Cyber: risk without borders Airmic 2016 Harrogate International Centre Tuesday 7 th June 2016.

Slides:

Advertisements

Similar presentations

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Advertisements

CYBER & Product Liability & Professional Indemnity

Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Overview of Cybercrime

Finance and Governance Workshop Data Protection and Information Management 10 June 2014.

Non Physical Business Interruption Malcolm Randles, Underwriter, Kiln Syndicate February 2011.

HIPLA/UH 20 th Annual Fall Institute 2004 Managing Intellectual Property Exposure Tough Market, Creative Solutions Joby Hughes Joby A. Hughes, P.C. Friday,

Cyber Risk Insurance. Some Statistics Privacy Rights Clearinghouse o From 2005 – February 19, 2013 = 607,118,029 records reported breached. Ponemon Institute.

1 British Association of Private Security Companies Bernard de Haldevang, Financial & Political Risk Underwriter Atrium Syndicate 609 at Lloyd’s First.

Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,

Matt Foushee University of Tulsa Tulsa, Oklahoma Cyber Insurance Matt Foushee University of Tulsa Tulsa, Oklahoma.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

1 CONFIDENTIAL ©2015 AIR WORLDWIDE New Approaches for Managing Cyber Risk.

Managing Your Cyber/E&O Risk with Willis FINEX Robert Barberi, Vice President, Willis Cyber Practice.

OESAI COMPREHENSIVE GENERAL INSURANCE TECHNICAL TRAINING.

New A.M. Best Cyber Questionnaire

Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

Law Firm LLP | Cyber Insurance | July 16th, 2014 Page 1 Cyber Exposure Landscape "The single biggest threat still is people inadvertently bringing down.

1 AFCOM Data Center World March 15, 2016 Moderator: Donna Jacobs, MBA Panel: Greg Hartley Bill Kiss Adam Ringle, MBA ITM 9.2 The New Security Challenge:

Being there When you need us Thats our policy. Cyber Awareness – what can be done?

Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.

Cyber Security and how to safeguard data in the ‘Cloud’ Claire Jacques 21 April 2016.

The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

How can your Captive help you manage Cyber risks?.

Serving the Cause of Public Interest Indian Actuarial Profession Cyber risk and Terrorism risk - Challenges in pricing Shivendra Tripathi Samarth Vikram.

Cyber Risk Management and Insurance

Cyber Security Phillip Davies Head of Content, Cyber and Investigations.

Cyber Insurance - Risk Exposures and Strategic Solutions

Cyber Liability Insurance for an unsecure world

Cyber Insurance Risk Transfer Alternatives

Cybersecurity as a Business Differentiator

Clients and Prospective Clients on the Threat of Cyber Crime

Cyber Risk in the Financial Markets

Information Security Program

New A.M. Best Cyber Questionnaire

Information Security – Current Challenges

Financial Institutions – Cyber Risk

Financial Technology in Cyber Risks

Information Assets, Security and Cyber Threats

Managing a Cyber Event Steven P. Gibson President

Data protection headaches: GDPR, brexit AND perimeter risk

Can Cyber Insurance Stand in the Data Breach

Chapter 3: IRS and FTC Data Security Rules

CYBER LIABILITY IN CAPTIVES: THE EVOLVING PARTNERSHIP BETWEEN CAPTIVES AND THE COMMERICAL INSURANCE MARKET CCIA 2017 October 26, 2017.

Cyber Insurance: An Update on the Market’s Hottest Product

Information Security: Risk Management or Business Enablement?

Society of Risk Management Consultants Annual Conference

Andy Hall – Cyber & Tech INSURANCE Specialist

Cyber Issues Facing Medical Practice Managers

Cyber Trends and Market Update

Understanding Cyber Insurance NASCUS/CUNA Cybersecurity Symposium

FAIR 2018 – Cyber Risks & Markets

cyber insurance Tom Wilson Chief Risk Officer, Allianz SE

Professional Indemnity

Cyber Risk & Cyber Insurance - Overview

A Closer Look at How Buyers are Purchasing Cyber Insurance

Forensic and Investigative Accounting

Cyber Security in a Risk Management Framework

Presentation transcript:

Cyber: risk without borders Airmic 2016 Harrogate International Centre Tuesday 7 th June 2016

Moderator & panellists Nick Beecroft Manager, Emerging Risks & Research, Lloyd’s Hans Allnutt Partner, DAC Beachcroft Erica Constance Senior Vice President, Cyber, Paragon Insurance Brokers Mike Jacobs Business Continuity Manager, Dyson Laila Khudairi Underwriter, Enterprise Risk, Tokio Marine Kiln Graeme Newman Chief Innovation Officer, CFC Underwriting

UK Government 2015 Information Security Breaches Survey Businesses which suffered a security breach in the last 12 months Average cost of breaches PwC / Infosecurity Europe

UK Government 2015 Information Security Breaches Survey Impact of the most serious breachDo you have insurance which would cover you in the event of a breach? PwC / Infosecurity Europe 39 responses; % of respondents 212 responses; % of respondents No – but intend to purchase in the next 12 months No – was not aware it existed No – do not have the budget No – it is not a priority Yes – to prevent cost – cyber specific Yes – to prevent cost – included in other insurance Yes – following a breach – included in other insurance Yes – following a breach – cyber specific

Cyber insurance First Party cover Loss of or damage to digital assets Business interruption from unplanned network downtime Cyber extortion Reputational damage Theft of money and digital assets Physical damage Cyber risk management services Forensic costs Third Party cover Investigation, defence cost and civil damages associated with security breach or breach of privacy rights Investigation, defence cost, awards and fines resulting from an investigation or enforcement action by a regulator Investigation, defence cost and civil damages arising from defamation or breach of privacy from content on electronic media Legal, postage and advertising expenses where there is a requirement to notify individuals of a security or privacy breach Infringement of the intellectual property of a third party Loss of third party data

Cyber insurance at Lloyd’s 65 syndicates providing capacity in 2016 Approximately 20% of global cyber insurance written at Lloyd‘s Maximum single risk capacity ~£300m

Sources of uncertainty – challenges for innovation 52 ‘zero day’ exploits in 2015; 100% increase on % increase in spear phishing attacks Source: Symantec Internet Security Threat Report 2016 Human factors 81% of large UK businesses reported staff involvement in a breach 50% of the single worst security breaches caused by inadvertent human error Source: UK Government 2015 Information Security Breaches Survey

Sources of uncertainty – challenges for innovation Median number of days compromised before discovery/notification Intangible threats & exposures 416 days 205 days 146 days Source: Mandiant/FireEye M-Trends 2016: Special Report (February 2016)

Sources of uncertainty – challenges for innovation Cloud infrastructure services: global market share Systemic exposure Source: Synergy Research Group (April 2016) Lloyd’s exposure management policy Syndicate risk appetite Underwriting risk management framework Scenarios for solvency testing We are keen for Lloyd’s underwriters to continue to take a lead as a market with proven expertise and an ability to innovate. Lloyd’s also wishes to ensure that cyber-attack exposures are underwritten with appropriate controls in place.

Five Challenges 1.The impacts of a cyber security breach are complex and interconnected; cyber insurance is only relevant to a few of them 2.Insurers lack the data and expertise to charge an accurate risk- reflective premium 3.Cyber insurance products are immature and vary hugely between providers 4.Senior decision-makers do not understand the business case for purchasing cyber insurance 5.Large organisations require much greater limits of cover than insurers are willing or able to provide

Challenge 1 The impacts of a cyber security breach are complex and interconnected; cyber insurance is only relevant to a few of them

Challenge 2 Insurers lack the data and expertise to charge an accurate risk-reflective premium

Challenge 3 Cyber insurance products are immature and vary hugely between providers

Challenge 4 Senior decision-makers do not understand the business case for purchasing cyber insurance

Challenge 5 Large organisations require much greater limits of cover than insurers are willing or able to provide