Distributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015

Similar documents
Understanding the Business Risk

Enterprise Risk Management: Taking the First Steps

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

Insurance for Data Breaches in the Hospitality Industry

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability

RISK MANAGEMENT. Administrative Services and Risk Management


Managing Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS Data Breach : The Emerging Threat to Healthcare Industry

Joe A. Ramirez Catherine Crane

Policy Considerations for Covering Special Exposures. Claire Lee Reiss Program Director National League of Cities Risk Information Sharing Consortium

Coverage is subject to a Deductible

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ

Cyber Exposure for Credit Unions

Mitigating and managing cyber risk: ten issues to consider

Rogers Insurance Client Presentation

POLICY. Number: Title: Enterprise Risk Management. Authorization

Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance

Risk Management Policy and Framework

Tools Conference Toronto November 26, 2014 Insurance for NFP s. Presented by Paul Spark HUB International HKMB Limited

ISO? ISO? ISO? LTD ISO?

INSURANCE REQUIREMENTS FOR MASTER AGREEMENT CONTRACTORS

CYBER RISK MANAGEMENT IN THE BOATING INDUSTRY

INSURANCE GUIDE I - MINOR CONTRACTS FOR SERVICE

Cyber/ Network Security. FINEX Global

Covenants to Insure in Commercial Agreements. In House Training Seminar Presented by Satinder K. Sidhu March 8, 2013

CYBER RISK SECURITY, NETWORK & PRIVACY

Internet Stolen: The Fastest Growing White Collar Crime

ATTACHMENT A.6 INSURANCE REQUIREMENTS ROUTINE CONSTRUCTION, MAINTENANCE AND REPAIR PROJECTS

DATA BREACH COVERAGE

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS

Insurance Bulletin. Risk Transfer Techniques. Risk Transfer. Certificates of Insurance

INSURANCE REQUIREMENTS FOR CONSTRUCTION CONTRACTS ABOVE $25,000

Copyright 2013 Cover Agency Ltd.

Data Privacy, Security, and Risk Management in the Cloud

Protecting Your Credit Union

Items 1-7 above shall not be subject to any of the following limiting or exclusionary endorsements:

Public Private Partnerships and National Input to International Cyber Security

Maryland Association of Boards of Education Insurance Programs

Implementation of the Cybersecurity Executive Order

IDC Member Insurance Program brought to you by LMS PROLINK Ltd.

The purpose of this Agreement is to establish the services of Independent Contractor to the University of La Verne on

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

INSURANCE REQUIREMENTS FOR ALL CITY CONTRACTS

SECTION 3 AWARD AND EXECUTION OF CONTRACT

Protecting Your Credit Union

Required Insurance Language for PRF Construction Contracts

The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v

RIVERPORT INSURANCE COMPANY THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ IT CAREFULLY. SPECIMEN GENERAL LIABILITY BROADENING ENDORSEMENT

LMCIT Service Contract Insurance Recommendations

RISK MANAGEMENT POLICY

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

How To Insure A Project In The Uk

NonProfit 101. Notes: Session 1B: Insurance, What you do not know can hurt you! From Survivability to Sustainability. June 10, 2015 Session 1B page 1

EXHIBIT B-1 INSURANCE REQUIREMENTS FOR CONSTRUCTION CONTRACTS ABOVE $30,000

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer?

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Protecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks

SMALL COMMERCIAL INSURANCE

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

Specialty Risk Protector

Cybersecurity Risk Transfer

SPECIAL REPORT MANAGING THE RISK OF INDEPENDENT CONTRACTORS WORKING IN YOUR BUILDING

Cyber-Technology Policy Comparisons

Insurance for Startups:

EXHIBIT B CITY OF PHILADELPHIA AND PHILADELPHIA HOUSING DEVELOPMENT CORPORATION INSURANCE REQUIREMENTS

PHILADELPHIA REDEVELOPMENT AUTHORITY INSURANCE REQUIREMENTS

RISK MANAGEMENT REPORTING GUIDELINES AND MANUAL 2013/14. For North Simcoe Muskoka LHIN Health Service Providers

INDEMNIFICATION AND INSURANCE REQUIREMENTS FOR LOS ANGELES COUNTY SERVICE AGREEMENTS

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Logging In: Auditing Cybersecurity in an Unsecure World

CERTIFICATE OF INSURANCE TO CITY OF NEWARK CALIFORNIA ( the City ) A Municipal Corporation

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

Cyber Insurance Presentation

Appendix J Contractor s Insurance Requirements

Proactive Risk Management Managing Risks Starts at the Top. Workshop Handbook

MINNESOTA STATE COLLEGES AND UNIVERSITIES General Insurance Requirements for Contractors & Vendors

CYBER & PRIVACY LIABILITY INSURANCE GUIDE

GALLAGHER CYBER LIABILITY PRACTICE. Cyber Risk Exposures and Solutions

Insurance for Libraries

Vendor Insurance Requirements Revised

Risk Management. Policy

"P" INSURANCE CONDITIONS CONSULTING AND PROFESSIONAL SERVICES

SOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT)

Insurance Requirements for Contractors (Without Construction Risks)

CAMBRIDGE PROPERTY & CASUALTY SPECIAL REPORT

PREQUALIFICATION APPLICATION REQUIREMENTS

Insurance for Startups:

9/13/2011. Miscellaneous Current Topics in Healthcare Professional Liability. Antitrust Notice. Table of Contents. Cyber Liability.

CGI Cyber Risk Advisory and Management Services for Insurers

CYBER SECURITY SPECIALREPORT

Managing multinational insurance programs

Gordon L. Mountjoy & Associates, Inc.

Managing Cyber Risk through Insurance

Glossary of Insurance Terms

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

CURRENT SPECIAL PROVISIONS FOR LIABILITY INSURANCE

(1) Commercial Crime Insurance or Employee Fidelity Bond

Introduction to Enterprise Risk Management at UVM DRAFT

Transcription:

Distributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015

Today s Agenda What are we talking about today? What is Risk Evolution of risk management Understand the importance of Risk Transfer Key elements of contractual transfer The Interaction of contracts and insurance Newest topic in insurance Cyber Liability Questions & Answers

What is risk Risk is present in everything we do ISO 31000, the international standard on risk management, defines it this way: Risk = the effect of uncertainty on your objectives. Risk can be a threat or an opportunity Anything that could harm, prevent, delay or enhance your ability to achieve your objectives = risk 3

Why We Need to Manage Risk The purpose of managing risk is to increase the likelihood of an organization achieving its objectives by being in a position to manage threats and adverse situations and being ready to take advantage of opportunities that may arise. National Guidance on Implementing ISO 31000:2009 From NSAI in Ireland 4

5 Major Categories for External Global Risks Economic Risks Geopolitical Risks Environmental Risks Technological Risks Societal Risks 5

Top 5 Global Risks in Terms of Likelihood, 2007 2014: Insurance can help with most 6

Top 5 Global Risks in Terms of Impact,2007 2014: Insurance can help with most 7

12 Industries with Risk Issues in the next 10 years Health Care Health Sciences Energy (Traditional) Alternative Energy Petrochemical Agriculture Natural Resources Technology (incl. Biotechnology) Light Manufacturing Insourced Manufacturing Export-Oriented Industries Shipping (Rail, Marine, Trucking, Pipelines) 8

A Few Definitions ISO 31000 Risk is the effect of uncertainty on objectives Risk Management, the coordinated activities to direct and control an organization with regard to risk Risk Owner, the person or entity with the accountability and authority to manage risk Stakeholder is any person or organization that can affect, be affected by or perceive themselves to be affected by a decision or activity. They are both internal and external. Stakeholders are important to the process and key to activities like communication, consultation and reporting. Stakeholders interests and fears should be taken into account Risk management process is the systematic application of management policies, procedures and practices to the tasks and activities of communicating, consulting, establishing the context and identifying, analyzing, evaluating, treating, monitoring and reviewing risk. 9

Risk Management is Evolving Transactional Approach Purchase insurance to cover risks Hazard-based risk identification and controls Compliance issues addressed separately Safety & emergency mgmt handled separately Silo approach risk mgmt is not integrated across the organization Risk Manager is the insurance buyer Risk is bad focus is on transferring risk A Broader Risk Mgmt Approach Greater use of alternative risk financing techniques More proactive about preventing and reducing risks Integrates claims mgmt, contracts review, special event RM, insurance and risk transfer techniques Cost allocation used for education and accountability More collaboration as depts. are willing Risk Manager may be the risk owner Risk is an expense focus is on reducing cost-of-risk Enterprise Risk Management A wide range of risks are discussed and reviewed, including reputational, human capital, strategic and operational Aligns RM process with strategy and mission May include upside risks (opportunities) Helps manage growth, allocate capital & resources Risks are owned by all & mitigated at the department level Many risk mitigation & analytical tools available Risk Manager is the risk facilitator and leader Risk is uncertainty focus is on optimizing risk to achieve goals 10

Why should we take a broader approach to risk? Insurance companies estimate that only 20-30% of all risks are insurable Global interconnectedness forces us to think more broadly for example: Pandemic flu Cyber attacks World economy & supply chain risks Now more than ever, we need all stakeholders to be risk aware 11

Principles Framework RM Process Creates value Integral part of organizational processes Part of decision making Explicitly addresses uncertainty Systematic, structured & timely Based on best available info Tailored Takes human & cultural factors into account Transparent & inclusive Dynamic, iterative & responsive to change Facilitates continual improvement & enhancement of the org Continually improve the framework Mandate & Commitment Design framework for managing risk Monitor and review the framework Implement risk management Communicate and consult Establish the context Risk assessment Risk identification Risk analysis Risk evaluation Risk treatment Monitor and review 12

Risk Identification - Contracts What are we committing to? What will our responsibilities be? Who will pay if something goes wrong? Where will the money come from? What other post-loss duties exist? Communicate and consult Establish the context Risk assessment Risk identification Risk analysis Risk evaluation Risk treatment Monitor and review 13

Risk Analysis - Contracts How important is this contract? Who are the key players? What s our timeframe? What s the loss history for these type of endeavors? How costly could it be? Communicate and consult Establish the context Risk assessment Risk identification Risk analysis Risk evaluation Risk treatment Monitor and review 14

Risk Evaluation - Contracts How important is this contract? What options do we have? What can we negotiate? What s the risk management perspective? Communicate and consult Establish the context Risk assessment Risk identification Risk analysis Risk evaluation Risk treatment Monitor and review What do we recommend? 15

Risk Treatment Making Choices Avoid it? Establish the context Control the risk? Share responsibility? What can we do to reduce the risk? Should we finance the risk? Communicate and consult Risk assessment Risk identification Risk analysis Risk evaluation Risk treatment Monitor and review Can we transfer the risk? 16

Options for Transferring Risk Insurance Bonds Through contractual risk transfer: Contracts + insurance requirements Indemnification agreements Hold harmless agreements Waivers 17

Minimum Scope of Insurance Coverages: Premises liability Products and completed operations Blanket contractual liability Personal injury with deletion of employee exclusion Named as additional insured Deletion of limitations re explosion, collapse, underground hazards Independent contractors Broad form property damages Limits: $500,000/occurrence combined single limit for bi/property damage? 18

Minimum Scope of Insurance Additional insured on General Liability and Auto Current, valid insurance certificates with 30-days cancellation notice Insurers Best Rating of no less than A:VII Amend policies & certs: Your interest is primary & other ins excess Severability of interest (ins applies to each insured) Failure to comply with reporting provisions will not affect coverage 19

Additional Insured Provision Appointed officers, members, employees and volunteers are included as insureds with regard to damages and defense of claims arising from: a) Activities performed by or on behalf of the Named Insured b) Products and completed operations of the Named Insured c) Premises owned, leased or used by the Named Insured d) The ownership, operation, maintenance, use, loading or unloading of any auto 20

Insurance Provisions Define Insurance Requirements Coverage types, terms, formats Timeframes for maintaining coverage Limits, per occurrence and aggregate Financial stability of insurer Additional insured status, endorsements and certificates Put Requirements in RFPs / Contracts 21

Contractual Risk Transfer Factors to Consider Control of the Risk Knowledge of the Risk Statutory or Common Law Limitations Custom & Practice Bargaining Position Will it pass public policy scrutiny? 22

Cyber Liability 23

Data Breaches 2005-2014 Data Breaches / Millions of Records Exposed 800 700 600 500 400 300 200 100 Millions 222.5 783 220 656 662 619 200 180 160 66.9 321 498 140 446127.7 447 419 120 87.9 85.6 100 80 35.7 60 157 19.1 16.2 22.9 17.3 40 20 0 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 # Data Breaches # Records Exposed (Millions) 24

Worldwide Cybersecurity Spending 2011 2016F ($ Billions) $85 $83.2 12% $80 $75 $70 $65 $60 $55 $55.0 8.4% $60.0 $65.9 9.8% 7.9% $71.1 $76.9 8.2% Cybersecurity spending increased by an estimated $5.2B in 2014, $5.8B in 2015 and $6.3B in 2016 8.2% 10% 8% 6% 4% 2% $50 2011 2012 2013 2014F 2015F 2016F Worldwide Cybersecurity Spending % Change from Previous Year 0% 25

What Risks can be Transferred Buying insurance Breach response costs/crisis management costs Regulatory investigations, civil fines and penalties (where insurable by law) Litigation from individuals / class actions Litigation from financial institutions and other third parties Media liability libel, slander, intellectual property infringement damages and expenses Cyber Extortion consultant costs, ransom payments Data asset loss & non physical business interruption Loss of business income & extra expense 26

Available Coverages Exposure Category Network Security Liability Privacy Liability Regulatory Liability Legal / Notification Expense Description Provides liability coverage if an Insured's Computer System fails to prevent a Security Breach or a Privacy Breach Provides liability coverage if an Insured fails to protect electronic or non-electronic information in their care custody and control Coverage for lawsuits or investigations by Federal, State, or Foreign regulators relating to Privacy Laws 1st Party expenses to comply with Privacy Law notification requirements Crisis Management Credit Monitoring Expense Forensic Investigations Public Relations 1st Party expenses to provide up to 12 months credit monitoring 1st Party expenses to investigate a system intrusion into an Insured Computer System 1st Party expenses to hire a Public Relations firm Data Recovery Business Interruption Cyber Extortion Technology Services/Products & Professional Errors & Omission Liability Media Liability 1st party expenses to recover data damaged on an Insured Computer System as a result of a Failure of Security 1st party expenses for lost income from an interruption to an Insured Computer System as a result of a Failure of Security Payments made to a party threatening to attack an Insured's Computer System in order to avert a cyber attack Technology Products & Services and Miscellaneous E&O can be added to a policy when applicable Covers the Insured for Intellectual Property and Personal Injury perils the result from an error or omission in content (coverage for Patent and Trade Secrets are generally not provided) 27

Assessing Cyber Risk What do you need Ponemon Studies: Cost per Record 200 150 100 cost per record 50 0 2006 2007 2008 2009 2010 2011 2012 2013 28

Assessing Cyber Risk What records do you have? 400 Breach Cost per Record by Industry 350 300 250 200 150 100 Cost per Record 50 0 29

Assessing Cyber Risk Which line are you? 30 Trends in Breach Cost ($M) by Co. Size 25 20 15 10 Small Medum Large X-Large 5 0 2009.5 2010 2010.5 2011 2011.5 2012 2012.5 2013 2013.5 2014 2014.5 30

Thank You Thomas Douglas Area Vice President Arthur J. Gallagher & Co. 12444 Powerscourt Dr. Suite 500 St. Louis, MO 63131 314-800-2225

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information