Cyber Liability Insurance: Reg Harnish, CISSP, CISM, CISA Chief Security Strategist GreyCastle Security Steve Lobel Vice President Anchor Agency October 17, 2013
1,200
Introduction
Cybercrime Today
Major Trends 1. Increasing business complexity 2. Increasing criminal motivation 3. Increasing availability of weaponized software
What s your likelihood of compromise?
Case Studies
What is Cyber Liability Insurance?
Network Security and Privacy Insurance New Age Exposure Presentation by RF Ougheltree & Associates, LLC
Network Security & Privacy Insurance Many forms and Labels ClickStream Internet Liability-Hudson Convergence-Navigators TechVantage- C N A Cyber Choice -Hartford MicroTek-United States Liability NetAdvantage/CyberEdge -AIG CyberSecurity-Chubb DigitalRisk-ACE Technet-Axis AFB Media Tech-Beazley Information Security & Privacy-Beazley Technology Protection-Hiscox NetGuard-NAS- Lloyds NetProtect360-C N A
Network Security and Privacy Insurance Product Differentiation-Scope of Coverage Cyber lite: protect employee (Identity Theft Expense) [ under $500 or undisclosed premium ( throw in ] protect company ( personal identity events only) [$450 to 3,500) Cyber extra: protect company (company and personal data for privacy and security perils) [$3,500-$12,000] Cyber special edition: protect company ( company and personal data for privacy and security perils) Full 1 st and 3 rd party coverage [$12,000 + ]
Network Security and Privacy Insurance Product formats Endorsements to other lines (D&O, E&O, EPL) Mono line (stand alone) [Coverage Modules] Multiple line Management Liability package (D&O +, E&O +, EPL +)
Network Security and Privacy Insurance Claims Handling 1. 24/7 access to a call center for claim reporting and guidance 2. An attorney contacts the insured to help with the selection of a lawyer with expertise on applicable laws and regulations and, if needed, a forensic expert able to investigate and report on the scope of the breach. An action plan is drawn up. 3. The insured, with advice from legal counsel and continuing guidance from a breach coach decides whether and to what extent notification is required. If notification is required, a notification service provider is chosen to mail out notifications in line with applicable regulations. 4. The insured and attorney approve notification letters for mailing and a call center service provider is selected. Q&A scripts for call center employees are prepared. 5. The notification service provider sends letters, which include an offer of either a credit monitoring or identity monitoring package to affected individuals. 6. Individuals who are potentially affected by the breach receive letters and may enroll in the monitoring services. Credit monitoring enrollment is either online or offline through the call center. Those enrolled are also eligible for identity theft resolution or fraud support services should they become a victim of identity theft or fraud caused by a covered breach. 7. The insured receives reports on the progress of the mailing and credit monitoring enrollment for continuous monitoring of the event. The Breach Response Team maintains close contact with the insured and the service providers throughout the process to ensure the breach is handled as effectively as possible.
Understanding Cyber Liability Coverage
Final Thoughts 1. All businesses are vulnerable AND CAN BE COMPROMISED 2. Cyber liability insurance is an absolute must in today s risky environment 3. Cyber liability insurance does not replace your cybersecurity program
Final Thoughts 4. Like cybersecurity, cyber liability insurance requires experts that understand your business and risks 5. Crossing your fingers is not a strategy
Everybody has a plan until they get punched in the face. - Mike Tyson
GreyCastle Security (518) 274-SAFE www.greycastlesecurity.com Anchor Agency (518) 458-8908 www.anchoragency.com