Insurance as a vital part of cyber risk management

Similar documents
Cyber/ Network Security. FINEX Global

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor

Embracing Cyber Risk: Insurance Solutions

CYBER RISK SECURITY, NETWORK & PRIVACY

Mitigating and managing cyber risk: ten issues to consider

Data Breach and Senior Living Communities May 29, 2015

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014

NZI LIABILITY CYBER. Are you protected?

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

CYBER/ NETWORK SECURITY

Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks

How To Cover A Data Breach In The European Market

Protecting your business from cyber crime and data loss. November 2014

Be Afraid, Be Very Afraid!!! Hacking Out the Pros and Cons of Captive Cyber Liability Insurance

Privacy Liability & Data Breach Management Nikos Georgopoulos 1 st Athens Privacy & Data Breach Management Conference

Updates within Network Security and Privacy Risk Management

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Cyber Insurance as one element of the Cyber risk management strategy

Cyber Threats: Exposures and Breach Costs

Managing Cyber Risk through Insurance

Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

Cyber Risks in Italian market

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Insurance for Data Breaches in the Hospitality Industry

Cyber and Data Security. Proposal form

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

Network Security & Privacy Landscape

Cyber Risks and Insurance Solutions Malaysia, November 2013

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

Cyber Insurance Presentation

Is Cyber Insurance the Next Big Think? 2nd Digital Payments Summit - May Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group Ext. 7029

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

Cyber Threats and the Insurance Response

YOUR TRUSTED PARTNER IN A DIGITAL AGE. A guide to Hiscox Cyber and Data Insurance

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS Data Breach : The Emerging Threat to Healthcare Industry

Understanding the Business Risk

ACE European Risk Briefing 2012

4/30/2015 CYBER LIABILITY AND AVIATION AGENDA LEARNING OBJECTIVES. Presented by Hal Hunt May 3, 2015

How-To Guide: Cyber Security. Content Provided by

Privacy / Network Security Liability Insurance Discussion. January 30, Kevin Violette RT ProExec

Insulate Your Company from a Cyber Breach: Proactive Steps to Minimize Breach Risks & Impact. February 10, 2015

9/13/2011. Miscellaneous Current Topics in Healthcare Professional Liability. Antitrust Notice. Table of Contents. Cyber Liability.

Cybercrime: risks, penalties and prevention

CyberEdge. Desired Coverages. Application Form. Covers Required. Financial Information. Company or Trading Name: Address: Post Code: Telephone:

THE ANATOMY OF A CYBER POLICY. Jamie Monck-Mason & Andrew Hill

Insurance implications for Cyber Threats

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability

Practical Cyber Law: Why the Standard of Care Requires Lawyers to Have a Basic Understanding of Cyber Insurance

cyber invasions cyber risk insurance AFP Exchange

Anatomy of a Privacy and Data Breach

Coverage is subject to a Deductible

Cyber-Crime Protection

Managing Cyber & Privacy Risks

Cyber Liability Insurance Data Security, Privacy and Multimedia Protection

Cyber Risk in Healthcare AOHC, 3 June 2015

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

Aftermath of a Data Breach Study

Allianz Global Corporate & Specialty. Cyber Risks. Recent Trends. AIRMIC 15 th June 2015

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer?

Cyber Liability Insurance

Cyber Insurance: How to Investigate the Right Coverage for Your Company

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ

Specialist insurance and risk implications for prepaid an update. Prepaid International Forum Osborne Clarke London Thursday 9 th February 2012

CAGNY Spring 2015 Meeting Fundamentals of Cyber Risk. Brad Gow June 9th, 2015 Endurance

Cutting through the insurance jargon!

CYBER & PRIVACY INSURANCE FOR FINANCIAL INSTITUTIONS

Cyber and data Policy wording

Cyber Risk Management

The potential legal consequences of a personal data breach

How To Protect Your Data From Hackers

2015 Global Cyber Impact Report

Cyber Security Issues - Brief Business Report

Possibilities and limits of cyber risks insurance

Network Security & Privacy Landscape

Making Sense of Cyber Insurance: A Guide for SMEs

The Data Breach: How to stay defensible before, during and after the incident. Alex Ricardo, CIPP/US Breach Response Services

ISO? ISO? ISO? LTD ISO?

Cybersecurity: Emerging Legal Risks

Cyber/Information Security Insurance. Pros / Cons and Facts to Consider

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

How To Buy Cyber Insurance

DATA BREACH: hy you should care!

Cyber Liability & Data Breach Insurance Claims

Airmic Review of Recent Developments in the Cyber Insurance Market. & commentary on the increased availability of cyber insurance products GUIDE

Canadian Access Federation: Trust Assertion Document (TAD)

Is Your Financial Institutions' Insurance Policy vulnerable to a cyber claim? Joan D Ambrosio, James Cooper and Kim West 22 January 2014

Impact of Data Breaches

THE DATA BREACH: How to stay defensible before, during and after the incident. after the incident.

T H E R E A L C O S T O F A D ATA B R E A C H

Cybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP

Discussion on Network Security & Privacy Liability Exposures and Insurance

Cyber Liability. What School Districts Need to Know

Rogers Insurance Client Presentation

Transcription:

Insurance as a vital part of cyber risk management David Dickson Head of European Technology and Cyber Safeonline LLP Lauris Klavins International Business Development manager IIZI brokers, SIA CyberChess Riga 06 th October 2016

Coming up 1. Cyber Risk a) The cause for concern b) Increasing importance of data and systems c) What are the cyber risks? d) What are the costs? 2. Demystifying Cyber Insurance a) What does it cover? b) Why are traditional insurance policies not enough? c) Who is the insurance for? 3. Insurance and cyber risk management 4. European General Data Protection Regulation (GDPR) 5. Questions & Answers

Cyber Risk

The cause for concern 10% of the data we have now was created pre-2014 90% of the world s data was created in just the past 2 years 90% of our data was created in the last two years By 2020?

The cause for concern by 2020, the volume of data we have will increase by 50 times

Increasing importance of data and systems From what Americans were talking about in 2014 on Twitter

Increasing importance of data and systems To the Earth s wind maps

Increasing importance of data and systems And even the world s largest data breaches. www.informationisbeautiful.net

Increasing importance of data and systems Email address: Password: Address: David.Dickson@Safeonline.com Password123 80 Leadenhall Street, London, EC3A 3DH Phone Number: 02079544409 Bank Account No: 12345678 Sort code: 01-02-03 Medical info: Broken wrist!

Increasing importance of data and systems Proliferation of data Technology and Innovation Reliance on networks and systems Risk and Exposure 46% of global population now online > 200,000,000,000 emails sent every day 87% of the world s population use mobile devices

So, what are the cyber risks for our data and systems?

Increasing importance of data and systems Triggers for cyber losses Hacking DDoS attacks Malware Extortion Social engineering Cyber Terrorism Malicious or criminal attack 41% System Glitch 29% Software bug Error in coding Human error Operational Errors 30% Rogue employees Loss or theft of devices Loss or theft of documents

What are the costs? Legal costs 100 300 per hour Call Centre Costs 25 per call IT Forensic costs 150 700 per hour Notification costs 3 per record Source: IDT911 (2016) Crisis management 100 350 per hour Credit and fraud monitoring 8 95 per person Identity theft resolution 400 per case

INDUSTRY What are the costs? Cost of Data Breach, per record Healthcare Education Pharmaceutical Financial Communications Retail Industrial Services Consumer Energy Hospitality Technology Media Research Transportation Public $363 $300 $220 $215 $179 $165 $155 $137 $136 $132 $129 $127 $126 $124 $121 $68 $0 $50 $100 $150 $200 $250 $300 $350 $400 Cost per record lost (USD) Data based on results from 350 companies across 11 countries Average: $169 Source: Ponemon Institute, 2015 (Cost of data Breach Study: Global Analysis)

What are the costs? Crisis and Event Management Security and system failures Network, system and data restoration Notification and call centre costs Fraud and extortion consultation IT forensics PR and reputational harm expenses Credit and Identity theft monitoring costs Financial Loss Business interruption and increased cost of working Cybertheft and extortion Fines and penalties, including PCI-DSS Reputational damage Liability Privacy liability Security liability Intellectual property and content liability Legal Expenses Specialist breach response teams Misconcepti ons about the word cyber Pre-, duringand postbreach services Insured and OSPs

Why are traditional insurance policies not enough? General liability: no trigger through a third-party action (e.g. hacker), and only covers tangible, physical damages, rather than that to data. Professional liability: covers financial damages resulting from a failure of defined professional services only. Property insurance: covers tangible property; not in-tangible (i.e. data). Loss must be caused by a physical peril while perils to data are viruses, hackers, system glitches and employee errors.

Who is it for? Anyone relying on a network or system Anyone storing or processing data Anyone with a presence online Lawyers, accountants, financial institutions, government entities, logistics, telecoms, pharmaceutical, IT, retailers & wholesalers, technology, software designers, education, healthcare, architects, engineers, manufacturing, transportation, hospitality, IFAs, utilities, event management, recruitment, charities, housing associations, consumer associations, media, gambling, gaming, online services, military etc etc etc

Who is it for? Hackmageddon.com August 2016 Targets included: - Yahoo - Klimpton Hotels and Restaurants - Dropbox - Cincinnati Zoo director s twitter - Playstation network - Philippines Department of Justics - Leagues of Legends game - Brazilian Government - Twitter - Instagram - Australian Swimming Team s website - Natwest - World Anti-Doping Agency (WADA) - Donald Trump and Hilary Clinton - New York Times - Bank of Israel - New York State Psychiatric Institute - And over 100 more

Who is it for? Not just large companies Around two thirds of all targeted cyber attacks have been at SMEs SME reliance on OSPs. Almost 75% of reported breaches stem from a trusted connection Average cost of a cyber incident compared to revenue is high; both financial and reputational. Tried and tested BCPs and DRPs? SMEs are greater target due to weaker system and data protection Paper documents

Who is it for? Not just US companies In a recent Lloyd s study of 346 European companies, 92% had had a data breach in the last 5 years It is a matter of when not if a business becomes a victim of a cyber breach or attack Current lack of notification requirements, except for telecoms companies and internet service providers Breaches will become more widely notified under the new EU legislation changes Source: Lloyds (2016) Facing the cyber risk challenge

European General Data Protection Regulation (GDPR) Full implementation for all EU member states by 25 th May 2018 Strict obligations on companies, operating within the EU or any entity providing goods or services to an EU data subject 72 hour regulatory notification requirement to local Data Protection Authority and to individuals if their fundamental rights (i.e. rights to privacy, and to be forgotten) are affected Maximum fines of 4% of global annual turnover, or 20,000,000 whichever is higher Only 425 working days until full compliance is required

Cyber insurance and cyber risk management Cyber Insurance Cyber Risk Management

Internal Cyber Risk Management the known costs Firewalls Antivirus Specialist software Encryption User Training Device management Monitoring Regular updates Cyber Risk Management Procedures, processes and policies BCPs Incident and response planning DRPs Managing user privileges Passwords Home and remote working

Overall Cyber Risk Management the unknown costs Restoration costs Notification Fraud costs consultation Crisis Management Cyber Risk Management Privacy liability Extortion Liabilities Security liability Intellectual property liability Fines and penalties Credit / ID monitoring PR expenses IT forensics Legal representation Business interruption Financial Loss Increased cost of working

So how and where does a cyber insurance policy fit in here? Cyber Insurance Cyber Risk Management

Overall Risk Management Cyber Insurance Policy Unknown Costs Cyber Risk Management Enables entire cyber risk management programme to be budgeted for Financial protection from unknown costs Rapid response from specialist crisis response teams Pre-, during-, and postbreach services The cyber insurance policy will only cost a fraction of the overall spend on cyber risk management

Insurance as a vital part of cyber risk management David Dickson Head of European Technology and Cyber Safeonline LLP Email: david.dickson@safeonline.com Office: +44 (0) 207 954 4409 Mobile: +44 (0) 797 168 8769 Address: 80 Leadenhall Street, London, EC3A 3DH Website: www.safeonline.com Lauris Klavins International Business Development manager IIZI Brokers SIA Email: lauris.klavins@iizibrokers.lv Office: +371 263 772 64 Mobile: +371 263 772 64 Address: Vienibas gatve 109, Riga, LV-1058 Website: www.iizi.lv Any questions? CyberChess Riga 06 th October 2016

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information