Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Similar documents
CYBER INSURANCE. Cyber Insurance and Gaps in Traditional Insurance. Cyber and E&O Team Willis FINEX North America

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

Cyber Insurance Presentation

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

Beyond Data Breach: Cyber Trends and Exposures

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

Willis Healthcare Practice 11 th Annual Forum July 10,2007. Managing and Insuring Risks in Network Privacy/Cyber Risk

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability

CYBER RISK SECURITY, NETWORK & PRIVACY

Cyber Exposure for Credit Unions

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS Data Breach : The Emerging Threat to Healthcare Industry

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

Managing Cyber Risk through Insurance

Data Breach and Senior Living Communities May 29, 2015

Understanding the Business Risk

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS

Cyber Risk State of the Art

Mitigating and managing cyber risk: ten issues to consider

How To Cover A Data Breach In The European Market

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Cyber/ Network Security. FINEX Global

Cyber Liability. AlaHA Annual Meeting 2013

4/30/2015 CYBER LIABILITY AND AVIATION AGENDA LEARNING OBJECTIVES. Presented by Hal Hunt May 3, 2015

Protecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer?

DATA BREACH COVERAGE

Cyber Risks and Insurance Solutions Malaysia, November 2013

Policy Considerations for Covering Special Exposures. Claire Lee Reiss Program Director National League of Cities Risk Information Sharing Consortium

Cyber Insurance as one element of the Cyber risk management strategy

Privacy / Network Security Liability Insurance Discussion. January 30, Kevin Violette RT ProExec

cyber invasions cyber risk insurance AFP Exchange

Cyber Liability. What School Districts Need to Know

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group Ext. 7029

Rogers Insurance Client Presentation

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

ISO? ISO? ISO? LTD ISO?

Cyber Threats: Exposures and Breach Costs

Cyber/Information Security Insurance. Pros / Cons and Facts to Consider

CYBER SECURITY SPECIALREPORT

Managing Cyber & Privacy Risks

CYBER/ NETWORK SECURITY

EMERGING CYBER RISK CYBER ATTACKS AND PROPERTY DAMAGE: WILL INSURANCE RESPOND?

Managing Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal

Practical Cyber Law: Why the Standard of Care Requires Lawyers to Have a Basic Understanding of Cyber Insurance

Cyber and data Policy wording

An Introduction to Cyber Liability Insurance. Catherine Berry Senior Underwriter

Discussion on Network Security & Privacy Liability Exposures and Insurance

CyberEdge. Desired Coverages. Application Form. Covers Required. Financial Information. Company or Trading Name: Address: Post Code: Telephone:

Cyber Threats and the Insurance Response

DATA BREACH, NETWORK SECURITY, CYBER LIABILITY, PRIVACY PROTECTION: ARE YOU INSURED?

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for?

Coverage is subject to a Deductible

CYBER LIABILITY. Bring on tomorrow. Network Security and Privacy. May 15, 2014

Insurance implications for Cyber Threats

Tools Conference Toronto November 26, 2014 Insurance for NFP s. Presented by Paul Spark HUB International HKMB Limited

Cyber Liability Insurance: It May Surprise You

DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET

Michael Gaudet 2015 PHC 7/23/2015. Key Broker Challenges

Cybercrime: risks, penalties and prevention

CAGNY Spring 2015 Meeting Fundamentals of Cyber Risk. Brad Gow June 9th, 2015 Endurance

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Network Security & Privacy Landscape

Privacy and Data Breach Protection Modular application form

Understanding Professional Liability Insurance

CYBER LIABILITY INSURANCE

How-To Guide: Cyber Security. Content Provided by

CYBER 3.0. CUTTING-EDGE ADVANCEMENTS IN INSURANCE COVERAGE FOR CYBER RISK AND REALITY SFOR005 Speakers:

Cyber Insurance What is it? Should your bank purchase it? Roberta D. Anderson Partner, K&L Gates LLP

Cyber Risk Insurance for Agents. Frequently Asked Questions

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Cyber Risks in Italian market

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Cyber Liability & Data Breach Insurance Claims

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection

Cyber-insurance: Understanding Your Risks

NZI LIABILITY CYBER. Are you protected?

Cyberinsurance: Insuring for Data Breach Risk

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

CYBER & PRIVACY LIABILITY INSURANCE GUIDE

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Insurance for Data Breaches in the Hospitality Industry

Defensible Strategy To. Cyber Incident Response

Airmic Review of Recent Developments in the Cyber Insurance Market. & commentary on the increased availability of cyber insurance products GUIDE

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014

Insuring Innovation. CyberFirst Coverage for Technology Companies

CyberSecurity for Law Firms

Joe A. Ramirez Catherine Crane

Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance

2015 Global Cyber Impact Report

Cyber Insurance: How to Investigate the Right Coverage for Your Company

Cyber and Data Security. Proposal form

Insurance & Risk Management Update: November 2011

Cyber-Crime Protection

Cyber Security Issues - Brief Business Report

Technology, Privacy and Cyber Protection Modular application form

Senate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace

CYBER RISK INSURANCE. Presented By: Jonathan Healy

Transcription:

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President Northeast Region, Willis of New York, Inc.

Insurance Considerations What's the threat? Identifying the Gaps Cyber Liability coverage: What is it? Vendor Contracts Coverage considerations Cost considerations 2

Top 5 Trends in Cyber Risk Increasing interconnectivity and commercialization of cybercrime driving greater frequency and severity of incidents, including data breaches Data protection legislation will toughen globally. More notifications and significant fines for data breaches in future can be expected Business interruption (BI), intellectual property theft and cyberextortion risk potential increasing. BI costs could be equal to or exceed breach losses Vulnerability of industrial control systems poses significant threat No silver bullet solution for cyber security 3

Cyber/Privacy Security Risk Gaps in Traditional Insurance Property General Liability Crime/Bond K&R E&O Cyber/ Privacy 1 st Party Privacy/Network Risks Physical damage to Data Virus/Hacker damage to Data Denial of Service attack B.I. Loss from security event Extortion or Threat Employee sabotage 3 rd Party Privacy/Network Risks Theft/disclosure of private info Confidential Corporate Info breach Technology E&O Media Liability (electronic content) Privacy breach expense/notification Damage to 3 rd party s data Regulatory Privacy Defense/Fines Virus/malicious code transmission Coverage Provided Limited Coverage No Coverage

Traditional Insurance Gaps Theft or disclosure of third party information (GL) Security and privacy Intentional Act exclusions (GL) Data is not tangible property (GL, Prop, Crime) Bodily Injury & Property Damage triggers (GL) Value of data if corrupted, destroyed, or disclosed (Prop, GL) Contingent risks (from external hosting, etc.) Commercial Crime policies require intent, only cover money, securities and tangible property. Territorial restrictions Sublimit or long waiting period applicable to any virus coverage available (Prop) 5

Privacy & Network Coverage LIABILITY COVERAGE PRIVACY LIABILITY Liability costs associated with your inability to protect private information Loss Example Incident: Government department employee took records and placed them on his home computer which was hacked with 26M records being stolen. Amount: $20M paid in settlement. NETWORK SECURITY LIABILITY Liability costs associated with your inability to prevent a computer attack against your computer network Loss Example Hackers obtained access to debit card account records and changed limit parameters resulting in fraud and a liability of $10 million MEDIA LIABILITY Tort liability associated with content you create, distribute or is created and distributed on your behalf Loss Example - Can cover unauthorized expression and other exposures over social media sites by employees or others for whom a company might be responsible 6

Privacy & Network Coverages DIRECT (LOSS MITIGATION) COVERAGE DATA BREACH EXPENSES coverage typically sublimited Direct costs expended to mitigate a privacy breach, they typically include but are not limited to public relations expenses, consumer notification, identity theft restoration, credit monitoring service costs and forensic expenses Loss Example - Incident: Financial institution had a fired employee input a timed virus into systems which was intended to go into effect when he left the company. The company discovered the virus but spent significant sums on forensics to rid the system of the malicious code. Amount: Over $3,000,000 acknowledged costs. PRIVACY REGULATORY EXPENSES coverage typically sublimited Defense costs (associated damages) expended to respond to or comply with a demand made by a regulatory agency (authority) Loss Example $6.8M state regulatory fine results from a health insurer that mailed 13,000 letters with insurance number printed on envelope. 7

Privacy & Network Coverages DIRECT (FIRST PARTY) COVERAGE Revenue Loss/Extra Expense associated with your inability to prevent a computer attack against your computer network Loss Example - $25M - Financial Institution had security related Network Business Interruption Loss ADDITIONAL COVERAGE with ADDITIONAL COSTS System Failure Loss Example - An insured experienced a 48-hour system failure (due to internal programming errors). The company could not process sales and payments quickly and its operations were disrupted. The company was reimbursed $1.4 Million by the insurer for lost net income associated with the loss. 8

Privacy & Network Coverages DIRECT (FIRST PARTY) COVERAGE Data Reconstruction - Your costs to recreate, recollect data, lost, stolen or corrupted due to your inability to prevent a computer attack against your computer network Loss Example - A company suffers an attack against its computer network that damages or destroys data. The company expends money to restore the lost or corrupted data Extortion Cost - Your costs expended to comply with an cyber extortion demand Loss Example - A third party or rogue employee steals information. If the company does not pay him $XXmln, he will release the information 9

Cyber Marketplace Total Cyber premiums have reached $2B and growing every year. Estimated to $20B by 2025 No standardization from carrier to carrier Products are comparable, but look very different Customization is available Average Limit / Cost- $25m / $250,000 Markets AIG, Chubb, Bermuda & London markets Exclusions in traditional policies will become more commonplace. Stand-alone cyber product to be the main source of liability cover Cyber concept and wordings will be tested, potentially resulting in litigation 10

IT Vendor Requirements Coverage / Limit Requirements Technology Errors & Omission Multimedia Liability Privacy Liability Network Security Liability Breach Cost Coverage Notification, Credit Monitoring, Forensics, Public Relations Regulatory Fines and Penalties assessed due to a Data / Privacy Breach $20 million Combined overall limit 11

Contact Information Stephen D. Becker, Executive Vice President Northeast Region Willis of New York, Inc. Phone: 212 915 8320 Email: stephen.becker@willis.com 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information