INSURANCE CYBER RISK Tine Olsen, Willis

Similar documents
CYBER RISK SECURITY, NETWORK & PRIVACY

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

Managing Cyber Risk through Insurance

Mitigating and managing cyber risk: ten issues to consider

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

Cyber/ Network Security. FINEX Global

How To Cover A Data Breach In The European Market

Cyber and Data Security. Proposal form

NZI LIABILITY CYBER. Are you protected?

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

Airmic Review of Recent Developments in the Cyber Insurance Market. & commentary on the increased availability of cyber insurance products GUIDE

CYBER/ NETWORK SECURITY

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

THE ANATOMY OF A CYBER POLICY. Jamie Monck-Mason & Andrew Hill

The potential legal consequences of a personal data breach

ISO? ISO? ISO? LTD ISO?

Joe A. Ramirez Catherine Crane

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection

Cyber Risks in Italian market

CYBER INSURANCE. Cyber Insurance and Gaps in Traditional Insurance. Cyber and E&O Team Willis FINEX North America

An Introduction to Cyber Liability Insurance. Catherine Berry Senior Underwriter

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection

Cyber Risk Management

Cybersecurity y Managing g the Risks

Cyber and data Policy wording

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW TECHNOLOGY AND TELECOM COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Navigating Cyber Risk Exposure and Insurance. Stephen Wares EMEA Cyber Risk Practice Leader Marsh

Cyber Insurance Presentation

Managing Cyber Threats Risk Management & Insurance Solutions. Presented by: Douglas R. Jones, CPCU, ARM Senior Vice President & Principal

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

Cyber Liability. What School Districts Need to Know

Making Sense of Cyber Insurance: A Guide for SMEs

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Understanding Professional Liability Insurance

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS

CYBER RISK INSURANCE. Presented By: Jonathan Healy

Understanding the Business Risk

Our specialist insurance services for Professionals risks

What is Cyber Liability

DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

Privacy and Data Breach Protection Modular application form

Rogers Insurance Client Presentation

National Corporate Practice. Cyber risks explained what they are, what they could cost and how to protect against them

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS

Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance

Discussion on Network Security & Privacy Liability Exposures and Insurance

Tools Conference Toronto November 26, 2014 Insurance for NFP s. Presented by Paul Spark HUB International HKMB Limited

Information and Communication Technology, Cyber and Data Security

CyberEdge. Desired Coverages. Application Form. Covers Required. Financial Information. Company or Trading Name: Address: Post Code: Telephone:

Cyber Risks and Insurance Solutions Malaysia, November 2013

Cyber Threats: Exposures and Breach Costs

ACE European Risk Briefing 2012

Cyber Liability Insurance: It May Surprise You

How-To Guide: Cyber Security. Content Provided by

Embracing Cyber Risk: Insurance Solutions

Covenants to Insure in Commercial Agreements. In House Training Seminar Presented by Satinder K. Sidhu March 8, 2013

What would you do if your agency had a data breach?

CGI Cyber Risk Advisory and Management Services for Insurers

Cyber Risk Insurance for Agents. Frequently Asked Questions

Technology, Privacy and Cyber Protection Modular application form

Implementing Electronic Medical Records (EMR): Mitigate Security Risks and Create Peace of Mind

Cyber Threats and the Insurance Response

Insurance implications for Cyber Threats

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014

Privacy Rights Clearing House

HCC International Information and Communication Technology

Cyber-insurance: Understanding Your Risks

NCUA LETTER TO CREDIT UNIONS

Network Security & Privacy Landscape

Cutting through the insurance jargon!

Transcription:

INSURANCE CYBER RISK 18.06.2013 Tine Olsen, Willis

CYBER RISICI Agenda: Introduction to Willis What are Cyber risks? Exposure and cases Risk management Risk transfer Insurance Closure and questions 1

Part 1 WILLIS

WILLIS DENMARK The largest insurance broker in Denmark Partner-owned company ( Willis International is majority shareholder) 6 locations and more than 470 employees Manage more than DKK 9 billions in premiums Øvrige 25% Willis 38 % Marsh 15% AON 22 % Andel af FMF s omsætning i DK 3

WILLIS INTERNATIONAL Key figures +400 offices Roughly 17.000 employees in 110 countries +600 Multinational costumers Premium volume > 30 billions USD 4

Part 2 WHAT ARE CYBER RISKS?

CYBER RISKS CYBER RISK Cyber risk can be defined as the risk connected to activity online, internet trading, electronic systems and technological networks, as well as storage of personal data HACKER ATTACK DATA BREACH VIRUS TRANSMISSION CYBER EXTORTION EMPLOYEE SABOTAGE NETWORK DOWNTIME MULTIMEDIA LIABILITY HUMAN ERROR

RELIANCE ON THE INTERNET 73 % OF THE EUROPEAN COMPANIES 7

CHARACTERISTIC One-man hacker Organized Hacker Crime- Associations Hacktivists Spy Whom? How? DDoS Malware/virus/botnets Hacking Espionage via hacking Theft of computers/smartphones Money (directly/indirectly) Personal/business data Public attention Extortion Vandalism Gain? Target All companies can be a target - its just a matter of how and when. 8

Part 3 EXSPOSURE

EKSPOSURE Any company and organisation that Stores Personal Identifiable information Are reliant on: Digital info FACES CYBER RISKS Webpages The internet / Networks/ Computers 10

EXPOSURE IN FEBRUARY 2013, PRESIDENT OBAMA DECLARED THAT THE CYBER THREAT IS ONE OF THE MOST SERIOUS ECONOMIC AND NATIONAL SECURITY CHALLENGES WE FACE AS A NATION AND THAT AMERICA'S ECONOMIC PROSPERITY IN THE 21ST CENTURY WILL DEPEND ON CYBER SECURITY. In Denmark One of the 10 biggest risks. April 2013 - the Danish Emergency Management Agency (Beredskabsstyrelsen) declared that Cyber-attacks are among the top 10 biggest threats for Denmark! 11

WILLIS FORTUNE 500 CYBER DISCLOSURE REPORT, 2013 This report on the Willis Public Company Cyber Exposure Disclosure Study with a Focus on the Fortune 500 (Study) highlights three key disclosure areas in the SEC s guidance: The significance of the organization s cyber exposures and how these are qualified How the exposures are likely to manifest themselves What the company is doing to mitigate these risks. COMPANIES THAT SAID THEY WERE EXPOSED TO CYBER RISK WERE SPECIFIC AS TO THE TYPE OF CYBER RISKS THEY ARE FACING 95% OF THE TIME. THE TOP THREE RISKS IDENTIFIED BY THE FORTUNE 500 ARE: 1) LOSS OR THEFT OF CONFIDENTIAL INFORMATION: 65% 2) LOSS OF REPUTATION: 50% 3) DIRECT LOSS FROM MALICIOUS ACTS (HACKERS, VIRUSES ETC.): 48 %. THESE RISKS ARE CLOSELY FOLLOWED BY EXPOSURE TO LIABILITY FOR SYSTEM BREACHES OR FAILURES (40%). 12

WILLIS FORTUNE 500 CYBER DISCLOSURE REPORT, 2013 The companies that used a term such as critical to describe their cyber risk seem not to have any particular relationship to one another (e.g., an auto manufacturer, a food and drink company, a distributor of petroleum products, two utilities, a large machinery manufacturer, a health care insurer, a life insurance company and a computer manufacturer). QUANTIFYING CYBER RISK Our study found that: 38% disclosed that a potential cyber event might impact or adversely impact the business An additional 36% (180 companies of 500) may face material harm to their businessdue to cyber attacks 2% (12 companies) specified their potential cyber risk as critical 13

CASES - DENMARK April 2013: Ddos in DK: Patient data social security numbers Virus attack - Danish municipality DDoS attack Danish Travel site 14

CASES - INTERNATIONAL Hacking Tax division South Carolina US Media Company Lost a laptop counselling 15

The EFFECT Dissatisfied costumers Claim for damages / compensation Bad public attention PR costs/crisis management costs Loss of data Loss / notification Uncertainty Extortion Lock-out Data recovery Work barriers Consultant costs (legal/it/forensic) 16

Part 4 RISK MANAGEMENT

RISK MANAGEMENT 18

RISK MANAGEMENT Analyse your risks Describe your risk strategi Implementing risk solutions Monitor the performance Transfer your risks 19

Part 5 CYBER INSURANCE

CYBER INSURANCE A cyber Insurance provides coverage for a double burden: - Hacking - Virus or Ddos - Extortion - Theft of data Security - Fines/penalties - Company loss - Violations of sanctions - Loss of data Primarily first party loss Netbankbanking PR Data - Distribution of false information - Wrong information on webpages. Liability Primarily third partyloss /claims made against the company - Privacy violation, - Disclosure of business information - IPR Infringement - Service failure 21

CYBER INSURANCE What is generally covered by a cyber insurance? Defence costs Liability regarding to: - Publication of personal data / breach of privacy law - Unintentional distribution of confidential information and trade secrets - Transfer of virus to an other computer or network Repair of reputation Notification costs Recovery costs Investigation costs Business interruption Extensions: - Intellectual property infringement (e.g. unintentional deep-linking or framing ). - Publication of credit card information - Extortion (Ransom) - Electronic theft (e.g. Internet banking) - Monitoring - Multimedia liability 22

CYBER INSURANCE Exclusions What is generally not covered? Prior or pending claims Conduct Improvement costs Bodily Injury and property damage Contractually liability Business interruption caused by other things than the listed cyber incidences. Violation of patent-rights. Unauthorised trading Unlawfully collected data Contractual liability 23

CYBER INSURANCE Take notice off: How is the insurance adaptable for you business?. Which extensions are relevant for you? Is there an emergency team / a hotline? Does it give you coverage to investigate the incidents? NO EXCLUSION FOR : Terror Hammer clause Employees mistakes Employees criminal act Infringement of intellectual property Contractual liability (unless there is a carve back) Does it provide coverage for professional fee of independent advisors (e.g. legal advice, cyber risk specialists) 24

Benchmark Revenue ($) Limit ($) Deductible ($) Insurance 45,000,000,000 40,000,000 1,000,000 E&O, Cyber 25,000,000,000 150,000,000 5,000,000 Cyber 24,000,000,000 50,000,000 1,500,000 Cyber 22,000,000,000 80,000,000 5,000,000 Cyber 21,000,000,000 30,000,000 2,500,000 Cyber 16,800,000,000 20,000,000 1,000,000 Cyber 15,256,230,000 25,000,000 1,000,000 Cyber 15,000,000,000 50,000,000 1,000,000 Cyber 13,794,000,000 60,000,000 1,000,000 Cyber 12,000,000,000 5,000,000 250,000 Cyber 5,000,000,000 25,000,000 500,000 Cyber 25

Part 6 CLOSURE AND QUESTIONS

For further information contact: FINEX Head of FINEX in Willis: Klaus Stubkjær Andersen Phone: 88139565 or e-mail: ksa@willis.dk Legal Consultant in FINEX Tine Olsen Phone: 88139431 or e-mail: tio@willis.dk Visit www.willis.dk

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information