THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

Size: px
Start display at page:

Download "THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS"

Transcription

1 THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit MARSH

2 CYBER RISK: TRENDS AND SOLUTIONS SEPTEMBER 2013

3 CYBER RISKS: TRENDS AND SOLUTIONS CYBER RISK OVERVIEW Cyber Risk Segmentation 1. The harm caused by the insured 2. The harm that befalls the insured 3. Regulatory Requirements Stipulated by the government One event can trigger a loss that involves multiple risks. MARSH 2

4 CYBER RISKS: TRENDS AND SOLUTIONS CYBER RISK AND SUPPLY CHAINS Technology outages outpaced adverse weather in Data breaches and cyber attacks collectively were more disruptive than fire and civil unrest. MARSH 3

5 CYBER RISK CYBER INSURANCE POLICIES Cyber insurance policies: Fill many of the gaps in traditional insurance. Provide direct loss and liability protection for risks created by the use of technology and data in an organization s day-to-day operations. Risks Coverage Traditional Policies Cyber & Privacy Policy Legal liability to others for privacy breaches Privacy Liability: Harm suffered by others due to the disclosure of confidential information Legal liability to others for computer security breaches Network Security Liability: Harm suffered by others from a failure of your network security Loss or damage to data/information Property Loss: The value of data stolen, destroyed, or corrupted by a computer attack Loss of revenue due to a computer attack Loss of Revenue: Business income that is interrupted by a computer attack Extra expense to recover/respond to a computer attack Cyber Extortion: The cost of investigation and the extortion demand Loss or damage to reputation Identity theft Expenses resulting from identity theft Privacy notification requirements Cost to comply with privacy breach notification statues Regulatory actions Legal defense for regulatory actions Not typically covered May be covered Typically covered MARSH 4

6 CYBER RISKS: TRENDS AND SOLUTIONS CYBER RISK INSURANCE EVOLUTION Cyber insurance policies are able to address: Protection for claims arising from a failure of computer security to prevent or mitigate a computer attack. Protection for claims arising from a disclosure or mishandling of confidential information whether electronic or hard copy. Protection for the intentional acts of rogue employees and vicarious liability for a privacy breach by third-party vendors or business process outsourcing firms. Coverage for defense of regulatory actions, including affirmative coverage for assessed fines and penalties. Cyber policies can also include a fund for public relations and crisis management in connection with a crisis event relating to a failure of computer security or breach of privacy. MARSH 5

7 CYBER RISKS: TRENDS AND SOLUTIONS MIDSIZE BUSINESS EXPOSURE TO CYBER RISK Five things every small business should know about cyber crime: 1. Any size organization can fall victim. 2. Small businesses manage information that is of interest to cyber criminals. 3. Cyber criminals unleash 3.5 new threats every second targeting small businesses. 4. Compliance is costly, but noncompliance is costlier and can serve as a window to cybercrime. 5. As small businesses move to the cloud, cyber criminals are not far behind. Source: Trend Micro Inc. MARSH 6

8 CYBER RISKS: TRENDS AND SOLUTIONS CHANGING THREAT ENVIRONMENT Evolution of Cybercrime MARSH Copyright 2013 Trend Micro Inc. 7

9 CYBER RISKS: TRENDS AND SOLUTIONS TARGETED ATTACK TACTICAL TRENDS 1. Social and political events will be harbingers of attacks. 2. Localized attacks such as malware that will not execute unless certain conditions are met, such as language settings or even only specific netblocks. 3. The malware used in targeted attacks will have destructive capacity, either as its primary intent or as a cleanup mechanism to cover the attackers tracks. MARSH Copyright 2013 Trend Micro Inc. 8

10 CYBER RISK: TRENDS AND SOLUTIONS INSURANCE OPTIONS FOR MIDSIZE COMPANIES Insurance solutions have changed dramatically for midsize companies. Insurers have adapted products to fit the needs of all size companies. For example, crisis team approach for midsized firms. Easier for midsize organizations to apply for coverage. Still work to be done Marsh focused on breadth of coverage. Midsize organizations lack some of the bargaining clout, expertise, and time to negotiate terms and conditions. Marsh creating a platform to take advantage of coverage enhancements. MARSH 9

11 CYBER RISK: TRENDS AND SOLUTIONS RESPONDING TO A CYBER ATTACK: INITIAL STEPS NIST Depiction of Incident Response Life Cycle (NIST rev 2) MARSH 10

12 CYBER RISK: TRENDS AND SOLUTIONS RESPONDING TO A CYBER ATTACK: INITIAL STEPS Accurately identify scope and scale of incident. Contain the incident by immediately remediating vulnerabilities that facilitated the attack. Neutralize (but not necessarily destroy) malicious code. Remediate damage and recover from the breach and return to normal operations as quickly as possible. Review lessons learned. MARSH 11

13 CYBER RISK: TRENDS AND SOLUTIONS RESPONDING TO A CYBER ATTACK: DATA ANALYSIS External Data Breach Analysis Should Seek to Ascertain: The initial entry-point of the intruder. How long the intruder had access to victim s system. What areas of the network the intruder accessed. What, if any, sensitive information could have been exposed. What legal obligations arise from the breach. MARSH 12

14 CYBER RISK: TRENDS AND SOLUTIONS COMMON MISSTEPS IN ATTACK RESPONSE 1. Concluding that a breach has occurred before an investigation has been conducted. Investigation may reveal that the company has suffered an intrusion but that no breach of sensitive information has occurred. 2. Failure to preserve, collect, and analyze critical evidence. Companies often overlook log data and fail to collect vital information from volatile memory both of which can be key to accurately understanding the scope and scale of a breach. 3. Inability to accurately define the scope of the exposure. Initial assumptions can be misleading. It is important to determine whether data was actually lost or subjected to unauthorized access. A thorough investigation helps establish the universe of data that was compromised. MARSH 13

15 CYBER RISK: TRENDS AND SOLUTIONS COMMON MISSTEPS IN ATTACK RESPONSE 4. Ineffective communication between technology and legal staff. First responders can unknowingly damage or destroy critical information. It is important to collect and preserve evidence in the process of containing the event. 5. Rushing to notify before the full scope of the breach has been confirmed. 6. Failure to apply lessons learned from the event to prevent future incidents. Updating IRPs, performing vulnerability assessments, providing training these will help to improve data security posture. MARSH 14

16 CYBER RISK: TRENDS AND SOLUTIONS BUSINESS CONTINUITY Cyber-Related Business Interruption Risks: Public website outages. Customer portal outages. Internal operations systems disruption. Supply chain disruptions. Communication system disruption. Cleansing/replacing infected IT equipment. MARSH 15

17 CYBER RISKS: TRENDS AND SOLUTIONS BUSINESS CONTINUITY Risk Exposure Category Outage Power 2.25 Capacity 9 Internet Service 3 Risk Elements DOS Attack Physical Damages Upgrade/ Maintenance 4 CPE Outage 5.25 Performance Latency 6 Capacity congestion 8.75 Product Functionality 4 Compliance Global expansion 4 Industry standards 2 Unpr. reg. framework 4 Commercial Agreements 5.25 Data Breach Regulated Loss / corrupted 6 Leakage / compromise 10 Collection practices 9 Data Breach Non Regulated Loss / corrupted 4 Leakage / compromise 4 Collection practices 3 Integrity / Security Security design 5 Response to event 3.5 Lack of new capabilities 2 Lack of patches 5 Security coding 5 Malware 3.75 Infrastructure complexity 2 Relative Risk Exposure Spectrum and Scoring Scale Lowest Risk Exposure Lower Risk Exposure Medium Risk Exposure Higher Risk Exposure Highest Risk Exposure Scoring Scale (refer to appendix for details) Impact (1-5); Frequency (1-5) Risk = Impact x Frequency (1-25) MARSH 16

18 CYBER RISK: TRENDS AND SOLUTIONS INDUSTRY ISSUES Some industries with significant amount of activity: - Financial institutions (due to sheer volume). - Retail. - Hospitality. - Communication, media, and technology. MARSH 17

19 CYBER RISK: TRENDS AND SOLUTIONS PRE-LOSS ASSESSMENTS The potential financial exposures uncovered by pre-loss studies allow firms to assess the path towards managing the risk. Assess scenarios. Determine strength of contingency plans. Consider redundancies / improved network security and continuity. Desktop and professional studies: Understand financial exposure. Value stream mapping. Anticipated maximum business interruption loss (AMBIL) Ensure sufficient risk transfer: Property, cyber, fraud, and other insurance. Eliminate gaps in coverage. Know your exclusions. MARSH 18

20 CYBER RISKS: TRENDS AND SOLUTIONS MAKING AN INSURANCE CLAIM: COVERAGE Coverage Identify policy(ies) or endorsements that apply. Know your loss trigger (causation). You may receive a Reservation of Rights letter. Don t be shocked. Cyber losses can be difficult adjustments. Insurers will have their team amassed much more than an adjuster: Engineers to establish scope of loss and causation. Attorneys to support policy positions. Forensic accountants to audit claim. MARSH 19

21 CYBER RISKS: TRENDS AND SOLUTIONS MAKING AN INSURANCE CLAIM: QUANTIFICATION No Quantification For any material loss, best to retain experienced claim preparer. Many policies contain professional fees or claim preparation coverage that will reimburse for this expertise. Adjusters have their team of experts you need to put same expertise on your side of the table. You know your business: Forensic accounting claim preparers know proper measurement approach and the overall claim process. MARSH 20

22 CYBER RISKS: TRENDS AND SOLUTIONS MARSH FACS TYPICAL CLAIM PREPARATION PROCESS MARSH 21

23 CYBER RISKS: TRENDS AND SOLUTIONS MARSH FACS TYPICAL CLAIM PREPARATION PROCESS MARSH 22

24 This document and any recommendations, analysis, or advice provided by Marsh (collectively, the Marsh Analysis ) are not intended to be taken as advice regarding any individual situation and should not be relied upon as such. This document contains proprietary, confidential information of Marsh and may not be shared with any third party, including other insurance producers, without Marsh s prior written consent. Any statements concerning actuarial, tax, accounting, or legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as actuarial, accounting, tax, or legal advice, for which you should consult your own professional advisors. Any modeling, analytics, or projections are subject to inherent uncertainty, and the Marsh Analysis could be materially affected if any underlying assumptions, conditions, information, or factors are inaccurate or incomplete or should change. The information contained herein is based on sources we believe reliable, but we make no representation or warranty as to its accuracy. Except as may be set forth in an agreement between you and Marsh, Marsh shall have no obligation to update the Marsh Analysis and shall have no liability to you or any other party with regard to the Marsh Analysis or to any services provided by a third party to you or Marsh. Marsh makes no representation or warranty concerning the application of policy wordings or the financial condition or solvency of insurers or reinsurers. Marsh makes no assurances regarding the availability, cost, or terms of insurance coverage. Marsh is one of the Marsh & McLennan Companies, together with Guy Carpenter, Mercer, and Oliver Wyman. MA Copyright 2013 Marsh Inc. All rights reserved. USDG 5657

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer?

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information

More information

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in

More information

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President

More information

MARSH REPORT October 2015. International Business Resilience Survey 2015

MARSH REPORT October 2015. International Business Resilience Survey 2015 MARSH REPORT October 2015 International Business Resilience Survey 2015 CONTENTS October 2015 CONTENTS 3 Introduction 4 Non-traditional risks top concerns, both in terms of likelihood and impact 7 Insurance

More information

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the

More information

MANAGEMENT AND PROFESSIONAL LIABILITY INSURANCE

MANAGEMENT AND PROFESSIONAL LIABILITY INSURANCE U.S. FINPRO MANAGEMENT AND PROFESSIONAL LIABILITY INSURANCE ALTERNATIVE INVESTMENT FUNDS/HEDGE FUNDS In turbulent economic times, the importance of a well designed management and professional liability

More information

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :

More information

HEADWINDS FOR CALIFORNIA WORKERS COMPENSATION: TAKING THE HELM

HEADWINDS FOR CALIFORNIA WORKERS COMPENSATION: TAKING THE HELM HEADWINDS FOR CALIFORNIA WORKERS COMPENSATION: TAKING THE HELM February 2012 Colleen Britz Managing Director Tom Cammann Managing Director Jay Wesley Managing Director Los Angeles, CA Headwinds for California

More information

COMPENSATION GUIDE FOR US CLIENTS

COMPENSATION GUIDE FOR US CLIENTS COMPENSATION GUIDE FOR US CLIENTS ABOUT MARSH Marsh is a global leader in insurance broking and risk management. Marsh helps clients succeed by defining, designing, and delivering innovative industry-specific

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Managing Cyber Risk through Insurance

Managing Cyber Risk through Insurance Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes

More information

ISO? ISO? ISO? LTD ISO?

ISO? ISO? ISO? LTD ISO? Property NetProtect 360 SM and NetProtect Essential SM Which one is right for your client? Do your clients Use e-mail? Rely on networks, computers and electronic data to conduct business? Browse the Internet

More information

SUSTAINING THE PROFESSIONAL: PROTECTING YOUR ASSETS

SUSTAINING THE PROFESSIONAL: PROTECTING YOUR ASSETS SUSTAINING THE PROFESSIONAL: PROTECTING YOUR ASSETS AUGUST 2, 2013 Denise K. Gibson, RPLU Vice President Graham M. Fuller Senior Vice President Urbandale, Iowa Marsh US Consumer, a service of Seabury &

More information

CYBER & PRIVACY LIABILITY INSURANCE GUIDE

CYBER & PRIVACY LIABILITY INSURANCE GUIDE CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,

More information

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in

More information

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today

More information

HOW TO REIN IN WORKERS COMPENSATION COSTS. October 2013

HOW TO REIN IN WORKERS COMPENSATION COSTS. October 2013 HOW TO REIN IN WORKERS COMPENSATION COSTS October 2013 COST DRIVERS: PREMIUMS AND CLAIMS COSTS Insurers pushing for workers compensation rate increases. Especially risks with unfavorable loss experience

More information

Data Breach and Senior Living Communities May 29, 2015

Data Breach and Senior Living Communities May 29, 2015 Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs

More information

CGI Cyber Risk Advisory and Management Services for Insurers

CGI Cyber Risk Advisory and Management Services for Insurers CGI Cyber Risk Advisory and Management Services for Insurers Minimizing Cyber Risks cgi.com 3 As organizations seek to create value in today s highly interconnected world, they inherently increase their

More information

Logging In: Auditing Cybersecurity in an Unsecure World

Logging In: Auditing Cybersecurity in an Unsecure World About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that

More information

Cyber Insurance Presentation

Cyber Insurance Presentation Cyber Insurance Presentation Presentation Outline Introduction General overview of Insurance About us Cyber loss statistics Cyber Insurance product coverage Loss examples Q & A About Us A- Rated reinsurance

More information

Cyber Risks and Insurance Solutions Malaysia, November 2013

Cyber Risks and Insurance Solutions Malaysia, November 2013 Cyber Risks and Insurance Solutions Malaysia, November 2013 Dynamic but vulnerable IT environment 2 Cyber risks are many and varied Malicious attacks Cyber theft/cyber fraud Cyber terrorism Cyber warfare

More information

Marsh Private Client Life Insurance Services 10 REASONS TO REVIEW YOUR LIFE INSURANCE TODAY

Marsh Private Client Life Insurance Services 10 REASONS TO REVIEW YOUR LIFE INSURANCE TODAY Marsh Private Client Life Insurance Services 10 REASONS TO REVIEW YOUR LIFE INSURANCE TODAY 1. HAVE YOUR NEEDS CHANGED? Is the original reason you purchased your policies still applicable? Often, the need

More information

PROCUREMENT AND THE INSURANCE INDUSTRY WHAT YOU NEED TO KNOW NOVEMBER 2015

PROCUREMENT AND THE INSURANCE INDUSTRY WHAT YOU NEED TO KNOW NOVEMBER 2015 PROCUREMENT AND THE INSURANCE INDUSTRY WHAT YOU NEED TO KNOW NOVEMBER 2015 National Practice Leader Public Entity Corporate Insurance Topics to be discussed: Corporate Insurance understanding the difference

More information

cyber invasions cyber risk insurance AFP Exchange

cyber invasions cyber risk insurance AFP Exchange Cyber Risk With cyber invasions now a common place occurrence, insurance coverage isn t found in your liability policy. So many different types of computer invasions exist, but there is cyber risk insurance

More information

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013

More information

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor Cyber Risks Management Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor 1 Contents Corporate Assets Data Breach Costs Time from Earliest Evidence of Compromise to Discovery of Compromise The Data Protection

More information

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION October 23, 2015 THREAT ENVIRONMENT Growing incentive for insiders to abuse access to sensitive data for financial gain Disgruntled current and former

More information

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you

More information

Exercising Your Enterprise Cyber Response Crisis Management Capabilities

Exercising Your Enterprise Cyber Response Crisis Management Capabilities Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.

More information

Cyber/ Network Security. FINEX Global

Cyber/ Network Security. FINEX Global Cyber/ Network Security FINEX Global ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over

More information

Managing Cyber & Privacy Risks

Managing Cyber & Privacy Risks Managing Cyber & Privacy Risks NAATP Conference 2013 NSM Insurance Group Sean Conaboy Rich Willetts SEAN CONABOY INSURANCE BROKER NSM INSURANCE GROUP o Sean has been with NSM Insurance Group for the past

More information

Cyber Exposure for Credit Unions

Cyber Exposure for Credit Unions Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of

More information

CYBER SECURITY SPECIALREPORT

CYBER SECURITY SPECIALREPORT CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber

More information

Recent Court Rulings May Affect Protection Responsibilities

Recent Court Rulings May Affect Protection Responsibilities FINPRO Practice april 2013 Recent Court Rulings May Affect Companies Cyber and Data Protection Responsibilities Contents: Krottner v. starbucks corp. page 2 Clapper v. amnesty international page 3 Amgen,

More information

DATA BREACH COVERAGE

DATA BREACH COVERAGE THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000

More information

Cyber Insurance: How to Investigate the Right Coverage for Your Company

Cyber Insurance: How to Investigate the Right Coverage for Your Company 6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)

More information

Cyber Risk Insurance for Agents. Frequently Asked Questions

Cyber Risk Insurance for Agents. Frequently Asked Questions Cyber Risk Insurance for Agents Frequently Asked Questions 1 Cyber Risk Insurance About Great American Insurance Great American Insurance Group s roots go back to 1872 with the founding of its flagship

More information

Privacy / Network Security Liability Insurance Discussion. January 30, 2013. Kevin Violette RT ProExec

Privacy / Network Security Liability Insurance Discussion. January 30, 2013. Kevin Violette RT ProExec Privacy / Network Security Liability Insurance Discussion January 30, 2013 Kevin Violette RT ProExec 1 Irrefutable Laws of Information Security 1) Information wants to be free People want to talk, post,

More information

WORKERS COMPENSATION WEBCAST SERIES CREATING SAFER WORKPLACES AND REDUCING COSTS THROUGH PREDICTIVE ANALYTICS AND TECHNOLOGY

WORKERS COMPENSATION WEBCAST SERIES CREATING SAFER WORKPLACES AND REDUCING COSTS THROUGH PREDICTIVE ANALYTICS AND TECHNOLOGY WORKERS COMPENSATION WEBCAST SERIES CREATING SAFER WORKPLACES AND REDUCING COSTS THROUGH PREDICTIVE ANALYTICS AND TECHNOLOGY KEY WORKERS COMPENSATION AND WORKPLACE SAFETY OBJECTIVES FOR EMPLOYERS Employers

More information

OHIO ASSOCIATION OF COMMUNITY COLLEGES

OHIO ASSOCIATION OF COMMUNITY COLLEGES OHIO ASSOCIATION OF COMMUNITY COLLEGES RISK MANAGEMENT AND INSURANCE PROGRAM Launched November 1, 2011 OACC is right for you if: You want to lower your total cost of risk; You want broader coverages, loss

More information

Insurance implications for Cyber Threats

Insurance implications for Cyber Threats Lillehammer Energy Claims Conference Lillehammer March 7, 2014 Insurance implications for Cyber Threats How enterprises need to prepare for the inevitable JLT is one of the world s largest providers of

More information

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS RRD Donnelley SEC Hot Topics Institute May 21, 2014 1 MANAGING CYBERSECURITY RISK AND DISCLOSURE OBLIGATIONS Patrick J. Schultheis Partner Wilson

More information

ISO General Liability Form Revisions

ISO General Liability Form Revisions ISO General Liability Practice ISO General Liability Form Revisions Effective April 1, 2013 Content: caveats page 2 background page 2 exclusion c: liquor liability page 2 exclusion G: Aircraft, auto, or

More information

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance

Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance Today s agenda Introductions Cyber exposure overview Cyber insurance market and coverages Captive cyber insurance

More information

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ APIP - Cyber Liability Insurance Coverages, Limits, and FAQ The state of Washington purchases property insurance from Alliant Insurance Services through the Alliant Property Insurance Program (APIP). APIP

More information

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security Enterprise Security Governance Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security Governance and Organisational Model Risk Mgmt & Reporting Digital Risk & Security

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become

More information

Cyber Threats: Exposures and Breach Costs

Cyber Threats: Exposures and Breach Costs Issue No. 2 THREAT LANDSCAPE Technological developments do not only enhance capabilities for legitimate business they are also tools that may be utilized by those with malicious intent. Cyber-criminals

More information

October 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches

October 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title

More information

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Nikos Georgopoulos Privacy Liability & Data Breach Management wwww.privacyrisksadvisors.com October 2014

More information

OCIE Technology Controls Program

OCIE Technology Controls Program OCIE Technology Controls Program Cybersecurity Update Chris Hetner Cybersecurity Lead, OCIE/TCP 212-336-5546 Introduction (Role, Disclaimer, Background and Speech Topics) SEC Cybersecurity Program Overview

More information

Construction Webinar October 16, 2012. Stewart Roberts Claims Manager

Construction Webinar October 16, 2012. Stewart Roberts Claims Manager Construction Webinar October 16, 2012 Stewart Roberts Claims Manager CURIE Property Policy 4.3 PROPERTY EXCLUDED This policy does not apply to: a) motor vehicles licensed for regular highway use b) New

More information

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system

More information

Discussion on Network Security & Privacy Liability Exposures and Insurance

Discussion on Network Security & Privacy Liability Exposures and Insurance Discussion on Network Security & Privacy Liability Exposures and Insurance Presented By: Kevin Violette Errors & Omissions Senior Broker, R.T. Specialty, LLC February, 25 2014 HFMA Washington-Alaska Chapter

More information

Cyber Insurance: How to Investigate the

Cyber Insurance: How to Investigate the 10-26-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)

More information

White Paper on Financial Institution Vendor Management

White Paper on Financial Institution Vendor Management White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety

More information

INSURANCE MARKETS AND RISK TRENDS IN 2014 JANUARY 2014

INSURANCE MARKETS AND RISK TRENDS IN 2014 JANUARY 2014 JANUARY 2014 UNITED STATES INSURANCE MARKET REPORT 2014 For a copy of Marsh s US Insurance Market Report 2014, please visit marsh.com or ask your Marsh representative. AVERAGE PROPERTY RATE CHANGES ALL

More information

Anatomy of a Privacy and Data Breach

Anatomy of a Privacy and Data Breach Anatomy of a Privacy and Data Breach Understanding the Risk and Managing a Crisis Adam Kardash: Partner, Heenan Blaikie LLP Robert Parisi: Senior Vice President, Marsh Leadership, Knowledge, Solutions

More information

APPLICATION FOR TECHNOLOGY & PRIVACY PROFESSIONAL LIABILITY

APPLICATION FOR TECHNOLOGY & PRIVACY PROFESSIONAL LIABILITY APPLICATION FOR TECHNOLOGY & PRIVACY PROFESSIONAL LIABILITY GENERAL INFORMATION 1. APPLICANT NAME: 2. PHONE: 3. MAILING ADDRESS: 4. WEB ADDRESS: 5. The following officer of the Applicant is designated

More information

CYBER RISK SECURITY, NETWORK & PRIVACY

CYBER RISK SECURITY, NETWORK & PRIVACY CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread

More information

Data Security Incident Response Plan. [Insert Organization Name]

Data Security Incident Response Plan. [Insert Organization Name] Data Security Incident Response Plan Dated: [Month] & [Year] [Insert Organization Name] 1 Introduction Purpose This data security incident response plan provides the framework to respond to a security

More information

CYBER LIABILITY & INFORMATION SECURITY

CYBER LIABILITY & INFORMATION SECURITY MAIN: 919.926.4623 TOLL-FREE: 855.490.2528 WEBSITE: www.sentinelra.com CYBER LIABILITY & INFORMATION SECURITY In today's world, terms such as data breach and cyber liability are not new. With each year,

More information

Cyber Risk State of the Art

Cyber Risk State of the Art Proudly presents Cyber Risk State of the Art Matthew Davies, Chubb Insurance Catherine Dowdall, Canada Post Mike Petersen, Marsh 1 Agenda 1. Who is At Risk? 2. New/Emerging Risk and Trends 3. Canada Post

More information

Joe A. Ramirez Catherine Crane

Joe A. Ramirez Catherine Crane RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract

More information

U.S. Casualty Practice U.S. Construction Practice. November 2012. NY Labor Law 240

U.S. Casualty Practice U.S. Construction Practice. November 2012. NY Labor Law 240 U.S. Casualty Practice U.S. Construction Practice November 2012 NY Labor Law 240 NOVEMBER 2012 Scaffold Law Pressures Contractors in New York New York s so-called Scaffold Law Labor Law 240 has created

More information

MARINE CARGO CLAIMS GUIDEBOOK

MARINE CARGO CLAIMS GUIDEBOOK Marsh Canada Limited MARINE CARGO CLAIMS GUIDEBOOK TO REPORT A CLAIM PLEASE GO TO WWW.MARSHCARGO.COM MARINE CARGO CLAIMS GUIDEBOOK i Marine Cargo Claims Guidebook This booklet has been prepared as a guide

More information

Practical Cyber Law: Why the Standard of Care Requires Lawyers to Have a Basic Understanding of Cyber Insurance

Practical Cyber Law: Why the Standard of Care Requires Lawyers to Have a Basic Understanding of Cyber Insurance Practical Cyber Law: Why the Standard of Care Requires Lawyers to Have a Basic Understanding of Cyber Insurance By Shawn Tuma & Katti Smith Data breaches have become far more common than most people realize.

More information

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for?

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations

More information

Beyond Data Breach: Cyber Trends and Exposures

Beyond Data Breach: Cyber Trends and Exposures Beyond Data Breach: Cyber Trends and Exposures Vietnam 7 th May 2015 Jason Kelly Head of Asia Financial Lines AIG Agenda Why do companies need cyber protection Example of Cyber attack worldwide and in

More information

Information Security Incident Management Policy and Procedure. CONTROL SHEET FOR Information Security Incident Management Policy

Information Security Incident Management Policy and Procedure. CONTROL SHEET FOR Information Security Incident Management Policy Bolsover District Council North East Derbyshire District Council & Rykneld Homes Ltd Information Security Incident Management Policy September 2013 Version 1.0 Page 1 of 13 CONTROL SHEET FOR Information

More information

Cyber Liability. AlaHA Annual Meeting 2013

Cyber Liability. AlaHA Annual Meeting 2013 Cyber Liability AlaHA Annual Meeting 2013 Disclaimer We are not providing legal advise. This Presentation is a broad overview of health care cyber loss exposures, the process in the event of loss and coverages

More information

Law Firm Cyber Security & Compliance Risks

Law Firm Cyber Security & Compliance Risks ALA WEBINAR Law Firm Cyber Security & Compliance Risks James Harrison CEO, INVISUS Breach Risks & Trends 27.5% increase in breaches in 2014 (ITRC) Over 500 million personal records lost or stolen in 2014

More information

Data Privacy and Gramm- Leach-Bliley Act Section 501(b)

Data Privacy and Gramm- Leach-Bliley Act Section 501(b) Data Privacy and Gramm- Leach-Bliley Act Section 501(b) October 2007 2007 Enterprise Risk Management, Inc. Agenda Introduction and Fundamentals Gramm-Leach-Bliley Act, Section 501(b) GLBA Life Cycle Enforcement

More information

Cyber Risks in Italian market

Cyber Risks in Italian market Cyber Risks in Italian market Milano, 01.10.2014 Forum Ri&Assicurativo Gianmarco Capannini Agenda 1 Cyber Risk - USA 2 Cyber Risk Europe experience trends Market size and trends Market size and trends

More information

DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?

DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? Gregg Sommer, CAIA Head of Operational Risk Assessments St. Louis MERCER 2015 0 CYBERSECURITY BREACHES

More information

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime? Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies

More information

SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE

SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE SECURITY, CYBER AND NETWORK INSURANCE SECURING YOUR FUTURE Businesses today rely heavily on computer networks. Using computers, and logging on to public and private networks has become second nature to

More information

MEASURING AND MITIGATING REPUTATIONAL RISK SEPTEMBER 2014

MEASURING AND MITIGATING REPUTATIONAL RISK SEPTEMBER 2014 SEPTEMBER 2014 DEFINING REPUTATIONAL RISK WHAT DO WE MEAN BY AN ORGANIZATION S REPUTATION? Everything an organization does or says creates an indelible impression in the minds of its key stakeholders senior

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies

More information

DATA BREACH, NETWORK SECURITY, CYBER LIABILITY, PRIVACY PROTECTION: ARE YOU INSURED?

DATA BREACH, NETWORK SECURITY, CYBER LIABILITY, PRIVACY PROTECTION: ARE YOU INSURED? DATA BREACH, NETWORK SECURITY, CYBER LIABILITY, PRIVACY PROTECTION: ARE YOU INSURED? February 3, 2012 Steve Brown, Agency Manager West Virginia Medical Insurance Agency How many in the audience today will

More information

ADVANCED CYBER ATTACKS ON GLOBAL ENERGY FACILITIES

ADVANCED CYBER ATTACKS ON GLOBAL ENERGY FACILITIES MARSH RISK MANAGEMENT RESEARCH ADVANCED CYBER ATTACKS ON GLOBAL ENERGY FACILITIES MARCH 2014 CONTENTS 1 PROTECTING ENERGY FACILITIES AGAINST GROWING CYBER RISKS 2 ENERGY SECTOR TARGETED DISPROPORTIONATELY

More information

2015 PIAA Corporate Counsel Workshop October 22 23, 2015 Considerations in Cyber Liability Coverage

2015 PIAA Corporate Counsel Workshop October 22 23, 2015 Considerations in Cyber Liability Coverage 2015 PIAA Corporate Counsel Workshop October 22 23, 2015 Considerations in Cyber Liability Coverage Chris Reese Vice President, Director of Underwriting Connie Rivas Asst. Vice President, Contracts and

More information

Rogers Insurance Client Presentation

Rogers Insurance Client Presentation Rogers Insurance Client Presentation Network Security and Privacy Breach Insurance Presented by Matthew Davies Director Professional, Media & Cyber Liability Chubb Insurance Company of Canada mdavies@chubb.com

More information

Cyber-Crime Protection

Cyber-Crime Protection Cyber-Crime Protection A program of cyber-crime prevention, data breach remedies and data risk liability insurance for houses of worship, camps, schools, denominational/association offices and senior living

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently

More information

4/30/2015 CYBER LIABILITY AND AVIATION AGENDA LEARNING OBJECTIVES. Presented by Hal Hunt May 3, 2015

4/30/2015 CYBER LIABILITY AND AVIATION AGENDA LEARNING OBJECTIVES. Presented by Hal Hunt May 3, 2015 CYBER LIABILITY AND AVIATION Presented by Hal Hunt May 3, 2015 AGENDA Introduction Leaning Objectives Threat Examples Underwriting Protection/Cyber Policy Summary 2 LEARNING OBJECTIVES Understand Key Terms

More information

Cyber threat reality check GLOBAL TECHNOLOGY S RISK ADVISOR SERIES TURN RISK INTO ADVANTAGE THE THREAT IS GROWING IGNORING IT CAN BE COSTLY

Cyber threat reality check GLOBAL TECHNOLOGY S RISK ADVISOR SERIES TURN RISK INTO ADVANTAGE THE THREAT IS GROWING IGNORING IT CAN BE COSTLY GLOBAL TECHNOLOGY S RISK ADVISOR SERIES TURN RISK INTO ADVANTAGE WHY COMPLACENCY IS UNWARRANTED > WHERE CYBER THREATS COME FROM > THREE STEPS TO MANAGING CYBER THREATS > Cyber threat reality check THE

More information

2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security

2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security 2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009

More information

Embracing Cyber Risk: Insurance Solutions

Embracing Cyber Risk: Insurance Solutions Embracing Cyber Risk: Insurance Solutions ANZIIF Risk Rendezvous 15 Ian Pollard, Managing Director, Delta Insurance New Zealand Limited Agenda Risk Management Risk Transfer and Insurance Cyber attacks

More information

USING DATA DISCOVERY TO MANAGE AND MITIGATE RISK: INSIGHT IS EVERYONE S JOB

USING DATA DISCOVERY TO MANAGE AND MITIGATE RISK: INSIGHT IS EVERYONE S JOB USING DATA DISCOVERY TO MANAGE AND MITIGATE RISK: INSIGHT IS EVERYONE S JOB If you manage risk in your organization, you re probably surrounded by paper right now. After all, you need reports to help mitigate

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.

More information

Breach Found. Did It Hurt?

Breach Found. Did It Hurt? ANALYST BRIEF Breach Found. Did It Hurt? INCIDENT RESPONSE PART 2: A PROCESS FOR ASSESSING LOSS Authors Christopher Morales, Jason Pappalexis Overview Malware infections impact every organization. Many

More information