The New Frontier of Cyber Liability. Presented by John M. Link, CPCU July 15, 2014

Similar documents
Internet Gaming: The New Face of Cyber Liability. Presented by John M. Link, CPCU Cottingham & Butler

Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements

GALLAGHER CYBER LIABILITY PRACTICE. Tailored Solutions for Cyber Liability and Professional Liability

Data Breach and Senior Living Communities May 29, 2015

Data breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd

Cyber Risk Insurance for Agents. Frequently Asked Questions

Data breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC

RISKY BUSINESS SEMINAR CYBER LIABILITY DISCUSSION

Reducing Risk. Raising Expectations. CyberRisk and Professional Liability

ISO? ISO? ISO? LTD ISO?

Data Breach Cost. Risks, costs and mitigation strategies for data breaches

SINGAPORE HEALTHCARE ENTERPRISE RISK MANAGEMENT CONGRESS Data Breach : The Emerging Threat to Healthcare Industry

Cyber Threats: Exposures and Breach Costs

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ

Data Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com

NZI LIABILITY CYBER. Are you protected?

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014

Managing Cyber Risk through Insurance

Managing Cyber & Privacy Risks

Cyber Liability. AlaHA Annual Meeting 2013

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

9/13/2011. Miscellaneous Current Topics in Healthcare Professional Liability. Antitrust Notice. Table of Contents. Cyber Liability.

cyber invasions cyber risk insurance AFP Exchange

Protecting Your Assets: How To Safeguard Your Fund Against Cyber Security Attacks

Rogers Insurance Client Presentation

Willis Healthcare Practice 11 th Annual Forum July 10,2007. Managing and Insuring Risks in Network Privacy/Cyber Risk

Joe A. Ramirez Catherine Crane

IRONSHORE SPECIALTY INSURANCE COMPANY 75 Federal St. Boston, MA Toll Free: (877) IRON411

Privacy Legislation and Industry Security Standards

Cyber Liability. What School Districts Need to Know

SMB Data Breach Risk Management Best Practices. By Mark Pribish February 19, 2015

APPLICATION FOR TECHNOLOGY & PRIVACY PROFESSIONAL LIABILITY

Managing Your Cyber & Data Risk 2010 NTA Convention Montreal, Quebec

Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day

CYBER INSURANCE. Cyber Insurance and Gaps in Traditional Insurance. Cyber and E&O Team Willis FINEX North America

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Cyber Insurance Presentation

Cyber-Crime Protection

Privacy Rights Clearing House

Cyber and data Policy wording

Network Security & Privacy Landscape

Cyber Threats and the Insurance Response

MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

YOUR TRUSTED PARTNER IN A DIGITAL AGE. A guide to Hiscox Cyber and Data Insurance

Allianz Global Corporate & Specialty. Cyber Risks. Recent Trends. AIRMIC 15 th June 2015

Cyber Liability. Michael Cavanaugh, RPLU Vice President, Director of Production Apogee Insurance Group Ext. 7029

INFORMATION SECURITY & PRIVACY INSURANCE WITH BREACH RESPONSE SERVICES

Cyber and Privacy Risk What Are the Trends? Is Insurance the Answer?

DATA BREACH BREAK DOWN LESSONS LEARNED FROM TARGET

Coverage is subject to a Deductible

Cyber/ Network Security. FINEX Global

Cyber, Security and Privacy Questionnaire

Updates within Network Security and Privacy Risk Management

Understanding Professional Liability Insurance

CAMBRIDGE PROPERTY & CASUALTY SPECIAL REPORT

Network Security and Data Privacy Insurance for Physician Groups

Discussion on Network Security & Privacy Liability Exposures and Insurance

Making Sense of Cyber Insurance: A Guide for SMEs

Enterprise PrivaProtector 9.0

Cyber Insurance What is it? Should your bank purchase it? Roberta D. Anderson Partner, K&L Gates LLP

INFORMATION SECURITY AND PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY COVERAGE. I. GENERAL INFORMATION Full Name:

Cyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor

Network Security & Privacy Landscape

Insurance implications for Cyber Threats

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

Retail Roundtable: Payment System Cyber Attacks Preparing, Protecting, and Responding. June 11, 2014

Cyber Risk in Healthcare AOHC, 3 June 2015

Beyond Data Breach: Cyber Trends and Exposures

Cyber Insurance: How to Investigate the Right Coverage for Your Company

CYBER RISK SECURITY, NETWORK & PRIVACY

2015 PIAA Corporate Counsel Workshop October 22 23, 2015 Considerations in Cyber Liability Coverage

Cyber Exposure for Credit Unions

CYBER LIABILITY. Bring on tomorrow. Network Security and Privacy. May 15, 2014

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

WFG Title Agents Insurance Program wfgagents.usi.biz

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES

Embracing Cyber Risk: Insurance Solutions

DATA BREACH COVERAGE

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. rny@crlaw.com Phone: (336)

Zurich Security And Privacy Protection Policy Application

CYBER 3.0. CUTTING-EDGE ADVANCEMENTS IN INSURANCE COVERAGE FOR CYBER RISK AND REALITY SFOR005 Speakers:

Cyber Insurance as one element of the Cyber risk management strategy

4/30/2015 CYBER LIABILITY AND AVIATION AGENDA LEARNING OBJECTIVES. Presented by Hal Hunt May 3, 2015

What would you do if your agency had a data breach?

Cyber Risks and Insurance Solutions Malaysia, November 2013

Don t Be a Victim to Data Breach Risks Protecting Your Organization From Data Breach and Privacy Risks

THE ANATOMY OF A CYBER POLICY. Jamie Monck-Mason & Andrew Hill

CYBER-LIABILITY COVERAGE: The $ 45 Million Dollar Exposure

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Cyber-insurance: Understanding Your Risks

INFORMATION SECURITY & PRIVACY INSURANCE WITH ELECTRONIC MEDIA LIABILITY APPLICATION

Cyber Liability Insurance: It May Surprise You

GENOA, a QoL HEALTHCARE COMPANY GENOA ONLINE SYSTEM TERMS OF USE

How To Cover A Data Breach In The European Market

Mitigating and managing cyber risk: ten issues to consider

Nine Network Considerations in the New HIPAA Landscape

Understanding. your Cyber Liability coverage

An Introduction to Cyber Liability Insurance. Catherine Berry Senior Underwriter

Cyber-Technology Policy Comparisons

Transcription:

The New Frontier of Cyber Liability Presented by John M. Link, CPCU July 15, 2014 1

Presenter John M. Link, Vice President 563-587-5288 jlink@cottinghambutler.com If you have questions following today s presentation, please contact John directly at jlink@cottinghambutler.com. 2

Target 3

Target Data Breach by the Numbers 40 million The number of credit and debit cards thieves stole from Target between Nov. 27 and Dec. 15, 2013. 70 million The number of records stolen that included the name, address, email address and phone number of Target shoppers. 46 % The percentage drop in profits at Target in the fourth quarter of 2013, compared with the year before. $200 million Estimated dollar cost to credit unions and community banks for reissuing 21.8 million cards about half of the total stolen in the Target breach. $100 million The number of dollars Target says it will spend upgrading their payment terminals to support Chip-and-PIN enabled cards. $1 Billion The total costs including government fines expected to be paid by Target May 2014, KrebsOnSecurity 4

What do we need to know? As Risk Managers, internet access presents us new and dynamic exposures which we need to properly manager As businesses rely more and more on data storage, our responsibility is to protect that data In 2013, the average cost incurred by a company due to a data breach was $188/record.with malicious attack costs running 1.5x higher* 40% of all breaches occur in companies with less than 1,000 employees** *Ponemon 2013 Cost of Data Breach Study** Verizon 2013 Data Breach Investigations Report 5

What is Cyber Liability? Cyber liability is becoming the common phrase for network & privacy liability that affects all businesses. Also know as information liability, it includes: Network Liability unauthorized access / use of an entity s network. Employees, trusted third parties, or outsiders can steal identity information, critical business information, transmit malicious code, and participate in a denial of service attack to name a few. The risk includes paper documents and electronic media. Third Party Liability / Risk responsibility to others First Party Liability / Risk - what can happen to you Privacy Liability violation of privacy laws or regulations that permit individuals to control the collection, access, transmission, use, and accuracy of their personally identifiable information. Includes personally identifiable non-public information and confidential corporate data 6

What are the Threats? 1. Unauthorized Access to or Use of your data or software 2. Computer viruses that damage or impair your data or covered systems 3. Attacks on covered systems resulting in the inability to perform or gain access to e- business activities 4. Libel, slander, disparagement, copyright infringement and public disclosure of private information 5. Theft of money, securities, data, software or computer resources 6. E-business extortion 7. Loss of reputation 8. Loss of Income from operations 7

What are the Regulations? Federal Laws 1. Gramm-Leach-Bliley Act 2. HIPAA 3. Sarbanes-Oxley Act 4. Fair Credit Reporting Act 5. Children s Online Privacy Protection Act of 1988 6. E-SIGN (Electronic Signatures in Global and National Commerce Act) 7. FISMA (Federal Information Security Management Act of 2002) 8. Homeland Security Act of 2002 9. Privacy Act of 1972 8

What are the Regulations? State Laws 1. Forty-six states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information. 2. 7 states have their own privacy laws 3. 19 have data disposal laws 9

What are the Regulations? Reporting Requirements in Event of Data Breach 1. Notification to State Attorneys General of Data Breach 2. Individual State Reporting Requirements 3. Notice to the Secretary of Health & Human Services (HHS) 4. Breach Reporting to the US Secret Service 5. Card Brand Reporting 10

Claim Examples Cyber exposures and claims: 1. Conference attendees noticed suspicious charges after staying at a Hotel. Forensic investigation discovered a data breach. 1 st party and 3 rd party claims. 2. A hospital upgraded IT system for patient tracking system. Data backed up to external hard drive which was stolen from IT vendor. Significant notification expenses which was into six figure costs. 3. Credit card vendor hired by retailer incurred a data breach. Liability of notification passed onto retailer. 11

Addressing the Threats 1. Design and set up proper platforms 2. Work with experts on the technology needed 3. Hire the right people with the right experience to manage the systems 4. Have a sound infrastructure in place for financial transactions 5. Develop appropriate contracts with liability transfer and hold harmless provisions outsourcing does not necessarily eliminate all risk. 6. Transfer risk with your insurance policy 12

Outsourcing Business Insurance Survey, 2013: No Worries We are Outsourcing! Data breaches were more likely to occur when the data has been outsourced, according to 70% of the surveyed businesses. At least 85% of the companies responding to the survey reported that they share customer and employee records with third parties by providing billing, payroll, employee benefits, Web hosting, or other information technology services. Despite this outsourcing exposure, 62% of the surveyed businesses do not require third parties to cover costs associated with a data breach in their contracts. 13

Insurance We should consider risk transfer through insurance What do I need to know? 14

Insurance Market Insurance Market is running amok with new Cyber Liability insurance policies And more and more coming out with these policies every day. 15

Other Policies for Protection Is there protection in other insurance policies we currently have in place? 1. General Liability definition of personal injury ; careful on exclusion for customers of insured organization 2. Employment Practices Liability(EPL) could extend to employment related breach of privacy; further could extend to 3 rd Party provisions 16

Other Policies for Protection Is there protection in other insurance policies we currently have in place? 3. Fiduciary Liability be certain HIPAA civil money penalties are covered and no HITECH exclusions exist 4. Crime Insurance typically for tangible loss; provisions for computer fraud and funds transfer fraud 17

Key Elements of Cyber Insurance Coverage 3rd Party - Liability Privacy Injury privacy rights violations Privacy Regulatory Proceeding cost to notify others of breach Network Security Liability theft of other s information, infection of third-party, damage to other s network, other s inability to access your network Content Injury or Broad Form Media advertising materials, trademark infringement, copyright infringement Cyber Terrorism computer attacks that are acts of terrorism 1st Party - Liability Network Extortion payment for extortionist s demand to prevent network loss or implementation of a threat Network loss/damage cost to recreate or restore to pre-loss condition Business Interruption & Extra Expense loss of income and extra expense Event Management cost to retain public relations services Electronic Theft loss of money, goods, security, trade secrets, intangible property 18

Key Elements of Cyber Insurance Coverage 1. Buy 1 st and 3 rd party coverage 2. Breadth of Coverage the internet has NO boundaries 3. Consider whether your Cyber Liability policy protects info on unencrypted devices 4. Is there coverage for Business Income/Extra Expense/Dependent Business Income? 5. Protect info in the care, protection or control of 3 rd parties 6. Consider data restoration costs in your coverage 7. Consider whether your policy covers regulatory actions 8. Consider whether injuries to a company s corporate clients are covered, not just injuries to natural persons 9. Consider whether the insurance policy covers data transmittals that take place outside of the company s offices 10. If your business accepts payment by credit cards, consider if your policy provides for payment card industry liabilities 11. Provides coverage for identity theft resolution services? 12. Consider including loss control services in your coverage 13. Is there coverage for Property Damage and Bodily Injury? 19

How do I know?? First - Work with a competent insurance broker/advisor who understands the true difference of insurance Second - Conduct a formal review of all your insurance policies. Example: At Cottingham & Butler, client and prospective client policies are put through our Risk Management Analysis to determine risk exposures This becomes a working, breathing document to which is reviewed with council Thus, offering a level of additional protection showing due diligence was done Third - You could actually read the policy Fourth - You ll know what you have when you have a law suit which is the worst time to find out! 20

Summary 1. There is a need for cyber liability protection 2. Transferring risk through insurance is a small cost what if is very expensive 3. Insurance policies are not equal Review them! 4. Risks continue to evolve and change and the courts continue to evaluate this exposure 21

QUESTIONS? John M. Link, Vice President O: 563-587-5288 C: 563-590--0428 jlink@cottinghambutler.com 22 22

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information