Recent Australia privacy incidents compared to rest of world Insurance Response
|
|
- Moris Carpenter
- 8 years ago
- Views:
Transcription
1 Recent Australia privacy incidents compared to rest of world Insurance Response Prior to 2015, we observed an increasing number of insurance carriers from Australia, the U.S., and Lloyd s of London attracted by the allure of new premiums i and increased profits from a new line of business cyber insurance and they jumped in with both feet to compete on both price and coverage for new placements and existing programs. In the wake of recent highprofile network security and privacy breach incidents however, we have found that many carriers are re-evaluating their appetite. Carriers have been seen to be adding cyber insurance exclusions and declining to consider certain sizes and types of business. We recommend that lawyers should take a fresh look at their evolving cyber exposures and solutions to be sure they can weather a storm if a data breach occurs with one of their clients. ii In particular, business lawyers should consider advising their clients of the following key takeaways about data protection and cyber losses and insurance coverage: Key Takeaways Australia s Privacy Act of 1988, even after the 2014 amendments, does not apply to the collection and use of personal information by private citizens, nor does it guarantee overarching privacy protection for the individual. Companies need to consider alternate and multiple ways of protecting themselves in the event of a data breach, including ensuring they take out cyber-loss insurance coverage, as appropriate. Recent trends in cyber losses and insurance coverage suggest that organizations compare potential cyber exposures with those of traditional tangible property. iii Lawyers need to prepare their clients for the legal aftermath which may include consumer litigation, declaratory actions by insurers and crippling first party costs, such as forensics investigations, remediation and business interruption. Significant cyber losses have transformed cyber in to a Board issue. iv A comprehensive breach response road map may not only assist mitigate the adverse effects of third party legal costs and first party expenses, it can also help satisfy Board of Directors fiduciary duties under the Corporations Act 2001.
2 Australia Privacy Law: No Mandatory Breach Notification (Yet) The 12 March 2014 reforms to the Privacy Act 1988 (the Act) saw a slew of changes introduced, which consolidated the existing National Privacy Principles (NPPs) and Information Privacy Principles (IPPs) into a new set of Australian Privacy Principles (APPs). The new APPs significantly increased the powers of the Privacy Commissioner, as well as updating and amending the existing rights and obligations set out in the Act. Additional bills have been introduced, which would have required serious data breaches be notified, however the new bills have not yet passed for one reason or another. Notwithstanding this, we believe that lawyers should be alive to these potential developments and work with their clients to help mitigate the effects of privacy and security liabilities. Cyber Trends According to publicly available information v, network security and privacy incidents include the following material impacts. vi Date Breach Reported Entity Loss Estimate Records Impact (millions) Jun 2014 NYC Taxi & Limousine Commission Not Known 173M Oct 2013 Adobe Systems, Inc. Not Known 152M May 2014 ebay, Inc. Not Known 145M Jan 2009 Heartland Payments Systems $143M 130M Dec 2013 Target Brands, Inc. $200M 110M Jan 2007 TJX Companies Inc. $256M 94M Jun 2011 Sony $280M 77M Aug 2014 J.P. Morgan Not Known 76M
3 Sep 2014 Home Depot $62M 56M Mar 2012 Global Payments $125M 7M The losses are not limited to retailers and the incidents are not limited to the United States. The following network privacy and security incidents have occurred in Australia in the past few years: On the 21 February 2014, the Department of Immigration and Border Protection (DIBP) posted a database on its website which accidently contained the personal information of 10,000 asylum seekers. The Australian Information Commissioner (AIC) subsequently opened up an own motion investigation which found the DIBP had breached the Privacy Act vii Over a four month period from September 2012, a Global ID card solutions provider stored personal information of Maritime Security Identity Card holders on a publicly accessible server without appropriate security controls viii. In 2013, an Australian online dating site was hacked and had 42 million records exposed including names, addresses and unencrypted passwords ix. In May 2013, the personal information of over 15,000 Telstra customers was discovered to be publicly accessible through a Google search x. In April 2014, a security vulnerability in an Australian travel company s ticketing system meant that by typing in any series of digits into the web address used by passengers to download their own e-ticket would likely show another travellers name, itinerary and other personal information. xi In 2012, a number of financial services related websites were hit with a distributed denial-of-service attacks forcing them to shut down for a period of time xii. On November , the Australian Government launched a website Australian Cybercrime Online Reporting Network (ACORN) which allows people to report cybercrime incidents to law enforcement agencies for consideration and possible investigation xiii. Distribution and supply chain disruption, manufacturing downtime, cyberattacks on energy grids and defects in customer relationship management software could impact most entities across the globe. For example, MtGox, a Japanese Bitcoin exchange, faced 150,000 attacks per second prior to its $475 million breach earlier this year. Last year s hacks of two India-based payment processors of Bank of Muscat in Oman and RakBank in United Arab Emirates resulted in $45 million illegally withdrawn from A.T.M. s. The Korea Credit Bureau breach in January
4 2014 resulted in 20 million customers and 105 million files being compromised. The RBS Worldpay breach reportedly cost more than $85 million. In August 2014, 1.2 billion user names and passwords were compromised by a Russian crime ring. The below diagram xiv reflects the interdepencies between critical infrastructure and the reliance on information and communication technologies. Source: J. Peerenboom, R.Fisher and R.Whitfield Recovering from Disruptions of Interdependent Critical Infrastructures.
5 Companies in nearly all industries and of all sizes are adopting new technologies and utilizing information assets. Social media, mobile devices, cloud computing, third party outsourced Information technology vendors and big data analytics are supposed to increase sales, raise efficiency and decrease costs. However, we have found that such technology and information assets spout new exposure issues. Who is liable if a mobile application downloaded by an employee infects the company s computer network? What if the bad guys gain access to a large organization s computer network through a third party heating, ventilation and air conditioning vendor? Within this risk landscape, critical infrastructures, including public facilities, are also vulnerable to cyber attacks. With increasing levels of standardisation, complexity and connectivity, industrial control systems are at risk from attack by remote unauthorised access from anywhere in the world. For example, a Queensland Local Council experienced spillage from its sewage system into local parks and rivers when someone used a laptop and wireless network to hack into the water supply control system and opened the sluice gates. An important point to keep in mind is that new technologies and increased information assets create different exposures, but not necessarily worse risks. For instance, if ApplePay tokenization generates random numbers, which cannot be as easily utilized compared to the existing credit card magnetic stripe numbers, which can be skimmed and reused, then the new system may reduce exposures. If entities can prepare a comprehensive and accurate representation of their cyber risk management, there is greater possibility that diligent insurance carrier underwriters will offer wider coverage terms at lower premiums. In the aftermath of a network security and privacy incidents, companies are potentially exposed to the undesirable risks of facing a consumer class action, an insurer s denial of coverage under their insurance and/or shareholder actions against the Directors and Officers of the offending entity. To date, we have found that consumer class action litigation has not been very successful anywhere in the world. Most cases have ended up being dismissed for failure to state a claim because the consumers cannot prove actual damages. Consumers are generally not liable for fraudulent charges on their credit cards and the courts have held that speculative future damages are not compensable. Payment Card Industry Data Security Standard fines are another story, including more than $100 million in liability. Such PCI fines and penalties are collected by the card associations to offset the cost of the credit card issuing bank to cancel and reissue the compromised credit cards. The forensic, investigation, legal and remediation costs
6 to stop and fix a breach can be substantial and in many cases more than the defense and indemnity costs to defend litigation. When an entity provides notice to its property or general liability or crime insurance carrier after it suffers a cyber-breach, the insurance carrier can and (we find) often does deny the claim and files a declaratory judgment action in court against the very same entity (the insured) that paid insurance premiums. For example, on February 21, 2014, a New York court held that Zurich Insurance, which had filed a Declaratory Judgment action against its insured, Sony, was not liable to cover the massive Sony Playstation breach under a general liability policy: Zurich successfully argued that direct costs to companies impacted by cyber breaches, such as forensics, notification, credit monitoring and public relations costs, are basic costs we would cover under our Security and Privacy Protection Policy. xv Then if a claim is filed, we have a liability coverage part that would cover the affected entity for defense costs and indemnity they have to pay out as a result. It s a Board Issue When the cyber loss numbers become material to an entity s financial statement, it is inevitable that cyber is becoming a board of director s issue. xvi Consider Australian organizations that are listed in the United States via American Depository Receipts. The U.S Securities and Exchange Commission got the ball rolling October 2011 when it issued guidelines regarding disclosure of cyber exposures. Additionally, The U.S. set forth the National Institute of Standards and Technology s Framework for Improving Critical Infrastructure in February Although the plaintiffs in high profile cases have not yet enjoyed success in shareholder litigation, the trend is to hold directors and officers responsible. Directors and officers must create a corporate culture that includes network security and privacy issues in enterprise risk management. It is not solely an IT issue it is an issue for the entire organization. In Australia, Directors should have particular regard to their duties of continuous disclosure and the duty of care and diligence under the Corporations Act. Monitoring and reviewing a company s risk management and data security policy would appear to be one of the steps that should be taken in discharging this duty. For organisations listed on the Australian Securities Exchange (ASX), there are additional obligations requiring them to notify the ASX of any information that a reasonable person would expect to have a material impact on its price or value.
7 Traps and Escape Hatches We have found that there is little standardization among the more than 60 insurers that write cyber insurance. Policy limits vary from a $1,000 limit add-on to a small business owners policy to more than $100 million in limits for large financial institutions, retailers and technology providers. Some insurance carriers include cyber breach response services within the insurance purchase, such as breach response coaching, cyber attorneys, forensics experts, credit monitoring and remediation. There is no such thing as a typical program and the structure can vary tremendously. In Australia, some insurers insist on retroactive date inception policies meaning that preexisting vulnerabilities are not covered under the policy. This limitation appears out of sorts with research which highlights that the average time from initial breach to detection is 210 days. xvii When it comes to cyber insurance, one size does not fit all so organisations need to consider their internal risk exposures and whether the policy appropriately responds to their unique industry exposures
8 Reinsurance Potential Additional Cyber Limits London Bermuda Bermuda U.S. EU Lloyd s U.S. or Certain Lloyd s of London U.S. or Certain Lloyd s of London U.S. or Certain Lloyd s of London $100M Total Standalone Cyber program for entities with revenue > $1 B, although one layer program with $5 MM or $10 MM total limits with single carrier is still most common U.S. or Certain Lloyd s of London Retention More important than the retention, limits, and premium is the policy wording itself. Typical exclusions include patents and trade secrets, refunds owed by the breached entity and liquidated damages, known network security vulnerabilities and unencrypted devices. A prudent insured will focus first and foremost on coverage issues. Unfortunately, in many placements we have reviewed, policyholders fail to identify their exposures or prioritize their coverage requirements. As a result, many critical coverage issues are often not negotiated, such as the following: Choice of Counsel and choice of third party outsourced vendors Prior Acts Coverage Delete exclusions for lack of patch upgrades/unencrypted data/device
9 Incident caused by a third party vendor Allocation of coverage between necessary remediation costs and relative upgrades Extra costs incurred due to complying with a government order to take (or not take) certain actions to stop the incident A recent global data protection survey xviii concluded that data loss and downtime cost Australian organisations over US$55 billion in the last twelve months. The survey also highlighted the biggest challenges for data protection in Australia was from big data, mobile and the use of hybrid clouds. With 31% of all primary data located in cloud storage and 58% of businesses lacking a disaster recovery plan, globally, Australia ranked in the bottom two categories of data protection maturity. As organizations continue to embrace technology, the range of exposures is evolving. Risk management best practices dictate that entities should consider cyber exposures and solutions in their future plans. The recent and continuing rise of cyber risk to the top of the boardroom agenda is primarily in response to the greater focus given to the issue by policymakers, regulators, law enforcement agencies and the investment community. We have found that they have all come increasingly to a view that cyber risk poses a significant and growing threat to the general public and almost every type of private and public organisation. Eric Lowenstein Client Manager Aon Risk Solutions Eric.lowenstein@aon.com Phone: (02)
10 Kevin P. Kalinich, Esquire Global Practice Leader Cyber Insurance Aon plc 2015 Aon Risk Services Australia Pty Limited ABN AFSL No (Aon) This article is for general informational purposes only and is not intended to provide individualized business or legal advice. The information contained herein was compiled primarily from sources that Aon considers to be reliable; however, Aon does not warrant the accuracy or completeness of any information herein. Should you have any questions regarding how the subject matter may impact you, please contact your legal, financial or other appropriate advisor. i It is estimated that total cyber insurance premiums in Australia for 2014 are between AUD$6m - AUD$8m according to internal Aon Global Risk Insight Platform data. ii Aon Cyber Risk Diagnostic Tool: iii The Risk Manager s Role in Mitigating Cyber Risk: iv Cyber Risk: Are Boards the New Target? v Sony vi vii viii ix x xi xii xiii xiv rrisk_solutions_in_emea.html xv Zurich American Insurance Co. v. Sony Corp., Index. No /2011 (N.Y. Supr. Ct. Feb. 21, 2014), xvi Cyber Risk: Are Boards the New Target? xvii xviii
Mitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationHit ratios are still very low for Security & Privacy coverage: What are companies waiting for?
Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations
More informationCyber Risk: Global Warning? by Cinzia Altomare, Gen Re
Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in
More informationCyber Insurance Presentation
Cyber Insurance Presentation Presentation Outline Introduction General overview of Insurance About us Cyber loss statistics Cyber Insurance product coverage Loss examples Q & A About Us A- Rated reinsurance
More informationCyber Risks Connect With Directors and Officers
Cyber Risks Connect With Directors and Officers Implications of the New SEC Guidance on Cyber Security February 2012 Lockton Companies, LLC The Securities and Exchange Commission (SEC) has changed the
More informationZurich Security And Privacy Protection Policy Application
Zurich Security And Privacy Protection Policy Application COVERAGE A. AND COVERAGE F. OF THE POLICY FOR WHICH YOU ARE APPLYING IS WRITTEN ON A CLAIMS FIRST MADE AND REPORTED BASIS. ONLY CLAIMS FIRST MADE
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationData breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
More informationerisks Policyholder s Guide to Privacy & Security Breach Response Planning
erisks Policyholder s Guide to Privacy & Security Breach Response Planning Professional Indemnity Financial Institutions Directors & Officers Management Liability Medical Malpractice Media Liability Level
More informationCyber Threats and the Insurance Response
Cyber Threats and the Insurance Response Scott Reeves & Laurence Yan Munich Reinsurance Company This presentation has been prepared for the Actuaries Institute 2014 General Insurance Seminar. The Institute
More informationDemystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature
Demystifying Cyber Insurance Jamie Monck-Mason & Andrew Hill Introduction What is cyber? Nomenclature 1 What specific risks does cyber insurance cover? First party risks - losses arising from a data breach
More informationAon & DLA Piper s 2014 Network Security & Privacy Symposium. September 2014
Aon & DLA Piper s 2014 Network Security & Privacy Symposium September 2014 2014 Aon Corporation Australia Limited ABN 58 004 756 772 Kevin Kalinich Global Cyber Leader Aon Risk Solutions Network Security
More informationPANEL DISCUSSION: Cyber Risk Insurance. 19 March 2015. (Network Security & Privacy Insurance)
PANEL DISCUSSION: Cyber Risk Insurance (Network Security & Privacy Insurance) 19 March 2015 Panelists: Cinzia Altomare, Manager Facultative, Gen Re, Italy Michael Shen, AVP, Liberty Specialty Markets,
More informationCyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day
Lloyd s of London (Reuters) May 8, 2000 Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Rivers Casino, Pittsburgh November 17, 2014
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationSecond Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL
Second Annual Conference September 16, 2015 to September 18, 2015 Chicago, IL Using Insurance Coverage to Mitigate Cybersecurity Risks To Warranty and Service Contract Businesses Barry Buchman, Partner
More informationThe promise and pitfalls of cyber insurance January 2016
www.pwc.com/us/insurance The promise and pitfalls of cyber insurance January 2016 2 top issues The promise and pitfalls of cyber insurance Cyber insurance is a potentially huge but still largely untapped
More informationTHIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY.
THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY. Capitalized terms used herein but not otherwise defined shall have their respective meanings set forth in the End
More informationcyber invasions cyber risk insurance AFP Exchange
Cyber Risk With cyber invasions now a common place occurrence, insurance coverage isn t found in your liability policy. So many different types of computer invasions exist, but there is cyber risk insurance
More informationInsurance Considerations Related to Data Security and Breach in Outsourcing Agreements
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
More informationYOUR TRUSTED PARTNER IN A DIGITAL AGE. A guide to Hiscox Cyber and Data Insurance
YOUR TRUSTED PARTNER IN A DIGITAL AGE A guide to Hiscox Cyber and Data Insurance 2 THE CYBER AND DATA RISK TO YOUR BUSINESS This digital guide will help you find out more about the potential cyber and
More informationInsurance Market Solutions Group, LLC Sub-Producer Agreement
Insurance Market Solutions Group, LLC Sub-Producer Agreement This Producer Agreement is made and entered into effective the day of, 20, by and between Insurance Market Solutions Group, LLC a Texas Company
More informationAccountants Professional Indemnity Insurance
Accountants Professional Indemnity Insurance Proposal Form 1. All questions must be answered giving full and complete answers. 2. Please ensure that this Proposal Form is Signed and Dated. 3. All fee or
More informationCyber Liability Insurance
Annual Board of Directors Conference 29 April 2014 TOC - 1 The Cyber Risk Landscape 2 Regulation Changes 3 Case Study Why to insure 4 Page 2 The Cyber Risk Landscape 2013 Lloyds Risk Index : Cyber Risk
More informationTHIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY COMPANY.
THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY COMPANY. Capitalized terms used herein but not otherwise defined shall have their respective meanings set forth in the End User
More informationCYBER & PRIVACY LIABILITY INSURANCE GUIDE
CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,
More informationTHIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY ( Exchange My Mail ).
THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY ( Exchange My Mail ). I. Service Definition. Exchange My Mail will provide Hosted Exchange and other Application Services
More informationManaging Cyber Risk through Insurance
Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes
More informationSAAS MADE EASY: SERVICE LEVEL AGREEMENT
SAAS MADE EASY: SERVICE LEVEL AGREEMENT THIS SERVICE LEVEL AGREEMENT DEFINES THE SERVICE LEVELS PROVIDED TO YOU BY THE COMPANY ( SaaS Made Easy ). Capitalized terms used herein but not otherwise defined
More information(1) Commercial Crime Insurance or Employee Fidelity Bond
INSURANCE (A) GENERAL CONSIDERATIONS This document presents the minimum insurance requirements as set forth by the United States Trustee Program (USTP). A standing trustee must purchase property insurance
More informationCybersecurity: Protecting Your Business. March 11, 2015
Cybersecurity: Protecting Your Business March 11, 2015 Grant Thornton. All LLP. rights All reserved. rights reserved. Agenda Introductions Presenters Cybersecurity Cybersecurity Trends Cybersecurity Attacks
More informationExercising Your Enterprise Cyber Response Crisis Management Capabilities
Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.
More informationMANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS
MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS RRD Donnelley SEC Hot Topics Institute May 21, 2014 1 MANAGING CYBERSECURITY RISK AND DISCLOSURE OBLIGATIONS Patrick J. Schultheis Partner Wilson
More informationImplementation Plan: Development of an asset and financial planning management. Australian Capital Territory
Implementation Plan: Development of an asset and financial planning management framework for TAMS Australian Capital Territory NATIONAL PARTNERSHIP AGREEMENT TO SUPPORT LOCAL GOVERNMENT AND REGIONAL DEVELOPMENT
More informationCybersecurity Workshop
Cybersecurity Workshop February 10, 2015 E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. E. Andrew Keeney, Esq. Kaufman & Canoles, P.C. 150 West Main Street, Suite 2100 Norfolk, VA 23510 (757) 624-3153
More informationCyber Insurance as one element of the Cyber risk management strategy
Cyber Insurance as one element of the Cyber risk management strategy Stéphane Hurtaud Partner Governance, Risk & Compliance Thierry Flamand Partner Insurance Leader Laurent de la Vaissière Director Governance,
More informationData breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationCyber Security Issues - Brief Business Report
Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete
More informationCybercrime: risks, penalties and prevention
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
More informationLondon Business Interruption Association Technology new risks and opportunities for the Insurance industry
London Business Interruption Association Technology new risks and opportunities for the Insurance industry Kiran Nagaraj Senior Manager, KPMG LLP February 2014 Agenda Introduction The world we live in
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies
More informationProfessional Indemnity Proposal Form. for. Information Technology Consultants
Professional Indemnity Proposal Form for Information Technology Consultants Address: 5/3352 Pacific Highway Postal: PO Box 976 Springwood QLD 4127 Springwood QLD 4127 Phone: 07 3387 2800 Fax: 07 3208 2200
More informationHow To Cover A Data Breach In The European Market
SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE Businesses today rely heavily on computer networks. Using computers, and logging on to public and private networks has become second nature to
More informationPROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS
PROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS The following claim scenarios are hypothetical and are offered solely to illustrate the types of situations that may result in claims. Although sorted by industry,
More informationAnatomy of a Hotel Breach
Page 1 of 6 Anatomy of a Hotel Breach Written by Sandy B. Garfinkel Monday, 09 June 2014 15:22 Like 0 Tweet 0 0 Data breach incidents have dominated the news in 2014, and they are only becoming more frequent
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationIntroduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide
Introduction to Data Security Breach Preparedness with Model Data Security Breach Preparedness Guide by Christopher Wolf Directors, Privacy and Information Management Practice Hogan Lovells US LLP christopher.wolf@hoganlovells.com
More informationStatutory Liability Insurance
Statutory Liability Insurance December 2015 Statutory Liability Insurance is designed to provide cover to the company and its directors, officers and employees for defence costs and fines/penalties in
More information3/4/2015. Scope of Problem. Data Breaches A Daily Phenomenon. Cybersecurity: Minimizing Risk & Responding to Breaches. Anthem.
Cybersecurity: Minimizing Risk & Responding to Breaches March 5, 2015 Andy Chambers Michael Kelly Jimmie Pursell Scope of Problem Data Breaches A Daily Phenomenon Anthem JP Morgan / Chase Sony Home Depot
More informationReducing Risk. Raising Expectations. CyberRisk and Professional Liability
Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today
More informationManaging Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal
Managing Cyber Threats Risk Management & Insurance Solutions Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal Overview Recent Trends and Loss Exposures Risk Management Strategies
More informationAPIP - Cyber Liability Insurance Coverages, Limits, and FAQ
APIP - Cyber Liability Insurance Coverages, Limits, and FAQ The state of Washington purchases property insurance from Alliant Insurance Services through the Alliant Property Insurance Program (APIP). APIP
More informationUnderstanding Professional Liability Insurance
Understanding Professional Liability Insurance Definition Professional liability is more commonly known as errors & omissions (E&O) and is a form of liability insurance that helps protect professional
More informationThe Evolution of Data Breaches
The Evolution of Data Breaches 2015 Data Privacy & Security Summit June 29, 2015 Mark Shelhart Incident Response & Forensics Retail Data Security recent victims The Largest Cyber Risks to your Organization
More informationIs Your Financial Institutions' Insurance Policy vulnerable to a cyber claim? Joan D Ambrosio, James Cooper and Kim West 22 January 2014
Is Your Financial Institutions' Insurance Policy vulnerable to a cyber claim? Joan D Ambrosio, James Cooper and Kim West 22 January 2014 Cyber Exposures Joan D Ambrosio Reported data breaches continue
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationCyberSecurity for Law Firms
CyberSecurity for Law Firms Cracking the Cyber Code: Recent Headlines, Reinforcing the Need and Response Planning July 16, 2013 Making the Case Matthew Magner Senior Underwriting Officer Chubb & Son, a
More informationCAGNY Spring 2015 Meeting Fundamentals of Cyber Risk. Brad Gow June 9th, 2015 Endurance
Fundamentals of Cyber Risk Brad Gow June 9th, 2015 Endurance But consider the kickoff chuckle to a speech given to the Wharton School in March 1977 by Sidney Homer of Salomon Brothers, the leading bond
More informationDATA BREACH COVERAGE
THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000
More informationNZI LIABILITY CYBER. Are you protected?
NZI LIABILITY CYBER Are you protected? Any business that operates online is vulnerable to cyber attacks and data breaches. From viruses and hackers to employee error and system damage, your business is
More informationWhat Data? I m A Trucking Company!
What Data? I m A Trucking Company! Presented by: Marc C. Tucker 434 Fayetteville Street, Suite 2800 Raleigh, NC, 27601 919.755.8713 marc.tucker@smithmoorelaw.com Presented by: Rob D. Moseley, Jr. 2 West
More informationTipsheet 7 Insurance Clauses Named Insured vs Interested Party
Tipsheet 7 Insurance Clauses Named Insured vs Interested Party Client version Updated September 2010 Named insured, interested party or noted on the policy - What are the differences? What is the impact
More informationFrequently Asked Questions
PCI Compliance Frequently Asked Questions Table of Content GENERAL INFORMATION... 2 PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)...2 Are all merchants and service providers required to comply
More informationCyber Security - What Would a Breach Really Mean for your Business?
Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber
More informationPCI Compliance: How to ensure customer cardholder data is handled with care
PCI Compliance: How to ensure customer cardholder data is handled with care Choosing a safe payment process for your business Contents Contents 2 Executive Summary 3 PCI compliance and accreditation 4
More informationINCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
More informationDODO WEB HOSTING TERMS OF SERVICE
DODO WEB HOSTING TERMS OF SERVICE INDEX Dodo WEB HOSTING TERMS OF SERVICE 1. Definitions 1 2. General Terms of Service 1 3. The Service 1 4. Payment 2 5. Amending These Terms 2 6. Termination 2 7. Acceptable
More informationINDIANA BASIC PROPERTY INSURANCE UNDERWRITING ASSOCIATION (INDIANA F.A.I.R. PLAN)
INDIANA BASIC PROPERTY INSURANCE UNDERWRITING ASSOCIATION (INDIANA F.A.I.R. PLAN) The following Indiana Basic Property Insurance Underwriting Association program (Indiana F.A.I.R. Plan) (hereinafter referred
More informationRISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION
RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION October 23, 2015 THREAT ENVIRONMENT Growing incentive for insiders to abuse access to sensitive data for financial gain Disgruntled current and former
More informationCyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?
Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies
More informationHow To Protect Your Data From Being Hacked
Data Security and the Cloud TABLE OF CONTENTS DATA SECURITY AND THE CLOUD EXECUTIVE SUMMARY PAGE 3 CHAPTER 1 CHAPTER 2 CHAPTER 3 CHAPTER 4 CHAPTER 5 PAGE 4 PAGE 5 PAGE 6 PAGE 8 PAGE 9 DATA SECURITY: HOW
More informationNetwork Security & Privacy Landscape
Network Security & Privacy Landscape Presented By: Greg Garijanian Senior Underwriter Professional Liability 1 Agenda Network Security Overview -Latest Threats - Exposure Trends - Regulations Case Studies
More informationOlympic Web Design, Inc. Web Hosting Agreement Terms and Conditions
Olympic Web Design, Inc. Web Site Hosting Agreement v1.4a Last Revised: Nov. 20, 2009 Olympic Web Design, Inc. Web Hosting Agreement Terms and Conditions The following agreement is by and between Olympic
More informationINDIANA BASIC PROPERTY INSURANCE UNDERWRITING ASSOCIATION (INDIANA F.A.I.R. PLAN)
INDIANA BASIC PROPERTY INSURANCE UNDERWRITING ASSOCIATION (INDIANA F.A.I.R. PLAN) The following Indiana Basic Property Insurance Underwriting Association program (Indiana F.A.I.R. Plan) (hereinafter referred
More informationSHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS
SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS An overview of how the Shared Assessments Program SIG 2014
More informationBasis Clauses. A practical guide to basis clauses in insurance contracts Guide 2013
Basis Clauses A practical guide to basis clauses in insurance contracts Guide 2013 Contents Contents... 3 1. Executive Summary... 4 2. Introduction to basis clauses... 5 3. Identifying basis clauses proposal
More informationCYBER/ NETWORK SECURITY
CYBER/ NETWORK SECURITY FINEX AUSTRALIA ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over
More informationInterlocal Cooperation Contract
Interlocal Cooperation Contract STATE OF TEXAS COUNTY OF I. Parties This Interlocal Cooperation Contract ( Contract ) is made and entered into between the Texas Department of Public Safety ( TDPS ), a
More informationCybersecurity y Managing g the Risks
Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking
More informationIncident Response. Proactive Incident Management. Sean Curran Director
Incident Response Proactive Incident Management Sean Curran Director Agenda Incident Response Overview 3 Drivers for Incident Response 5 Incident Response Approach 11 Proactive Incident Response 17 2 2013
More informationPrivacy and Data Breach Protection Modular application form
Instructions The Hiscox Technology, Privacy and Cyber Portfolio Policy may be purchased on an a-la-carte basis. Some organizations may require coverage for their technology errors and omissions, while
More informationAus Net Servers Australia Pty Ltd General Terms & Conditions
General Terms & Conditions Effective 01/01/2015 Last Updated 28/12/2014 Revision 3.7 Below are the standard terms and conditions which you must agree to when taking out services with Aus Net Servers Australia
More informationWho s next after TalkTalk?
Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many
More informationCoverage is subject to a Deductible
Frank Cowan Company Limited 75 Main Street North, Princeton, ON N0J 1V0 Phone: 519-458-4331 Fax: 519-458-4366 Toll Free: 1-800-265-4000 www.frankcowan.com CYBER RISK INSURANCE DETAILED APPLICATION Notes:
More informationEnterprise PrivaProtector 9.0
IRONSHORE INSURANCE COMPANIES 75 Federal St Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING FOR A CLAIMS
More informationCyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor
Cyber Risks Management Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor 1 Contents Corporate Assets Data Breach Costs Time from Earliest Evidence of Compromise to Discovery of Compromise The Data Protection
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This Agreement, dated as of, 2015 ("Agreement"), by and between, on its own behalf and on behalf of all entities controlling, under common control with or controlled
More informationMANAGEMENT AND PROFESSIONAL LIABILITY INSURANCE
U.S. FINPRO MANAGEMENT AND PROFESSIONAL LIABILITY INSURANCE ALTERNATIVE INVESTMENT FUNDS/HEDGE FUNDS In turbulent economic times, the importance of a well designed management and professional liability
More informationCyber and Data Security. Proposal form
Cyber and Data Security Proposal form This proposal form must be completed and signed by a principal, director or a partner of the proposed insured. Cover and Quotation requirements Please indicate which
More informationCriminal Convictions and Employment Rights In New York State Robert D. Strassel
Policy Brief April 26, 2010 Criminal Convictions and Employment Rights In New York State Robert D. Strassel Executive Summary New York has a strong policy toward preventing discrimination based on prior
More informationPRINCIPLES AND PRACTICE OF INFORMATION SECURITY
PRINCIPLES AND PRACTICE OF INFORMATION SECURITY Protecting Computers from Hackers and Lawyers Linda Volonino, Ph.D. Canisius College Stephen R. Robinson Verity Partners, LLC with contributions by Charles
More informationTHE ANATOMY OF A CYBER POLICY. Jamie Monck-Mason & Andrew Hill
THE ANATOMY OF A CYBER POLICY Jamie Monck-Mason & Andrew Hill What s in a name? Lack of uniformity in policies: Cyber Cyber liability Data protection Tech PI The scope of cyber insurance First party coverage
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More informationProfessional Trainers, Licensing Assessment and Consultancy Services Professional Indemnity and Public Liability Insurance Proposal Form
Tranznet Association Inc Arranges the insurance IMPORTANT INFORMATION Professional Trainers, Licensing Assessment and Consultancy Services Professional Indemnity and Public Liability Insurance Proposal
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationTestimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies
Marsh & McLennan Companies, Inc. 1166 Avenue of the Americas New York, NY 10036 +1 212 345 5000 Fax +1 212 345 4808 Testimony of PETER J. BESHAR Executive Vice President and General Counsel Marsh & McLennan
More informationCyber/ Network Security. FINEX Global
Cyber/ Network Security FINEX Global ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over
More informationINFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES
INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES NOTICE: INSURING AGREEMENTS I.A., I.C. AND I.D. OF THIS POLICY PROVIDE COVERAGE ON A CLAIMS MADE AND REPORTED BASIS AND APPLY ONLY
More information