Network Security & Privacy Liability:

Similar documents
CYBER INSURANCE. Cyber Insurance and Gaps in Traditional Insurance. Cyber and E&O Team Willis FINEX North America

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group Ext. 7029

CAGNY Spring 2015 Meeting Fundamentals of Cyber Risk. Brad Gow June 9th, 2015 Endurance

Cyber Insurance Presentation

DATA BREACH, NETWORK SECURITY, CYBER LIABILITY, PRIVACY PROTECTION: ARE YOU INSURED?

Joe A. Ramirez Catherine Crane

GALLAGHER CYBER LIABILITY PRACTICE. Cyber Risk Exposures and Solutions

Managing Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal

Policy Considerations for Covering Special Exposures. Claire Lee Reiss Program Director National League of Cities Risk Information Sharing Consortium

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

Hit ratios are still very low for Security & Privacy coverage: What are companies waiting for?

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

NZI LIABILITY CYBER. Are you protected?

Anatomy of a Privacy and Data Breach

Data Breach and Senior Living Communities May 29, 2015

PANEL DISCUSSION: Cyber Risk Insurance. 19 March (Network Security & Privacy Insurance)

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer?

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014

CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY. October Sponsored by:

Cyber-Crime Protection

Cyber/ Network Security. FINEX Global

PROFESSIONAL RISK PRIVACY CLAIMS SCENARIOS

Willis Healthcare Practice 11 th Annual Forum July 10,2007. Managing and Insuring Risks in Network Privacy/Cyber Risk

Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance

Cyber Exposure for Credit Unions

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

CYBER RISK SECURITY, NETWORK & PRIVACY

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ

Privacy / Network Security Liability Insurance Discussion. January 30, Kevin Violette RT ProExec

Cyber Threats and the Insurance Response

Cyber Liability & Data Breach Insurance Claims

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Understanding the Business Risk

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

YOUR TRUSTED PARTNER IN A DIGITAL AGE. A guide to Hiscox Cyber and Data Insurance

Insuring Innovation. CyberFirst Coverage for Technology Companies

Surprisingly Competitive, as Carriers Seek Market Share

Cyber Risks in Italian market

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor

Is Cyber Insurance the Next Big Think? 2nd Digital Payments Summit - May Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor

EMERGING CYBER RISK CYBER ATTACKS AND PROPERTY DAMAGE: WILL INSURANCE RESPOND?

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS Data Breach : The Emerging Threat to Healthcare Industry

Cyber Insurance as one element of the Cyber risk management strategy

Beyond Data Breach: Cyber Trends and Exposures

Discussion on Network Security & Privacy Liability Exposures and Insurance

Cyber Liability & Data Breach Insurance Claims

Cyber Risk State of the Art

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability

CYBER & PRIVACY LIABILITY INSURANCE GUIDE

ISO? ISO? ISO? LTD ISO?

What would you do if your agency had a data breach?

CYBER/ NETWORK SECURITY

TECHNOLOGY ERRORS & OMISSIONS MARKET SURVEY 2008 PRIVACY CONCERNS DRIVE PRODUCT ENHANCEMENTS AND THE MARKET

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS

Data security: A growing liability threat

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec

Cyber Insurance: How to Investigate the Right Coverage for Your Company

Insurance & Risk Management Update: November 2011

Cyber Liability. AlaHA Annual Meeting 2013

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day

Embracing Cyber Risk: Insurance Solutions

How To Cover A Data Breach In The European Market

DATA BREACH COVERAGE

PRODUCT HIGHLIGHTS CYBER SECURITY LIABILITY

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

Coverage Made Simple(r)

Cyberinsurance: Insuring for Data Breach Risk

DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET

cyber invasions cyber risk insurance AFP Exchange

Data Breach and Cybersecurity: What Happens If You or Your Vendor Is Hacked

2015 PIAA Corporate Counsel Workshop October 22 23, 2015 Considerations in Cyber Liability Coverage

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Cyber Liability Insurance Who Pays When Your Data Goes Missing?

Practical Cyber Law: Why the Standard of Care Requires Lawyers to Have a Basic Understanding of Cyber Insurance

@ Metro FINANCE AND BUDGET COMMITTEE JULY 14,2010 SUBJECT: EXCESS LIABILITY INSURANCE PROGRAM FOR OPERATIONS PURCHASE EXCESS LIABILITY INSURANCE

Cyber Liability Insurance

Managing Cyber Risk through Insurance

How To Buy Cyber Insurance

CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY

erisks Policyholder s Guide to Privacy & Security Breach Response Planning

Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks

Are Data Breaches a Real Concern? Protecting Your Sensitive Information. Phillips Auction House NY- 03/24/2015

Privacy and Data Breach Protection Modular application form

Lost in Cyber Space? Cyber Risks and (Re-) Insurance

CYBER SECURITY SPECIALREPORT

Updates within Network Security and Privacy Risk Management

Lawyers Professional Liability Claims Trends: 2014

Internet Stolen: The Fastest Growing White Collar Crime

Managing Cyber & Privacy Risks

Michael Gaudet 2015 PHC 7/23/2015. Key Broker Challenges

Insurance for Professionals

Cyber/Information Security Insurance. Pros / Cons and Facts to Consider

Coverage is subject to a Deductible

STATE of the market ON CYBER RISK

Understanding the Cyber Risk Insurance and Remediation Services Marketplace:

Influence of Cyber Risk on the P&C Insurance Market

Transcription:

Network Security & Privacy Liability: An Overview of Loss Mitigation Concepts and Data Breach Response Services March 20 th, 2012 Brian Cole, Managing Director Professional Liability Specialty Practice

Overview of Topics Cyber Security Risk Recent Related News and Example Data Breaches Explanation of Cyber Liability Coverage Cyber Coverage Segments Examples of First Party Coverage Traditional and Non-Traditional First Party Coverage Triggers and Types of Data Covered 1 st Party Expense Coverage - Data Breach Response and Services Current State of the Cyber Liability Insurance Marketplace Premium Estimates, Market Size, Product Development Rates and Retentions Insurance Market Players and Potential Limits Current State of the Cyber Liability Reinsurance Marketplace 1

Cyber Security Risk Recent Cyber Related News and Data Breach Examples: Identity Theft is the fastest growing crime in the United States Incidents of cyber crime and hactivism are rampant today (The hacker group Anonymous ) Privacy Rights Clearinghouse reported that since 2005 more than 534 million personal records have been compromised In 2011, over 270 breaches have been reported involving 22 million sensitive personal records Examples: Two of the largest data breach in US history Sony shut down Playstation network for a month with over $170M expense and over 100 million email address records stolen Citigroup targeted by hackers that stole account information from over 300,000 customers Other recent breaches: (Epsilon, Bank of America, RSA Security ID, Google, Heartland, TJ Maxx, Lockheed Martin, TD Bank, Netflix, etc.) Largest Insured Loss to date $31M / Smallest $750K. This does not include Sony or Epsilon incidents 2

Cyber Security Risk Number of Data Breach Events by Year 250 200 150 100 50 0 2005-1 2005-2 2005-3 2005-4 2006-1 2006-2 2006-3 2006-4 2007-1 2007-2 2007-3 2007-4 2008-1 2008-2 2008-3 2008-4 2009-1 2009-2 2009-3 2009-4 2010-1 2010-2 2010-3 2010-4 2011-1 2011-2 2011-3 Source: Advisen MSCAd. Includes System security breaches, other lost and stolen data, phishing, etc. 3

Cyber Security Risk Percentage of Data Breach Events by Industry Segment Retail - Specialty, 4% Tech - IT Consulting & Services, 3% Education - Post Secondary, 14% Education - Elementary & Secondary, 3% Other, 32% Finance - Banks, Commercial, 5% Finance - Insurance, 3% Hotels Restaurants & Leisure, 5% Healthcare Providers & Services, 14% Government - Local, 8% Government - Federal, 9% Source: Advisen MSCAd. Includes System security breaches, other lost and stolen data, phishing, etc. 4

Explanation of Cyber Liability Coverage Cyber Coverage Segments: Third Party Cyber Coverage: Liability Liability (3 rd Party): Defense and settlement costs for the liability of the insured arising out of its failure to properly care for private data. First Party Cyber Coverage: Property and Theft Fines and Penalties (1 st Party): The cost to investigate, defend and settle fines and penalties that may be assessed by a regulator. Note: Coverage for Fines and Penalties was not offered under traditional cyber policy. Several Carriers recently added this coverage due to increased market competition and regulatory requirements for insureds. Property, Theft and Repair: (1 st Party): Response costs following a data breach, including investigation, public relations, customer notification and credit monitoring. This also includes coverage for the loss of income and expense caused by a system shutdown due to a breach. Note: The nature of the coverage and primary terms/conditions vary greatly between carriers 5

Explanation of Cyber Liability Coverage Examples of Traditional First Party Coverage: Business Interruptions or Denial of Service Attack: Covers loss of income and extra expense arising out of the interruption of network service due to an attack on the insureds network. Contingent Business Interruption: Covers loss of income and extra expense arising out of the interruption of network caused by a key service provider. 6

Explanation of Cyber Liability Coverage Examples of Non-Traditional First Party Coverage: Asset Loss Protection: Covers cost incurred to replace, restore or recollect data which has been corrupted or destroyed as a result of network security failure. Cyber Extortion: Coverage addresses threats made against insured by a third party that has illegally breached the covered network and is threatening to release sensitive data or release malicious code or virus unless paid extortion monies. Security Failure Notification Loss (Privacy Breach): Coverage offers reimbursement for compliance/regulatory expenses incurred under personal privacy and identity theft regulation (Regulation requirements vary by State) Crisis Management (Privacy Breach): Coverage offers reimbursement of expenses for insured to hire breach experts (Attorney, Public Relations, Forensic Specialist) to assist with resolving data breach, notifying insureds and identifying cause of breach. Note: Most carriers offer the above First Party coverage on a sub-limited basis. They are typically sub-limited to 20% - 40% of the Third Party Liability limits, however there are carriers that offer full policy limits for First Party business. 7

Explanation of Cyber Liability Coverage First Party Coverage Triggers: Coverage under a cyber policy can be triggered by the following: Failure to secure data Loss caused by an employee Employee checking e-mail at work and unknowingly downloads a virus or worm Employee conducting research online is redirected to website that automatically downloads virus or worm Acts by person other than insureds Loss resulting from the theft or disapperance of private property (such as data that resides on a stolen laptop or missing data storage media) Types of Data Covered by Cyber Liability Policy: An individual s personally identifiable information (PII) Non-public data (i.e. corporate information) Non-electronic data (i.e. paper records and printouts) 8

First Party Expense Coverage Property, Theft and Repair Data Breach Response Strategy: Prior to Data Breach A company should have a prepared plan on how to respond to a breach once detected and the resources that will be required. There are several risk management firms that offer various cyber tools and resources to firms such as: Assessment Surveys Breach notification guides Evaluation of insureds system and level of defense against hackers What-if modeling tools to estimate the cost of a breach Research tools to monitor the type, frequency and severity of incidents occurring in the companies business sector. Referral source to help find qualified third party experts in pre- and post-breach disciplines Note: The above risk management services are offered free by majority of Cyber Insurance Carriers. 9

First Party Expense Coverage Property, Theft and Repair Data Breach Response Strategy: Post Data Breach Identify The Problem: What happened. A small to med-size firm will need to hire a third party forensic and technical expert to help determine the root cause of the breach and the extent of the damage. Identify and Comply with Regulatory Requirements: Majority of US states have statutes outlining the requirements of a company in the event of a data breach and that all parties impacted by the event must be notified. With increased Privacy laws in 47 states (Breach Notice Laws) the notification cost can become enormous when you consider the thousands of clients that have to be notified (Example Sony with over 100 million registered users). A company should obtain outside legal counsel to ensure compliance with all applicable laws and regulations. Protecting the Customer: After customers have been notified that their data has been stolen, the firm will offer credit monitoring and recovery assistance. Offering these services will assist the firm with repairing its reputation and retaining clients. The cost of credit monitoring can range from $10 to $200 per customer, per year. 10

First Party Expense Coverage Property, Theft and Repair Data Breach Services Provided and Benefits: Several Insurance Carriers offer policyholders access to various risk management tools and data breach resources (i.e. Data Breach Team) to assist with mitigating and managing the rising expense of data breaches. Access to a panel of third party specialist to assist with data breach in all areas: Privacy Lawyers to assist in addressing the legal requirements of a breach Computer Forensic specialist to uncover exactly what happened Notification Service Providers to print, mail and e-mail notices to affected clients Credit monitoring, identity restoration and fraud response service providers Public Relations Specialist Benefits from Risk Management and Data Breach Services: More educated insureds with reduced loss potential for carrier Reduced expenses for insureds (Pre-nogotiated rates from service providers) The company s reputation and business is protected 11

State of the Cyber Liability Insurance Market Premium: Estimated Annual GWP $670 to $800 million (Total U.S CyberRisk Market) Coverage for organizations that offer products and services via the internet 1 st party or 3 rd party coverage products Coverage for technology companies Technology E&O Coverage for others Cyber Risk Vast majority of premium emanating from 3rd party product Competition increasing as new markets continue to enter space Several Carriers looking to carve out niche position by offering coverage for high risk exposure classes (i.e Schools/Universities, Hospitals, Large Retailers) Continues to be a discretionary purchase Estimates believed to include Technology E&O business 12

State of the Cyber Liability Insurance Market US Market Size - Written Premium by Size of Insured (Revenue) Less than $500M $500M - $750M $750M - $1B More than $1B 0.00% 5.00% 10.00% 15.00% 20.00% 25.00% 30.00% 35.00% 40.00% Source: Advisen MSCAd. 13

State of the Cyber Liability Insurance Market Product Development / Hot Topics Potential for a Catastrophic Loss involving multiple insureds remains unquantified Privacy coverage is driving the growth of the product in 2012 and 2013 Several Carriers currently in the market offering the following: Expanding 1 st Party Coverage to include system failure due to System Error, Power Outage and Administrative Errors Offering cyber coverage in package policy (i.e Management Liability) Due to new SEC reporting requirements for Public Companies Offer larger limits excess of $50,000,000 (largest cyber tower $175M in limits) Offer turnkey cyber endorsement that attaches to BOP or GL policy Exposure for smaller business growing due to greater reliance on internet to conduct business 14

State of the Cyber Liability Insurance Market Rates and Retentions: CyberRisk market showing signs of softness. This has been driven by: Good results since 2002 with small amount of loss activity (large data breaches reported in the news are either partially or not insured) Increased appetite from existing players Increased level of competition from new players; Rates flat to -5% for large limit ($15M to $25M) Cyber coverage and -5% to - 10% for smaller limit ($5M to $10M) Cyber coverage No signs of decrease in retentions or deductibles Deductibles generally 5% to 10% of limits purchased or equivalent to the E&O deductible (if purchased). Minimum deductibles are US $5,000 to $25,000 based on coverage purchased Minimum waiting period deductibles used for Business Interruption Coverage 15

State of the Cyber Liability Insurance Market Historical Rate (Price Per Million) Changes Cyber Liability Q1'11 Average Q1'11 Median Q2'12 TD Average Q2'12 TD Median 0.0% -1.0% 0.0% -2.0% -1.5% -1.6% -2.1% -3.0% -4.0% -4.0% -4.1% -4.1% -5.0% -6.0% -7.0% -8.0% -9.0% -8.5% -10.0% Primary Price Per Million Total Price Per Million Source: Marsh Insight Report 16

Cyber Liability Market Players and Potential Limits $15M to $25M Capacity ACE Allied World Axis Beazley Chartis Chubb Digital Risk Managers Ironshore Safeonline Travelers Zurich $10,000,000 Capacity Arch Aspen Brit CFC Underwriting CNA Crum & Forster Euclid Managers The Hartford Hiscox Liberty Markel Navigators One Beacon XL $5,000,000 or Less Capacity Admiral Barbican Syndicate Evanston Hartford Steam Boiler NAS Philadelphia Public Entity RLI Significant liability limits capacity exists; Limits offered from $1M to $25M on a primary or excess basis 17

State of the Cyber Liability Insurance Market Distribution of Total Cyber Risk Limits Purchased $50.0 $40.0 $30.0 $21.0 $20.9 $43.3 $27.8 $20.0 $10.0 $12.9 $10.0 $10.0 $17.0 $10.0 $10.7 $14.7 $10.0 $10.0 $10.0 $11.7 $17.1 $10.0 $15.0 $9.6 $15.8 $7.5 $10.0 $5.0 $22.5 $0.0 All Industries Communication, Media and Technology Healthcare Financial Institutions Retail/Wholesale All Other Average (all revenue all size) Average ($1B+) Median (all revenue all size) Median ($1B+) Source: Marsh Insight Report 18

State of the Cyber Liability Reinsurance Market Reinsurers remain interested in CyberRisk product Viewed by some as the way to grow Professional Liability portfolios Concerned with rate activity/pricing in highly competitive marketplace Reinsurers concerned over accumulation of 1 st Party Exposures across programs Potential for a Catastrophic loss involving multiple insureds remains unquantified Primary Carriers viewed as purchasing reinsurance coverage for increased protection from Catastrophic loss event Several large claims ranging from $5M to over $50M in the past few years; (Heartland, TJ Maxx, Citizens Financial, Nextran Group, First Bank, OmniAmerican Bank, Sony, Epsilon, Citibank, TD Bank, Netflix, etc.) Reinsurance market concerned over accumulation of 1 st Party Exposures Several reinsurers reducing capacity for new cyber treaties due to rate/pricing environment and large data breaches reported by the media. Reinsurance program have been renewing flat with little or no change in terms All Stand alone Reinsurance Cyber Programs include several types of limitations: (i.e. Limit, premium, loss event caps, etc). 19

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information