THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
|
|
- Marvin Stone
- 8 years ago
- Views:
Transcription
1 THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
2 Download the entire guide and follow the conversation at SecurityRoundtable.org
3 Investment in cyber insurance Lockton Companies Inc. Ben Beeson, Senior Vice President, Cybersecurity Practice A number of high-profile corporate data breaches, mainly in the US retail sector over the last two years, have led rapidly to a major change in enterprise cybersecurity strategy. Many chief information security officers (CISOs) now view risk avoidance as extremely challenging, if not impossible, and a traditional approach that builds layered defenses around the network perimeter as increasingly insufficient. Accepting risk means adopting an approach that seeks to mitigate and build enterprise resilience. This approach now also must weigh the benefits of transferring residual severity risk from the balance sheet through cyber insurance. Here are 10 reasons to consider making the investment. 1. Advanced persistent threats (APTs) Targeted attacks, known as APTs, have become increasingly difficult to detect, let alone stop. The emergence of the nation-state as an adversary leaves the majority of organizations vulnerable regardless of the resources committed to defense. 2. Governance and an enterprise-wide risk management strategy The emergence of cybersecurity as a governance issue that must be addressed by the board of directors is redefining the role of cyber insurance as purely a financial instrument to transfer risk. Cybersecurity involves the entire enterprise, with numerous stakeholders, no longer only the domain of the IT department. Driving a culture of collaboration between these stakeholders is challenging for many organizations, but cyber insurance and, more importantly, the underwriting process can be the catalyst. 3. Increasing regulatory risk Liability to boards of directors is expected to increase and give added weight to a focus on governance. SEC guidance published in 2011 highlights how regulators see cyber insurance as part of a strong enterprise risk 1
4 CYBER RISK MANAGEMENT INVESTMENT DECISIONS management strategy. Many in the legal community see the launch in February 2014 of a federal cybersecurity framework (known as the NIST framework) as creating a standard of care to be used by plaintiff attorneys to allege negligence or worse. 4. A financial incentive Legislators are giving greater prominence to the role of cyber insurance. The failure to pass laws to drive stronger enterprise security has demonstrated the challenges in trying to enforce minimum standards. There is growing support for market-based incentives such as insurance that can reward strong cybersecurity through discounted premium or broader coverage. However, the insurance market for cyber risks is young, if not embryonic in some respects, and faces significant challenges if it is to continue to grow. Reversing the lack of actuarial data to model risk and an underwriting process that must change to meet ever-evolving threats sit at the top of the insurance industry s priorities. 5. Vicarious risk to vendors and business associates Adversaries are focusing increasingly on third parties that have access to sensitive information and other critical assets of the target enterprise. Professional service firms or cloud-based solution providers are examples of business associates whose security may be weaker than that of their client and consequently provide an easier back door for the attacker. Liability for a breach of personally identifiable information (PII) or protected health information (PHI) typically still rests with the enterprise data owner, even though a breach may have occurred to the vendor s network. Cyber insurance addresses costs of responding to a breach and possible privacy regulatory action or civil litigation. 6. Insider threat Attacks from the inside continue to be hard to prevent. Cyber insurance covers the employee as perpetrator as well as an attack by a third party. This will not extend to an act involving the board of directors or executive team. 7. Security is not about compliance Treating security as a compliance exercise only will result in failure. For example, many organizations that are compliant with payment card industry data security standards have been breached. 8. Monetizing the cost of cybersecurity One of the biggest challenges to the CISO is to quantify cybersecurity risk in dollar terms to the executive team. The premium charged by an insurance company can help solve this problem. 9. Merger and acquisition activity The difficulty in evaluating the cybersecurity posture in any acquisition target leaves the acquirer vulnerable. 10. Operational technology Industry sectors dependent on operational technology and industrial control systems are particularly vulnerable. Built primarily to be available 24/7 and to operate in isolation, these devices are increasingly being connected to the corporate information technology network and the Internet. The cyber insurance marketplace today It is estimated that more than 50 insurers domiciled mainly in the U.S. and London insurance market provide dedicated cyber products and solutions today. Buyers are concentrated overwhelmingly in the U.S. with little take up to date internationally, with low demand in the rest of the world. Annual premium spending at the end of 2014 was estimated to be in excess of $2 billion. Total capacity (the maximum amount of insurance available to any single buyer) is currently at about $300,000,000, although this is now contracting substantially in certain sectors such as retail and health care. Cyber insurance first emerged at the end of the 1990s, primarily seeking to address loss of revenue and data restoration costs from attacks to corporate networks. However, the underwriting process was seen as too 2
5 INVESTMENT IN CYBER INSURANCE intrusive and the cost prohibitively expensive. It was not until 2003, and the passage of the world s first data breach notification law in California, that demand started to grow. What does cyber insurance cover? Insurers do not address all enterprise assets at risk. The majority of premium spent by buyers was intended to address increasing liability from handling personally identifiable information (PII) or protected health information (PHI) and the costs from either unauthorized disclosure (a data breach) or a violation of the data subject s privacy. Insurable costs range from data breach response expenses such as notification, forensics, and credit monitoring to defense costs, civil fines, and damages from a privacy regulatory action or civil litigation. Insurers also continue to address certain first party risks, including the impact on revenue from attacks on corporate networks, extortion demands, and the costs to restore compromised data. Insurable assets include the following: PII and/or PHI of employees or consumers Data breach response costs to include the following: Notification Credit monitoring IT forensics Public relations Defense costs and civil fines from a privacy regulatory action Defense costs and damages from civil litigation Corporate confidential information Addresses defenses costs and damages incurred for a breach of third-party corporate confidential information. Certain insurers will extend to address misappropriation of a third party s trade secret, but first-party loss of intellectual property remains uninsurable. Corporate information technology network Addresses the loss of income as a consequence of network downtime. Certain insurers will also extend coverage to downtime of vendors on whom a policyholder is reliant. This is commonly known as contingent business interruption. Costs to restore compromised data Reimbursement for costs associated with an extortion threat Operational technology A few insurers have begun to extend coverage for the information technology network to also include operational technology such as industrial control systems. Physical assets Cybersecurity is no longer just about risks to information assets. A cyberattack can now cause property damage that also could lead to financial loss from business interruption as well as liability from bodily injury or pollution, for example. Understanding where coverage lies in a corporate insurance policy portfolio is challenging and at times ambiguous. An assumption that coverage should rest within a property or terrorism policy may not be accurate. Exclusionary language has begun to emerge and is expected to accelerate across the marketplace as losses occur. Dedicated products also have started to appear. Reputation and brand Insuring reputational risk from some form of cyber event remains out of the scope of the majority of insurers. At the time of writing, the London market has begun to innovate to address the financial loss after adverse media publicity. However, capacity remains constrained at $100,000,000 at best. What does cyber insurance not cover? Intellectual property assets Theft of one s own corporate intellectual property (IP) still remains uninsurable today as insurers struggle to understand its intrinsic loss value once compromised. The increasing difficulty in simply detecting an attack and, unlike a breach of PII or PHI, the frequent lack of a legal obligation to 3
6 CYBER RISK MANAGEMENT INVESTMENT DECISIONS disclose, suggest that a solution is not in the immediate future. Leveraging cyber insurance as a risk management tool Since 2009 the marketplace has evolved to also provide services to help buyers manage risk. Focused mainly on post-event response, turnkey products have emerged, which provide a panel of legal, forensics, and public relations specialists. Popular with smaller enterprises that lack the resources or relationships, this innovation has been a key component in increasing the relevance of cyber insurance and consequently its growth. Larger firms typically seek products based on breadth of coverage and the flexibility to use their own vendor network. Services that help mitigate risk before an event occurs have started to emerge. Insurers likely will begin to incentivize buyers to adopt these services with rewards such as discounted premiums. How do insurers underwrite cyber risks? Historically, underwriters have sought to understand the controls that enterprises leverage around their people, processes, and technology. However, the majority of assessments are static, meaning a snapshot at a certain point in time through the completion of a written questionnaire, a phone call interview, or a presentation. A consensus is growing that this approach is increasingly redundant and that insurers will seek to partner with the security industry to use tools that can help predict and monitor the threat as part of the underwriting process to adopt a more threat intelligence led capability as part of the underwriting process. In fact, this already has started to happen, as certain insurers have started to use technology to underwrite vendor and M&A activity risks. How do insurers price risk? Pricing cybersecurity risk remains a challenge. An insurance market that is only 15 years old has begun to build up a profile for frequency and severity of loss with regard to PII and PHI assets. However, the ever-evolving nature of the threat, particularly the emergence of APTs, undermines the reliability of these statistics. Pricing risk to physical assets is a bigger problem because this has begun to emerge only since 2010, and actuarial data are extremely thin on the ground. Fundamentally insurers continue to look for a strong security culture within the firm as a first step in risk triage. Additional factors such as industry, revenue size, and actual assets at risk also contribute to how risk is priced. How to engage the insurance market Once a decision has been made to explore a suitable solution, the first step is to choose a broker. The lack of consistency in policy language from one insurer to the next means that a broker with dedicated expertise is vital for a successful outcome. First class brokers work with their clients to understand the assets at risk and how best to address them either under the existing insurance program or through a new dedicated product. An existing Directors and Officer s policy form (D&O) addressing management liability from a cyber event probably offers sufficient coverage. However, more often than not, liability to the enterprise requires a new dedicated product. A broker should understand that insurers seek to understand the security culture of a firm and will work to position their clients as best as possible. For many larger organizations this does not involve completing a written questionnaire and staying divorced from the process. Rather, an investor-style presentation to the marketplace by key stakeholders in IT, legal, and risk management in particular, which involves questions and answers, ensures the best possible outcome. Top-tier underwriters appreciate that cybersecurity is not a tick-box exercise. They understand that the risk is dynamic and will not necessarily penalize a buyer today for shortcomings if a roadmap is spelled out as to how these shortcomings will be addressed in the next 12 months. 4
7 INVESTMENT IN CYBER INSURANCE A broker must then negotiate competitive terms and conditions with competing insurers with a final recommendation as to whom their client should choose. 10 key coverage items to negotiate: 1. Full prior acts coverage Insurers try to limit coverage to acts from the first day that the policy begins, known as the retroactive date. However, in the context of the challenges in detecting an attack, buyers should seek to remove this exclusion and avoid the risk of a claim denial. 2. Restrict knowledge and notice of a circumstance to the executive team Again, an insurer should not be allowed to impute liability to the whole enterprise because detection has proven to be such a challenge. 3. Security warranty Remove any language that tries to warrant that security is maintained to the same level as represented in the underwriting submission. The dynamic nature of the risk leaves this too open to insurer interpretation in the event of a loss. 4. Operational technology The majority of insurance policies provide coverage only to the corporate IT network. If relevant, ensure that language is broadened to also address operational technology such as industrial control systems. 5. Outside counsel Choice of counsel must be agreed upon up front. In the event of a security breach, a dedicated legal expert must take the response lead not least for attorney client privilege. Negotiating with an insurer during the event would be counterproductive. 6. IT forensics In a similar vein to choice of counsel, the preferred forensics firm must be agreed upon up front. Forensics are not inexpensive and can form a significant part of the overall cost. 7. Law enforcement Law enforcement typically is involved in a major security breach. In fact, many times the FBI, the agency leading cybersecurity corporate defense, notifies the enterprise before it becomes aware of the breach. A claim should not be excluded by an insurer for failure to disclose as soon as practicable if law enforcement had advised nondisclosure during the investigation. 8. War and terrorism Many insurance policies exclude acts of war and terrorism which must be deleted with the emergence of the nation-state adversary in particular. 9. Intentional act Ensure that coverage addresses the employee or insider as perpetrator acting in isolation of the executive team. 10. Continuity of coverage When renewing the insurance policy with the same insurer, avoid signing a warranty regarding a circumstance or claim. Conclusion Cyber insurance has a broader role to play than simply reimbursing costs associated with a loss. Fundamentally, engaging in an underwriting process that forces collaboration from stakeholders across the enterprise can drive stronger cybersecurity resilience. Increasing regulator and shareholder scrutiny means that the case for investment will continue to grow. In addition, insurers will start to provide premium- and coverage-based incentives for adopting best practices such as the NIST framework and leveraging preferred technology tools. SecurityRoundtable.org 5
8 CYBER RISK MANAGEMENT INVESTMENT DECISIONS Lockton Companies Inc K Street, NW, Suite 200 Washington, DC Tel Web BEN BEESON Senior Vice President, Cybersecurity Practice bbeeson@lockton.com Ben Beeson advises organizations on how best to mitigate emerging cyber risks to mission critical assets that align with the business strategy. As insurance continues to take a greater role in a comprehensive enterprise cyber risk management program, he also designs and places customized insurance solutions to fit an organization s specific needs. Mr. Beeson is also engaged in the development of Cybersecurity Policy in the U.S. and U.K.. In March 2015 he testified before the Senate Commerce Committee on the evolving cyber insurance marketplace. A frequent public speaker, in April 2015 Mr. Beeson was one of the first panelists to present on the topic of Cyber Insurance at the world s largest Cyber Security Conference, RSA, San Francisco. Prior to moving to Washington, DC, Mr. Beeson was based in Lockton s London office for seven years, where he cofounded and built one of the leading cybersecurity teams within the Lloyd s of London marketplace. Mr. Beeson holds a BA (Hons) degree in modern languages from the University of Durham, U.K., and a certification in Cyber Security Strategy from Georgetown University, Washington, DC. 6
Senate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace
Senate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace Testimony of Ben Beeson Vice President, Cyber Security and Privacy Lockton
More informationCyber Risks Connect With Directors and Officers
Cyber Risks Connect With Directors and Officers Implications of the New SEC Guidance on Cyber Security February 2012 Lockton Companies, LLC The Securities and Exchange Commission (SEC) has changed the
More informationRISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION
RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION October 23, 2015 THREAT ENVIRONMENT Growing incentive for insiders to abuse access to sensitive data for financial gain Disgruntled current and former
More informationManaging cyber risks with insurance
www.pwc.com.tr/cybersecurity Managing cyber risks with insurance Key factors to consider when evaluating how cyber insurance can enhance your security program June 2014 Managing cyber risks to sensitive
More informationInsurance Considerations Related to Data Security and Breach in Outsourcing Agreements
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
More informationCYBER & PRIVACY LIABILITY INSURANCE GUIDE
CYBER & PRIVACY LIABILITY INSURANCE GUIDE 01110000 01110010 011010010111011001100001 01100 01110000 01110010 011010010111011001100001 0110 Author Gamelah Palagonia, Founder CIPM, CIPT, CIPP/US, CIPP/G,
More informationThe promise and pitfalls of cyber insurance January 2016
www.pwc.com/us/insurance The promise and pitfalls of cyber insurance January 2016 2 top issues The promise and pitfalls of cyber insurance Cyber insurance is a potentially huge but still largely untapped
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationMANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS
MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS RRD Donnelley SEC Hot Topics Institute May 21, 2014 1 MANAGING CYBERSECURITY RISK AND DISCLOSURE OBLIGATIONS Patrick J. Schultheis Partner Wilson
More informationHow To Buy Cyber Insurance
10-26-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationInternet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler
Internet Gaming: The New Face of Cyber Liability Presented by John M. Link, CPCU Cottingham & Butler 1 Presenter John M. Link, Vice President jlink@cottinghambutler.com 2 What s at Risk? $300 billion in
More informationCyber Insurance: How to Investigate the Right Coverage for Your Company
6-11-2015 Cyber Insurance: How to Investigate the Right Coverage for Your Company Presented by: Faith M. Heikkila, Ph.D., CISM, CIPM, CIPP-US, ABCP Greenleaf Trust Chief Information Security Officer (CISO)
More informationBest practices and insight to protect your firm today against tomorrow s cybersecurity breach
Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently
More informationAPIP - Cyber Liability Insurance Coverages, Limits, and FAQ
APIP - Cyber Liability Insurance Coverages, Limits, and FAQ The state of Washington purchases property insurance from Alliant Insurance Services through the Alliant Property Insurance Program (APIP). APIP
More informationGALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability
GALLAGHER CYBER LIABILITY PRACTICE Tailored Solutions for Cyber Liability and Professional Liability Are you exposed to cyber risk? Like nearly every other business, you have probably capitalized on the
More informationUnderstanding Professional Liability Insurance
Understanding Professional Liability Insurance Definition Professional liability is more commonly known as errors & omissions (E&O) and is a form of liability insurance that helps protect professional
More informationSINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry
SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS 2014 - Data Breach : The Emerging Threat to Healthcare Industry DATA BREACH A FICTIONAL CASE STUDY THE FIRST SIGNS OF TROUBLE Friday, 5.20 pm :
More informationDon t Wait Until It s Too Late: Top 10 Recommendations for Negotiating Your Cyber Insurance Policy
Privacy, Data Security & Information Use Insurance Recovery & Advisory Cyber Insurance June 17, 2015 Don t Wait Until It s Too Late: Top 10 Recommendations for Negotiating Your Cyber Insurance Policy By
More informationHit ratios are still very low for Security & Privacy coverage: What are companies waiting for?
Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for? Authored by Neeraj Sahni and Tim Stapleton Neeraj Sahni is Director, Insurance Channel at Kroll Cyber Investigations
More informationNetwork Security and Data Privacy Insurance for Physician Groups
Network Security and Data Privacy Insurance for Physician Groups February 2014 Lockton Companies While exposure to medical malpractice remains a principal risk MIKE EGAN, CPCU Senior Vice President Unit
More informationCybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015
Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas
More informationCyber Risk: Global Warning? by Cinzia Altomare, Gen Re
Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in
More informationCYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP
www.willis.com CYBER BRIEF A SEMI-ANNUAL PUBLICATION FROM YOUR WNA FINEX CLAIM & LEGAL GROUP INSIDE THIS EDITION... CYBER CLAIMS LANDSCAPE A SAMPLING OF LARGE CYBER SETTLEMENTS LEGAL SPOTLIGHT, PRIVILEGE
More informationJoe A. Ramirez Catherine Crane
RIMS/RMAFP PRESENTATION Joe A. Ramirez Catherine Crane RISK TRANSFER VIA INSURANCE Most Common Method Involves Assessment of Risk and Loss Potential Risk of Loss Transferred For a Premium Insurance Contract
More informationALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage
ALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage VENABLE LLP Attorneys at Law Washington, DC/New York/San Francisco/Los Angeles/Baltimore/Virginia/Delaware November
More informationCyber and Privacy Risk What Are the Trends? Is Insurance the Answer?
Minnesota Society for Healthcare Risk Management September 22, 2011 Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer? Melissa Krasnow, Partner, Dorsey & Whitney, and Certified Information
More informationCYBER RISK SECURITY, NETWORK & PRIVACY
CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread
More informationTestimony of PETER J. BESHAR. Executive Vice President and General Counsel. Marsh & McLennan Companies
Marsh & McLennan Companies, Inc. 1166 Avenue of the Americas New York, NY 10036 +1 212 345 5000 Fax +1 212 345 4808 Testimony of PETER J. BESHAR Executive Vice President and General Counsel Marsh & McLennan
More informationCyber-insurance: Understanding Your Risks
Cyber-insurance: Understanding Your Risks Cyber-insurance represents a complete paradigm shift. The assessment of real risks becomes a critical part of the analysis. This article will seek to provide some
More informationReducing Risk. Raising Expectations. CyberRisk and Professional Liability
Reducing Risk. Raising Expectations. CyberRisk and Professional Liability Are you exposed to CyberRisk? Like nearly every other business, you have likely capitalized on the advancements in technology today
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationCyber/ Network Security. FINEX Global
Cyber/ Network Security FINEX Global ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over
More informationCyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day
Lloyd s of London (Reuters) May 8, 2000 Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Rivers Casino, Pittsburgh November 17, 2014
More informationCyber Risks in Italian market
Cyber Risks in Italian market Milano, 01.10.2014 Forum Ri&Assicurativo Gianmarco Capannini Agenda 1 Cyber Risk - USA 2 Cyber Risk Europe experience trends Market size and trends Market size and trends
More informationCyber-Insurance Metrics and Impact on Cyber-Security
Cyber-Insurance Metrics and Impact on Cyber-Security Sometimes we can... be a little bit more vigorous in using market-based incentives, working with the insurance industry, for example... DHS Secretary
More informationData Breach and Senior Living Communities May 29, 2015
Data Breach and Senior Living Communities May 29, 2015 Todays Objectives: 1. Discuss Current Data Breach Trends & Issues 2. Understanding Why The Senior Living Industry May Be A Target 3. Data Breach Costs
More informationAirmic Review of Recent Developments in the Cyber Insurance Market. & commentary on the increased availability of cyber insurance products GUIDE
Airmic Review of Recent Developments in the Cyber Insurance Market & commentary on the increased availability of cyber insurance products GUIDE 1. Executive summary Airmic members have become increasingly
More informationCyber/Information Security Insurance. Pros / Cons and Facts to Consider
1 Cyber/Information Security Insurance Pros / Cons and Facts to Consider 2 Presenters Calvin Rhodes, Georgia Chief Information Officer Ron Baldwin, Montana Chief Information Officer Ted Kobus, Partner
More informationPresidential Summit Reveals Cybersecurity Concerns, Trends
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Presidential Summit Reveals Cybersecurity Concerns,
More informationCyber Risk and the Utility Industry
Cyber Risk and the Utility Industry Imran Ahmad Lawyer, Cassels Brock & Blackwell LLP Canadian Legal Landscape Personal Information Protection and Electronic Documents Act (PIPEDA) Federal legislation
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationExamining the Evolving Cyber Insurance Marketplace
Prepared Testimony and Statement for the Record of Ola Sage Founder and CEO e-management Hearing on Examining the Evolving Cyber Insurance Marketplace Before the Senate Committee on Commerce, Science,
More informationWRITTEN TESTIMONY OF
WRITTEN TESTIMONY OF KEVIN MANDIA CHIEF EXECUTIVE OFFICER MANDIANT CORPORATION BEFORE THE SUBCOMMITTEE ON CRIME AND TERRORISM JUDICIARY COMMITTEE UNITED STATES SENATE May 8, 2013 Introduction Thank you
More informationDATA BREACH RESPONSE READINESS Is Your Organization Prepared?
March 30, 2015 DATA BREACH RESPONSE READINESS Is Your Organization Prepared? Peter Sloan Pete Enko Jeff Jensen Deborah Juhnke The data security imperatives of Prevention, Detection, and Response do not
More informationManaging Cyber Security as a Business Risk: Cyber Insurance in the Digital Age
Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013
More informationerisks Policyholder s Guide to Privacy & Security Breach Response Planning
erisks Policyholder s Guide to Privacy & Security Breach Response Planning Professional Indemnity Financial Institutions Directors & Officers Management Liability Medical Malpractice Media Liability Level
More informationSharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?
Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce Heiman K&L Gates September 10, 2015 Bruce.Heiman@klgates.com (202) 661-3935 Why share information? Prevention
More informationCyber Insurance Presentation
Cyber Insurance Presentation Presentation Outline Introduction General overview of Insurance About us Cyber loss statistics Cyber Insurance product coverage Loss examples Q & A About Us A- Rated reinsurance
More informationContinuous Third-Party Security Monitoring Powers Business Objectives And Vendor Accountability
A Custom Technology Adoption Profile Commissioned By BitSight Technologies Continuous Third-Party Security Monitoring Powers Business Objectives And Vendor Accountability Introduction As concerns around
More informationPreparing for the Inevitable Data Breach: What to Do Before Sensitive Customer and Employee Data is Breached, Stolen or Compromised
ACE USA Podcast Released February 3, 2010 Preparing for the Inevitable Data Breach: What to Do Before Sensitive Customer and Employee Data is Breached, Stolen or Compromised Moderator: Richard Tallo Senior
More informationProtecting Your Credit Union
Protecting Your Credit Union A More Strategic Approach Fall 2011 As a credit union, you are strategic in everything you do. Shouldn t your approach to risk/insurance be the same? Why do you buy directors
More informationCyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
More informationISO? ISO? ISO? LTD ISO?
Property NetProtect 360 SM and NetProtect Essential SM Which one is right for your client? Do your clients Use e-mail? Rely on networks, computers and electronic data to conduct business? Browse the Internet
More informationInsurance Coverage In Consumer Class Actions
This article first appeared in the October 2010 issue of The Corporate Counselor. Insurance Coverage In Consumer Class Actions John W. McGuinness and Justin F. Lavella The business world is an increasingly
More informationBe Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance
Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance Today s agenda Introductions Cyber exposure overview Cyber insurance market and coverages Captive cyber insurance
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationMichael Gaudet 2015 PHC 7/23/2015. Key Broker Challenges
Cyber 2015: The Market, Choosing Coverages and AEGIS Update Broker s Perspective Michael Gaudet Marsh FINPRO Energy, Power & Utility Industry Leader Marsh USA, Inc. Key Broker Challenges Coverage consistency
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationProtecting Your Credit Union
Protecting Your Credit Union A More Strategic Approach 2013 As a credit union, you are strategic in everything you do. Shouldn t your approach to risk/insurance be the same? Why do you buy directors and
More informationCybersecurity y Managing g the Risks
Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking
More informationProtecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks
Protecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks Hacks, breaches, stolen data, trade secrets hijacked, privacy violated, ransom demands made; how can you protect your data
More informationCyber Insurance as one element of the Cyber risk management strategy
Cyber Insurance as one element of the Cyber risk management strategy Stéphane Hurtaud Partner Governance, Risk & Compliance Thierry Flamand Partner Insurance Leader Laurent de la Vaissière Director Governance,
More informationManaging Cyber Risk through Insurance
Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationBrief. The BakerHostetler Data Security Incident Response Report 2015
Brief The BakerHostetler Data Security Incident Response Report 2015 The rate of disclosures of security incidents in 2015 continues at a pace that caused many to call 2013 and then 2014 the year of the
More informationImplementation of the Cybersecurity Executive Order
Implementation of the Cybersecurity Executive Order November 13 th, 2013 Ben Beeson, Partner, Lockton Companies Gerald J. Ferguson, Partner, BakerHostetler Mark Weatherford, Principal, The Chertoff Group
More informationCyberprivacy and Cybersecurity for Health Data
Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies
More informationwww.pwc.co.uk Cyber security Building confidence in your digital future
www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in
More informationCan Cyber Insurance Be Linked to Assurance?
SESSION ID: CXO-W03 Can Cyber Insurance Be Linked to Assurance? Larry Clinton President and CEO Internet Security Alliance @ISalliance Dan Reddy Adjunct Faculty: Engineering & Technology Quinsigamond Community
More informationNavigating Cyber Risk Exposure and Insurance. Stephen Wares EMEA Cyber Risk Practice Leader Marsh
Navigating Cyber Risk Exposure and Insurance Stephen Wares EMEA Cyber Risk Practice Leader Marsh Presentation Format Four Key Questions How important is cyber risk and how should we view the cyber threat?
More informationWILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES
WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.
More informationCorporate Perspectives On Cybersecurity: A Survey Of Execs
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Corporate Perspectives On Cybersecurity: A Survey
More informationCYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS
CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS 1 As regulators around the world move to tighten compliance requirements for financial institutions, improvement in cyber security controls will become
More information2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security
2009 HIMSS Analytics Report: Evaluating HITECH s Impact on Healthcare Privacy and Security Commissioned by ID Experts November 2009 INTRODUCTION Healthcare breaches are on the rise; according to the 2009
More informationCyber Exposure for Credit Unions
Cyber Exposure for Credit Unions What it is and how to protect yourself L O C K T O N 2 0 1 2 www.lockton.com Add Cyber Title Exposure Here Overview #1 financial risk for Credit Unions Average cost of
More informationOur specialist insurance services for Professionals risks
Our specialist insurance services for Professionals risks Price Forbes & Partners is an independent Lloyd s broker based in the heart of London s insurance sector. We trade with all of the major international
More informationDemystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature
Demystifying Cyber Insurance Jamie Monck-Mason & Andrew Hill Introduction What is cyber? Nomenclature 1 What specific risks does cyber insurance cover? First party risks - losses arising from a data breach
More informationGRC/Cyber Insurance. February 18, 2014. Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London. Join the conversation: #ISSAWebConf
GRC/Cyber Insurance February 18, 2014 Start Time: 9 AM US Pacific, Noon US Eastern, 5 pm London Join the conversation: 1 Generously sponsored by: 2 Welcome Conference Moderator Allan Wall ISSA Web Conference
More informationIDENTIFYING AND RESPONDING TO DATA BREACHES
IDENTIFYING AND RESPONDING TO DATA BREACHES Michael P. Hindelang Honigman Miller Schwartz and Cohn LLP October 14, 2015 Merit Security Summit DATA SECURITY RISKS, THREATS & REAL WORLD EXAMPLES OVERVIEW
More informationGood morning Chairman Moran, Ranking Member Blumenthal and members of. the subcommittee. My name is Catherine Mulligan and I am Senior Vice President
Catherine Mulligan, SVP Zurich Testimony before the US Senate Commerce Committee Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security Hearing Titled: Examining the Evolving
More informationCyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor
Cyber Risks Management Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor 1 Contents Corporate Assets Data Breach Costs Time from Earliest Evidence of Compromise to Discovery of Compromise The Data Protection
More informationPosted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am
1 of 7 5/8/2014 7:34 PM Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am Editor s Note: David A. Katz is a partner at Wachtell, Lipton, Rosen & Katz specializing
More informationCyber Liability & Data Breach Insurance Claims
Cyber Liability & Data Breach Insurance Claims A Study of Actual Payouts for Covered Data Breaches Mark Greisiger President NetDiligence June 2011 Last year, privacy breaches ran about 1-2 per week. This
More informationHow To Protect Your Computer From Attack
FREQUENTLY ASKED QUESTIONS on C Y B E R S E C U R I T Y By IEEE USA s Committee on Communications Policy December 2011 This Frequently Asked Questions (FAQs) was prepared by IEEE-USA s Committee on Communications
More informationChanging Legal Landscape in Cybersecurity: Implications for Business
Changing Legal Landscape in Cybersecurity: Implications for Business Presented to Greater Wilmington Cyber Security Group Presented by William R. Denny, Potter Anderson & Corroon LLP May 8, 2014 Topics
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationTHE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED
THE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED THE CYBER SECURITY PLAYBOOK 2 03 Introduction 04 Changing Roles, Changing Threat
More informationData security: A growing liability threat
Data security: A growing liability threat Data security breaches occur with alarming frequency in today s technology-laden world. Even a comparatively moderate breach can cost a company millions of dollars
More informationS 2 ERC Project: A Review of Return on Investment for Cybersecurity. Author: Joe Stuntz, MBA EP 14, McDonough School of Business.
S 2 ERC Project: A Review of Return on Investment for Cybersecurity Author: Joe Stuntz, MBA EP 14, McDonough School of Business Date: 06 May 2014 Abstract Many organizations are looking at investing in
More informationCyber Insurance in an Evolving Liability Landscape: Informed, Strategic Expectations Monday, February 29, 2016 2:00pm 3:00pm
Cyber Insurance in an Evolving Liability Landscape: Informed, Strategic Expectations Monday, February 29, 2016 2:00pm 3:00pm Kimberly B. Holmes, Esq., RPLU VP, Product Development, Chief Underwriting Office
More informationCyberinsurance: Insuring for Data Breach Risk
View the online version at http://us.practicallaw.com/2-588-8785 Cyberinsurance: Insuring for Data Breach Risk JUDY SELBY AND C. ZACHARY ROSENBERG, BAKER HOSTETLER LLP, WITH PRACTICAL LAW INTELLECTUAL
More informationWritten Testimony of Michael Menapace. Sen. Jerry Moran, Sen. Blumenthal, and other members of the Subcommittee -
Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security Hearing entitled Examining the Evolving Cyber Insurance Marketplace. Thursday, March 19, 2015 Written Testimony of Michael
More informationCAGNY Spring 2015 Meeting Fundamentals of Cyber Risk. Brad Gow June 9th, 2015 Endurance
Fundamentals of Cyber Risk Brad Gow June 9th, 2015 Endurance But consider the kickoff chuckle to a speech given to the Wharton School in March 1977 by Sidney Homer of Salomon Brothers, the leading bond
More informationCYBER SECURITY SPECIALREPORT
CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber
More informationGUIDANCE FOR MANAGING THIRD-PARTY RISK
GUIDANCE FOR MANAGING THIRD-PARTY RISK Introduction An institution s board of directors and senior management are ultimately responsible for managing activities conducted through third-party relationships,
More informationCybercrime: risks, penalties and prevention
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
More informationData Breach Cost. Risks, costs and mitigation strategies for data breaches
Data Breach Cost Risks, costs and mitigation strategies for data breaches Tim Stapleton, CIPP/US Deputy Global Head of Professional Liability Zurich General Insurance Data Breaches: Greater frequency,
More informationcyber invasions cyber risk insurance AFP Exchange
Cyber Risk With cyber invasions now a common place occurrence, insurance coverage isn t found in your liability policy. So many different types of computer invasions exist, but there is cyber risk insurance
More informationCYBER INSURANCE. Cyber Insurance and Gaps in Traditional Insurance. Cyber and E&O Team Willis FINEX North America
CYBER INSURANCE Cyber Insurance and Gaps in Traditional Insurance Cyber and E&O Team Willis FINEX North America Privacy & Network Security (Cyber) Insurance COVERAGE MODULES Privacy Expense Consumer Notification
More informationCybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response
Cybersecurity and Hospitals What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response This resources was prepared exclusively for American Hospital Association members by Mary
More information