Cyber Threats and the Insurance Response

Similar documents
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Managing Cyber Risk through Insurance

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

Cyber/ Network Security. FINEX Global

Cyber Risks in Italian market

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group Ext. 7029

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

CYBER/ NETWORK SECURITY

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

CYBER INSURANCE. Cyber Insurance and Gaps in Traditional Insurance. Cyber and E&O Team Willis FINEX North America

Cyber Insurance Presentation

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Insurance implications for Cyber Threats

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

Lost in Cyber Space? Cyber Risks and (Re-) Insurance

Mitigating and managing cyber risk: ten issues to consider

What would you do if your agency had a data breach?

Managing Cyber & Privacy Risks

Understanding the Business Risk

CYBER LIABILITY INSURANCE

Airmic Review of Recent Developments in the Cyber Insurance Market. & commentary on the increased availability of cyber insurance products GUIDE

The Onslaught of Cyber Security Threats and What that Means to You

Our specialist insurance services for Professionals risks

CYBER RISK SECURITY, NETWORK & PRIVACY

Data Breach and Senior Living Communities May 29, 2015

Insurance and operational risk under Basel II and the CRD

Cyber/Information Security Insurance. Pros / Cons and Facts to Consider

Discussion on Network Security & Privacy Liability Exposures and Insurance

Cyber and data Policy wording

Cyber-insurance: Understanding Your Risks

How To Cover A Data Breach In The European Market

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for?

THE ANATOMY OF A CYBER POLICY. Jamie Monck-Mason & Andrew Hill

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Cyber-Crime Protection

Joe A. Ramirez Catherine Crane

An Introduction to Cyber Liability Insurance. Catherine Berry Senior Underwriter

Specialty Risk Protector

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked

Cyber and Data Security. Proposal form

Privacy / Network Security Liability Insurance Discussion. January 30, Kevin Violette RT ProExec

Cyber Insurance as one element of the Cyber risk management strategy

Cyber Liability Insurance

Enterprise PrivaProtector 9.0

Cyber Risk Insurance for Agents. Frequently Asked Questions

CYBER & PRIVACY LIABILITY INSURANCE GUIDE

Embracing Cyber Risk: Insurance Solutions

How To Protect Your Data From Hackers

What Data? I m A Trucking Company!

Aon & DLA Piper s 2014 Network Security & Privacy Symposium. September 2014

Privacy and Data Breach Protection Modular application form

How To Insure A Project In The Uk

ISO? ISO? ISO? LTD ISO?

Cyber Risks and Insurance Solutions Malaysia, November 2013

Cyber Insurance Research Paper

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

Achieving Cyber Resilience. By Garin Pace, Anthony Shapella and Greg Vernaci

Insuring Innovation. CyberFirst Coverage for Technology Companies

IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA Toll Free: (877) IRON411

Navigating Cyber Risk Exposure and Insurance. Stephen Wares EMEA Cyber Risk Practice Leader Marsh

DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET

Privacy Rights Clearing House

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS

OECD PROJECT ON CYBER RISK INSURANCE

Network Security & Privacy Landscape

Cyber Insurance Research Paper

Cyber Liability. What School Districts Need to Know

Transcription:

Cyber Threats and the Insurance Response Scott Reeves & Laurence Yan Munich Reinsurance Company This presentation has been prepared for the Actuaries Institute 2014 General Insurance Seminar. The Institute Council wishes it to be understood that opinions put forward herein are not necessarily those of the Institute and the Council is not responsible for those opinions.

Cyber Threats and the Insurance Response Landmark Events Exposures The Government and Industry Response Insurance Coverage Options & Market Actuarial Context and Concerns Case Study

Sony Playstation Network Date 17 19 April 2011 Extent of Breach Source of Breach Insurance 77 million records Compromise of System Administrator s account via malicious email Coverage denied under GL policy

Target (United States) Date 27 November 15 December 2013 Extent of Breach Source of Breach Insurance 40 million credit cards 70 million other records RAM Memory Scraping Malware $100m Cyber Policy $65m D&O Policy

Other Recent Breaches Target Location Date Extent of Breach Kmart US Sept 2014 Credit card information Home Depot US April - Aug 2014 53 million credit cards CHS US July 2014 4.5 million patient records EBay US May 2014 User login details JP Morgan US August 2013 76 million customer records ABC AUS February 2013 50,000 User login details Telstra AUS May 2012 35,000 User login details

Denial of Service Extortion Electronic Vandalism Theft of data Computer Virus Cyber Risk Exposures Security Privacy laws HIPAA + HITECH Gramm-Leach-Bliley Future Legislation Reputation Compliance & Privacy Primarily First Party Primarily Third Party Massive distribution of false information Systematic posting of incorrect info on web pages Liability Intellectual Property infringement Product/Service failure Privacy violation

Accumulation Concerns Global Outage of External Networks client 2 nd tier Worldwide spread Many services interrupted Prevention by insured not possible client bank bank company bank credit company 1 st tier sub cloud provider end user sub cloud provider Self-reproducing Computer Viruses company bank Worldwide spread Many systems infected per event invalid supplier pharma hospital Cloud provider Onlineshop end user end user Outage of a Large Cloud Service Provider Accumulation triggered by one company Many clients affected per event lab doc lab hospital doc pharma industry end user sub cloud provider sub cloud provider sub cloud provider hospital end user sub cloud provider

Government Responses Privacy Amendment (Privacy Alerts) Bill 2014 Possible introduction of mandatory data breach notification. Under consideration by the House of Representatives Australian Privacy Principles, March 2014 OAIC now has more powers to investigate breaches and seek civil penalties ALRC Report: Serious Invasions of Privacy in the Digital Era Recommendation for the creation of a tort for breach of privacy

Industry Response: PCI-DSS Payment Card Industry Data Security Standards Credit card industry self-regulating body (worldwide) All entities processing credit card transactions are required to comply Designed to reduce fraudulent transactions Authority to fine non-complying entities in the event of a data breach

Insurance Response Traditional Covers Property: Cover is specific to physical loss or damage to tangible property Data is not generally defined as tangible property General Liability: Typically covers bodily injury & property damage to tangible property May specifically exclude electronic data Professional Indemnity (Errors & Omissions): Covers third party economic damages resulting from a failure of defined services only Typically tied to/requires an act of negligence to trigger cover Directors and Officers: Covers economic damages resulting from a wrongful act by the directors/officers Possible secondary coverage provided for consequences of a cyber event

Insurance Response Coverage Options Cyber insurance policy 1st party Cyber Expenses 3rd party Cyber Liability Crisis Consulting Forensics Notification Costs Credit Monitoring IT Vandalism Electronic Theft Business Interruption Network Extortion Privacy Disclosure/Liability Security Failure Internet Communication and Media Liability Intellectual Property Legal Counsel Internal Network Interruption Administrative Fines Access Failure

Global Cyber (Re)insurance Market Estimated Primary Insurance Cyber Market (2014 & 2020, in USD billion) 6 8 Rest of the World North America ~ 1 3 North America Cyber liability treaties mainly coming from specialist insurers or global clients Europe Few Cyber treaties, mainly from global clients or large local insurers 2 2.5 ~ 0.1 0.3 ~ 2 ~5 Asia Growing demand in all lines of business; high growth rates expected 2014 2020

State of the Market Australia (Current) AUD 150m market capacity 12 Carriers Limited claims activity Limited policy take-up Mandatory notification requirement may lead to increased awareness and higher insurance penetration

State of the Market - Australian (Future) In terms of the impact of these changes on the industry, if the 2014 Bill is introduced and mandatory breach notification become a feature of the Australian privacy regime, Australia may follow in the footsteps of the United States, where class actions emanating from mass breaches of privacy obligations are occurring with increasing frequency. Privacy law reforms the key changes in 2014 Norton Rose Fulbright (June 2014)

Actuarial Context and Concerns Data quality and limited dataset Dynamic regulatory environment Evolving exposures Varying claims costs drivers Spill-over claims against other classes of business Accumulation scenario modelling and pricing

Case Study Scenario Partnership with primary insurance client New product with no loss experience Third party liability arising from internet operations Homogenous class of insureds

Scenario-based Modelling Approach Average data breach loss quantum based on industry research Loss quantum reduced in accordance with the actual coverage provided Loss frequency derived from industry research Assign an average loss per average insured Loss cost modified by risk factors and dimension discounting

Pricing Control Cycle Reserving / monitoring performance Managing portfolio accumulations while working with imperfect data New / improving data sources

Concluding Remarks Quote from London Market underwriter Important and dangerous class of business Red Light District - attract unwary punters Standard actuarial techniques must be adapted Essential to work with underwriters and claims staff to understand complexities International risks - each country is different Demand is real: people need this cover Subject : Underwriting PI / D&O (2001)!!

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information