Cyber Risks Connect With Directors and Officers
|
|
- Grace O’Brien’
- 8 years ago
- Views:
Transcription
1 Cyber Risks Connect With Directors and Officers Implications of the New SEC Guidance on Cyber Security February 2012 Lockton Companies, LLC The Securities and Exchange Commission (SEC) has changed the cyber security playing field for directors and officers. No less than the Chairman of the U.S. Senate s Commerce Committee has said that the new guidance issued by the SEC fundamentally changes the way companies will address cyber security in the 21st century. He is right! For the past five years, IT security, privacy legal professionals, and internal audit have focused on direct and indirect cyber risks. At Lockton, we have seen increasing inquiries from insurance and risk management professionals for advice and insurance. The SEC s guidance will now require company directors and officers to pay increased attention, too. EMILY FREEMAN Executive Director Technology and Media Risks emily.freeman@uk.lockton.com WILLIAM BOECK Senior Vice President Insurance & Claims Counsel wboeck@lockton.com CHRIS McBEE Senior Vice President Financial Services Unit Manager cmcbee@lockton.com If the business such as a financial institution, retailer, or healthcare provider requires the collection and use of personal financial or healthcare information, many senior executives are already aware of the liability, brand, and financial costs of data breaches. But are cyber risks just the concern of companies that deal directly with the consumer? The SEC guidance issued in October 2011 paints a different picture, or perhaps a target, on the board of directors. It makes the boards of directors of publicly traded companies responsible for L O C K T O N C O M P A N I E S, L L C
2 assessing their company s exposure to cyber risks, the procedures they take, and costs they incur in preventing cyber incidents. Companies must disclose this information to investors. The guidance is detailed about what needs to be disclosed. The list is long. The guidance does not impose a new legal requirement, but that does not minimize its impact. The disclosure guidance issued on October 13, 2011 (the Disclosure Guidance), by the Division of Corporation Finance of the Securities and Exchange Commission (SEC) can be found here. 1 In a world where cyber events are increasingly common, shareholders and the lawyers who represent them will be assessing whether disclosures are adequate in their view. When a company experiences a cyber event, its directors and officers may well find themselves in shareholder lawsuits that seek to impose liability for breaches of fiduciary duties, to assure that the company is adequately prepared for such an event, and to disclose the risks of such events to investors. The SEC s guidance arguably creates a road map for aggrieved shareholders, and the disclosures will create significant risks for directors and officers. So what impact does it have on board governance? And is this expanding our notion of cyber risks beyond consumer-facing companies? The Congressional Impetus Behind the Guidance Although the Department of Homeland Security has departmental focus and executive support for improving cyber security of U.S. critical infrastructure industries, the SEC guidance is driven by congressional concerns. The disclosure guidance follows in the wake of a letter in May 2011 to the SEC from five members of the Senate, including John D. Rockefeller IV, Chairman of the U.S. Senate Committee on Commerce, Science, and Transportation. That letter expressed concern that a substantial number of companies do not report their information security risk to investors, and that once a material network breach has occurred, leaders of publicly traded companies may not fully understand their affirmative obligation to disclose information... As a result, the Senators requested that the SEC publish interpretative guidance clarifying existing disclosure requirements pertaining to information security risk... This letter was the culmination of a 15-month investigation by the U.S. Senate Commerce Committee, kicked off by a question, Should the SEC issue a regulation requiring companies to disclose breaches; why or why not? The investigation examined what companies were or not reporting, what the SEC role is or could be, and could there be a positive impact not only on the cyber security of companies, but on the U.S. as a whole? It is relatively easy for investors to see major public operational disruptions from customer data breaches. 2
3 February 2012 Lockton Companies, LLC The well-publicized breaches involving T.J. Maxx and the Sony PlayStation are good examples. Class action lawsuits, notification of data breaches to customers, and privacy regulatory investigations are also public events. The Commerce Committee s investigation focused on something more difficult to see. How can companies or investors measure or even discover the theft or unauthorized disclosure of corporate sensitive data, research and development, scientific studies, and trade secrets? If a company s market capitalization and revenues are based upon its know-how, intellectual capital, and research, what would the company be worth if it were the victim of hackers or industrial espionage by person or governments? Do investors understand the security environment of the companies they invest in? The investigation and subsequent SEC disclosure guidance is directed at protecting investors and encouraging companies to assess their risks and their impact on company operations, liquidity, and financial condition. Insurance was also considered as well in the investigation and in the subsequent SEC guidance as a potential risk transfer benefit to companies. Key Elements of the SEC Guidance The guidance identifies cyber risks and incidents as potential material information to be disclosed under existing securities law disclosure requirements and accounting standards. While the disclosure guidance states it represents the views of the Division of Corporation Finance and is not a rule, regulation or statement of the Securities and Exchange Commission, companies can now expect the SEC to review their filings to see whether cyber risks and incidents are adequately disclosed. The disclosure guidance identifies factors for companies to consider in determining if they have a cyber security risk that should be disclosed under existing requirements. The company should review its: Prior cyber incidents. Business operations and outsourced functions that have material cyber risks. Potential costs and consequences of cyber risks. Relevant insurance coverage purchased by the company to address its exposures. The guidance is detailed about what needs to be disclosed. The list is long. 3
4 The SEC s guidance arguably creates a road map for aggrieved shareholders, and the disclosures will create significant risks for directors and officers. Risk Factor Disclosure The SEC s guidance says that the overall standard that companies should use is if such risk is among the most significant factors that would make an investment in the company speculative or risky. The disclosure guidance identifies factors companies should take into account in determining whether disclosure should be made, including: Prior cyber incidents (including their frequency and severity). Probability of cyber incidents occurring and their potential magnitude (customer data breaches but also industrial espionage, data corruption, or operational disruption). Adequacy of preventive actions taken to reduce cyber risks. The guidance is sensitive that disclosure requirements not become a road map to assist hackers or outside perpetrators and that disclosures not contain potential compromising information of that nature. Rather, it provides a list of disclosure examples in the event that disclosure to investors is necessary: Aspects of the company s operations or business that give rise to material cyber security risks, potential costs of such, and consequences. Outsourcing functions that have material cyber security risks and how the company addresses such. Identification of risks related to cyber incidents that may remain undetected for a long time. Relevant insurance coverage. Examples of other disclosures discussed in the disclosure guidance that may be required include: Material pending lawsuits or regulatory investigations involving a cyber incident. Major costs incurred to prevent a cyber attack Costs incurred in mitigation of damages following a cyber incident, such as brand incentives offered to customers to maintain business relationships (e.g., free services or products). Disclosure of losses that are probable and reasonably estimable, or even reasonably possible following a cyber attack (e.g., losses related to warranties, breach of contract, product recall and replacement, and indemnification of counterparty losses from remediation efforts). The disclosure guidance also states that cyber security risks and incidents should be addressed in Management s Discussion and Analysis of Financial Condition and Results of Operations if the costs or other consequences associated with one or more known incidents or the risk of potential incidents represent: A material event. A trend. Uncertainty that is reasonably likely to have a material effect on the registrant s results of operations, liquidity, or financial condition or would cause reported financial information not to be necessarily indicative of future operating results or financial condition. 4
5 February 2012 Lockton Companies, LLC Risk Message to the Board The SEC guidance is not the last word, but a trend of law and regulation worldwide that requires the board of directors and senior executives to manage cyber risks at the enterprise level with resources and commitment. On our current radar is the bill pending in Congress regarding cyber security of critical U.S. infrastructure industries as well as the proposed new EU data protection regulations. Lack of senior management and board involvement and transparency will not be a successful strategy for companies on this issue. The circle has been closed between the company, its cyber risks, and investors. Companies that have not focused on cyber security exposures and the financial ramifications of possible losses to themselves and their directors and officers must do so now, not at some indefinite date in the future. Although the focus of the SEC is publicly traded companies, private companies can face claims from their investors as well. The guidance creates a balancing act between disclosures of risk to investors vs. the possibility that disclosure could compromise security. Directors and officers are in a difficult position and could be held responsible for going too far in one direction or the other. It is unclear whether compliance with the SEC guidance will provide directors and officers with a defense in shareholder derivative litigation. However, failure to follow it at all will certainly be adverse to defenses against such action. Insurance for cyber risks can no longer be safely viewed as an optional purchase when a company has the means to buy it. The guidance specifically focuses on financial risks, financial risk transfer, and the availability of insurance. It may lead shareholders to claim that directors and officers breached their fiduciary duty if they did not investigate and obtain coverage. It is also appropriate for risk professionals to consider the use of their captive to fund large policy retentions or insure aspects of cyber risks for which adequate insurance may not be available. Areas that may require more creative insurance solutions (combining various techniques of risk transfer) include loss of intellectual property and disruption of computer networks. Crossover to Director s and Officer s Liability Claims Shareholder rights groups and plaintiffs firms are already scrutinizing disclosures and public filings in light of every known data breach event and will consider filing shareholder class actions, breach of fiduciary duty claims, and/or derivative claims, whether the event affects the company s stock price or not. The bottom line is that we expect to see an increasing trend in D&O claims filed as a result of data breach events, failure of the board and senior management team to prevent breaches, and lack of adequate disclosure surrounding such events. D&O underwriters are fully aware of the guidance. Questions on cyber risk governance and cyber insurance risk insurance are now commonplace in D&O underwriting meetings. Examples of questions that may be asked by D&O underwriters include: Have you experienced a material breach event? 5
6 What was the outcome of such an event? Have you been the subject of regulatory investigations as a result of a cyber incident? What steps has the company taken to prevent potential incidents? How have you changed your public disclosures as a result of the new guidance? Has the board been briefed on cyber risk management and disclosure requirements? Do you purchase cyber risk insurance? Clearly, the SEC s new guidance has heightened the responsibility to analyze exposure to cyber threats and how future events are disclosed to the public. That responsibility has now been placed squarely in the boardroom. Practical Advice Review and amend risk factor disclosures in financial reporting documents; review disclosure controls and procedures in light of companyspecific cyber security risks. As a result of the new SEC guidance, public companies should carefully consider the magnitude and types of cyber security risks the company faces. Risk factors will differ among industries, and companies should in no way rely on boilerplate disclosures. Rather, the company should work with all necessary internal and external parties to evaluate and disclose risks appropriately. Establish a cross-functional risk committee approach. Cyber security is a cross-functional risk involving many disciplines, including information technology, risk management, legal, internal audit, procurement, finance, and operations. The SEC guidance will require better communication, risk analysis, meaningful projects, and interaction to improve controls. Risk management should play a significant role not only in the procurement of insurance, but in risk advice, analysis, and support, bringing all disciplines within the company together. Initiate a process to review cyber risk insurance risk transfer options. Risk managers, legal counsel, and others must make it a priority to educate the senior management team and the board so they understand the risk transfer options available, ranging from traditional insurance vehicles to the use of captive insurers. In addition, the management team and board should be briefed on breach response procedures and how the company will react in the event of a security breach, whether insurance is put in place or not. Prepare for a much deeper inquiry by D&O underwriters. As discussed previously, D&O underwriters will be asking more questions related to cyber risk breaches, disclosures, insurance, and breach response preparation. Traditionally, D&O insurers want to meet with risk management, legal, and financial officers such as the treasurer or chief financial officer. Given the heightened risk and the new guidance, it may be prudent and necessary to involve someone from information technology in D&O renewal meetings, especially if the company has actually experienced a security breach. 6
7 February 2012 Lockton Companies, LLC Describe cyber incidents or cyber breaches as they happen. If an incident occurs resulting in material costs or consequences (remediation costs, increased prevention efforts, or brand damage) that may indicate material future cyber security uncertainties, trends, or events, it must be disclosed and described in Management s Discussion and Analysis of Results of Operations. Disclosures in other sections of a company s financial reports (for example, Risk Factors or Legal Proceedings ) will likely be required as well. Significant attacks may even warrant current reporting on a Form 8-K notifying shareholders of a material event or a press release. Cyber security risks and events may impact a company s financial statements, and companies should discuss with their auditors costs for prevention, remediation, loss recognition and/or loss mitigation, and how they would be classified. These disclosures should occur in real time as they happen. Lockton Resources Lockton has been a leader in presenting cyber risks much the same way we do with D&O underwriting meetings, through investor-type briefings, rather than lengthy applications. Lockton s team of resources your Account Executive, Lockton Financial Services, and Lockton s Technology and Global Privacy Practice are here to help and support your cyber risk management efforts as well as provide custom D&O solutions in this ever-changing market. Footnote 1 Available at: About the Authors Emily Freeman Emily is an Executive Director and leads the Lockton Technology Risk Practice Group in London. Emily has been a pioneer in developing many cyberspace, technology, and professional service products. She is a frequent speaker and writer for professional publications regarding her areas of expertise. William Boeck Bill is Senior Vice President and Insurance & Claims Counsel with Lockton Financial Services and Lockton s Global Technology and Privacy Practice. Bill serves as Lockton s senior legal and claims resource worldwide on D&O, cyber risk, and other financial lines policies. He is an attorney with more than 25 years of experience handling insurance claims and creating policy wordings. Chris McBee Chris is a Senior Vice President and Financial Services Unit Manager for Lockton s Dallas office. He has more than 20 years of insurance industry experience focused on complex financial services programs for publicly traded or large private company programs, including D&O, professional liability, cyber risk, employment practices liability, fiduciary liability, alternative risk placements, and complex claims resolution. 7
8 Our Mission To be the worldwide value and service leader in insurance brokerage, employee benefits, and risk management Our Goal To be the best place to do business and to work Lockton, Inc. All rights reserved. Images 2012 Thinkstock. All rights reserved. g\white paper\freeman, boeck, mcbee\2012\cyber guidance.indd
IAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know
IAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know Moderator: Elaine Wolff, Partner Corporate Finance and Securities Practice, Jenner & Block Mary Ellen
More informationLexisNexis Emerging Issues Analysis
2012 Emerging Issues 6204 Research Solutions February 2012 Click here for more Emerging Issues Analyses related to this Area of Law. On October 13, 2011, the Division of Corporate Finance of the Securities
More informationIncreased Regulatory Focus on Cybersecurity Underscores Need for Public Companies to Review Cybersecurity-Related Disclosures
Increased Regulatory Focus on Cybersecurity Underscores Need for Public Companies to Review Cybersecurity-Related Disclosures March 11, 2014 I. RECENT FOCUS ON CYBERSECURITY As a result of recent highly-publicized
More informationProtecting Your Credit Union
Protecting Your Credit Union A More Strategic Approach Fall 2011 As a credit union, you are strategic in everything you do. Shouldn t your approach to risk/insurance be the same? Why do you buy directors
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies
More informationGus P. Coldebella (@g_co) Partner, Goodwin Procter LLP Former General Counsel, Dept. of Homeland Security. What are we going to talk about today?
Cyber Security Meets Corporate Securities: The SEC's Authority to Regulate Companies' Cyber Defenses and Corporate Directors' Fiduciary Responsibilities Gus P. Coldebella (@g_co) Partner, Goodwin Procter
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationMANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS
MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS RRD Donnelley SEC Hot Topics Institute May 21, 2014 1 MANAGING CYBERSECURITY RISK AND DISCLOSURE OBLIGATIONS Patrick J. Schultheis Partner Wilson
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationPosted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am
1 of 7 5/8/2014 7:34 PM Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am Editor s Note: David A. Katz is a partner at Wachtell, Lipton, Rosen & Katz specializing
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationProtecting Your Credit Union
Protecting Your Credit Union A More Strategic Approach 2013 As a credit union, you are strategic in everything you do. Shouldn t your approach to risk/insurance be the same? Why do you buy directors and
More informationLitigating Privacy, Data Breach and Cybersecurity Issues in 2014: The SEC View on Disclosure Obligations
Litigating Privacy, Data Breach and Cybersecurity Issues in 2014: The SEC View on Disclosure Obligations American Bar Association Section of Litigation Annual Conference 2014 Spring Program Scottsdale,
More informationSenate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace
Senate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace Testimony of Ben Beeson Vice President, Cyber Security and Privacy Lockton
More informationJoe A. Ramirez Catherine Crane
RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract
More informationCybersecurity y Managing g the Risks
Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking
More informationHOW DID NETWORK SECURITY AND PRIVACY ISSUES BECOME D&O EXPOSURES?
HOW DID NETWORK SECURITY AND PRIVACY ISSUES BECOME D&O EXPOSURES? MODERATOR: Richard J. Bortnick, Esq., Defense Attorney, Cozen O Connor PANELISTS: Anjali Das, MBA, Esq., Partner, Wilson Elser Moskowitz
More informationCyber Risk: Global Warning? by Cinzia Altomare, Gen Re
Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in
More informationCybersecurity Risk Factors: Five Tips to Consider When Any Public Company Might be The Next Target
10 February 2014 Practice Groups: Capital Markets Insurance Coverage The text of this article was first published by Law360 on February 10, 2014. Cybersecurity Risk Factors: Five Tips to Consider When
More informationCybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048
Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator
More informationCyber Liability & Data Breach Insurance Claims
Cyber Liability & Data Breach Insurance Claims A Study of Actual Payouts for Covered Data Breaches Mark Greisiger President NetDiligence June 2011 Last year, privacy breaches ran about 1-2 per week. This
More informationNetwork Security and Data Privacy Insurance for Physician Groups
Network Security and Data Privacy Insurance for Physician Groups February 2014 Lockton Companies While exposure to medical malpractice remains a principal risk MIKE EGAN, CPCU Senior Vice President Unit
More informationRISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION
RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION October 23, 2015 THREAT ENVIRONMENT Growing incentive for insiders to abuse access to sensitive data for financial gain Disgruntled current and former
More informationInsurance Considerations Related to Data Security and Breach in Outsourcing Agreements
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
More informationAnatomy of a Hotel Breach
Page 1 of 6 Anatomy of a Hotel Breach Written by Sandy B. Garfinkel Monday, 09 June 2014 15:22 Like 0 Tweet 0 0 Data breach incidents have dominated the news in 2014, and they are only becoming more frequent
More informationGoing Global Without Getting Entangled in the Foreign Corrupt Practices Act
Going Global Without Getting Entangled in the Foreign Corrupt Practices Act Risks and Insurance Solutions March 2013 Lockton Companies More than 95 percent of the world s consumers live outside the United
More informationOctober 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches
October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title
More informationSharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?
Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce Heiman K&L Gates September 10, 2015 Bruce.Heiman@klgates.com (202) 661-3935 Why share information? Prevention
More informationReducing Risk. Raising Expectations. CyberRisk and Professional Liability
Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today
More informationAPIP - Cyber Liability Insurance Coverages, Limits, and FAQ
APIP - Cyber Liability Insurance Coverages, Limits, and FAQ The state of Washington purchases property insurance from Alliant Insurance Services through the Alliant Property Insurance Program (APIP). APIP
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationSEC Convenes Cybersecurity Roundtable: Highlights Importance of Cybersecurity for Public Companies and Financial Market Participants
Corporate Finance and Securities Client Service Group Data Privacy and Security Team To: Our Clients and Friends April 4, 2014 SEC Convenes Cybersecurity Roundtable: Highlights Importance of Cybersecurity
More informationHit ratios are still very low for Security & Privacy coverage: What are companies waiting for?
Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations
More informationHow To Protect Your Cybersecurity From Cyber Incidents
SEC ENFORCEMENT The SEC s Two Primary Theories in Cybersecurity Enforcement Actions By Daniel F. Schubert, Jonathan G. Cedarbaum and Leah Schloss WilmerHale Cyber attacks are increasingly common and affect
More informationIDENTIFYING AND RESPONDING TO DATA BREACHES
IDENTIFYING AND RESPONDING TO DATA BREACHES Michael P. Hindelang Honigman Miller Schwartz and Cohn LLP October 14, 2015 Merit Security Summit DATA SECURITY RISKS, THREATS & REAL WORLD EXAMPLES OVERVIEW
More informationManaging Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal
Managing Cyber Threats Risk Management & Insurance Solutions Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal Overview Recent Trends and Loss Exposures Risk Management Strategies
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationBe Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance
Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance Today s agenda Introductions Cyber exposure overview Cyber insurance market and coverages Captive cyber insurance
More informationwww.bonddickinson.com Cyber Risks October 2014 2
www.bonddickinson.com Cyber Risks October 2014 2 Why this emerging sector matters Justin Tivey Legal Director T: +44(0)845 415 8128 E: justin.tivey The government estimates that the current cost of cyber-crime
More informationCyber Insurance Presentation
Cyber Insurance Presentation Presentation Outline Introduction General overview of Insurance About us Cyber loss statistics Cyber Insurance product coverage Loss examples Q & A About Us A- Rated reinsurance
More informationEmail Data Security. The dominant business communication tool
Email Data Security Jim Brashear General Counsel Zix Corporation Dallas Business Uses Email The dominant business communication tool Time spent on email exceeds time spent on all other communication tools
More informationOECD PROJECT ON CYBER RISK INSURANCE
OECD PROJECT ON CYBER RISK INSURANCE Introduction 1. Cyber risks pose a real threat to society and the economy, the recognition of which has been given increasingly wide media coverage in recent years.
More informationManaging Cyber Security as a Business Risk: Cyber Insurance in the Digital Age
Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013
More informationUnderstanding the Cyber Risk Insurance and Remediation Services Marketplace:
Understanding the Cyber Risk Insurance and Remediation Services Marketplace: A Report on the Experiences and Opinions of Middle Market CFOs September 2010 Betterley Risk Research Insight for the Insurance
More informationCybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015
Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas
More informationCyber-insurance: Understanding Your Risks
Cyber-insurance: Understanding Your Risks Cyber-insurance represents a complete paradigm shift. The assessment of real risks becomes a critical part of the analysis. This article will seek to provide some
More informationFINAL // FOR OFFICIAL USE ONLY. William Noonan
FINAL // FOR OFFICIAL USE ONLY William Noonan Deputy Special Agent in Charge United States Secret Service Criminal Investigative Division Cyber Operations Branch Prepared Testimony Before the United States
More informationWhat are you trying to secure against Cyber Attack?
Cybersecurity Legal Landscape Bonnie Harrington Executive Counsel EHS and Product Safety & Cybersecurity GE Energy Management Imagination at work. What are you trying to secure against Cyber Attack? Personally
More informationMultiple Drivers For Cyber Security Insurance
ANALYST BRIEF Multiple Drivers For Cyber Security Insurance EXPECTATIONS PLACED ON INSURANCE CARRIERS RISE WITH MARKET GROWTH Author Andrew Braunberg Overview There has been considerable good news for
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report
More informationProtecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks
Protecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks Hacks, breaches, stolen data, trade secrets hijacked, privacy violated, ransom demands made; how can you protect your data
More informationTHE C/EO PERSPECTIVE: WHAT YOU DON T KNOW WILL HURT YOU
THE C/EO PERSPECTIVE: WHAT YOU DON T KNOW WILL HURT YOU Cyber Liability in the Boardroom What you don t know will hurt you. ABOUT JLT SPECIALTY JLT Specialty Insurance Services is the U.S. platform of
More informationIs Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report
More informationBEXIL AMERICAN MORTGAGE INC./AMERICAN MORTGAGE NETWORK BROKER GUIDE
BEXIL AMERICAN MORTGAGE INC./AMERICAN MORTGAGE NETWORK BROKER GUIDE This Broker Guide ( Guide ), as supplemented and amended from time to time by Bexil American Mortgage Inc./American Mortgage Network
More informationBLENDED STRUCTURE Industry Construction
Construction Defect Industry Construction Motivation A homebuilder is required to have evidence of insurance. Market deterioration as a result of a highly litigious environment prompted the homebuilder
More informationHow GCs And Boards Can Brace For The Cybersecurity Storm - Law360
Page 1 of 6 Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com How GCs And Boards Can Brace For The Cybersecurity
More informationRisk Management of Outsourced Technology Services. November 28, 2000
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
More informationState of the Cyber Insurance Market
State of the Cyber Insurance Market Ten Lessons Learned From Major Retailer Breaches August 2014 Lockton Companies There has been extensive adverse publicity surrounding what has become EMILY FREEMAN Lockton
More informationGALLAGHER CYBER LIABILITY PRACTICE. Cyber Risk Exposures and Solutions
GALLAGHER CYBER LIABILITY PRACTICE Cyber Risk Exposures and Solutions Cyber Risk Exposures and Solutions Arthur J. Gallagher & Co. s Cyber Liability Practice has the expertise and the desire to deliver
More informationAMPLIFY SNACK BRANDS, INC. AUDIT COMMITTEE CHARTER. Adopted June 25, 2015
AMPLIFY SNACK BRANDS, INC. AUDIT COMMITTEE CHARTER Adopted June 25, 2015 I. General Statement of Purpose The purposes of the Audit Committee of the Board of Directors (the Audit Committee ) of Amplify
More informationTestimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies
Marsh & McLennan Companies, Inc. 1166 Avenue of the Americas New York, NY 10036 +1 212 345 5000 Fax +1 212 345 4808 Testimony of PETER J. BESHAR Executive Vice President and General Counsel Marsh & McLennan
More informationPublic Law 113 283 113th Congress An Act
PUBLIC LAW 113 283 DEC. 18, 2014 128 STAT. 3073 Public Law 113 283 113th Congress An Act To amend chapter 35 of title 44, United States Code, to provide for reform to Federal information security. Be it
More informationFORTRESS TRANSPORTATION AND INFRASTRUCTURE INVESTORS LLC CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS MAY 11, 2015
FORTRESS TRANSPORTATION AND INFRASTRUCTURE INVESTORS LLC I. PURPOSE OF THE COMMITTEE CHARTER OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS MAY 11, 2015 The purpose of the Audit Committee (the Committee
More informationFINRA Regulation of Broker-Dealer Due Diligence in Regulation D Offerings
FINRA Regulation of Broker-Dealer Due Diligence in Regulation D Offerings EDWARD G. ROSENBLATT, MCGUIREWOODS LLP, WITH PRACTICAL LAW CORPORATE & SECURITIES This Note discusses broker-dealers' affirmative
More informationCYBER & PRIVACY LIABILITY INSURANCE GUIDE
CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,
More informationCorporate Perspectives On Cybersecurity: A Survey Of Execs
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Corporate Perspectives On Cybersecurity: A Survey
More informationCyber Exposure for Credit Unions
Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of
More informationCyber Liability Insurance:
Cyber Liability Insurance: Reg Harnish, CISSP, CISM, CISA Chief Security Strategist GreyCastle Security Steve Lobel Vice President Anchor Agency October 17, 2013 1,200 Introduction Cybercrime Today Major
More informationThe promise and pitfalls of cyber insurance January 2016
www.pwc.com/us/insurance The promise and pitfalls of cyber insurance January 2016 2 top issues The promise and pitfalls of cyber insurance Cyber insurance is a potentially huge but still largely untapped
More informationWILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES
WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.
More informationChanging Legal Landscape in Cybersecurity: Implications for Business
Changing Legal Landscape in Cybersecurity: Implications for Business Presented to Greater Wilmington Cyber Security Group Presented by William R. Denny, Potter Anderson & Corroon LLP May 8, 2014 Topics
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationBE ON GUARD. Understanding the Executive Liability Risks That Can Threaten Your Biotechnology Company
Presented by BIO, Monitor Liability Managers, LLC and William Gallagher Associates BE ON GUARD Understanding the Executive Liability Risks That Can Threaten Your Biotechnology Company Serge Adam, AVP Claims
More informationCyber Security for the Private Sector: What Companies and Their Lawyers Need to Know
Cyber Security for the Private Sector: What Companies and Their Lawyers Need to Know Gus Coldebella, Goodwin Procter LLP John Geschke, VP and General Counsel, Zendesk, Inc. Jim Jaeger, VP, Cybersecurity
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationDISCLOSURE AND COMMUNICATION POLICY
DISCLOSURE AND COMMUNICATION POLICY IRESS Limited (ABN 47 060 313 359) (the Company ) Dated: 19 February 2013 CONTENTS 1. Statement of Commitment... 3 1.1 Company s commitment to disclosure and communication...
More informationSEC update: Cybersecurity initiatives. SEC update: Cybersecurity initiatives. Intelligize // 02
Intelligize // 02 As is tradition, at the beginning of the year, the U.S. Securities and Exchange Commission outlined both its current state of affairs and annual goals for maintaining proper compliance
More informationStatement of Guidance: Outsourcing All Regulated Entities
Statement of Guidance: Outsourcing All Regulated Entities 1. STATEMENT OF OBJECTIVES 1.1. 1.2. 1.3. 1.4. This Statement of Guidance ( Guidance ) is intended to provide guidance to regulated entities on
More informationHow To Write A National Cybersecurity Act
ROCKEFELLER SNOWE CYBERSECURITY ACT SUBSTITUTE AMENDMENT FOR S.773 March 17, 2010 BACKGROUND & WHY THIS LEGISLATION IS IMPORTANT: Our nation is at risk. The networks that American families and businesses
More informationwww.pwc.com Developing a robust cyber security governance framework 16 April 2015
www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October
More informationIntroduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide
Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com
More informationDirectors and Officers Liability Insurance Guidance and Advice for Risk Managers
Directors and Officers Liability Insurance Guidance and Advice for Risk Managers The insurance market has responded to recent corporate failures by requiring more information from organisations seeking
More informationData security: A growing liability threat
Data security: A growing liability threat Data security breaches occur with alarming frequency in today s technology-laden world. Even a comparatively moderate breach can cost a company millions of dollars
More informationCYBER SECURITY SPECIALREPORT
CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber
More informationDisclosure and communication policy. nib holdings limited ACN 125 633 856 (the Company )
Disclosure and communication policy nib holdings limited ACN 125 633 856 (the Company ) Dated 23 July 2015 Disclosure and communication policy Contents 1 Introduction 1 1.1 Company s commitment to disclosure
More informationM E M O R A N D U M. The Policy provides for blackout periods during which you are prohibited from buying or selling Company securities.
M E M O R A N D U M TO: FROM: All Directors, Officers and Covered Persons of Power Solutions International, Inc. and its Subsidiaries Catherine Andrews General Counsel and Insider Trading Compliance Officer
More informationData breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
More informationThird Annual Study: Is Your Company Ready for a Big Data Breach?
Third Annual Study: Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute
More informationReedy Lagoon Corporation Limited (ABN 41 006 639 514) (the Company )
Disclosure and communication policy Reedy Lagoon Corporation Limited (ABN 41 006 639 514) (the Company ) Disclosure and communication policy Contents 1 Introduction 1 1.1 Company s commitment to disclosure
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationA Roadmap to Accrual and Disclosure Requirements under ASC 450
1 March 29, 2013 King & Spalding s Public Company Practice Group periodically publishes the Public Company Advisor to provide practical insights into current corporate governance, securities compliance
More informationGuidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004
Guidelines for Financial Institutions Outsourcing of Business Activities, Functions, and Processes Date: July 2004 1. INTRODUCTION Financial institutions outsource business activities, functions and processes
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationNonsubscription in Texas
Nonsubscription in Texas A True Alternative to Workers Compensation August 2014 Lockton Companies Originally published December 2010 Risk managers identify and manage potential risks, and take the appropriate
More informationCyber Insurance: How to Investigate the Right Coverage for Your Company
6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationCybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response
Cybersecurity and Hospitals What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response This resources was prepared exclusively for American Hospital Association members by Mary
More informationThe need for companies to have a predetermined plan in place in the
Companies Must Prepare for Data Theft TIMOTHY J. CARROLL, BRUCE A. RADKE, AND MICHAEL J. WATERS The authors discuss steps that companies can take to mitigate the risks of, or damages caused by, a security
More informationCoverage is subject to a Deductible
Frank Cowan Company Limited 75 Main Street North, Princeton, ON N0J 1V0 Phone: 519-458-4331 Fax: 519-458-4366 Toll Free: 1-800-265-4000 www.frankcowan.com CYBER RISK INSURANCE DETAILED APPLICATION Notes:
More informationDefining the Gap: The Cybersecurity Governance Study
Defining the Gap: The Cybersecurity Governance Study Sponsored by Fidelis Cybersecurity Independently conducted by Ponemon Institute LLC Publication Date: June 2015 Ponemon Institute Research Report Defining
More information