Navigating Cyber Risk Exposure and Insurance. Stephen Wares EMEA Cyber Risk Practice Leader Marsh

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Navigating Cyber Risk Exposure and Insurance. Stephen Wares EMEA Cyber Risk Practice Leader Marsh"

Transcription

1 Navigating Cyber Risk Exposure and Insurance Stephen Wares EMEA Cyber Risk Practice Leader Marsh

2 Presentation Format Four Key Questions How important is cyber risk and how should we view the cyber threat? To what extent do European organisations have a clear and documented understanding of their cyber risk profile and how can this be improved? Where are the gaps in knowledge and data that might impair an organisation s ability to make informed risk transfer choices? Are the insurance products available meeting client demand or is the insurance market developing a product that clients do not believe they need? 2

3 How important is cyber risk and how should we view the cyber threat? 3

4 Importance of cyber risk? Context National Level UK Attacks in cyberspace can have a potentially devastating real-world effect. Government, military, industrial, and economic targets, including critical services, could feasibly be disrupted by a capable adversary. National Security Strategy, October

5 Importance of cyber risk? Context National Level USA Despite ever-improving network defenses, the diverse possibilities for remote hacking intrusions, supply chain operations to insert compromised hardware or software, and malevolent activities by human insiders will hold nearly all ICT systems at risk for years to come. In short, the cyber threat cannot be eliminated; rather, cyber risk must be managed. Senate Armed Services Committee, February

6 Importance of cyber risk Context European Cyber Risk Survey 2015 Where does cyber risk feature in the corporate risk register? Top five risk. Top ten risk. Outside the top 10. Not on the corporate risk register 25% 17% 28% 30% The fact that over half of all organisations surveyed do not have cyber risk within the top 10 items on the risk register would suggest a divergence from the government view. 6

7 To what extent do European organisations have a clear and documented understanding of their cyber risk profile and how can this be improved? 7

8 Understanding of Cyber Risk Context European Cyber Risk Survey 2015 To what extent do you believe your organisation has a clear understanding of its exposure to cyber risk? 21% 4% 26% No understanding. Limited understanding. Basic understanding. Complete understanding. 49% 79% of organisations reported that they have, at best, a basic understanding of their cyber risk profiles. 8

9 Understanding of Cyber Risk Context European Cyber Risk Survey 2015 The fact that only slightly more than half (57%) of respondents have identified one or more cyber scenarios that could most affect their organisations would suggest that the lack of a complete understanding and absence/low positioning of cyber on the risk register is, for many companies, filtering through to a lack of definition around specific scenarios that might impact their business. Have you identified one or more cyber scenarios that could most affect your organisation? No Yes 9

10 Understanding Cyber Risk Context European Cyber Risk Survey 2015 Ireland UK Poland Italy Spain Austria & CEE Russia Cyprus Germany Netherlands Sweden Portugal France Denmark Switzerland Turkey Belgium Total Europe 11% 68% 56% 62% 76% 44% 66% 50% 70% 65% 58% 75% 39% 67% 75% 71% 65% 86% 93% 22% 11% 19% 6% 30% 8% 8% 15% 12% 3% 8% 9% 10% 17% 3% 15% 15% 8% 9% 5% 33% 5% 6% 24% 11% 11% 5% 7% IT function including security. Board. Risk management. IT departments continue to take primary responsibility for cyber risk in the majority (65%) of organisations. 10

11 Understanding Cyber Risk Marsh/HM Government, UK Cyber Security Report Taxonomy 11

12 Understanding Cyber Risk Marsh/HM Government, UK Cyber Security Report Risk Profile for a Large Business Insurer View 12

13 Understanding Cyber Risk Scenario Gathering Process Set parameters Which group companies, business divisions are in scope? Malicious events versus non-malicious events. Map the IT value chain. Gather exposure data Single day workshop. Structured interviews. Questionnaire. Select from a menu. Refine to create risk scenarios for material exposures Amalgamate common/similar items. Write up as a scenario that can be considered for quantification. Remove immaterial items, reallocate any that don t fit parameters. 13

14 Understanding Cyber Risk Scenario Example Actor Criminal Motivation Acquisition of payment card details Means of access Remote via internet Point of attack Point of sale devices Damage Investigation/response costs PCI fines and assessments Regulatory (ICO) fines and costs Civil compensation claims o Banks o Customers o Shareholders Reputational income loss 14

15 Where are the gaps in knowledge and data that might impair an organisation s ability to make informed risk transfer choices? 15

16 Preparedness for Risk Transfer 1. An understanding of the event that is to trigger an insurance. 2. An appreciation of the likely quantum. 3. An appreciation as to the likely frequency of the triggering event. 16

17 Preparedness for Risk Transfer Context European Cyber Risk Survey 2015 The majority of UK 15% organisations Poland 12% Turkey (68%) have not Switzerland yet made any Sweden 9% Spain attempt to Russia estimate/calculate Portugal 5% 5% Netherlands 10% loss estimates Italy 14% making it difficult Ireland to direct mitigation efforts to areas of most potential Germany France Denmark Cyprus 13% 10% harm. Belgium 6% Austria & CEE 17% 25% 5% 14% 25% 22% 20% 4% 6% 14% 10% 4% 8% 10% 11% 5% 8% 4% 2% 4% 33% 5% 10% 15% 16% 10% 24% 6% 7% 6% 25% 30% 100% 100% 25% 73% 75% 78% 75% 77% 66% 70% 67% 75% 61% 62% 56% 65% 50% 25% EUR1 million or below. EUR1 million to EUR2 million. EUR2 million to EUR5 million. EUR5 million and above. No loss estimates made. 17

18 Preparedness for Risk Transfer Expert Judgement Scale Description Financial Reputation Service / Operations 1 Negligible 2 Significant 3 Major 4 Catastrophic <$1m (max of 1% EBITDA) $1m-$4.9m (max of 4% EBITDA) $5m-$8.9m (max of 8% EBITDA) >$9m (exceeds 8% EBITDA) Public concern restricted to local complaints Minor adverse local/public/ media attention and complaints Serious negative national or regional criticism Prolonged international, regional & national condemnation Insignificant fall in service quality, limited interruption to partnerships, insignificant effect on service standards Minor fall in service quality, interruption to partnerships, some minor service standards are not met Major fall in service quality, major partnerships deteriorating, ongoing serious disruption in service standards Catastrophic fall in service quality, failure of several major partnerships, complete failure in service standards 18

19 Preparedness for Risk Transfer Expert Judgement 19

20 Are the insurance products available meeting client demand or is the insurance market developing a product that clients do not believe they need? 20

21 Suitability of Insurance Products Context European Cyber Risk Survey 2015 The insurance market continues to address the issues that represent organisations greatest concerns. 21

22 Suitability of Insurance Products Context European Cyber Risk Survey 2015 The insurance market appears to be innovating in the right direction to address the primary concern of risk managers. 22

23 Suitability of Insurance Products Context European Cyber Risk Survey 2015 Over half (57%) of respondents admit to the insurances available. having insufficient knowledge in order to assess 23

24 Is this a conscious decision not to purchase following a thorough evaluation of the available insurance products or are companies not yet in a position to approach the market due to a lack of risk profiling in their own organisations? Suitability of Insurance Products The Insurance Communications Gap 24

25 Further Reading 25

26 Navigating Cyber Risk Exposure and Insurance Thank you This PowerPoint presentation is based on sources we believe reliable and should be understood to be general risk management and insurance information only,. The information contained herein is based on sources we believe reliable and should be understood to be general risk management and insurance information only. The information is not intended to be taken as advice with respect to any individual situation and cannot be relied upon as such. In the United Kingdom, Marsh Ltd is authorised and regulated by the Financial Conduct Authority. Copyright 2015 Marsh Ltd All rights reserved

27 Thanks for your support! LIVING AND WORKING IN A RISKIER WORLD PROFESSION INNOVATION DIVERSITY

28 Cyber Insurance Update: Policy Basics First Party Coverage Business Interruption Loss of First Party Data Cyber Extortion Customer Notification Expenses Reputational Damages Third Party Coverage Network Security Liability Privacy Liability Multimedia Liability Loss of Third Party Data 28

29 Cyber Insurance Update: Coverage Trends Contingent Business Interruption Administrative Costs Coverage Regulatory Fines and Penalties Coverage Emergency Costs Crime Coverage Bodily Injury / Property Damage Extensions Cyber Exclusions under Traditional Property & Casualty Policies 29

30 Cyber Insurance Trends: Evolving Cyber Proposition Product Proposition 30

31 Cyber Insurance Update: Post-Breach Remediation 31

32 Cyber Insurance Update: Post-Breach Remediation 1 hour 2-5 hours Notification to Incident Manager 24/7/365 Incident Manager appoints specialists 5-24 hours hours Specialist/s investigations / discussions underway Specialists initial reports Incident Manager appointed Triage Call with all stakeholders Stakeholder update conference call/s Stakeholder update conference call/s Incident Manager First call with Insured Next steps and actions agreed Immediate mitigations if appropriate Clear Discovery Plan emerges Clear Solution Plan emerges

33 Cyber Insurance Update: Pre-Breach Services Risk Assessments Contractual and Regulatory / Legal Review Analysis of Security & Privacy Practices Systems Monitoring Incident Response Planning Business Continuity Enhancement 33

34 70% Cyber Insurance Update: Purchasing Trends 60% 50% 40% 30% 20% U.S. Europe Asia 10% 0% Source: Zurich / Advisen Information Security & Cyber Liability Risk Management Reports for U.S. and Europe;

35 Thanks for your support!

36 Cyber risks, a view from the industry Philippe COTELLE Head of Insurance Risk Management

37 A new industrial revolution Where the aeronautic industry had been so a century ago this is how we see this in the coming decade : 37

38 38

39 Cyber risks exposure Internet : a tool allowing the sharing of information between people in order to create an open world Difficulties to protect companies and their datas from the outside. 39

40 What are the obstacles to a good assessment of our cyber risks? Wrong perception Confidentiality Reputation 40

41 SPICE initiative (Scenario Planning to Identify Cyber Exposure) A program for Business impact analysis on disaster scenarios affecting our operational capabilities related to a cyber-event Gathering representatives of all the functions as well as IT and IM Security to overcome 3 hurdles : Explain to the operational people that we need them Address the security issue with extreme care, Be prepared to openly discuss some potential scenarios of exposure. No company shall assume that it is impossible to be hacked. 41

42 Scenario identification Focus on disaster scenarios clear hypothesis Scenarios identification 42

43 Assessing financial costs Assessing financial cost of each scenario Split scenarios in 4 different phases Simplify the list of impacted functions Compute over/under charge per scenario, per phase 22 Financial costs Scenario x Phase A Phase B Phase C Security Breach Detection 88 Phase D Security Breach Crisis Remediation Investments Vigilance

44 Assessing financial costs Lessons learned NUMBERS are related to our financial exposure There is no final number The objective is to reach a consensus: acceptable by everyone valid for our analysis 44

45 Evaluate probability of occurence Quantify the technical probability of success of a scenario to occur For each step of a given scenario, identify technical ways to proceed Rate each step with a probability of occurrence (using internal probability scale) Assessment performed by the local Information Management Security APT Kill Chain description used in the technical threat scenario 45

46 Evaluate probability of occurrence Lessons learned Same method but different numbers!? 2 different approaches: Given the defence systems in place, in order to be successful the attacker should gather so many different skills and resources that this was very unlikely to be plausible. As such the probabilities were therefore very low. Need an homogeneous approach Associate to each scenario the type of hacker and their motives If an attacker was seriously considering hacking a major company, then this must be a very strong organisation which in itself should have gathered all those unique skills and resources. Therefore their probabilities were more important. 46

47 Next Steps Provide a rationale for mitigation strategy Risk identification Risk Assessment Risk Response Cost of implementing IT security Justify the interest of the transfer to insurance both for coverage and premium budget IT investment and mitigation measures to reduce the probability and severity of occurrence insurance then becomes complementary (and not competitive) to IT measures and can be an efficient financial tool IT Investment make sense to mitigate the exposure Insurance Premium cost is efficient % of Mitigation 47

48 Challenges The process needs to be performed regularly and be as exhaustive as possible a strategy allowing to manage the roll out of this process across the entire organisation, products and countries an efficient process manageable with the operational teams 48

49 Challenges The insurance market needs as well to face several challenges : Conditions of dialog with the insurers Problem of reputation in case of a claim Claim settlement 49

50 Conclusion Our mission to support technological development and to develop the conditions of securing and mitigating the unavoidable risks that such opportunities generate. Cybersecurity is one of the key priority for Airbus Group A dedicated entity: Airbus DS Cybersecurity Its products and services are also offered to external companies to fight against cyber threats. Active Cyber risk management is a key message towards external stakeholders. Standards for cyber risk assessment will be necessary 50

51 Don t forget! Your evaluation and comments are the only way for FERMA to obtain information in order to improve the quality of the sessions Please fill in the documents given to you by our hostesses Or Use the mobile application and earn points for the Leaderboard game! 51

52 Thank you! 52

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in

More information

Cyber/ Network Security. FINEX Global

Cyber/ Network Security. FINEX Global Cyber/ Network Security FINEX Global ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over

More information

Security & Privacy Current cover and Risk Management Services

Security & Privacy Current cover and Risk Management Services Security & Privacy Current cover and Risk Management Services Introduction Technological advancement has enabled greater working flexibility and increased methods of communications. However, new technology

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Cyber-insurance: Understanding Your Risks

Cyber-insurance: Understanding Your Risks Cyber-insurance: Understanding Your Risks Cyber-insurance represents a complete paradigm shift. The assessment of real risks becomes a critical part of the analysis. This article will seek to provide some

More information

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.

More information

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President

More information

Managing Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal

Managing Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal Managing Cyber Threats Risk Management & Insurance Solutions Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal Overview Recent Trends and Loss Exposures Risk Management Strategies

More information

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor Cyber Risks Management Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor 1 Contents Corporate Assets Data Breach Costs Time from Earliest Evidence of Compromise to Discovery of Compromise The Data Protection

More information

CSP WORKSHOP CYBER INSURANCE FROM A BROKER S PERSPECTIVE

CSP WORKSHOP CYBER INSURANCE FROM A BROKER S PERSPECTIVE CSP WORKSHOP CYBER INSURANCE FROM A BROKER S PERSPECTIVE 27 April 2015 Stephen Wares Cyber Risk Practice Leader EMEA London (Tower Place) Corporate Risk Profile Insurer Opinion Insurance Communication

More information

Cyber Risks in Italian market

Cyber Risks in Italian market Cyber Risks in Italian market Milano, 01.10.2014 Forum Ri&Assicurativo Gianmarco Capannini Agenda 1 Cyber Risk - USA 2 Cyber Risk Europe experience trends Market size and trends Market size and trends

More information

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the

More information

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION October 23, 2015 THREAT ENVIRONMENT Growing incentive for insiders to abuse access to sensitive data for financial gain Disgruntled current and former

More information

On the European experience in critical infrastructure protection

On the European experience in critical infrastructure protection DCAF a centre for security, development and the rule of law On the European experience in critical infrastructure protection Valeri R. RATCHEV ratchevv@yahoo.com @ratchevv DCAF/CSDM 1 This presentation

More information

Rogers Insurance Client Presentation

Rogers Insurance Client Presentation Rogers Insurance Client Presentation Network Security and Privacy Breach Insurance Presented by Matthew Davies Director Professional, Media & Cyber Liability Chubb Insurance Company of Canada mdavies@chubb.com

More information

Cyber Insurance Presentation

Cyber Insurance Presentation Cyber Insurance Presentation Presentation Outline Introduction General overview of Insurance About us Cyber loss statistics Cyber Insurance product coverage Loss examples Q & A About Us A- Rated reinsurance

More information

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature Demystifying Cyber Insurance Jamie Monck-Mason & Andrew Hill Introduction What is cyber? Nomenclature 1 What specific risks does cyber insurance cover? First party risks - losses arising from a data breach

More information

ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT

ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT 2 OECD RECOMMENDATION OF THE COUNCIL ON THE PROTECTION OF CRITICAL INFORMATION INFRASTRUCTURES ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT The OECD is a unique forum where the governments of

More information

CYBER RISK SECURITY, NETWORK & PRIVACY

CYBER RISK SECURITY, NETWORK & PRIVACY CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread

More information

New environmental liabilities for EU companies

New environmental liabilities for EU companies New environmental liabilities for EU companies The ELD applies to all businesses that operate within the EU, even if the parent company is located outside of the EU. The ELD applies to all businesses,

More information

INSURANCE CYBER RISK Tine Olsen, Willis

INSURANCE CYBER RISK Tine Olsen, Willis INSURANCE CYBER RISK 18.06.2013 Tine Olsen, Willis CYBER RISICI Agenda: Introduction to Willis What are Cyber risks? Exposure and cases Risk management Risk transfer Insurance Closure and questions 1 Part

More information

National Corporate Practice. Cyber risks explained what they are, what they could cost and how to protect against them

National Corporate Practice. Cyber risks explained what they are, what they could cost and how to protect against them National Corporate Practice Cyber risks explained what they are, what they could cost and how to protect against them what this briefing covers ff Introduction ff Section 1: What are the risks and the

More information

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for?

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations

More information

Achieving Global Cyber Security Through Collaboration

Achieving Global Cyber Security Through Collaboration Achieving Global Cyber Security Through Collaboration Steve Purser Head of Core Operations Department December 2013 European Union Agency for Network and Information Security www.enisa.europa.eu Agenda

More information

CyberEdge. Desired Coverages. Application Form. Covers Required. Financial Information. Company or Trading Name: Address: Post Code: Telephone:

CyberEdge. Desired Coverages. Application Form. Covers Required. Financial Information. Company or Trading Name: Address: Post Code: Telephone: Company or Trading Name: Address: Post Code: Telephone: E-mail: Website: Date Business Established Number of Employees Do you have a Chief Privacy Officer (or Chief Information Officer) who is assigned

More information

RISK MANAGEMENT FOR INFRASTRUCTURE

RISK MANAGEMENT FOR INFRASTRUCTURE RISK MANAGEMENT FOR INFRASTRUCTURE CONTENTS 1.0 PURPOSE & SCOPE 2.0 DEFINITIONS 3.0 FLOWCHART 4.0 PROCEDURAL TEXT 5.0 REFERENCES 6.0 ATTACHMENTS This document is the property of Thiess Infraco and all

More information

To set out changes to Lloyd s monitoring of Cyber risks, including a new definition for risk code CY and a new risk code CZ

To set out changes to Lloyd s monitoring of Cyber risks, including a new definition for risk code CY and a new risk code CZ market bulletin Ref: Y4842 Title Purpose Type From Cyber Risks & Exposures To set out changes to Lloyd s monitoring of Cyber risks, including a new definition for risk code CY and a new risk code CZ Event

More information

Senate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace

Senate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace Senate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace Testimony of Ben Beeson Vice President, Cyber Security and Privacy Lockton

More information

Commercial Non-Life Insurance Brokers in Europe

Commercial Non-Life Insurance Brokers in Europe Commercial Non-Life Insurance Brokers in Europe Report Prospectus August 2014 Web: www.finaccord.com. E-mail: info@finaccord.com 1 Prospectus contents Page What is the research? What methodology has been

More information

Cyber and Data Security. Proposal form

Cyber and Data Security. Proposal form Cyber and Data Security Proposal form This proposal form must be completed and signed by a principal, director or a partner of the proposed insured. Cover and Quotation requirements Please indicate which

More information

Cyber Threats and the Insurance Response

Cyber Threats and the Insurance Response Cyber Threats and the Insurance Response Scott Reeves & Laurence Yan Munich Reinsurance Company This presentation has been prepared for the Actuaries Institute 2014 General Insurance Seminar. The Institute

More information

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14

www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14 www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the

More information

Agenda. Agenda. The UK Liability Crisis Richard Bulmer. Is there a crisis? International perspective OFT/DWP reports Where do we go from here?

Agenda. Agenda. The UK Liability Crisis Richard Bulmer. Is there a crisis? International perspective OFT/DWP reports Where do we go from here? The UK Liability Crisis Richard Bulmer Current Issues in General Insurance 26 April 2004 Agenda Is there a crisis? International perspective OFT/DWP reports Where do we go from here? Agenda Is there a

More information

The promise and pitfalls of cyber insurance January 2016

The promise and pitfalls of cyber insurance January 2016 www.pwc.com/us/insurance The promise and pitfalls of cyber insurance January 2016 2 top issues The promise and pitfalls of cyber insurance Cyber insurance is a potentially huge but still largely untapped

More information

Data security: A growing liability threat

Data security: A growing liability threat Data security: A growing liability threat Data security breaches occur with alarming frequency in today s technology-laden world. Even a comparatively moderate breach can cost a company millions of dollars

More information

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies

More information

Who s next after TalkTalk?

Who s next after TalkTalk? Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many

More information

Insights: Data Protection and the Cloud Europe

Insights: Data Protection and the Cloud Europe Insights: Data Protection and the Cloud Europe September 11 we can Table of Contents Executive Summary Page 3 Further Information Page 3 Key findings Page 4 Vertical sector findings Page 4 Investment in

More information

Cybersecurity Readiness & Incident Response. January 8, 2016

Cybersecurity Readiness & Incident Response. January 8, 2016 Cybersecurity Readiness & Incident Response January 8, 2016 Agenda Topic Minutes Introduction 3 Incident Statistics 7 Security Controls & Investigation Process 15 Mitigating Costs & Risks 15 Cyber Liability

More information

www.bonddickinson.com Cyber Risks October 2014 2

www.bonddickinson.com Cyber Risks October 2014 2 www.bonddickinson.com Cyber Risks October 2014 2 Why this emerging sector matters Justin Tivey Legal Director T: +44(0)845 415 8128 E: justin.tivey The government estimates that the current cost of cyber-crime

More information

CYBER & PRIVACY LIABILITY INSURANCE GUIDE

CYBER & PRIVACY LIABILITY INSURANCE GUIDE CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,

More information

Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives

Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives Risk Management for Industrial Control Systems (ICS) And Supervisory Control Systems (SCADA) Information For Senior Executives (Revised March 2012) Disclaimer: To the extent permitted by law, this document

More information

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently

More information

Aon Risk Solutions Global Risk Consulting Captive & Insurance Management. Cyber risk and the captive market - a match made in the cloud?

Aon Risk Solutions Global Risk Consulting Captive & Insurance Management. Cyber risk and the captive market - a match made in the cloud? Aon Risk Solutions Global Risk Consulting Captive & Insurance Management Cyber risk and the captive market - a match made in the cloud? With increasing news coverage of cyber-attacks and despite indications

More information

Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance

Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance Today s agenda Introductions Cyber exposure overview Cyber insurance market and coverages Captive cyber insurance

More information

Office of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS)

Office of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS) Office of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS) PSCR Public Safety Broadband Stakeholder Conference June 4 th, 2014 Alex Kreilein Technology Policy Strategist Office

More information

Lessons from Defending Cyberspace

Lessons from Defending Cyberspace Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat

More information

Insurance implications for Cyber Threats

Insurance implications for Cyber Threats Lillehammer Energy Claims Conference Lillehammer March 7, 2014 Insurance implications for Cyber Threats How enterprises need to prepare for the inevitable JLT is one of the world s largest providers of

More information

Privacy / Network Security Liability Insurance Discussion. January 30, 2013. Kevin Violette RT ProExec

Privacy / Network Security Liability Insurance Discussion. January 30, 2013. Kevin Violette RT ProExec Privacy / Network Security Liability Insurance Discussion January 30, 2013 Kevin Violette RT ProExec 1 Irrefutable Laws of Information Security 1) Information wants to be free People want to talk, post,

More information

Distributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015

Distributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015 Distributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015 Today s Agenda What are we talking about today? What is Risk Evolution of risk management Understand the importance of Risk

More information

Briefing note. Survey of environmental liability insurance developments

Briefing note. Survey of environmental liability insurance developments Briefing note Survey of environmental liability insurance developments June 2014 Introduction This paper responds to the consideration by the European Commission (EC) of a possible EU-wide compulsory insurance

More information

CGI Cyber Risk Advisory and Management Services for Insurers

CGI Cyber Risk Advisory and Management Services for Insurers CGI Cyber Risk Advisory and Management Services for Insurers Minimizing Cyber Risks cgi.com 3 As organizations seek to create value in today s highly interconnected world, they inherently increase their

More information

Cyber Risk and the Utility Industry

Cyber Risk and the Utility Industry Cyber Risk and the Utility Industry Imran Ahmad Lawyer, Cassels Brock & Blackwell LLP Canadian Legal Landscape Personal Information Protection and Electronic Documents Act (PIPEDA) Federal legislation

More information

Beyond Data Breach: Cyber Trends and Exposures

Beyond Data Breach: Cyber Trends and Exposures Beyond Data Breach: Cyber Trends and Exposures Vietnam 7 th May 2015 Jason Kelly Head of Asia Financial Lines AIG Agenda Why do companies need cyber protection Example of Cyber attack worldwide and in

More information

End-to-End Cyber Risk Management Solutions from AIG

End-to-End Cyber Risk Management Solutions from AIG End-to-End Cyber Risk Management Solutions from AIG In a rapidly changing landscape, CyberEdge provides clients with an end-to-end risk management solution to stay ahead of the curve of cyber risk. CyberEdge

More information

Advanced Threats in Retail Companies: A Study of North America & EMEA

Advanced Threats in Retail Companies: A Study of North America & EMEA Advanced Threats in Companies: A Study of North America & EMEA Sponsored by Arbor Networks Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report

More information

Cyber Insurance as one element of the Cyber risk management strategy

Cyber Insurance as one element of the Cyber risk management strategy Cyber Insurance as one element of the Cyber risk management strategy Stéphane Hurtaud Partner Governance, Risk & Compliance Thierry Flamand Partner Insurance Leader Laurent de la Vaissière Director Governance,

More information

UK 2015 Cyber Risk Survey Report

UK 2015 Cyber Risk Survey Report INSIGHTS UK 2015 Cyber Risk Survey Report June 2015 CONTENTS 1 Introduction 2 Work still to be done in terms of awareness/ ownership of cyber risk 5 Lack of data continues to prevent companies from adequately

More information

Cyber Risk Management

Cyber Risk Management Cyber Risk Management A short guide to best practice Insight October 2014 So what exactly is 'cyber risk'? In essence, cyber risk means the risk connected to online activity and internet trading but also

More information

CAGNY Spring 2015 Meeting Fundamentals of Cyber Risk. Brad Gow June 9th, 2015 Endurance

CAGNY Spring 2015 Meeting Fundamentals of Cyber Risk. Brad Gow June 9th, 2015 Endurance Fundamentals of Cyber Risk Brad Gow June 9th, 2015 Endurance But consider the kickoff chuckle to a speech given to the Wharton School in March 1977 by Sidney Homer of Salomon Brothers, the leading bond

More information

Aon Risk Solutions Aon Crisis Management. Crisis Management Consulting Terrorism Probable Maximum Loss (PML) Studies

Aon Risk Solutions Aon Crisis Management. Crisis Management Consulting Terrorism Probable Maximum Loss (PML) Studies Aon Risk Solutions Crisis Management Consulting Terrorism Probable Maximum Loss (PML) Studies A terrorist incident at or near your operations, could result in human casualties, property damage, business

More information

MARSH REPORT October 2015. International Business Resilience Survey 2015

MARSH REPORT October 2015. International Business Resilience Survey 2015 MARSH REPORT October 2015 International Business Resilience Survey 2015 CONTENTS October 2015 CONTENTS 3 Introduction 4 Non-traditional risks top concerns, both in terms of likelihood and impact 7 Insurance

More information

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :

More information

National Cyber Security Strategies

National Cyber Security Strategies May 2012 National Cyber Security Strategies About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is

More information

DATA BREACH, NETWORK SECURITY, CYBER LIABILITY, PRIVACY PROTECTION: ARE YOU INSURED?

DATA BREACH, NETWORK SECURITY, CYBER LIABILITY, PRIVACY PROTECTION: ARE YOU INSURED? DATA BREACH, NETWORK SECURITY, CYBER LIABILITY, PRIVACY PROTECTION: ARE YOU INSURED? February 3, 2012 Steve Brown, Agency Manager West Virginia Medical Insurance Agency How many in the audience today will

More information

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to

More information

Cyber Insurance: How to Investigate the Right Coverage for Your Company

Cyber Insurance: How to Investigate the Right Coverage for Your Company 6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

Privileged user management

Privileged user management Privileged user management vv It s time to take control Bob Tarzey, Analyst and Director, Quocirca Ltd Introduction The data presented is based on 270 telephone interviews with organisations across Europe

More information

CYBER-RISK MANAGEMENT WHY HACKERS COULD CAUSE THE NEXT GLOBAL CRISIS RAJ BECTOR CLAUS HERBOLZHEIMER SANDRO MELIS ROBERT PARISI

CYBER-RISK MANAGEMENT WHY HACKERS COULD CAUSE THE NEXT GLOBAL CRISIS RAJ BECTOR CLAUS HERBOLZHEIMER SANDRO MELIS ROBERT PARISI CYBER-RISK MANAGEMENT WHY HACKERS COULD CAUSE THE NEXT GLOBAL CRISIS RAJ BECTOR CLAUS HERBOLZHEIMER SANDRO MELIS ROBERT PARISI In recent months, cyber terrorists have accessed the records of 21.5 million

More information

Managing Cyber Risk through Insurance

Managing Cyber Risk through Insurance Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes

More information

CYBER/ NETWORK SECURITY

CYBER/ NETWORK SECURITY CYBER/ NETWORK SECURITY FINEX AUSTRALIA ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over

More information

CYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION

CYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION CYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION CYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION In the ever-evolving technological landscape which we all inhabit, our lives are dominated by

More information

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013

More information

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system

More information

Insurance for Data Breaches in the Hospitality Industry

Insurance for Data Breaches in the Hospitality Industry The Academy of Hospitality Industry Attorneys The Pl Palmer House Hilton Chicago, IL April 25, 2014 Insurance for Data Breaches in the Hospitality Industry Presenters: David P. Bender, Jr. dbender@andersonkill.com

More information

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime?

Cyber Warfare. Global Economic Crime Survey. Causes of Cyber Attacks. David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP. Why Cybercrime? Cyber Warfare David Childers, CEO Compli Vivek Krishnamurthy, Foley Hoag LLP Global Economic Crime Survey Cyber crime is the fastest growing economic crime up more than 2300% since 2009 1 in 10 companies

More information

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen Cyber Security : preventing and mitigating incidents Alexander Brown Robert Allen 07 & 08 October 2015 Cyber Security context of the threat The magnitude and tempo of [cyber security attacks], basic or

More information

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today

More information

London Business Interruption Association Technology new risks and opportunities for the Insurance industry

London Business Interruption Association Technology new risks and opportunities for the Insurance industry London Business Interruption Association Technology new risks and opportunities for the Insurance industry Kiran Nagaraj Senior Manager, KPMG LLP February 2014 Agenda Introduction The world we live in

More information

What you need to know and what you can t afford to ignore!

What you need to know and what you can t afford to ignore! Cyber Risk: What you need to know and what you can t afford to ignore! James Johnston Directors' and Officers' Insurance Underwriter Daniel Fletcher Cyber Insurance Underwriter Financial & Specialty Markets

More information

What would you do if your agency had a data breach?

What would you do if your agency had a data breach? What would you do if your agency had a data breach? 80% of businesses fail to recover from a breach because they do not know this answer. Responding to a breach is a complicated process that requires the

More information

Care Providers Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management

Care Providers Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management Care Providers Protecting your organisation, supporting its success Risk Management Insurance Employee Benefits Investment Management Care providers are there to help those in need. But who helps the care

More information

FEELING VULNERABLE? YOU SHOULD BE.

FEELING VULNERABLE? YOU SHOULD BE. VULNERABILITY ASSESSMENT FEELING VULNERABLE? YOU SHOULD BE. CONTENTS Feeling Vulnerable? You should be 3-4 Summary of Research 5 Did you remember to lock the door? 6 Filling the information vacuum 7 Quantifying

More information

Data Breach Notification Duty. Dr. Elisabeth Thole 31 October 2015 UIA Valencia

Data Breach Notification Duty. Dr. Elisabeth Thole 31 October 2015 UIA Valencia Data Breach Notification Duty Dr. Elisabeth Thole 31 October 2015 UIA Valencia Van Doorne 2 How is your cyber crime awareness? Either you have been data breached or you just do not know that you have been

More information

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014 Nikos Georgopoulos Privacy Liability & Data Breach Management wwww.privacyrisksadvisors.com October 2014

More information

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator

More information

A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Meeting the Cyber Risk Challenge. Sponsored by

A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Meeting the Cyber Risk Challenge. Sponsored by A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Meeting the Cyber Risk Challenge Sponsored by ABOUT ZURICH INSURANCE GROUP Zurich Insurance Group (Zurich) is a leading multi-line insurance provider

More information

About the Survey Respondents

About the Survey Respondents SPECIAL REPORT Information Security & Cyber Liability Risk Management The Second Annual Survey of Enterprise-wide Cyber Risk Management Practices in Europe February 2013 SPECIAL REPORT Information Security

More information

RISK Risk managers voice their reservations about cyber risk, from safeguarding client data to cyber insurance frameworks

RISK Risk managers voice their reservations about cyber risk, from safeguarding client data to cyber insurance frameworks CYBER RISK Risk managers voice their reservations about cyber risk, from safeguarding client data to cyber insurance frameworks In association with SPECIAL REPORT > CYBER What s holding cyber insurance

More information

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity Cyber ROI A practical approach to quantifying the financial benefits of cybersecurity Cyber Investment Challenges In 2015, global cybersecurity spending is expected to reach an all-time high of $76.9

More information

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures

More information

International Factors Group Model Law of Factoring

International Factors Group Model Law of Factoring Afreximbank Conference - Lusaka Regulatory and Legal Aspects of Factoring & International Factors Group Model Law of Factoring Edward Wilde Solicitor with Squire Patton Boggs Financial Services Team London

More information

April 28, 2009. Dear Mr. Chairman:

April 28, 2009. Dear Mr. Chairman: April 28, 2009 The Honorable Edward J. Markey Chairman Subcommittee on Energy and Environment Committee on Energy and Commerce U.S. House of Representatives Washington, D.C. 20515 Dear Mr. Chairman: I

More information

Cyber Security: Are You Prepared?

Cyber Security: Are You Prepared? Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete

More information

CYBER LIABILITY & INFORMATION SECURITY

CYBER LIABILITY & INFORMATION SECURITY MAIN: 919.926.4623 TOLL-FREE: 855.490.2528 WEBSITE: www.sentinelra.com CYBER LIABILITY & INFORMATION SECURITY In today's world, terms such as data breach and cyber liability are not new. With each year,

More information

Michael Gaudet 2015 PHC 7/23/2015. Key Broker Challenges

Michael Gaudet 2015 PHC 7/23/2015. Key Broker Challenges Cyber 2015: The Market, Choosing Coverages and AEGIS Update Broker s Perspective Michael Gaudet Marsh FINPRO Energy, Power & Utility Industry Leader Marsh USA, Inc. Key Broker Challenges Coverage consistency

More information

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: A SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN THE ASIA-PACIFIC REGION

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: A SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN THE ASIA-PACIFIC REGION 2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: A SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN THE ASIA-PACIFIC REGION April 2014 Sponsored by: 2014 Network Security & Cyber Risk Management:

More information

October 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches

October 24, 2014. Mitigating Legal and Business Risks of Cyber Breaches October 24, 2014 Mitigating Legal and Business Risks of Cyber Breaches AGENDA Introductions Cyber Threat Landscape Cyber Risk Mitigation Strategies 1 Introductions 2 Introductions To Be Confirmed Title

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information