the boundaries of what they are covering quite challenging as these policies are aggregated. Both factors represent risk to the reinsurer. Government role in cyber insurance Some of the aspects of cyberspace indicate a potential need for a government role in cyber insurance. A majority of the most serious cyber attacks today are perpetrated by organized groups, either militaries, intelligence services, organized crime syndicates, hacktivist collectives, or even terrorists. Many cyber attacks originate or transit other countries, where attackers can exploit jurisdictional boundaries and gaps and inconsistencies in international legal frameworks. The boundary between industrial espionage conducted by a military intelligence service of another country and foreign aggression against the United States is not very clear. A cyber attack on a component of U.S. critical infrastructure by a foreign power could be considered an act of war. In these extreme but not far-fetched cases, it may be reasonable to expect the government to play an active role in defending against the cyber attack. Where does this leave insurers? The government already plays the role of insurer of last resort when risks go beyond what the private sector insurance industry can reasonably insure. Examples include flood insurance, terrorism insurance, and certain categories of mortgage insurance. Ultimately the question becomes, what is the role of government in cyber security? 4 Key Takeaways Cyber insurance will be increasingly prominent for managing the ever-present risks of operating in cyberspace. Cyber insurance is offered by many carriers and, at $2 billion in annual premiums, the sector is growing rapidly. There are impediments to this growth, however, the most significant being the limited actuarial data available on which underwriters depend. Four communities, insureds, brokers, carriers, and cyber security professionals all have different but interdependent roles to play in applying insurance to cyber risk. Recommendations for each are summarized in the accompanying table. Delta Risk can help Understanding cyber threats, exposures, mitigation strategies, and risk management are fundamental needs for any organization that operates in cyberspace today. If your organization is faced with managing challenging cyber risks, Delta Risk may be able to help. With our independent and objective focus on cyber strategy, policy, and operations, we can help you think through the ideas presented in this Viewpoint as they apply to your organization, understand and prioritize your cyber challenges, and devise and implement tailored approaches to address them. 4 See the Delta Risk Viewpoint, 50 Years to Daylight: The future of information security Page 9
12 Summary of Recommendations Understand cyber risk and exposure Potential Insureds Integrate cyber security with enterprise risk management Develop cyber resilience being able to continue or resume operations in the aftermath of a breach Engage a specialist broker who is knowledgeable in cyber and can identify policies that align with your specific needs Understand policy terms, limits, and exclusions Insurance Brokers Increase depth of in-house cyber security expertise Provide advisory services to help clients understand, engineer, and manage their cyber risks Find efficient ways to continuously or regularly measure enterprise cyber risk Insurance Carriers Examine underwriting and claims management and experiment with innovative products Increase the depth of cyber expertise in the underwriting field Follow industry trends in regulatory compliance for cyber and tailor products to be compatible with these mandates Find efficient ways to continuously or regularly measure enterprise cyber risk Cyber Security Professionals Become knowledgeable in cyber insurance its capability and limitations and understand how it can serve as a tool for the enterprise management of cyber risk Advise executive leadership (C-Suite, CSO, CRO, GC, etc) on the management of cyber risks Engage with the insurance industry (brokers and carriers) and help them understand what the cyber professional community can offer Page 10
13 Contact Information To discuss these ideas please contact us at Delta Risk offices: San Antonio, Texas 106 St. Mary's Street, Suite 428 San Antonio, TX Washington, DC 4600 N Fairfax Dr., Suite 906 Arlington, VA
Cyber Security and the Board of Directors
Helping clients build operational capability in cyber security. A DELTA RISK VIEWPOINT Cyber Security and the Board of Directors An essential responsibility in financial services About Delta Risk is a
More informationThe promise and pitfalls of cyber insurance January 2016
www.pwc.com/us/insurance The promise and pitfalls of cyber insurance January 2016 2 top issues The promise and pitfalls of cyber insurance Cyber insurance is a potentially huge but still largely untapped
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationINFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT. October 2013. Sponsored by:
2013 INFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT & October 2013 & INFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT: The Third Annual Survey on the Current State of and Trends in Information
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationCybersecurity: Mission integration to protect your assets
Cybersecurity: Mission integration to protect your assets C Y B E R S O L U T I O N S P O L I C Y O P E R AT I O N S P E O P L E T E C H N O L O G Y M A N A G E M E N T Ready for what s next Cyber solutions
More informationWHITE PAPER BREACH, PRIVACY, AND CYBER COVERAGES: FACT AND FICTION CYBER COVERAGES
BREACH, PRIVACY, AND CYBER COVERAGES: FACT AND FICTION IDT911 1 DEFINITIONS 1. Cyber Programs - Focuses on services and systems related to technology and their use in business. Risks addressed include
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationCyber Risks in Italian market
Cyber Risks in Italian market Milano, 01.10.2014 Forum Ri&Assicurativo Gianmarco Capannini Agenda 1 Cyber Risk - USA 2 Cyber Risk Europe experience trends Market size and trends Market size and trends
More informationAirmic review of the supply chain insurance market Review of recent developments in the supply chain insurance market
REPORT Airmic review of the supply chain insurance market Review of recent developments in the supply chain insurance market 1. Executive summary Increasingly complex supply chains, together with greater
More informationWritten Testimony of Michael Menapace. Sen. Jerry Moran, Sen. Blumenthal, and other members of the Subcommittee -
Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security Hearing entitled Examining the Evolving Cyber Insurance Marketplace. Thursday, March 19, 2015 Written Testimony of Michael
More informationCYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY
CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY October 2015 CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY Global reinsurer PartnerRe has once again collaborated with Advisen to conduct a comprehensive
More informationImproving Cyber Security Risk Management through Collaboration
CTO Corner April 2014 Improving Cyber Security Risk Management through Collaboration Dan Schutzer, Senior Technology Consultant, BITS Back in March 2013, I wrote a CTO Corner on Operational and Cyber Risk
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationDefending yesterday. Financial Services. Key findings from The Global State of Information Security Survey 2014
www.pwc.com/security Defending yesterday While organizations have made significant security improvements, they have not kept pace with today s determined adversaries. As a result, many rely on yesterday
More informationIncentives and barriers for the cyber insurance market in Europe
Incentives and barriers for the cyber insurance market in Europe Dr. Konstantinos MOULINOS ENISA 1 Agenda o A few words about ENISA o State of play - Why cyber insurance is needed? o Barriers - challenges?
More informationCyber Security Evolved
Cyber Security Evolved Aware Cyber threats are many, varied and always evolving Being aware is knowing what is going on so you can figure out what to do. The challenge is to know which cyber threats are
More informationCYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY. October 2014. Sponsored by:
CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY October 2014 CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY Global reinsurer PartnerRe collaborated with Advisen to conduct a comprehensive market survey
More informationManaging IT Security with Penetration Testing
Managing IT Security with Penetration Testing Introduction Adequately protecting an organization s information assets is a business imperative one that requires a comprehensive, structured approach to
More informationDistributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015
Distributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015 Today s Agenda What are we talking about today? What is Risk Evolution of risk management Understand the importance of Risk
More informationDon t Wait Until It s Too Late: Top 10 Recommendations for Negotiating Your Cyber Insurance Policy
Privacy, Data Security & Information Use Insurance Recovery & Advisory Cyber Insurance June 17, 2015 Don t Wait Until It s Too Late: Top 10 Recommendations for Negotiating Your Cyber Insurance Policy By
More informationCyber Risk: Global Warning? by Cinzia Altomare, Gen Re
Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in
More informationLaw Firms and Cyber Security
Helping clients build operational capability in cyber security. A DELTA RISK VIEWPOINT Law Firms and Cyber Security A hacker s dream and a lawyer s nightmare About Delta Risk is a global provider of strategic
More informationCYBER SECURITY Audit, Test & Compliance
www.thalescyberassurance.com CYBER SECURITY Audit, Test & Compliance 02 The Threat 03 About Thales 03 Our Approach 04 Cyber Consulting 05 Vulnerability Assessment 06 Penetration Testing 07 Holistic Audit
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More informationInsurance implications for Cyber Threats
Lillehammer Energy Claims Conference Lillehammer March 7, 2014 Insurance implications for Cyber Threats How enterprises need to prepare for the inevitable JLT is one of the world s largest providers of
More informationCyber-Security. FAS Annual Conference September 12, 2014
Cyber-Security FAS Annual Conference September 12, 2014 Maysar Al-Samadi Vice President, Professional Standards IIROC Cyber-Security IIROC Rule 17.16 BCP The regulatory landscape Canadian Government policy
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationSenate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace
Senate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace Testimony of Ben Beeson Vice President, Cyber Security and Privacy Lockton
More informationCYBER & PRIVACY LIABILITY INSURANCE GUIDE
CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,
More informationCyber Insurance Presentation
Cyber Insurance Presentation Presentation Outline Introduction General overview of Insurance About us Cyber loss statistics Cyber Insurance product coverage Loss examples Q & A About Us A- Rated reinsurance
More informationCyber Insurance as one element of the Cyber risk management strategy
Cyber Insurance as one element of the Cyber risk management strategy Stéphane Hurtaud Partner Governance, Risk & Compliance Thierry Flamand Partner Insurance Leader Laurent de la Vaissière Director Governance,
More informationHit ratios are still very low for Security & Privacy coverage: What are companies waiting for?
Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations
More informationDATA BREACH COVERAGE
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000
More informationCybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015
Cybersecurity: Considerations for Internal Audit IIA Atlanta Chapter Meeting January 9, 2015 Agenda Key Risks Incorporating Internal Audit Resources for Internal Auditors Questions 2 Key Risks 3 4 Key
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationTestimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies
Marsh & McLennan Companies, Inc. 1166 Avenue of the Americas New York, NY 10036 +1 212 345 5000 Fax +1 212 345 4808 Testimony of PETER J. BESHAR Executive Vice President and General Counsel Marsh & McLennan
More informationWHITE PAPER. Attack the Attacker HOW A MANAGED SECURITY SERVICE IMPROVES EFFICIENCY AND SAVES COST
WHITE PAPER Attack the Attacker HOW A MANAGED SECURITY SERVICE IMPROVES EFFICIENCY AND SAVES COST Table of Contents THE SECURITY MAZE... 3 THE CHALLENGE... 4 THE IMPORTANCE OF MONITORING.... 6 RAPID INCIDENT
More informationJanuary IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director
January IIA / ISACA Joint Meeting Pre-meeting Cybersecurity Update for Internal Auditors Matt Wilson, Risk Assurance Director Introduction and agenda Themes from The Global State of Information Security
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationCyber Insurance: How to Investigate the Right Coverage for Your Company
6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationCYBER SECURITY SPECIALREPORT
CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationVulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War
Vulnerability Risk Management 2.0 Best Practices for Managing Risk in the New Digital War In 2015, 17 new security vulnerabilities are identified every day. One nearly every 90 minutes. This consistent
More informationSOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT)
INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT THE FIFTH ANNUAL SURVEY ON THE CURRENT STATE OF AND TRENDS IN INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT Sponsored by October 2015
More informationStay ahead of insiderthreats with predictive,intelligent security
Stay ahead of insiderthreats with predictive,intelligent security Sarah Cucuz sarah.cucuz@spyders.ca IBM Security White Paper Executive Summary Stay ahead of insider threats with predictive, intelligent
More informationBest Practices in ICS Security for System Operators. A Wurldtech White Paper
Best Practices in ICS Security for System Operators A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationHearing before the House Permanent Select Committee on Intelligence. Homeland Security and Intelligence: Next Steps in Evolving the Mission
Hearing before the House Permanent Select Committee on Intelligence Homeland Security and Intelligence: Next Steps in Evolving the Mission 18 January 2012 American expectations of how their government
More informationCyber-Insurance Metrics and Impact on Cyber-Security
Cyber-Insurance Metrics and Impact on Cyber-Security Sometimes we can... be a little bit more vigorous in using market-based incentives, working with the insurance industry, for example... DHS Secretary
More informationCybersecurity. Considerations for the audit committee
Cybersecurity Considerations for the audit committee Insights on November 2012 governance, risk and compliance Fighting to close the gap Ernst & Young s 2012 Global Information Security Survey 2012 Global
More informationLessons from Defending Cyberspace
Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat
More informationGLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation
GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000 Issue Chair: Issue Sherpa: Dick Brown CEO EDS Corporation Bill Poulos EDS Corporation Tel: (202) 637-6708
More informationPrivacy and Data Breach Protection Modular application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationISO? ISO? ISO? LTD ISO?
Property NetProtect 360 SM and NetProtect Essential SM Which one is right for your client? Do your clients Use e-mail? Rely on networks, computers and electronic data to conduct business? Browse the Internet
More informationPrivacy Insurance. Avoiding the HMO Experience. cyber. More Differences. By Toby Merrill
Privacy Insurance Avoiding the HMO Experience By Toby Merrill Privacy, as it relates to an individual s personally identifiable information, such as Social Security numbers, credit card and healthcare
More informationBe Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance
Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance Today s agenda Introductions Cyber exposure overview Cyber insurance market and coverages Captive cyber insurance
More information20+ At risk and unready in an interconnected world
At risk and unready in an interconnected world Key findings from The Global State of Information Security Survey 2015 Cyber attacks against power and utilities organizations have transitioned from theoretical
More informationBUSINESS CONTINUITY PLANNING
Policy 8.3.2 Business Responsible Party: President s Office BUSINESS CONTINUITY PLANNING Overview The UT Health Science Center at San Antonio (Health Science Center) is committed to its employees, students,
More informationCYBER RISK SECURITY, NETWORK & PRIVACY
CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread
More informationGEARS Cyber-Security Services
Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments
More informationfs viewpoint www.pwc.com/fsi
fs viewpoint www.pwc.com/fsi June 2013 02 11 16 21 24 Point of view Competitive intelligence A framework for response How PwC can help Appendix It takes two to tango: Managing technology risk is now a
More informationSpecialty Risk Protector
Specialty Professional Liability and Data and Network Security Insurance is a single policy that makes it easy for companies to secure the multi-faceted E&O protection our networked world requires. A simplified,
More informationCORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT
CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT How advancements in automated security testing software empower organizations to continuously measure information
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationManaging Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal
Managing Cyber Threats Risk Management & Insurance Solutions Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal Overview Recent Trends and Loss Exposures Risk Management Strategies
More informationCyber-insurance: Understanding Your Risks
Cyber-insurance: Understanding Your Risks Cyber-insurance represents a complete paradigm shift. The assessment of real risks becomes a critical part of the analysis. This article will seek to provide some
More informationAon Risk Solutions Global Risk Consulting Captive & Insurance Management. Cyber risk and the captive market - a match made in the cloud?
Aon Risk Solutions Global Risk Consulting Captive & Insurance Management Cyber risk and the captive market - a match made in the cloud? With increasing news coverage of cyber-attacks and despite indications
More informationDeveloping National Frameworks & Engaging the Private Sector
www.pwc.com Developing National Frameworks & Engaging the Private Sector Focus on Information/Cyber Security Risk Management American Red Cross Disaster Preparedness Summit Chicago, IL September 19, 2012
More informationWorldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares
EXCERPT Worldwide Security and Vulnerability Management 2009 2013 Forecast and 2008 Vendor Shares IN THIS EXCERPT Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015
More informationAPIP - Cyber Liability Insurance Coverages, Limits, and FAQ
APIP - Cyber Liability Insurance Coverages, Limits, and FAQ The state of Washington purchases property insurance from Alliant Insurance Services through the Alliant Property Insurance Program (APIP). APIP
More informationCYBER AND PRIVACY INSURANCE: LOSS MITIGATION SERVICES
CYBER AND PRIVACY INSURANCE: LOSS MITIGATION SERVICES How can you better prepare and respond to cyber risks? ACE developed Loss Mitigation Services to help policyholders understand and gauge various areas
More informationBest practices and insight to protect your firm today against tomorrow s cybersecurity breach
Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently
More informationwww.pwc.com Developing a robust cyber security governance framework 16 April 2015
www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationAdventures in Insurance Land: Weaknesses in Risk Pricing & Alternatives
Adventures in Insurance Land: Weaknesses in Risk Pricing & Alternatives SESSION ID: GRC-W01 Tim West Senior Consultant Accuvant Advisory Services @west_tim Jamie Gamble Principal Consultant Accuvant LABS
More informationDeriving Value from ORSA. Board Perspective
Deriving Value from ORSA Board Perspective April 2015 1 This paper has been produced by the Joint Own Risk Solvency Assessment (ORSA) Subcommittee of the Insurance Regulation Committee and the Enterprise
More informationCyber security: Are consumer companies up to the challenge?
Cyber security: Are consumer companies up to the challenge? 1 Cyber security: Are consumer companies up to the challenge? A survey of webcast participants kpmg.com 1 Cyber security: Are consumer companies
More informationOctober 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches
October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationHow To Buy Cyber Insurance
10-26-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationIndustrial Cyber Security Risk Manager. Proactively Monitor, Measure and Manage Cyber Security Risk
Industrial Cyber Security Risk Manager Proactively Monitor, Measure and Manage Cyber Security Risk With Today s Cyber Threats, How Secure is Your Control System? Today, industrial organizations are faced
More informationSupplemental Tool: Executing A Critical Infrastructure Risk Management Approach
Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach Executing a Critical Infrastructure Risk Management Approach Risk is defined as the potential for an unwanted outcome resulting
More informationCyberprivacy and Cybersecurity for Health Data
Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationRisks and uncertainties
Risks and uncertainties Our risk management approach We have a well-established risk management methodology which we use throughout the business to allow us to identify and manage the principal risks that
More informationNavigating Cyber Risk Exposure and Insurance. Stephen Wares EMEA Cyber Risk Practice Leader Marsh
Navigating Cyber Risk Exposure and Insurance Stephen Wares EMEA Cyber Risk Practice Leader Marsh Presentation Format Four Key Questions How important is cyber risk and how should we view the cyber threat?
More information2 Gabi Siboni, 1 Senior Research Fellow and Director,
Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,
More informationAPICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES
APICS INSIGHTS AND INNOVATIONS SUPPLY CHAIN RISK CHALLENGES AND PRACTICES APICS INSIGHTS AND INNOVATIONS ABOUT THIS REPORT This report examines the role that supply chain risk management plays in organizations
More informationThe Changing IT Risk Landscape Understanding and managing existing and emerging risks
The Changing IT Risk Landscape Understanding and managing existing and emerging risks IIA @ Noon Kareem Sadek Senior Manager, Deloitte Canada Chris Close Senior Manager, Deloitte Canada December 2, 2015
More informationCLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY
CLOSING THE DOOR TO CYBER ATTACKS HOW ENTERPRISES CAN IMPLEMENT COMPREHENSIVE INFORMATION SECURITY CLOSING THE DOOR TO CYBER ATTACKS Cybersecurity and information security have become key challenges for
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationBest Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper
Best Practices in ICS Security for Device Manufacturers A Wurldtech White Paper No part of this document may be distributed, reproduced or posted without the express written permission of Wurldtech Security
More informationC ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY
CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUP Information
More information