CGL Coverage B and Specific Products Covering Data Breaches Primerus Convocation Amelia Island, FL April 2015.

Slides:



Advertisements
Similar presentations
Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.
Advertisements

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
Copyright © 2014 by Dr. Wendy Tietz. This work is licensed under a Creative Commons Attribution- NonCommercial 3.0 Unported License. Target, Data Breach,
Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,
Managing Cyber Risk Through Insurance and Vendor Contracts
Page 1 Recording of this session via any media type is strictly prohibited. Edward M. Joyce Partner Jones Day Invasion of Privacy, Hacking & IP Claims:
“This workforce solution was funded by a grant awarded under Workforce Innovation in Regional Economic Development (WIRED) as implemented by the U.S. Department.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance October 6, 2009.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Recent Trends and Insurance Considerations March 2015
Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.
September 14, 2011 Network Risk/Privacy Insurance Exposure and Coverage Issues.
Insurance. Business Insurance Running a small business involves a significant investment. Business insurance protects your investment by minimizing financial.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.
NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.
Overview of Cybercrime
©2015, Amy Stewart PC Title Here Cyber Insurance: The Future is Now Texas Lawyer In-House Counsel Summit May 8, 2015 Texas Lawyer In-House Counsel Summit.
Insurance Coverage for IT Security Breaches International Technology Law Association San Francisco, CA – May 4, 2006 Steven Brower Stephan Oringher Richman.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
Business Continuity from an Insurance Perspective Presented by Jim Carter Manager, Risk & Insurance.
AUGUST 25, 2015 Cyber Insurance:
Presented by David P. Schack, Partner June 29, 2006 Insurance Coverage For Multi- State Investigations: Can You Get Your Insurer to Pay for.
Cyber Risk Insurance. Some Statistics Privacy Rights Clearinghouse o From 2005 – February 19, 2013 = 607,118,029 records reported breached. Ponemon Institute.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
. E-Business Risk and Insurance.
Finance 431 Professional Liability. Historically only covered liability from Professional Services to others Medical malpractice Doctors Errors and Omissions.
Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.
Matt Foushee University of Tulsa Tulsa, Oklahoma Cyber Insurance Matt Foushee University of Tulsa Tulsa, Oklahoma.
Cyber-insurance coverage: do you have it? Robert E. Sumner, IV, Esq. and Tosh Siao of Willis Group September 17, 2015.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Managing Your Cyber/E&O Risk with Willis FINEX Robert Barberi, Vice President, Willis Cyber Practice.
Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Network Security & Privacy Discussion Colorado Community Health Network April 14, 2014 Presented by: Kevin Keilbach – Client Executive – Health Care Jeff.
 The forecasting and evaluation of financial risks  Identification of procedures to avoid or minimize their impact. Goals: ▪ Avoid or minimize losses.
15 years of Web Security © 2015 WhiteHat Security, Inc. Jeremiah Grossman Founder WhiteHat Security, Inc. The Rebellious Teenage Years.
Prepared By: John Marshall, CRM, ERMCP, CIC, AAI Jenny Jacobsen, JD Cyber Liability Update April 21, 2016 Welcome.
PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM Insurance Operations Update HIROC Risk Management Conference April 28, 2014 Heather Brown, Vice President.
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
MEDICAL OFFICE COVERAGES. This is a short review over many insurance coverage parts necessary to a doctor’s practice. Not all apply, and there are other.
Cyber Liability: New Exposures Presented by: Henriott Group © 2007, , Zywave Inc. All rights reserved.
Cyber Insurance Overview July 30, 2016 Wesley Griffiths, FCAS International Association of Black Actuaries.
Cyber Insurance - Risk Exposures and Strategic Solutions
Cyber Liability Insurance for an unsecure world
Cyber Insurance Risk Transfer Alternatives
Cybersecurity as a Business Differentiator
Breaking Down Cyber Liability
Financial Institutions – Cyber Risk
Managing a Cyber Event Steven P. Gibson President
Financial Institutions and Cyber Insurance
Section 1: Functions of Accounting and users of accounting information
Cyber Insurance Overview
Cyber Insurance: An Update on the Market’s Hottest Product
Society of Risk Management Consultants Annual Conference
Practical Tips and Cautionary Tales to support your purchase of D&O Insurance and manage claims better Stephanie Pestorich Manson, Head of Commercial.
Cyber Issues Facing Medical Practice Managers
Cyber Trends and Market Update
Explain the nature of liability insurance
Understanding Cyber Insurance NASCUS/CUNA Cybersecurity Symposium
The PIA Partnership Presents: Cyber 101
Cyber Exposures The Importance of Risk Identification and Transfer
Vinny Sakore Vinny Sakore is the Chief Technology Officer for NetDiligence®, a Cyber Risk Management company. Former HIPAA Security Officer for Verizon.
Cyber Liability Coverage – Sell it or get sued
Forensic and Investigative Accounting
Vinny Sakore Vinny Sakore is the Chief Technology Officer for NetDiligence®, a Cyber Risk Management company. Former HIPAA Security Officer for Verizon.
Cyber Security: What the Head & Board Need to Know
Protecting Knowledge Assets – Case & Method for New CISO Portfolio
Presentation transcript:

CGL Coverage B and Specific Products Covering Data Breaches Primerus Convocation Amelia Island, FL April 2015

Chuck Allen Goodman, Allen & Filetti, PLLC Richmond, VA Frank Nappi Willis Group Pittsburgh, PA Josh Ladeau Allied World Insurance Farmington, CT Tom Paschos Tom Paschos & Associates Haddonfield, NJ

 Variety of risk events  Variety of data at risk  Various studies (all with significant caveats)  Verizon, 2014 Data Breach Investigations Report  Ponemon Institute – 2014 Cost of Data Breach studies  NetDiligence – Cyber Liability & Data Breach Insurance Claims (2014)  Romanosky, etal – Empirical Analysis of Data Breach Litigation

NetDiligence®Ponemon Institute Records per Incident Mean: 2,400,000Mean: 29,087 Median: 3,500 Cost per IncidentMean: $733,109Mean: $5,900,000 Median: $144,000 HC Co Mean: $1,300,000 Cost per RecordMean: $956.21Mean: $201 Median: $19.84HC Ind. Mean: $316 Range: $0 to $33,000Svc Ind. Mean: $223 PHI IncidentsAverage records per incident2769 % of Org with at least 194% % of Org with 5 or more45% Average economic impact$2,400,000

NetDiligence® Range:$600 to $6,500,000 Median payout$144,000 Mean payout$733,109 Median per record payout$19.84 Average per record payout Median cost for legal defense$282,300 Average cost for legal defense$698,707 Median settlement cost$283,300 Average settlement cost$558,520 Median crisis services cost$110,594 Average crisis services cost$366,484 Percent of claims from Co with < $50 M rev23% Percent of claims form Co with < $300M rev75%

 Nine Basic Patterns  Point of Sale Intrusions  Payment Card Skimmers  Physical Theft and Loss  Insider Misuse  Denial of Service Attacks  Crimeware  Web Application Attacks  Cyberespionage  Miscellaneous Errors  The industry may determine the pattern of greatest risk

Commercial Crime Policy  Retail Ventures, Inc. v. Nat’l Union Fire Ins. Co., 691 F.3d 821 (6th Cir. 2012)  U.S. Court of Appeals for the Sixth Circuit held that losses resulting from the theft of customers’ banking information from a retailer’s computer system are covered under a commercial crime policy.

 Hacker accessed credit card and checking account information from 1.4 million DSW customers.  AIG’s argued exclusion for “loss of proprietary information, trade secrets, confidential processing methods, or other confidential information of any kind” applied.  Court held exclusion applied only to “secret information of [the policyholders] involving the manner in which business is operated” and did not apply to DSW’s claim  Customers’ banking information was not confidential information of DSW and did not involve the manner in which it operated its business.

Sometimes there is limited D&O coverage available for cyber breaches. Examples:  Some not-for-profit healthcare organizations (e.g., hospitals, large physician practices) may include an extension by endorsement for HIPAA Fines & Penalties.

Examples :  Shareholder lawsuits may follow a data breach event which alleges wrongdoing by a company’s leadership. Such lawsuits may implicate D&O coverage.  Some D&O policies – generally those purchased by private companies – may also provide “entity” or company coverage for a loss like a data breach as well

Zurich Am. Ins. Co. v. Sony Corp. of Am., Case No /2011 (N.Y. Sup. Ct. February 21, 2014)  Hackers attacked Sony’s networks and stole nonpublic personal information of 100M people.  64 class action lawsuits (since consolidated) on behalf of network users followed as well as investigations by a variety of government entities.

 Sony sought coverage from CGL carriers under the personal and advertising injury coverage  Insurer’s position was that the personal and advertising coverage insures only purposeful conduct by an insured. Publication of private information by a third party fell outside the policy's coverage.  NY Court agreed with Insurers.

 General overview  Policy characteristics  Potential Cyber Risk Insurance Problems