Airmic Review of Recent Developments in the Cyber Insurance Market. & commentary on the increased availability of cyber insurance products GUIDE

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Airmic Review of Recent Developments in the Cyber Insurance Market. & commentary on the increased availability of cyber insurance products GUIDE"

Transcription

1 Airmic Review of Recent Developments in the Cyber Insurance Market & commentary on the increased availability of cyber insurance products GUIDE

2 1. Executive summary Airmic members have become increasingly aware of the cyber risk exposures faced by their organisation. However, in order to open a discussion with the IT specialists, Airmic members need to understand the range of cyber risks faced by the IT systems and networks in their organisation and the availability of suitable insurance for cyber risks. This report presents an overview of the range of cyber risks faced by organisations and a review of the cyber risk insurance market. It provides a commentary on the significant developments that have occurred within the last two to five years. In summary, this research into the scope and availability of cyber insurance was undertaken by Airmic in order to provide the following: 1. an overview of the range of cyber risks exposures that can materialise and encourage risk managers to evaluate all cyber risks, including data security 2. an insight into the questions that they should ask about the need for cyber risk insurance within the risk manger s own organisation 3. an account of the developments that have taken place in the availability, relevance and cost of cyber risk insurance during the past two to five years 4. a description of the coverage currently available in cyber insurance products in terms of the scope and possible costs associated with this insurance 5. a list of the questions that are asked in a typical cyber risk proposal form as a means of undertaking a preliminary check on the status of IT risks in the organisation. In undertaking this review, Airmic has become aware of the considerable developments in the availability of cyber insurance in recent times. Airmic intends to undertake further research into cyber risk insurance and will continue to encourage the insurance market to develop relevant insurance products. In summary, the following conclusions have been drawn by Airmic about cyber risk exposures, the cyber insurance market and recent developments: organisations are looking more carefully at the range of cyber risks they face, both in terms of first party risk exposures and third-party liability exposures there has been rapid development in the range of cyber insurance products that are available and these cover both first-party and third-party risk exposures the cost of cyber insurance has become more competitive and cyber insurance is now a more cost-effective risk transfer mechanism than was previously the case i nsurance solutions continue to develop and it is in the interests of both insurance buyers and the insurance market to continue these developments. 2

3 2. Contents of report and acknowledgements 1. Executive summary 2. Contents of report and acknowledgements 3. Scope of review undertaken by Airmic 3.1 Background to the research 3.2 Review of cyber exposures 3.3 Management of cyber risks 4. Nature of cyber exposures 4.1 Review of cyber exposures 4.2 First-party cyber risk exposures 4.3 Third-party cyber liability exposures 5. Cyber insurance proposal forms 5.1 Profile of the insured 5.2 Analysis of existing controls 5.3 Completed proposal form 6. Insurance currently available 6.1 Typical policy terms and conditions 6.2 Indication of cost for cyber insurance 6.3 State of the cyber insurance market 7. Checklist of actions for risk managers 8. Airmic plans for the future Appendix A: Typical questions in a cyber and data security proposal form Appendix B: Summary of typical cover offered in a cyber and data security policy Airmic is grateful to the partners and associate partners that assisted with this review. However, it should be noted that the examples, analysis, costs and opinions offered are exclusively those of Airmic. None of the analysis, costs, commentary or the contents of any list or table in this report should be assigned to any individual organisation. The following organisations provided significant support and/or their websites were used as sources of information: Chartis Europe Limited Lockton Gallagher Heath Marsh JLT Specialty QBE Willis 3

4 3. Scope of review undertaken by Airmic 3.1 Background to the research Historically, insurance policies such as property, liability and crime have not fully covered the risks associated with the IT infrastructure of the organisation or the risks associated with non-tangible assets, such as data. However, with the growing dependency on technology and the heightened threat of unauthorised access to information, cyber risks have increased significantly and the insurance market has responded to these changes. Many consider that cyber insurance is a relatively new, although fairly well-established, product in the insurance market. Whilst this may be true, cyber insurance products are developing rapidly to address the evolving nature of cyber risks. It is often suggested that there is a similarity between the way in which cyber risk policies are developing and the development of Directors and Officers Liability (D&O) insurance during the 1980s and beyond. There is increasing awareness in organisations of their liability for cyber risk exposures. As awareness increases, organisations are realising that cyber risks are not solely concerned with the loss or unauthorised disclosure of personal data or information. There is a wide range of cyber risks, including those associated with business interruption and denial of service. Organisations need to take account of a broad agenda of cyber risks and then evaluate the potential for using insurance as a control mechanism. 3.2 Review of cyber exposures Against this background, Airmic has undertaken a review of the state of the cyber insurance market to provide Airmic members with a status report of that market. This initial report is not intended to be a detailed analysis of the market or provide benchmarking information for the use of insurance buyers. The primary purpose of the report is to provide an overview of developments in cyber insurance that have occurred during the past two to five years, as well as provide a commentary on the current state of the cyber insurance market. In order to undertake this review, Airmic held discussions with several insurance broker and insurer partners. Additionally, Airmic reviewed the information available on a number of partner and associate partner websites. The discussions focused on the cyber threats that currently exist and the status of the cyber insurance market. During these discussions, Airmic became aware that significant developments have occurred in the cyber insurance market over the past two to five years and these developments are continuing. Airmic undertook a brief review of the range of risks faced by organisations, both first party and third party, and these are set out in Table 1 (first-party risks) and Table 2 (third-party risks). Also, an analysis was undertaken of the questions asked in a typical cyber risk proposal form and this analysis is shown in summary in Appendix A. Finally, the extent and scope of insurance cover offered by a typical insurance product was evaluated and the results of this analysis are summarised in Appendix B. 3.3 Management of cyber risks At the same time as the IT infrastructure of an organisation has become more important, there appears to be an increasing reluctance on the part of non-it managers to ask questions about the IT infrastructure. It is, perhaps, feared that asking questions would challenge the professionalism and technical knowledge of IT specialists. Airmic believes that, whilst the role of IT specialists is fundamentally important, risk managers should seek to introduce the well-established three lines of defence model to the management of IT risks. Risk managers will be familiar with the three lines of defence model. It is a structure whereby (1) operational management are responsible for the particular risk (in this case cyber risk); (2) specialist functions such as the risk management department provide technical support; and (3) the internal audit 4

5 function ensures that appropriate controls are in place. It is, perhaps, the case in many organisations that the IT department / manager provide and are responsible for all three lines of defence. Many Airmic members have found it challenging to discuss cyber risk issues with their IT specialist colleague or (perhaps outsourced) service providers and then explore the relevance of insurance to the control of these risks. Part of the purpose of this report is to provide Airmic members with the basis on which they can open a dialogue with their IT departments. This dialogue should then lead to: 1. an assessment of the risks associated with the IT infrastructure in the organisation and the nature of the functions and data managed by that IT infrastructure 2. evaluation of the controls that are currently in place to mitigate these risks, including the existence of Disaster Recovery Plans (DRP); and 3. analysis of the relevance and cost-effectiveness of insurance to contain the cost of adverse events, possibly as part of the Business Continuity Plans (BCP). Given that cyber risk exposures are increasingly important for organisations and given that the insurance market is keen to develop new products, this is an important time for Airmic to be undertaking this work. Also, there is an over-riding need for insurance buyers to liaise more closely with insurance providers to ensure that the products developed are fully relevant to the needs of large insurance buyers, such as Airmic members. 5

6 4. Nature of cyber exposures 4.1 Review of cyber exposures The importance of the information technology (IT) infrastructure and the associated issue of information security has increased considerably for many organisations. There is significant reliance on the IT infrastructure to handle management information within most organisations. For some organisations, such as Internet trading companies, the IT infrastructure is fundamentally important to the operation of the company. Without the IT infrastructure, the organisation would not be able to transact any business. Almost every organisation is exposed to loss resulting from damage or destruction of its computers and computer networks, including any resulting loss of income or business interruption and/or increased cost of operation. Risks and potential losses associated with the use of computers can arise from first-party exposures and third-party exposures. Table 1 provides examples of the most likely first-party cyber risk exposures and Table 2 provides examples of third-party cyber liability exposures. When investigating possible insurance cover, an extension to an existing insurance policy may provide adequate cyber cover. The lines of insurance potentially applicable to cyber-related claims include firstparty commercial property and business interruption policies, and third-party commercial general liability and errors and omissions or professional indemnity policies. However, it is becoming more common for organisations to purchase specialised cyber risk policies to supplement their existing insurances. Risk managers will be familiar with the concepts of first-party and third-party risks. Therefore, the starting point for the risk manager, when considering cyber risk exposures, will be to identify the firstparty risk exposures and the third-party liability exposures. The risk manager will also be aware that a wide range of cyber risk controls may already be in place, including Disaster Recovery Plans (DRP) and Business Continuity Plans (BCP). 4.2 First-party cyber risk exposures First-party insurance is a policy that provides protection for the property owned by the insured organisation. First-party protection is provided by way of payment when property suffers damage or loss. Theft insurance, fire insurance and protection against losses caused by earthquake or flood are the most common forms of first-party insurance. First-party insurance is also relevant to cyber risks and will provide protection against the financial consequences of events such as those listed in Table 1. Comprehensive insurance products are available to cover the full range of first-party cyber risk exposures listed in Table 1. The risk manager should initiate the identification of the first-party cyber risk exposures faced by the organisation and then facilitate the evaluation of the extent to which insurance represents a cost-effective control mechanism. 6

7 Table 1: First-party cyber risk exposures 1. Loss or damage to digital assets loss or damage to data or software programs, resulting in cost being incurred in restoring, updating, recreating or replacing these assets to the same condition they were in prior to the loss or damage 2. Business interruption from network downtime interruption, degradation in service or failure of the network, resulting in loss of income, increased cost of operation and/or cost being incurred in mitigating and investigating the loss 3. Cyber extortion attempt to extort money by threatening to damage or restrict the network, release data obtained from the network and/or communicate with the customer base under false pretences to obtain personal information 4. Reputational damage arising from a data protection breach being reported (whether factually correct or not), that results in loss of intellectual property, income, loss of customers and/or increased cost of operation 5. Theft of money and digital assets direct monetary losses and associated disruption from theft of computer equipment, as well as electronic theft of funds / money from the organisation by hacking or other type of cyber crime 4.3 Third-party cyber liability exposures There are a wide range of third-party risks associated with the operation of IT systems. Organisations need to undertake a risk assessment of the third-party cyber risks faced by their IT systems and networks. As with first-party risks, it is important for the risk manager to facilitate the discussion with IT specialists and other stakeholders in order to identify the third-party liability exposures, such as those listed in Table 2. A wide range of cyber insurance policies are available that address the risks listed in Table 2. In some cases, the policy coverage includes assistance with or even management of the incident itself, as well as financial compensation for the cost of the incident. As with first-party covers, the inclusion of incident management or claims assistance services within the policy may be important for the organisation. This will be especially true where the incident has the potential for damage to reputation and/or result in regulatory enforcement. For some organisations, there is the risk of data loss or corruption arising from the performance of professional services for others. The most obvious example is designing, creating and/or installing a computer-related network or system for a third party. There is a risk of damaging or corrupting data on customer computers. 7

8 Given the interdependency of many computer networks and the frequent use of outsourced services, organisations should take a careful look at their risk exposures. These risk exposures will arise from their own activities, as well as the activities of third-party service providers, such as cloud data management companies. There will be a need to ensure that strict contract terms and conditions are in place and these may include the requirement on the service provider to purchase adequate insurance cover. Table 2: Third-party cyber liability exposures 1. Security and privacy breaches investigation, defence cost and civil damages associated with security breach, transmission of malicious code, or breach of third-party or employee privacy rights or confidentiality, including failure by outsourced service provider 2. Investigation of privacy breach investigation, defence cost, awards and fines (may not be insurable in certain territories) resulting from an investigation or enforcement action by a regulator as a result of security and privacy liability 3. Customer notification expenses legal, postage and advertising expenses where there is a legal or regulatory requirement to notify individuals of a security or privacy breach, including associated reputational expenses 4. Multi-media liability investigation, defence cost and civil damages arising from defamation, breach of privacy, negligence in publication of any content in electronic or print media, as well as infringement of the intellectual property of a third party 5. Loss of third party data liability for damage to or corruption / loss of third-party data or information, including payment of compensation to customers for denial of access, failure of software, data errors and system security failure 8

9 5. Cyber insurance proposal forms 5.1 Profile of the insured Appendix A provides a list of questions typically included in a cyber and data security insurance proposal form. As with any proposal form, the objective is for the underwriter to gain an accurate and comprehensive view of the insured. The proposal form requests information about the company and the details of the cyber risk insurance that is required. Details of the nature of the information held by the organisation will also be required. In particular, details of sensitive information held by the company will need to be supplied, including whether the data includes: credit card or debit card information healthcare or sensitive personal information trade or commercial secrets and/or intellectual property other sensitive personal data, including: o date of birth o national insurance number o driver s licence details o passport number. Details of the nature, size and complexity of the network, and the data structure will be required by the underwriter. The proposal form will also seek information about the controls that are in place and the arrangements for network and data security. If the organisation is seeking first-party business interruption insurance, then information on the business impact, incident response and crisis containment arrangements will be required. Finally, information will be required under the heading historical information. This will include details of previous insurance arrangements and significant interruption or suspension of computer systems incidents that have previously occurred. Information will also be required on any previous breach of IT security, previous claims and any instances where sensitive data has been compromised. Information is also likely to be requested on any legal, disciplinary or regulatory action taken against directors of the company. 5.2 Analysis of existing controls An important consideration for both the insured and the insurer is the level of cyber controls that are currently in place. For IT networks handling sensitive information, underwriters will require details of the controls, so that they can gain assurance that the controls are suitable. Providing assurance on the effectiveness of the controls can represent a difficulty for large organisations handling large amounts of sensitive data. Even if requested, such companies would be unwilling to allow an underwriter to undertake an audit of their controls, because this would involve access to the sensitive data. The controls in place may be complex and sophisticated, but also represent a degree of commercial confidentiality. There may be a need for negotiation between the insured and potential underwriters regarding information on the controls. There have been cases of underwriters requesting an audit of the IT controls as a condition of providing insurance and this request will be rejected because of commercial confidentiality reasons. 9

10 From an Airmic member point of view, evaluation of existing controls to understand the efficiency and effectiveness of these controls is important. Airmic intends to undertake further investigation into the types of cyber controls that are in place in organisations and how these controls are viewed by underwriters. This is an important area where greater understanding is probably required on the part of both underwriters and risk managers. 5.3 Completed proposal form When completing a proposal form, the insured will evaluate the relevance of the questions and the information that is requested. This evaluation is best undertaken when the risk manager has a clear idea of the type of cyber insurance that needs to be purchased. Many Airmic members have completed the exercise of mapping IT risks against existing and additional insurance policies to produce a spreadsheet. This approach results in identification of the level of cover that is required, the extent to which existing insurance policies provide that cover and the level of cover that is likely to be offered by the additional cyber insurance. The range of questions asked on proposal forms has become simpler and more relevant in recent times. Appendix A provides a comprehensive set of issues that could be covered in a typical proposal form. Although proposal forms are becoming simpler, many organisations feel that, just as with Directors and Officers Liability (D&O) insurance, a more informal presentation to underwriters of the cyber risk exposures is appropriate. For many risk managers, there are benefits associated with compiling the information that is required to complete the proposal form. Collecting this information will enable the risk manager to gain a detailed understanding of the extent of the IT network, the extent of the data stored and the levels of data security that are currently in place. Also, the risk manager will gain information on the potential business impact and the existing incident response and crisis containment arrangements. The risk manager is likely to discover that the values involved and/or the magnitude of the exposures are difficult to compile and surprisingly large. 10

11 6. Availability of cyber insurance 6.1 Typical terms and conditions Appendix B provides an overview or summary of the typical cover offered in a cyber and data security policy. This summary refers to a policy that provides insurance cover for both first-party and third-party exposures. Part 1 of Appendix B gives an outline of the coverage offered. As with all insurances, it is important for the risk manager to cross-reference the cyber exposures identified during the risk assessment with the coverage provided by the policy. The range of insurance cover available has expanded considerably in the last two to five years. In general, insurance coverage is available for all of the first-party and third-party exposures described in Table 1 and Table 2. Definitions and exclusions tend to restrict cover, and the risk manager needs to evaluate the impact of definitions and exclusions. Particular attention should also be paid to the claims notification procedures set out in the insurance policy. It should be noted that, generally speaking, cyber risk policies are written on a claims made basis. Decisions will need to be taken on the limit of indemnity that is required and the level of deductible(s) that is acceptable. For many of the risk exposures described in Table 1 and Table 2, there will be a sub-limit quoted in most policies. It is important to bear in mind that the limit of indemnity that is appropriate may not have a direct relationship to the turnover of the company. When making decisions on the level of cover, a review of the risk register for the organisation may be appropriate to ensure that the insurance cover addresses the IT risks and exposures that have been identified, analysed and evaluated. 6.2 Indication of cost for cyber insurance Various estimates have been provided of the total cost of cyber crime to the UK economy. It has been estimated that the total cost is in excess of 20 billion per annum. Within that total cost, it has been estimated that intellectual property theft costs 8 billion, industrial espionage costs 7 billion, extortion costs of 2 billion and direct online theft costs in excess of 1 billion. Finally, it has been estimated that about 1 billion is lost through theft of customer data. In order to decide the limit of indemnity that should be purchased, an organisation will need to evaluate the possible cost of foreseeable cyber events. There are various research reports that have estimated the cost of individual cyber risk events, although these will vary considerably between organisations. For example, it has been estimated that a typical business interruption cyber event may cost 250,000. Other estimates have put the total cost of a significant cyber event in the region of 500,000. Airmic partners provided general opinions on typical limits of indemnity purchased and the associated costs. In the United States, a typical premium would be $100,000 for a limit of indemnity of $10 million, covering both first-party and third-party risks. Typically, a limit of indemnity of 1 million to 5 million is more common in the UK, although some organisations may buy up to 10 million. It was stated that an indicative cost for a limit of indemnity of 1 million (with no US exposure) would be about 30,000 or a premium of 150,000 for a 10 million limit. These figures are, of course, only indicative and some organisations may pay more and/or buy higher limits of indemnity. 6.3 State of the cyber insurance market The coverage available for cyber risks and the range of cyber risk insurance policies has increased substantially during the past two to five years. It has been estimated that there is now a total premium spend of about $500 million in the US market. With this level of premium spend in the market, product development is progressing and capacity for cyber risk exposures is increasing. Typically, primary limits of between 5 million and 10 million are purchased, although these can be as much as 20 million. Insurance brokers report that the London market has capacity for excess layers up to a total limit of 100 million, if required. 11

12 The business sectors of greatest concern are hospitality, financial institutions and, to some extent, retail. It has been reported that some trade associations have negotiated schemes for member companies, with the coverage consolidated into standard policies. It is worth noting that the provision of cyber insurance is seen by many insurers as a revenue driver and therefore an area for product development. Pricing remains a challenge for insurers, with a number of different factors being used to set premium, including the business sector, number of records held by an organisation and whether credit card data is stored. In the US, greater limits are often required of between $200 million and $300 million. In terms of pricing these products, it was noted by some Airmic partners that insurers now have eight years of experience in the cyber market and are able to set premium levels based on claims experience. Insurance brokers also made the observation that the main exclusions within the cyber policies relate to areas where underwriters do not wish to provide cover. These areas will include exposures not under the control of the insured and issues such as vendor actions, including a reluctance to extend cover to outsourced components of the IT network, such as service providers providing cloud computing. 12

13 7. Checklist of actions for risk managers As awareness of the cyber risks and the potential for losses increases, risk managers need to play a more influential role in the management of these risks. It is important that risk managers develop relationships with the IT specialists in their own organisation. The challenge for risk managers is to ensure that these IT specialists do not design, procure and install the IT systems and networks, and then after installation (1) operate the systems and networks; (2) design the risk controls; and (3) monitor the effectiveness of the risk controls unless there are appropriate checks and balances in place. Having understood the IT systems and networks, and the nature of the data that is handled within their own organisation, the risk manager is in a good position to facilitate the risk assessment to identify the first-party and third-party risks. Knowledge of the controls that are currently in place and the relevance of cyber risk insurance will enable the risk manager to make the best contribution to the successful and safe operation of IT systems and networks within their own organisation. In summary, Airmic members need to undertake a series of actions to achieve the above. In particular, the following steps are likely to be appropriate: identify a team of individuals in the organisation who are stakeholders in the operation of the IT infrastructure and the associated risks evaluate the first-party and third-party risk exposures associated with the IT applications, systems and networks within the organisation analyse the controls that are currently in place, possibly using the headings in the proposal form in Appendix A as an aide memoire discuss the potential for events associated with the IT infrastructure that could cause a first-party and/or third-party risk to materialise collect the information indicated in the sample proposal form in Appendix A and evaluate the quality of the information that has been collected consult with the insurance broker with a view to obtaining suitable responses / quotations from the insurance market decide on the appropriate course of action in terms of enhancement of cyber controls and the purchase of insurance protection continue the process of implementing appropriate controls and monitoring the need for enhanced control of IT risks. 13

14 8. Airmic plans for the future Airmic recognises that there are changing needs in relation to cyber risk insurance. At the same time, the insurance market is changing rapidly as these needs are recognised and new products are developed. Airmic intends to continue to monitor and evaluate these insurance market developments and to liaise with insurance carriers and insurance brokers to ensure that the developments fully take account of the requirements of Airmic members. In order to engage in constructive discussions with the insurance market, Airmic members need a better understanding of the IT risks faced by their own organisation. Airmic members need to have discussions within their own organisation, both with the operational departments and the IT specialists. Risk managers are in the best position to lead discussions, facilitate risk assessments and help develop solutions. Airmic intends to undertake further research into the availability, scope and cost of cyber risk insurance and will organise events, lectures and meetings as appropriate. The intention is to encourage communication between IT specialists, risk managers, insurance brokers and insurance providers to ensure appropriate control of cyber risks and the continuing development of insurance as a relevant and necessary cyber risk control mechanism. 14

15 Appendix A: Typical questions in a cyber and data security proposal form Part 1: Company information and cover required / provided 1. Company name, postal and address and website address, together with details of the locations for which cyber insurance is required 2. Description of business activities and date business was established, together with details of the geographical split of turnover, profit and number of employees for recent years 3. Details of the types of cyber insurance covers required, including (perhaps) desired aggregate limit of liability and details desired of sub-limits and deductibles / retentions Part 2: Network and data structure 1. Functions and size of the IT network, including number and types of servers, computers and smartphones and annual IT spend 2. Financial value of the entire IT network, including hardware, software, peripheral equipment as well as connections / cabling 3. Number, types and sensitivity of personally identifiable information records (including employees and customers) held by the company and whether these will change in the next 12 months 4. Extent of outsourcing of the IT network including but not limited to data storage, data hosting and/or data processing of personally identifiable information records 5. Extent of transfer of personally identifiable information records to third parties outside of the region of operation of the company and the territories / contracts involved Part 3: Network and data security 1. Details of the appointed Chief Privacy Officer (or Chief Information Officer) or arrangements for control of the IT network and data / information security 2. Extent of the applicability of data protection legislation / standards, together with confirmation of compliance and details of arrangements to control access to sensitive data 3. Details of firewalls, anti-virus / anti-spyware, back-up arrangements and encryption tools that are in use and confirmation of monitoring and update arrangements 4. Details of checks undertaken on new recruits and arrangements to ensure security when an employee leaves the company 5. Details of Internet and usage policy for employees and confirmation that restrictions are included in employment contracts and appropriate training given to employees 6. Existence of a data protection policy for handling sensitive data and confirmation that it is clearly communicated to all employees, as well as contractors and visitors on site 7. Details of the document retention and destruction policies and confirmation of the means of disposing of sensitive records and files 8. Nature of the intrusion monitoring detection in force to prevent and monitor unauthorised access, together with details of procedures to be followed in the event of intrusion 15

16 Part 4: Business impact 1. Details of how soon compromise of the IT network would result in a loss most policies quote ranges of between immediately and more than 48 hours 2. Estimate of the maximum daily loss of profit (net profit before tax) in the event of the IT network being subjected to a non-scheduled closure 3. Information on the use of the website to undertake financial transactions and/or details of the range of other services and activities 4. Existence of a privacy policy on the website and management of opt-in / opt-out marketing requests, including the use / storage of cookies on a browsers system / device 5. Procedure for responding to allegations that content created, displayed or published is libelous, infringes intellectual property rights or is violation of the privacy rights of a third party 6. Details of message boards, chat rooms or forums on the websites (including websites hosted for third parties) and procedures for monitoring or moderating content Part 5: Incident response / crisis containment 1. Details of the security incident response plan in case of a security breach, including breach by third-party, outsourced service provider 2. Details of the disaster recovery plan (DRP) and business continuity plan (BCP) for the computer networks and when these were last tested 3. Indication of how long it would take to restore the IT operation after a computer attack or other loss / corruption of data Part 6: Historical information 1. Information on cancellation or non-renewal by another insurer of any policy that provided the same or similar coverage as the insurance being sought 2. Information on any significant interruption or suspension of computer systems for any reason (not including planned maintenance) during the past three years 3. Details of any breach of IT security, network damage, system corruption, loss of data or significant system intrusion, virus, hacking or similar incident 4. Details of any instances during the last three years where customers have been notified that their information was or may have been compromised 5. Details of any circumstance or incident resulting in a claim against any insurance policy that provides the type of coverage being requested 6. Details of circumstances where any past or present director or employee has been subject to any disciplinary or governmental action or investigation as a result of professional activities 16

17 Appendix B: Summary of typical cover offered in a cyber and data security policy Part 1: Coverages offered 1. Data liability Loss of corporate or personal information 2. Administrative obligations 3. Reputation and response cost Network security breach caused by virus, denial of access to data, destruction of data, physical theft of the assets or disclosure of data Data administrative investigation and data administrative fines arising out of a breach of data protection legislation Payment of fees to determine whether a breach of data security has occurred and identify the cause of the breach and make recommendations as to how this may be prevented or mitigated Payment of fees for the management of any action required to prevent or mitigate the potential adverse effect of a newsworthy event, including the design and management of a communications strategy Payment of fees to any director, etc. for advice and support to mitigate or prevent damage to their individual (personal and professional) reputation due to a breach of data security or breach of legislation 4. Multi-media liability Payment of multi-media liability arising out of a claim by a third party for defamation; infringement of copyright; plagiarism or theft of ideas; invasion of privacy; or unfair competition 5. Cyber / privacy extortion Payment of monies to prevent or end an extortion threat; and/or professional fees for independent advisors to conduct an investigation to determine the cause of an extortion threat Definitions and limitations 7. Selected definitions Asset means any item of hardware, software or equipment that is or may be used for the purpose of creating, accessing, processing, protecting, monitoring, storing, retrieving, displaying or transmitting electronic data of any type Claim includes data administrative fines and service upon the insured of an enforcement notice or written demand by a regulator Computer system means information technology and communications systems, networks, services and solutions leased or made available to or accessible by the company Corporate information means any confidential information that would be advantageous to a competitor Damages means any amount that an insured shall be legally liable to pay to a third party Data Protection Officer means an employee who is designated as the person responsible to implement, monitor, supervise, report upon and disclose regulatory compliance standards Defence cost means cost and expenses in relation to the investigation, response, defence, appeal and/or settlement of a claim 17

18 Loss means damages, defence cost, professional fees; data administrative fines and extortion or network loss Newsworthy event means actual or threatened public communication or reporting arising directly out of an actual or potential or alleged breach of data protection legislation 8. Typical exclusions The insurer shall not be liable for loss arising out of: Antitrust violation, restraint of trade or unfair competition. Bodily injury and property damage Contractual liability Criminal acts and disregard of ruling of a court or regulator Intellectual property Intentional acts Prior claims and circumstances Terrorism, war or riot Trading loses and/or unauthorised trading Unauthorised or unlawfully collected data 9. Claims conditions A claim should include details of circumstances of the potential breach; date, time and place of the potential breach; potential claimants and other persons involved; estimate of possible loss; and potential media or regulatory consequences If any insured makes a false or fraudulent claim, the insurer shall have the right to avoid its obligations under or void the policy in its entirety 10. Defence cost The insurer does not assume any duty to defend and the insured must defend any claim unless the insurer takes over the defence 11. Limit of liability and retention The insured must not admit any liability or incur any defence cost or professional fees without the prior written consent of the insurer The insurer may make any settlement of any claim it deems expedient with respect to any insured If the insurer makes any payment, the insurer shall be entitled to pursue and enforce rights of subrogation in the name of the insured The total amount payable under this policy shall not exceed the limit of liability. Sub-limits, extensions, fees and defence cost are part of that amount and are not payable in addition to the limit of liability 12. General provisions The insured will (at own cost) render all reasonable assistance to the insurer and co-operate in the defence of any claim and the assertion of indemnification and contribution rights The insured will take all reasonable steps to maintain data and information security procedures to no lesser standard than disclosed in the proposal form 18

19

20 6 Lloyd s Avenue London EC3N 3AX T: +44 (0) F: +44 (0)

Cyber and Data Security. Proposal form

Cyber and Data Security. Proposal form Cyber and Data Security Proposal form This proposal form must be completed and signed by a principal, director or a partner of the proposed insured. Cover and Quotation requirements Please indicate which

More information

CyberEdge. Desired Coverages. Application Form. Covers Required. Financial Information. Company or Trading Name: Address: Post Code: Telephone:

CyberEdge. Desired Coverages. Application Form. Covers Required. Financial Information. Company or Trading Name: Address: Post Code: Telephone: Company or Trading Name: Address: Post Code: Telephone: E-mail: Website: Date Business Established Number of Employees Do you have a Chief Privacy Officer (or Chief Information Officer) who is assigned

More information

CYBER RISK SECURITY, NETWORK & PRIVACY

CYBER RISK SECURITY, NETWORK & PRIVACY CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread

More information

Coverage is subject to a Deductible

Coverage is subject to a Deductible Frank Cowan Company Limited 75 Main Street North, Princeton, ON N0J 1V0 Phone: 519-458-4331 Fax: 519-458-4366 Toll Free: 1-800-265-4000 www.frankcowan.com CYBER RISK INSURANCE DETAILED APPLICATION Notes:

More information

Airmic review of the supply chain insurance market Review of recent developments in the supply chain insurance market

Airmic review of the supply chain insurance market Review of recent developments in the supply chain insurance market REPORT Airmic review of the supply chain insurance market Review of recent developments in the supply chain insurance market 1. Executive summary Increasingly complex supply chains, together with greater

More information

Cyber Extension Proposal Form

Cyber Extension Proposal Form Cyber Extension Proposal Form IMPORTANT NOTICE This proposal must be completed and signed by a Principal, Partner or Director of the Proposer. The person completing and signing the form should be authorised

More information

Cyber/ Network Security. FINEX Global

Cyber/ Network Security. FINEX Global Cyber/ Network Security FINEX Global ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over

More information

Cyber and data Policy wording

Cyber and data Policy wording Please read the schedule to see whether Breach costs, Cyber business interruption, Hacker damage, Cyber extortion, Privacy protection or Media liability are covered by this section. The General terms and

More information

Media Liability Insurance

Media Liability Insurance Media Liability Insurance Media Liability Insurance A highly responsive solution to a fast moving media world. By its very nature, the media industry is fast moving, dynamic and constantly evolving. Development

More information

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection Page 1 of 5 Cyber Liability Insurance Data Security, Privacy and Multimedia Protection What is a Cyber Risk? Technology is advancing at such an alarming rate and business is more and more reliant on IT

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ APIP - Cyber Liability Insurance Coverages, Limits, and FAQ The state of Washington purchases property insurance from Alliant Insurance Services through the Alliant Property Insurance Program (APIP). APIP

More information

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection Page 1 of 5 Cyber Liability Insurance Data Security, Privacy and Multimedia Protection What is a Cyber Risk? Technology is advancing at such an alarming rate and business is more and more reliant on IT

More information

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the

More information

ISO? ISO? ISO? LTD ISO?

ISO? ISO? ISO? LTD ISO? Property NetProtect 360 SM and NetProtect Essential SM Which one is right for your client? Do your clients Use e-mail? Rely on networks, computers and electronic data to conduct business? Browse the Internet

More information

Directors & Officers Liability (D&O) Insurance. Benchmarking Report 2013

Directors & Officers Liability (D&O) Insurance. Benchmarking Report 2013 Directors & Officers Liability (D&O) Insurance Benchmarking Report 2013 Contents 1. Executive Summary...4 2. D&O benchmarking survey...6 3. D&O insurance arrangements...8 4. Risk manager role and responsibilities...10

More information

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President

More information

Enterprise PrivaProtector 9.0

Enterprise PrivaProtector 9.0 IRONSHORE INSURANCE COMPANIES 75 Federal St Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING FOR A CLAIMS

More information

INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES

INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES NOTICE: INSURING AGREEMENTS I.A., I.C. AND I.D. OF THIS POLICY PROVIDE COVERAGE ON A CLAIMS MADE AND REPORTED BASIS AND APPLY ONLY

More information

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411

IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411 IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING

More information

Zurich Security And Privacy Protection Policy Application

Zurich Security And Privacy Protection Policy Application Zurich Security And Privacy Protection Policy Application COVERAGE A. AND COVERAGE F. OF THE POLICY FOR WHICH YOU ARE APPLYING IS WRITTEN ON A CLAIMS FIRST MADE AND REPORTED BASIS. ONLY CLAIMS FIRST MADE

More information

Tools Conference Toronto November 26, 2014 Insurance for NFP s. Presented by Paul Spark HUB International HKMB Limited

Tools Conference Toronto November 26, 2014 Insurance for NFP s. Presented by Paul Spark HUB International HKMB Limited Tools Conference Toronto November 26, 2014 Insurance for NFP s Presented by Paul Spark HUB International HKMB Limited Topics Insurance Policies Basics Directors and Officers Liability Insurance Commercial

More information

Managing Cyber Risk through Insurance

Managing Cyber Risk through Insurance Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes

More information

SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE

SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE Businesses today rely heavily on computer networks. Using computers, and logging on to public and private networks has become second nature to

More information

Privacy and Data Breach Protection Modular application form

Privacy and Data Breach Protection Modular application form Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while

More information

APPLICATION FOR TECHNOLOGY & PRIVACY PROFESSIONAL LIABILITY

APPLICATION FOR TECHNOLOGY & PRIVACY PROFESSIONAL LIABILITY APPLICATION FOR TECHNOLOGY & PRIVACY PROFESSIONAL LIABILITY GENERAL INFORMATION 1. APPLICANT NAME: 2. PHONE: 3. MAILING ADDRESS: 4. WEB ADDRESS: 5. The following officer of the Applicant is designated

More information

Architects and Engineers Professional Liability Insurance Summary

Architects and Engineers Professional Liability Insurance Summary Architects and Engineers Professional Liability Insurance Summary Underwritten by a member of the QBE Insurance Group (QBE) This insurance is an annual contract unless stated otherwise in the quotation

More information

Construction Consultants Professional Liability Insurance Summary

Construction Consultants Professional Liability Insurance Summary Construction Consultants Professional Liability Insurance Underwritten by a member of the QBE Insurance Group (QBE) This insurance is an annual contract unless stated otherwise in the quotation or renewal

More information

CYBER & PRIVACY LIABILITY INSURANCE GUIDE

CYBER & PRIVACY LIABILITY INSURANCE GUIDE CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,

More information

INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE. I. GENERAL INFORMATION Full Name:

INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE. I. GENERAL INFORMATION Full Name: INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE NOTICE: COVERAGE UNDER THIS POLICY IS PROVIDED ON A CLAIMS MADE AND REPORTED BASIS AND APPLIES ONLY TO CLAIMS FIRST MADE

More information

Our specialist insurance services for Professionals risks

Our specialist insurance services for Professionals risks Our specialist insurance services for Professionals risks Price Forbes & Partners is an independent Lloyd s broker based in the heart of London s insurance sector. We trade with all of the major international

More information

Surveyors Professional Liability Insurance Summary

Surveyors Professional Liability Insurance Summary Surveyors Professional Liability Surveyors Professional Liability Underwritten by a member of the QBE Insurance Group (QBE) This insurance is an annual contract unless stated otherwise in the quotation

More information

INFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY APPLICATION

INFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY APPLICATION INFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY APPLICATION NOTICE: COVERAGE UNDER THIS POLICY IS PROVIDED ON A CLAIMS MADE AND REPORTED BASIS AND APPLIES ONLY TO CLAIMS FIRST

More information

Cyber Security: Are You Prepared?

Cyber Security: Are You Prepared? Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete

More information

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :

More information

Cyber Insurance Presentation

Cyber Insurance Presentation Cyber Insurance Presentation Presentation Outline Introduction General overview of Insurance About us Cyber loss statistics Cyber Insurance product coverage Loss examples Q & A About Us A- Rated reinsurance

More information

Cyber-insurance: Understanding Your Risks

Cyber-insurance: Understanding Your Risks Cyber-insurance: Understanding Your Risks Cyber-insurance represents a complete paradigm shift. The assessment of real risks becomes a critical part of the analysis. This article will seek to provide some

More information

Directors and Officers Liability Insurance Guidance and Advice for Risk Managers

Directors and Officers Liability Insurance Guidance and Advice for Risk Managers Directors and Officers Liability Insurance Guidance and Advice for Risk Managers The insurance market has responded to recent corporate failures by requiring more information from organisations seeking

More information

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor Cyber Risks Management Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor 1 Contents Corporate Assets Data Breach Costs Time from Earliest Evidence of Compromise to Discovery of Compromise The Data Protection

More information

Joe A. Ramirez Catherine Crane

Joe A. Ramirez Catherine Crane RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract

More information

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today

More information

Web Hosting Terms & Conditions

Web Hosting Terms & Conditions Web Hosting Terms & Conditions Please read these web-hosting terms carefully, as they set out our and your rights and obligations in relation to our web hosting services. AGREEMENT: Whereas: (1) The Ruby

More information

National Corporate Practice. Cyber risks explained what they are, what they could cost and how to protect against them

National Corporate Practice. Cyber risks explained what they are, what they could cost and how to protect against them National Corporate Practice Cyber risks explained what they are, what they could cost and how to protect against them what this briefing covers ff Introduction ff Section 1: What are the risks and the

More information

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures

More information

Who s next after TalkTalk?

Who s next after TalkTalk? Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many

More information

Specialist Miscellaneous Professions (Legal Liability) Professional Liability Insurance Summary

Specialist Miscellaneous Professions (Legal Liability) Professional Liability Insurance Summary Specialist Miscellaneous Professions (Legal Liability) Professional Liability Insurance Summary Specialist Miscellaneous Professions Underwritten by a member of the QBE Insurance Group (QBE) This insurance

More information

Specialist insurance and risk implications for prepaid an update. Prepaid International Forum Osborne Clarke London Thursday 9 th February 2012

Specialist insurance and risk implications for prepaid an update. Prepaid International Forum Osborne Clarke London Thursday 9 th February 2012 Specialist insurance and risk implications for prepaid an update Prepaid International Forum Osborne Clarke London Thursday 9 th February 2012 Introduction To update our presentation of 24 th February

More information

Website Hosting Agreement

Website Hosting Agreement Website Hosting Agreement This Agreement is Between: (1) Tutch Media Limited, a company registered in England whose office is at 121c London Road, Knebworth, Herts, SG3 6EX ( the Host ) and (2) The Client

More information

NZI LIABILITY CYBER. Are you protected?

NZI LIABILITY CYBER. Are you protected? NZI LIABILITY CYBER Are you protected? Any business that operates online is vulnerable to cyber attacks and data breaches. From viruses and hackers to employee error and system damage, your business is

More information

Design and Construct Professional Liability Insurance Summary

Design and Construct Professional Liability Insurance Summary Design and Construct Professional Liability Insurance Summary Design and Construct Professional Underwritten by a member of the QBE Insurance Group (QBE) This insurance is an annual contract unless stated

More information

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you

More information

www.bonddickinson.com Cyber Risks October 2014 2

www.bonddickinson.com Cyber Risks October 2014 2 www.bonddickinson.com Cyber Risks October 2014 2 Why this emerging sector matters Justin Tivey Legal Director T: +44(0)845 415 8128 E: justin.tivey The government estimates that the current cost of cyber-crime

More information

Service Schedule for Business Email Lite powered by Microsoft Office 365

Service Schedule for Business Email Lite powered by Microsoft Office 365 Service Schedule for Business Email Lite powered by Microsoft Office 365 1. SERVICE DESCRIPTION Service Overview 1.1 The Service is a hosted messaging service that delivers the capabilities of Microsoft

More information

MPL SECURE: MISCELLANEOUS PROFESSIONAL AND NETWORK SECURITY LIABILITY INSURANCE POLICY APPLICATION

MPL SECURE: MISCELLANEOUS PROFESSIONAL AND NETWORK SECURITY LIABILITY INSURANCE POLICY APPLICATION MPL SECURE: MISCELLANEOUS PROFESSIONAL AND NETWORK SECURITY LIABILITY INSURANCE POLICY APPLICATION NOTICE: THE POLICY FOR WHICH THIS APPLICATION IS MADE IS A CLAIMS MADE AND REPORTED POLICY SUBJECT TO

More information

Cyber-Technology Policy Comparisons

Cyber-Technology Policy Comparisons Cyber-Technology Policy Comparisons ABA Insurance Internet/Electronic Banking Liability Insurance Policy (04/01) January, 2011 Endorsements Topic ACE Computer & Technology Products and Services Professional

More information

INSURANCE CYBER RISK Tine Olsen, Willis

INSURANCE CYBER RISK Tine Olsen, Willis INSURANCE CYBER RISK 18.06.2013 Tine Olsen, Willis CYBER RISICI Agenda: Introduction to Willis What are Cyber risks? Exposure and cases Risk management Risk transfer Insurance Closure and questions 1 Part

More information

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in

More information

Information and Communication Technology, Cyber and Data Security

Information and Communication Technology, Cyber and Data Security Information and Communication Technology, Cyber and Data Security Contents Information and Communication Technology 1 ICT Professional Indemnity 2 Claims scenarios 4 Cyber and Data Security 5-7 Claims

More information

Care Providers Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management

Care Providers Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management Care Providers Protecting your organisation, supporting its success Risk Management Insurance Employee Benefits Investment Management Care providers are there to help those in need. But who helps the care

More information

ACE Advantage PRIVACY & NETWORK SECURITY

ACE Advantage PRIVACY & NETWORK SECURITY ACE Advantage PRIVACY & NETWORK SECURITY SUPPLEMENTAL APPLICATION COMPLETE THIS APPLICATION ONLY IF REQUESTING COVERAGE FOR PRIVACY LIABILITY AND/OR NETWORK SECURITY LIABILITY COVERAGE. Please submit with

More information

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION October 23, 2015 THREAT ENVIRONMENT Growing incentive for insiders to abuse access to sensitive data for financial gain Disgruntled current and former

More information

Risk Management of Outsourced Technology Services. November 28, 2000

Risk Management of Outsourced Technology Services. November 28, 2000 Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the

More information

How not to lose your head in the Cloud: AGIMO guidelines released

How not to lose your head in the Cloud: AGIMO guidelines released How not to lose your head in the Cloud: AGIMO guidelines released 07 December 2011 In brief The Australian Government Information Management Office has released a helpful guide on navigating cloud computing

More information

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Nikos Georgopoulos Privacy Liability & Data Breach Management wwww.privacyrisksadvisors.com October 2014

More information

1. (a) Full name of proposer including trading names if any (if not a limited company include full names of partners) Date established

1. (a) Full name of proposer including trading names if any (if not a limited company include full names of partners) Date established Network Security ProPosal Form Important Please answer all questions from each section and complete in block capitals. Tick the appropriate boxes where necessary and supply any further information requested.

More information

Professional Indemnity Select

Professional Indemnity Select Allianz Insurance plc Professional Indemnity Select Cover Overview Professional Indemnity Select Cover Overview Contents Thank you for choosing Allianz Insurance plc. We are one of the largest general

More information

Professional Indemnity Select

Professional Indemnity Select Allianz Insurance plc Professional Indemnity Select Policy Overview Policy Overview Professional Indemnity Select Contents Thank you for choosing Allianz Insurance plc. We are one of the largest general

More information

Service Schedule for BT Business Lite Web Hosting and Business Email Lite powered by Microsoft Office 365

Service Schedule for BT Business Lite Web Hosting and Business Email Lite powered by Microsoft Office 365 1. SERVICE DESCRIPTION 1.1 The Service enables the Customer to: set up a web site(s); create a sub-domain name associated with the web site; create email addresses. 1.2 The email element of the Service

More information

Cyber Exposure for Credit Unions

Cyber Exposure for Credit Unions Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of

More information

DATA BREACH COVERAGE

DATA BREACH COVERAGE THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000

More information

CyberEdge Cyber Liability Insurance. Policy Wording

CyberEdge Cyber Liability Insurance. Policy Wording Policy Wording Policy Holder: Policy Number: «Client_Name» «AIG_Policy_Number» Schedule 1 Policyholder 2 Policyholder s Main Address 3 Inception Date (dd/mm/yyyy) 4 Policy period From: (dd/mm/yyyy) To:

More information

ICSA Guidance on Protection against Directors and Officers Liabilities Indemnities and Insurance

ICSA Guidance on Protection against Directors and Officers Liabilities Indemnities and Insurance ICSA Guidance on Protection against Directors and Officers Liabilities Indemnities and Insurance Contents If using online, click on the headings below to go to the related sections. 1. Introduction 2.

More information

HCC International Information and Communication Technology

HCC International Information and Communication Technology HCC International Information and Communication Technology The Growth and Evolution of the ICT Market The Information and Communication Technology (ICT) sector remains one of the fastest growing, most

More information

ASSOCIATION LIABILITY Broker Information. innovative insurance protection

ASSOCIATION LIABILITY Broker Information. innovative insurance protection ASSOCIATION LIABILITY Broker Information innovative insurance protection BROKER HIGHLIGHTS We Know Non-Profits: Through our strong links with the social service and community sector Rosser Underwriting

More information

What would you do if your agency had a data breach?

What would you do if your agency had a data breach? What would you do if your agency had a data breach? 80% of businesses fail to recover from a breach because they do not know this answer. Responding to a breach is a complicated process that requires the

More information

PRODUCT MANUFACTURER S PROFESSIONAL LIABILITY, INCLUDING COMPUTER NETWORK SECURITY, PRIVACY, MULTIMEDIA AND ADVERTISING LIABILITY APPLICATION

PRODUCT MANUFACTURER S PROFESSIONAL LIABILITY, INCLUDING COMPUTER NETWORK SECURITY, PRIVACY, MULTIMEDIA AND ADVERTISING LIABILITY APPLICATION PRODUCT MANUFACTURER S PROFESSIONAL LIABILITY, INCLUDING COMPUTER NETWORK SECURITY, PRIVACY, MULTIMEDIA AND ADVERTISING LIABILITY APPLICATION NOTICE: THE POLICY FOR WHICH THIS APPLICATION IS MADE IS A

More information

TechDefender SM. Tech E&O, Network Security, Privacy, Internet Media, and MPL Insurance Application

TechDefender SM. Tech E&O, Network Security, Privacy, Internet Media, and MPL Insurance Application IRONSHORE INSURANCE COMPANIES One State Street Plaza New York, NY 10004 Tel: 646-826-6600 Toll Free: 877-IRON411 TechDefender SM Tech E&O, Network Security, Privacy, Internet Media, and MPL Insurance Application

More information

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system

More information

Electronic business conditions of use

Electronic business conditions of use Electronic business conditions of use This document provides Water Corporation s Electronic Business Conditions of Use. These are to be applied to all applications, which are developed for external users

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Professional Liability Errors and Omissions Insurance Application

Professional Liability Errors and Omissions Insurance Application HCC Specialty 37 Radio Circle Drive Mount Kisco, NY 10549 main (914) 242 7840 facsimile (914) 241 1133 e-mail MPL@hcc.com Professional Liability Errors and Omissions Insurance Application THIS IS AN APPLICATION

More information

3.6. Please also note, unless your policy confirms otherwise, the rights under your policy may only be pursued in an English court.

3.6. Please also note, unless your policy confirms otherwise, the rights under your policy may only be pursued in an English court. Terms of business agreement - commercial customers M & N Insurance Service Limited Authorised and regulated by the Financial Conduct Authority No: 305837. Registered Office: 248 Hendon Way London NW4 3NL

More information

Managing E-Risks in today s cyberspace: Growth of Cyber Liability Insurance

Managing E-Risks in today s cyberspace: Growth of Cyber Liability Insurance WHITEPAPER MARCH 2014 www.beroe-inc.com Managing E-Risks in today s cyberspace: Growth of Cyber Liability Insurance Abstract With cyber-attacks becoming increasingly sophisticated and frequent, and with

More information

Protecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks

Protecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks Protecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks Hacks, breaches, stolen data, trade secrets hijacked, privacy violated, ransom demands made; how can you protect your data

More information

Security & Privacy Current cover and Risk Management Services

Security & Privacy Current cover and Risk Management Services Security & Privacy Current cover and Risk Management Services Introduction Technological advancement has enabled greater working flexibility and increased methods of communications. However, new technology

More information

Complete Professional Indemnity

Complete Professional Indemnity Allianz Insurance plc Complete Professional Indemnity Policy Details (including Policy Summary pages 1 4) Architects Policy Summary This is a Policy Summary only and does not contain full terms and conditions

More information

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,

More information

Professional Indemnity Insurance Guide for FCA Regulated Firms (2015)

Professional Indemnity Insurance Guide for FCA Regulated Firms (2015) Professional Indemnity Insurance Guide for FCA Regulated Firms (2015) Nathan Sewell, CEO of Protean Risk, answers the Top 50 questions we are regularly asked as a specialist provider of Professional Indemnity

More information

Professional Indemnity Insurance Policy - Optometrists Association Australia (OAA) Version 3.0

Professional Indemnity Insurance Policy - Optometrists Association Australia (OAA) Version 3.0 Version 3.0 Table of contents Table of contents 2 Special Notices 3 Policy wording 4 Introduction 4 How much we will pay 4 What we insure 4 1. Professional indemnity insurance cover 4 1.1 Practice of your

More information

Professional Indemnity Insurance Glossary of Terms

Professional Indemnity Insurance Glossary of Terms Professional Indemnity Insurance Glossary of Terms Index Aggregation of claims Automatic reinstatement Average provision Cancellation Civil liability Claim Claims made Consumer protection legislation Continuous

More information

Cyber Risks in Italian market

Cyber Risks in Italian market Cyber Risks in Italian market Milano, 01.10.2014 Forum Ri&Assicurativo Gianmarco Capannini Agenda 1 Cyber Risk - USA 2 Cyber Risk Europe experience trends Market size and trends Market size and trends

More information

What is Technology, Media and Professional Services (TMPS) Coverage? Why Companies Should Consider Buying TMPS Coverage?

What is Technology, Media and Professional Services (TMPS) Coverage? Why Companies Should Consider Buying TMPS Coverage? What is Technology, Media and Professional Services (TMPS) Coverage? TMPS is written to: Protect the company from errors and omissions that occur in the company's rendering or failure to render professional

More information

Terms & Conditions of HYPE Softwaretechnik GmbH ( HYPE ) for HYPE Enterprise Express (Version October 2015) 1 Scope

Terms & Conditions of HYPE Softwaretechnik GmbH ( HYPE ) for HYPE Enterprise Express (Version October 2015) 1 Scope 1 Scope 1 (1) These terms and conditions (the T&C HYPE Enterprise Express ) together with the description of the Software Services provided by HYPE accepted by Customer by completing the HYPE Enterprise

More information

Professional indemnity Summary of cover

Professional indemnity Summary of cover Professional indemnity Summary of cover Architects & Engineers October 2014 Why choose AXA s Architects & Engineers Professional indemnity insurance? AXA s Architects & Engineers Professional indemnity

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

Insurance implications for Cyber Threats

Insurance implications for Cyber Threats Lillehammer Energy Claims Conference Lillehammer March 7, 2014 Insurance implications for Cyber Threats How enterprises need to prepare for the inevitable JLT is one of the world s largest providers of

More information

Sport & Social Clubs and Not For Profit Organisations Directors & Officers Liability Select

Sport & Social Clubs and Not For Profit Organisations Directors & Officers Liability Select Allianz Insurance plc Sport & Social Clubs and Not For Profit Organisations Directors & Officers Liability Select Policy Overview Product Name/Subject Line Professional Indemnity Policy Overview Contents

More information

XL Eclipse Application

XL Eclipse Application XL Eclipse Application Third Party Coverage Technology & Miscellaneous Professional Services Technology Products Media Communications Network Security Privacy Liability First Party Coverage Extortion Threat

More information