An Introduction to Cyber Liability Insurance Catherine Berry Senior Underwriter
What is cyber risk? Exposures emanating from computer networks and the internet
The Cyber Risk Phenomenon The incredible pace of technology-based innovation has produced huge dependencies and interconnectivities of companies and organizations around the globe. This has brought about great efficiencies and enhanced business practices but has also created a wave of new problems : cyber-crime, media liabilities as a result of online publishing, and a heavy reliance on the uptime of the network, for example. As a result, there are new business exposures faced by commercial organizations, primarily driven by continually evolving e-commerce laws. Cyber liability to Third Parties, Network Security, Commerce Business Interruption and Loss of Data are just some of the new liabilities clients need to build into their risk management and risk transfer strategies
Cyber risks Natural disasters System failures Cybercrime Corporate and state espionage
Cyber risks Cyber warfare: 5 th domain of warfare 2011 US drone fleet hit by Stuxnet sabotaged Iran s nuclear development plans Cyber terrorism Cyber activism
Business risks Operational Financial Intellectual property: Erosion of competitiveness in global economy Legal and regulatory: sanctions / pecuniary fines Reputational: Public visibility can cause harm to company s image, brand and reputation
Non-malicious digital risks Natural disasters Employees: Human error Multitude of networks BYOD Mobile storage devices Social networking: Information leaked Spread of malware Engineered attacks Reputational damage
Hacking motivations Demonstration of skill, thrill-seeking Cyber theft and cyber fraud Industrial espionage Insider attacks Extortion: Cyber terrorism Cyber warfare: Activism
Impact of a data breach Directors & Officers liability 2014 Verizon Data Breach Investigation Costs arising: Forensics Crisis communications Legal Reputational Impact on brand value
Data breaches HFT: PCI compliant to level 1 2m credit card details stolen Forensics, PCI assessments, crisis communications and credit HFT: monitoring, PCI fines and penalties Total claim: USD10,690,000 Target: Suspected to be same hacking group and malware as HFT Class actions: 80 to date Estimated total claim: USD244m
Data breaches Home Depot: 56m credit / debit card details stolen Malware inserted at POS News broke when batch of cards put up for sale on Internet Estimated total claim: in excess of USD500m
Comprehensive cover, modular solution The erisk product has been specifically designed as a one-stop solution for a variety of needs. It meets the requirements of IT professionals looking for comprehensive Errors & Omissions coverage combined with cyber liability; at the same time, it answers the need or organizations seeking a first-class insurance product, providing cyber liability coverage for third and first party e-commerce exposures. The erisk product has been designed in a modular format, with unique separate insuring clauses for each section. These operate independently or in combination; modules can be purchased either on a combined or stand-alone basis, depending on an organization s particular requirements.
Overview of Cover 1. Professional Services 2. Multimedia Liability 3. Security and Privacy Liability 4. Data Recovery and Loss of Business Income 5. Privacy Regulatory Defence Costs & Penalties 6. Crisis Management Costs, Customer support 7. Data Extortion
Risk Management Services
Risk Management Services Vulnerability assessment Private arbitration services Crisis communications guidelines Data breach guidelines
Camargue Commercial Crime Presented by Justin Keevy Senior Underwriter
Suspects Most common suspects Where did all the money go? Sentencing Recovery
Most Common Losses Stock Theft (Manual Invoicing) (Cycle Counting and Collusion) EFT Transfers Cash Theft Debtors (Rolling) Payroll (SARS) (Ghost Employees) Cheque Fraud Cyber Crime (Syndicates) Corruption Change of Banking Details Retail (Credit Cards) (Returns) (Cash)
Let s Face the Facts Estimated loss to an organisation as a result of fraud = 5% of annual revenue Estimated that corporate fraud costs SA economy R150Bn annually Employees biggest perpetrators (47%) in Africa, average loss due to fraud is R400,000 From 107 cases analysed in Africa, more than 20% of cases resulted losses of at least US$1m (ZAR 9,68 million) +/- 50% of organisations do not recover any losses suffered due to fraud
Overview of cover
What is covered? Theft of the company s property by employees Includes Care, Custody and control Money and any other property Third party collusion
What is covered? Theft by employees (continued) Identifying guilty employees not required No restrictions on the method of theft
What is covered? Extortion Committed by employees or third parties Threatened violence to commit theft Fraudulent Transfer Instructions Employees or third parties
What is covered? Computer Fraud Hacking Use of viruses Employees or third parties
What is covered? Contractual Penalties Contractual liabilities arising out of Theft by employees Computer Fraud committed by nonemployees
Summary of Theft Cover Type of Theft Employee Others Computer Hacking/Virus Fraudulent Transfer Instructions Covered Covered Covered Covered Extortion Covered Covered Other/Ordinary Theft Covered Not covered
More about the cover Policy covers malicious destruction of data, including Alteration or destruction of data Care, Custody and Control Destruction of media Computer programs Physical records, if damaged as a result of theft
Extensions Costs of recovery of uninsured loss Reinstatement of office records Claims preparation costs
Extensions Legal fees Automatic Reinstatement
Camargue Commercial Crime Risk Management Services
Whistle Blowing Hotline
Risk Management Hotline Risk management hotline Fraud risk surveys
My employees will never steal from me
My employees will never steal from me 72% are going to change their mind
Thank you Questions? Catherine Berry Senior Underwriter catherine@camargueum.co.za facebook.com/camargueum
Disclaimer The Camargue Internet team strives to provide you with useful, accurate, and timely information in this presentation. Accordingly, Camargue has attempted to provide accurate information and materials in this presentation but assumes no responsibility for the accuracy and completeness of that information or materials. Camargue may change the content of any information or materials available in this presentation, or to the products described in them, at any time without notice. However, Camargue makes no commitment to update the information or materials in this presentation which, as a result, may be out of date. Information and opinions expressed in bulletin boards or other forums are not necessarily those of Camargue. Neither Camargue, nor its officers, directors, employees, agents, distributors, or affiliates are responsible or liable for any loss damage (including, but not limited to, actual, consequential, or punitive), liability, claim, or other injury or cause related to or resulting from any information posted on Camargue Web site. Camargue reserves the right to revise these terms and/or legal restrictions at any time. You are responsible for reviewing this page from time to time to ensure compliance with the then-current terms and legal restrictions because they will be binding on you. Certain provisions of these terms and legal restrictions may be superseded by expressly designated legal notices or terms located on particular pages of this Web site. ALL INFORMATION AND MATERIALS AVAILABLE IN THIS PRESENTATION ARE PROVIDED "AS IS" WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, AND CAMARGUE DISCLAIMS ALL WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OF INTELLECTUAL PROPERTY OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. IN NO EVENT SHALL CAMARGUE BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, INDIRECT, SPECIAL, CONSEQUENTIAL OR INCIDENTAL DAMAGES OR THOSE RESULTING FROM LOST PROFITS, LOST DATA OR BUSINESS INTERRUPTION) ARISING OUT OF THE USE, INABILITY TO USE, OR THE RESULTS OF USE OF THIS PRESENTATION, ANY PRESENTATIONS LINKED TO THIS PRESENTATION, OR THE MATERIALS OR INFORMATION CONTAINED AT ANY OR ALL SUCH PRESENTATION, WHETHER BASED ON WARRANTY, CONTRACT, TORT OR ANY OTHER LEGAL THEORY AND WHETHER OR NOT ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IF YOUR USE OF THE MATERIALS OR INFORMATION ON THIS PRESENTATIONS RESULTS IN THE NEED FOR SERVICING, REPAIR OR CORRECTION OF EQUIPMENT OR DATA, YOU ASSUME ALL COSTS THEREOF.