Law Firm LLP | Cyber Insurance | July 16th, 2014 Page 1 Cyber Exposure Landscape "The single biggest threat still is people inadvertently bringing down.

Slides:



Advertisements
Similar presentations
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Advertisements

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.
Recent Trends and Insurance Considerations March 2015

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
CAMARGUE COMMERCIAL CRIME Presented by Justin Keevy Senior Underwriter.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
Overview of Cybercrime
©2015, Amy Stewart PC Title Here Cyber Insurance: The Future is Now Texas Lawyer In-House Counsel Summit May 8, 2015 Texas Lawyer In-House Counsel Summit.
Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
Non Physical Business Interruption Malcolm Randles, Underwriter, Kiln Syndicate February 2011.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
2 September 2015 Building Scalable Insurance Programs For Each Growth Stage of a Entrepreneurial Company.
AUGUST 25, 2015 Cyber Insurance:
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
Cyber Risk Insurance. Some Statistics Privacy Rights Clearinghouse o From 2005 – February 19, 2013 = 607,118,029 records reported breached. Ponemon Institute.
CYBER INSURANCE Luxury or necessary protection?. What is a data breach? A breach is defined as an event in which an individual’s name plus personal information.
. E-Business Risk and Insurance.
Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,
Cyber-insurance coverage: do you have it? Robert E. Sumner, IV, Esq. and Tosh Siao of Willis Group September 17, 2015.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Carlsmith Ball LLP Cyber Issues For Lawyers Deborah Bjes October 22 nd, 2015.
Managing Your Cyber/E&O Risk with Willis FINEX Robert Barberi, Vice President, Willis Cyber Practice.
Have the Time? Steps to Deal with Cybercrime HFTP Annual Conference Bellevue, Washington October 23, 2015 Presented by: John D. Daum, CPA Scott Perry (Just.
Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.
Financial Times Matheson is ranked in the FT’s top 10 European law firms Matheson has also been commended by the FT for corporate law,
Understanding and Taking Risks Presented By: Steve Felker /2011.
Being there When you need us Thats our policy. Cyber Awareness – what can be done?
The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
MEDICAL OFFICE COVERAGES. This is a short review over many insurance coverage parts necessary to a doctor’s practice. Not all apply, and there are other.
Welcome to the ICT Department Unit 3_5 Security Policies.
How can your Captive help you manage Cyber risks?.
Cyber Liability: New Exposures Presented by: Henriott Group © 2007, , Zywave Inc. All rights reserved.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Cyber Insurance Overview July 30, 2016 Wesley Griffiths, FCAS International Association of Black Actuaries.
Cyber Insurance - Risk Exposures and Strategic Solutions
Cyber Liability Insurance for an unsecure world
Cyber Insurance Risk Transfer Alternatives
Clients and Prospective Clients on the Threat of Cyber Crime
Camargue Commercial Crime
Breaking Down Cyber Liability
New A.M. Best Cyber Questionnaire
Financial Institutions – Cyber Risk
E&O Risk Management: Meeting the Challenge of Change
Managing a Cyber Event Steven P. Gibson President
Cyber Insurance Overview
Chapter 3: IRS and FTC Data Security Rules
Cyber Insurance: An Update on the Market’s Hottest Product
Cyber Issues Facing Medical Practice Managers
Cyber Trends and Market Update
Explain the nature of liability insurance
Understanding Cyber Insurance NASCUS/CUNA Cybersecurity Symposium
FAIR 2018 – Cyber Risks & Markets
Cyber Exposures The Importance of Risk Identification and Transfer
Forensic and Investigative Accounting
Cyber Security: What the Head & Board Need to Know
Presentation transcript:

Law Firm LLP | Cyber Insurance | July 16th, 2014 Page 1 Cyber Exposure Landscape "The single biggest threat still is people inadvertently bringing down a virus from outside or through a phishing scheme... That's where the training gets critical … You can never tell your workforce enough ‘don't do this’ or ‘don't do that’. " Reed Smith Chief Information Officer Gary Becker “law firms... are vulnerable to a data breach from three main areas: an employee who downloads a virus or mistakenly leaves an unencrypted laptop in a taxi, for example; the law firm's vendors who have access to client information getting breached; or foreign hackers looking to get information from firms working on major business deals or IP matters.” John F. Mullen, chair of Lewis Brisbois Bisgaard & Smith's data privacy and network security practice LAW FIRM PERSPECTIVE

Law Firm LLP | Cyber Insurance | July 16th, 2014 Page 2 Cyber Insurance Cyber Insurance policies respond to a broad range of evolving risk: 1.Insure both First Party and Third Party risks 2.Respond to “bad actors” both inside and outside the insured corporation 3.Provide cover for fines & penalties (where allowed by law) 4.Cover intangible risks - loss and damage to non-physical “property” 5.The primary coverage is for the costs of investigation to establish whether loss or damage has occurred 6.Insurers also provide access to risk control, governance, compliance and technical services as part of the offering These policies are modular and can be tailored in both limits and elements of coverage to respond to the particular needs of the client The following slides outline the services, the primary coverage elements of cyber policies and an overview of available coverage under typical conventional insurance policies.

Law Firm LLP | Cyber Insurance | July 16th, 2014 Page 3 Cyber Insurance ServiceKey Components TrainingOnline training courses in information security. Includes compliance monitoring & reporting Procedures & Protocols Templates for compliance protocols and manuals Breach Response / Breach Coach Access to expert resources to respond to an event, legal / regulatory and forensic / security experts Crisis Communications Public Relations experts with experience handling internal and external fallout from breaches of client information Other ServicesMay include provision of hardware devices, 24-hour emergency help-line, penetration testing, discounts for advanced services Claims HandlingInsurers’ own in-house experts on managing and handling claims are also available for advice and training, selection of counsel etc. Added Value Risk Management Services

Law Firm LLP | Cyber Insurance | July 16th, 2014 Page 4 Cyber Insurance ModuleKey Coverage Components Breach Response Breach coach Forensic investigation Regulatory / legal advice RemediationSecurity consulting Reconstruction of data Reinstallation of software Network Interruption Loss of revenue from network failure / degradation Loss of revenue from denial of network access “Contingent” interruption ExtortionThreat of Distributed Denial of Service (DDoS) attack Threat of release of information Threat of destruction of data Crisis Response Public relations Client / Internal communications Crisis fund First Party Insurance

Law Firm LLP | Cyber Insurance | July 16th, 2014 Page 5 Cyber Insurance Gap Analysis: What is available under a typical first party program? 1.Loss or damage to digital assets – Generally, very limited coverage is provided in Property insurance policies for "Computer Virus and Denial of Access“. A typical limit of insurance is $25,000. Chubb policies typically provide some cover for “Malicious Programming”, limits of up to $100,000 for “insider” and $10,000 for external parties are standard. 2.Business interruption from network downtime – Property policies provide little coverage as stated above. The KR&E policy may provide some network interruption coverage for the risk of “computer violation”. 3.Cyber extortion – Kidnap, Ransom & Extortion policies typically do not have a Cyber exclusion and some (e.g. the Chubb Forefront) provide specific coverage. However, acts of an employee or with the collusion of an employee are specifically excluded. 4.Reputational damage – Property programs typically do not provide cover for Public Relations / remediation activity following a breach. KR&E policies sometimes provide limited cover specific to an extortion event. 5.Theft of money and digital assets – Your Crime policy does provide specific insurance for certain Cyber events, specifically “direct loss of Money, Securities or Property sustained by an Insured resulting from Computer Fraud committed by a Third Party”. There is also no exclusion for Cyber in respect of theft of money by employees. Crime policies will not provide cover for theft of anything other than financial instruments (e.g. if an employee “steals” and sells personal information of the firm’s employees, the Crime policy will not respond).

Law Firm LLP | Cyber Insurance | July 16th, 2014 Page 6 Cyber Insurance ModuleKey Coverage Components Security & Privacy Forensic investigation Regulatory / legal advice Defense costs & damages Regulatory Action Investigation Defense costs Awards, fines & penalties Loss of DataDamage to or corruption of third party data Compensation for denial of access Data errors Media Liability Defamation, libel & slander Breach of copyright trademark or trade dress Electronic and print media Notification Expenses Legal, posting and advertising expenses for compliance Credit monitoring & identity theft monitoring / insurance Call center Third Party Insurance

Law Firm LLP | Cyber Insurance | July 16th, 2014 Page 7 Cyber Insurance Gap Analysis: What is available under a typical third party program? 1.Security and privacy breaches – General Liability insurance policies provide no coverage for costs, expenses or penalties incurred in connection with a security or privacy breach. However, depending on circumstances your LPL policy may respond. For a breach of employee information there may be some coverage available under the EPL policy (if an affected employee can prove “injury” or that the breach constitutes an “employment related tort”). 2.Investigation of privacy breach – Again, there is typically no coverage provided for investigations or regulatory action and fines and penalties will be specifically excluded. 3.Customer notification expenses – The issue of whether these costs can be covered under the GL Personal Injury coverage has been explored in the courts and to date the courts have found in favor of the insurers. GL insurance is not designed or intended to respond to cyber breaches. 4.Multi-media liability – GL insurance does sometimes provide coverage under the Advertising and Personal Injury extension but this will exclude professional services (which would in principle be covered under the LPL). The extent of cover may be limited depending on the circumstances of the loss and the interpretation of the activity that gave rise to the loss and the wording and exclusions should be reviewed. 5.Loss of third party data – GL insurance provides cover for Bodily Injury or Property Damage: data is generally not considered to be physical property and therefore, generally speaking, GL policies will not cover loss of third party data.

Law Firm LLP | Cyber Insurance | July 16th, 2014 Page 8 Why do Law Firms Buy Cyber Insurance? Aon is seeing a dramatic increase in the number of firms enquiring about and purchasing Cyber insurance. We currently have more than 55 law firm clients who purchase stand-alone Cyber insurance policies. The main factors driving decisions to purchase the coverage are as follows: 1.Reducing uncertainty – affirmative and cost effective coverage in areas where there is none available from other policies or where the response of other policies is limited or uncertain. 2.Risk Management Services - firms that do not employ a full time CIO or CISO value the services that are provided alongside the insurance, particularly:  Training (provision of online courses including monitoring and compliance reports)  Breach response (specialists with expertise and experience to respond quickly and professionally to all aspects of a breach, including legal advice on managing regulatory implications)  Security services (consulting, ethical hacking, security protocols, hardware etc.) 3.Contractual requirement - Financial Institutions in particular are requiring very high standards of data protection, and some are now mandating that their outside counsel buy cyber insurance. 4.Network Interruption - Awareness that traditional insurance programs provide little or no coverage for this risk. 5.Remediation - reconstructing data, repairing systems & reinstalling software & security is time-consuming & expensive. 6.Employee Information – Law firms are no different from any other employer in that they hold Personally Identifiable Information (PII) and Protected Health Information (PHI) relating to employees.