Cyber Risk Management



Similar documents
Mitigating and managing cyber risk: ten issues to consider

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

YOUR TRUSTED PARTNER IN A DIGITAL AGE. A guide to Hiscox Cyber and Data Insurance

CYBER RISK SECURITY, NETWORK & PRIVACY

Cybercrime: risks, penalties and prevention

Cyber Risks October

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Making Sense of Cyber Insurance: A Guide for SMEs

How To Cover A Data Breach In The European Market

Cyber Threats: Exposures and Breach Costs

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

NZI LIABILITY CYBER. Are you protected?

CYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows

CGI Cyber Risk Advisory and Management Services for Insurers

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

Cyber/ Network Security. FINEX Global

Cyber and Data Security. Proposal form

Insurance for Data Breaches in the Hospitality Industry

Senate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace

Cyber security: Are consumer companies up to the challenge?

Cyber Security Issues - Brief Business Report

The era of hacks and cyber regulation

CYBER & PRIVACY LIABILITY INSURANCE GUIDE

Managing cyber risks with insurance

Beyond Data Breach: Cyber Trends and Exposures

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES

Cyber security Time for a new paradigm. Stéphane Hurtaud Partner Information & Technology Risk Deloitte

Information and Communication Technology, Cyber and Data Security

THE ANATOMY OF A CYBER POLICY. Jamie Monck-Mason & Andrew Hill

MANAGING DIGITAL RISKS IN THE RETAIL WORLD

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

CYBER SECURITY SPECIALREPORT

Security & Privacy Current cover and Risk Management Services

ACE European Risk Briefing 2012

Cyber Essentials Scheme. Protect your business from cyber threats and gain valuable certification

Rogers Insurance Client Presentation

Managing Cyber Risk through Insurance

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS

Cyber Risks and Insurance Solutions Malaysia, November 2013

How-To Guide: Cyber Security. Content Provided by

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Care Providers Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management

THE NEW INTERNATIONALS. Updating perceptions of SMEs in an increasingly globalised world

Cyber Insurance: How to Investigate the Right Coverage for Your Company

The Cancer Running Through IT Cybercrime and Information Security

Insuring Innovation. CyberFirst Coverage for Technology Companies

Insurance implications for Cyber Threats

A Guide to the Cyber Essentials Scheme

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection

Cyber Security - What Would a Breach Really Mean for your Business?

Our specialist insurance services for Professionals risks

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

Cyber Risks in Italian market

POLICIES TO MITIGATE CYBER RISK

SMALL BUSINESS REPUTATION & THE CYBER RISK

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

OECD PROJECT ON CYBER RISK INSURANCE

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

Information Security Services

An Introduction to Cyber Liability Insurance. Catherine Berry Senior Underwriter

Risk Control Industry Guide Series. Telecommunications Industry

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

Embracing Cyber Risk: Insurance Solutions

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ

Protecting your business from cyber crime and data loss. November 2014

How To Protect Your Business From A Cyber Attack

Enterprise Security Governance. Robert Coles Chief Information Security Officer and Global Head of Digital Risk & Security

Cyber and data Policy wording

How To Buy Cyber Insurance

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

Guidance on data security breach management

The Recover Report. It s business. But it s personal.

Information Security Incident Reporting & Investigation

IT Security Incident Management Policies and Practices

National Cyber Security Policy -2013

Addressing Cyber Risk Building robust cyber governance

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection

DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET

Course 4202: Fraud Awareness and Cyber Security Workshop (3 days)

Who s next after TalkTalk?

IRIS Report Commercial Espionage: The Threat from Chinese Cyber Attacks Executive Summary

Information Security Insights From and For Canadian Small to Medium Sized Enterprises

Reducing the Threat Window

Navigating Cyber Risk Exposure and Insurance. Stephen Wares EMEA Cyber Risk Practice Leader Marsh

Secure Thinking Bigger Data. Bigger risk?

Network Security & Privacy Landscape

Cyber Security: Protecting your business survey stats

Room for improvement. Building confidence in data security. March 2015

Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks

SOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT)

Information Security Incident Management Policy and Procedure

External Supplier Control Requirements

A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Meeting the Cyber Risk Challenge. Sponsored by

Transcription:

Cyber Risk Management A short guide to best practice Insight October 2014

So what exactly is 'cyber risk'? In essence, cyber risk means the risk connected to online activity and internet trading but also generally to the use of electronic systems and networks and the storage of personal data. Due to the prevalence of use and dependence upon electronic systems it is a growing risk that can affect all businesses, regardless of size. Accordingly, while cyberspace has revolutionised how many of us live and work, it is crucial to understand the threats that it brings with it. www.bonddickinson.com Cyber Risk Management October 2014 2

The risks: Implications of a cyber incident Cyber security is an increasingly high profile issue with cyber-crime now ranking alongside international terrorism as one of the top global threats. A primary objective of the UK Government's National Cyber Security Strategy is to make the UK a safer place to conduct business online. However, cyber incidents can range from hacking and virus transmission to theft or accidental loss of data. While external actors such as hackers often steal the headlines, problems can arise from internal sources such as malicious, or even just careless, employees or inadequately protected buildings and systems. The impact of a cyber incident can be significant and the potential costs immense, with wide-ranging implications: data loss - accidental loss or theft or copying of data breach of contract to third parties caused by the loss of data business interruption property damage personal injury extortion for example by a hacker damage to reputation copyright infringement libel. www.bonddickinson.com Cyber Risk Management October 2014 3

Prevention: Steps to manage cyber security and reduce the risks Determining the benefits of cyber security and knowing where to start are a significant challenge to many organisations. The UK Government has said that the majority of successful external cyber attacks could have been avoided by implementation of basic IT security such as firewalls and malware protection. Unfortunately as cyber criminals become increasingly sophisticated, it is often difficult to keep one step ahead of them. At a recent cyber seminar for the IT market, a leading software provider announced that there was no such thing as cyber security and that the focus instead should be on how quickly an attack can be identified in order to limit damage. Pro-active management of cyber risk at board level is critical in reducing the risks. Recommended measures include: identifying key information, data and systems and thoroughly assessing their vulnerability to attack allocating responsibility for cyber risk management appropriately having a clear information security policy in place and supporting this with staff training and reminders so the business can be confident that the entire workforce understands and follows it assessing the extent to which the business shares information with suppliers and clients and customers and how they protect the business' information and data acquiring better systems or updating existing systems to maintain security standards checking existing cover and buying appropriate levels of cyber cover to mitigate risks in the same way as other risks such as traditional property damage or errors and omissions cover are mitigated. Many organisations allow employees to use their own computers, tablets and smart phones for business purposes. This obviously increases the business's risk so IT provision should include ensuring that all devices used to handle business information have the same level of protection in place. By implementing the above, organisations can at least help to mitigate cyber incidents. When approaching the market for cyber insurance, one of the first questions the underwriters will often ask is what procedures are currently in place and what the business is doing about managing the risk. Insurers can demand that appropriate risk procedures are in place and implemented in order to reduce the risks of a cyber related incident. www.bonddickinson.com Cyber Risk Management October 2014 4

Mitigation: Steps to take on discovering a problem A cyber breach can be devastating for any business, with the effects ranging from operational disruption, liability to third parties, reputational damage and regulatory issues. These will all need to be dealt with quickly and effectively or order to limit further damage. It is crucial therefore to have a unified business-wide incident management process. A clear response strategy which staff understand and can implement promptly can not only help recover more quickly from an incident but can also help prevent future incidents. Many cyber insurance policies include a cyber incident management and response service following a data breach. While policies differ, this will often include expert IT, legal and PR support which will provide practical support in the form of technical forensic investigations, legal advice, notifying customers or regulators, and providing credit monitoring to affected customers. www.bonddickinson.com Cyber Risk Management October 2014 5

Insurance: Key considerations for insurers Cyber cover is a growing opportunity for the insurance market in the UK and Europe but in order for the industry to avoid being caught out, a clear understanding of the risks is necessary. The methods used by cyber criminals are evolving and society's dependence on being able to access data and use electronic systems is growing rapidly. Therefore the risks for insureds who do not take these issues seriously and consequently their insurers are significant too. Perhaps the biggest challenge for the industry is quantifying exposure to the risks given just how fast-evolving those risks are, coupled with the lack of historical data available. Market insiders warn that it is only a matter of time before a systemic cyber event brings down the internet or a sector in the economy and with it, widespread problems, liabilities and claims. Buyers of cyber insurance are also now spreading beyond financial, technology and healthcare companies, to include sectors such as retail, manufacturing and energy and small to medium-sized enterprises as well as large corporates. The trend is showing no sign of abating. Insurance products are evolving and responding to the increasing take up with new and developed offerings in the product line. However, the scope of its cover can vary enormously from policy to policy. As the field of cyber risk insurance matures, policies are becoming more specific and customisable. Accordingly, it is essential that businesses, their brokers and insurers consider the level of cover required so that the appropriate protection is provided and customers are not paying for unnecessary cover or leaving key gaps in cover. www.bonddickinson.com Cyber Risk Management October 2014 6

Here to help: Key contacts Andrew Kimble Partner Data Protection T:+44(0)845 415 8422 E: andrew.kimble @bonddickinson.com Justin Tivey Legal Director Insurance Claims T:+44(0)845 415 8128 E: justin.tivey @bonddickinson.com Andrew Parsons Managing Associate Dispute Resolution T:+44(0)845 415 8115 E: andrew.parsons @bonddickinson.com www.bonddickinson.com/cyber-risks www.bonddickinson.com Cyber Risk Management October 2014 7

www.bonddickinson.com Authorised and regulated by the Solicitors Regulation Authority for legal work. Bond Dickinson LLP is a limited liability partnership registered in England & Wales under no OC317661. This document is supplied to you in confidence and contains confidential information which if disclosed could result in a breach of confidence actionable by the firm or our clients and which would or would be likely to prejudice our commercial interests. As some of the information within the document is personal information about our staff and clients, disclosure of this without their consent could result in a breach by you of the Data Protection Act 1998. If you believe that you are under a legal obligation to disclose any of the contents of this document to a third party, we would ask that you let us know, ideally by contacting the Key Contact named in the document, or in their absence, with Andy Kimble in our Information Governance Team.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information