Cyber Liability and Data Security+. 22 AGENDA What is Cyber? Exposure to Cyber Attacks Cyber Risk Management Anatomy of a Data Breach Insurance Coverage.

Slides:

Advertisements

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP

Advertisements

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Springfield Technical Community College Security Awareness Training.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.

Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

Northern Insuring Agency 1. 2 Important Notice ●This presentation is not a representation that coverage does or does not exist for any particular claim.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.

Overview of Cybercrime

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

Business Continuity from an Insurance Perspective Presented by Jim Carter Manager, Risk & Insurance.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

AUGUST 25, 2015 Cyber Insurance:

ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.

Cyber Risk Insurance. Some Statistics Privacy Rights Clearinghouse o From 2005 – February 19, 2013 = 607,118,029 records reported breached. Ponemon Institute.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

CYBER INSURANCE Luxury or necessary protection?. What is a data breach? A breach is defined as an event in which an individual’s name plus personal information.

Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,

Matt Foushee University of Tulsa Tulsa, Oklahoma Cyber Insurance Matt Foushee University of Tulsa Tulsa, Oklahoma.

Cyber-insurance coverage: do you have it? Robert E. Sumner, IV, Esq. and Tosh Siao of Willis Group September 17, 2015.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

What lessons can we learn from other data breaches? Target Sentry Insurance Dynacare Laboratories 1 INTRODUCTION.

Cyber Summit 2016 Data Bytes and Frights Presented by: President and CEO Peter J. Elliott, CPCU.

The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.

MEDICAL OFFICE COVERAGES. This is a short review over many insurance coverage parts necessary to a doctor’s practice. Not all apply, and there are other.

Cyber Liability: New Exposures Presented by: Henriott Group © 2007, , Zywave Inc. All rights reserved.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Cyber Insurance Overview July 30, 2016 Wesley Griffiths, FCAS International Association of Black Actuaries.

Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.

Cyber Insurance - Risk Exposures and Strategic Solutions

Cyber Liability Insurance for an unsecure world

Enforcement, Business Associates and Breach Notification. Oh my!

Breaking Down Cyber Liability

Financial Institutions – Cyber Risk

E&O Risk Management: Meeting the Challenge of Change

Managing a Cyber Event Steven P. Gibson President

September 18, 2018.

Cyber Insurance Overview

Cyber Insurance 101 South Texas Chapter Risk & Insurance Management Society May 17, 2017 Matt C. Green, Marsh.

Chapter 3: IRS and FTC Data Security Rules

Agenda Consumer ID theft issues Data breach trends Laws and regulations Assessing and mitigating your risk.

Society of Risk Management Consultants Annual Conference

Business Secured with HUB International.

Cyber Issues Facing Medical Practice Managers

Cyber Trends and Market Update

Understanding Cyber Insurance NASCUS/CUNA Cybersecurity Symposium

Cyber Exposures The Importance of Risk Identification and Transfer

By Joseph Carnevale, CIP Partner & Director of Sales

Cybercrime and Canadian Businesses

Cyber Liability Coverage – Sell it or get sued

Forensic and Investigative Accounting

National HIPAA Audioconferences

Cyber Security: What the Head & Board Need to Know

Colorado “Protections For Consumer Data Privacy” Law

School of Medicine Orientation Information Security Training

Presentation transcript:

Cyber Liability and Data Security+

22 AGENDA What is Cyber? Exposure to Cyber Attacks Cyber Risk Management Anatomy of a Data Breach Insurance Coverage

What is Cyber?

44 Development of Cyber Exposure  What is “Cyber” Cyber generally refers to Data Breach and related liabilities Includes non-digital exposures (e.g. loss of paper records) As there is no standard definition, it is important to read this term in context

55 Development of Cyber Exposure Definition of Terms Personally Identifiable Information (PII) Private consumer information including Social Security Number, Driver’s License Number, Credit Card or Bank Account Number, and Medical Information Definition now includes a User ID and Password in combination (CA and FL) Personal Health Information (PHI) Private medical information A subset of PII

66 Development of Cyber Exposure Definition of Terms (Continued) Data Breach Unauthorized theft or disclosure of private data (PII or PHI) Network Security and Privacy Liability Most common term for liability arising from a data breaches or other privacy violations Often used in contractual requirements for insurance

77 Laws Protecting Consumers & Businesses  A series of overlapping State and Federal laws govern Data Privacy in the United States  Primarily enforced by the Federal Trade Commission, Department of Health and Human Services, and States’ Attorneys General.  Legal regime started in late 90’s early 2000’s in response to perceived lack of care by those collecting private data

88 Laws Protecting Consumers & Businesses Overarching theme of data privacy laws: If you collect, store, or transmit protected consumer data, you must keep it safe!

99 Laws Protecting Consumers & Business  California S.B Effective July 1, 2003 First breach notification law of its kind Requires notification of “any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person” (source:

10 Laws Protecting Consumers & Business  47 States plus Washington DC now have data breach laws. Exceptions are Alabama, New Mexico, and South Dakota Applicable state breach law depends on state of domicile of the consumer, not the location of the affected business Encryption is a safe harbor

11 Laws Protecting Consumers & Business HIPAA – Health Insurance Portability and Accountability Act (1996) HITECH – The Health Information Technology for Economic and Clinical Health Act (2009) Gramm-Leach-Bliley Act (1999) Red Flag Rules – Created by the FTC in 2008 Children’s Online Privacy Protection Act (1998) Payment Card Industry Data Security Standard (PCI- DSS)

Exposure to Cyber Attacks

13 *Source: NetDiligence 2014 Claims Study

14 What are the Exposures?  Hackers 30%  Virus/Malware 12%  Staff Error 14%  Rogue Employee 11%  Lost/Stolen Mobile Devices (laptops, smartphones, etc.) 10%  Paper Records 9%  Theft of Hardware 4%

15 What is Social Engineering?  Use of deception to obtain unauthorized access. Phishing: Sending fake, but convincing s to targets to obtain secure info Baiting: Leaving malware infected devices around target area Tailgating: Following authorized individuals into secure area

16 What is Ransomware?  a type of malicious software designed to block access to a computer system until a sum of money is paid

Anatomy of a Breach What does a claim look like?

18 Anatomy of a Data Breach  A business discovers private data was compromised… What do they do?

19 Anatomy of a Data Breach  What NOT to do… Do not delete or wipe affected computer systems! Do not immediately notify customers or press! DO seek out experienced professionals for help

20 Anatomy of a Data Breach  Breach Coach Expert attorney with specialization in data breach Communication is then privileged Understands patchwork of applicable laws  State, Federal, and Foreign Law can all apply  Expert attorney with specialization in data breach Good Breach Coaches provide calm, reasoned approach in time of crisis.

21 Anatomy of a Data Breach  Forensics Team  Notification  Credit Monitoring  Call Center  Public Relations  Defense, Settlement, Fines, Penalties

22 USLI PRODUCT FEATURES  $1500 average policy premium  Four Part Policy Part A: Data Breach Liability Part B: Data Breach Expense Part C: Website Liability Part D: Identity Theft Expense  Retentions start at $2500 ($0 for Identity Theft)  Separate limits for each coverage part Shared aggregate limit available for a premium reduction

23 Cyber Liability and Data Security + Product Features Coverage Part A:  Data Breach Liability – Claims for failure to protect private information.  Security Breach Liability –Claims due to failure of security controls (anti-virus, firewalls..) to prevent data manipulation, transmission of malicious code and denial of service attacks.  Defense of Regulatory Proceedings – due to violations of federal or state laws regulating the protection of private information.  PCI Fines & Penalties – credit or debit card industry fines and penalties for inadequately securing payment card information.

24 Cyber Liability and Data Security + Product Features Limits:  Part A – Data Breach Liability - $1million aggregate $1million Data Breach Liability $1million Security Breach Liability Up to $250,000 Defense of Regulatory proceedings Up to $100,000 PCI Fines & Penalties

25 Cyber Liability and Data Security + Product Features Coverage Part B:  Data Breach Expense – Expenses incurred in responding to a Data Breach including; notification costs, public relations, forensics, data restoration and credit monitoring. Pay on behalf expense coverage Business Interruption available  Cyber Extortion Threat Expense– Extortion payments, expense to hire negotiators and rewards to catch extorters.

26 Cyber Liability and Data Security + Product Features Limits:  Part B - $1,000,000 Aggregate Limit Data Breach Expense – $1,000,000 Business Interruption - $1,000,000 Cyber Extortion Threat Expense – Up to $25,000

27 Cyber Liability and Data Security + Product Features Coverage Part C:  Website Liability- Coverage for claims of libel, slander, invasion of privacy, plagiarism, misappropriation of ideas and infringement of copyright and trademark arising from the Organization’s website activity  Limits: $1million aggregate

28 Cyber Liability and Data Security + Product Features Coverage Part D:  Identity Theft – includes credit monitoring and other personal expenses incurred by board members, owners or partners in resolving Identity Theft. ID Experts’ team of Identity Theft specialists will guide any board member or owner through the process of resolving Identity Theft issues.  Limits: up to $100,000

Underwriting Cyber Liability

30 Underwriting  Class  Revenue  Number of Records  Type of Records  Website  Security Measures

31 Our product targets over 60 classes Accountants Architects/Engineers Contractors Consultants Convenience Stores Doctor’s Offices E-Commerce Sites Employment Agencies Hotels Motels Insurance Agencies Non-Profits Property Managers Restaurants Retail Stores Sales/Distributors Supermarkets Transportation

32 The USLI Cyber Story  Growing demand for cyber coverage for small to medium businesses Ponemon Institute survey of businesses under $10 million in revenue found: 55% had a data breach, 53% had multiple breaches 70% would purchase insurance to mitigate the costs  $1 billion market in In comparison, Employment Practices Liability Insurance was $1.4 billion but has been around twice as long as Cyber Liability.  Cyber market is projected to grow to over $5 Billion!  General Liability forms may not cover privacy exposures

33 The USLI Cyber Story  We are writing accounts with up to $25 million in revenue  100,000 Records/Credit Card Swipes

34 Selling Cyber Liability and Data Security +

35  The Business Resource Center offers a variety of services available on all USLI products including:

36  The Business Resource Center only works to win business when it is a part of your sales discussion. Every quote includes an attachment promoting this message after the pre-filled application Our cost calculator can show your clients how to save big!

37 eRisk Hub – managed by NetDiligence  Using proprietary tools anchored in proven risk management principals, NetDiligence provides a full range of enterprise-level information security, e-risk insurability and regulatory compliance assessment and testing services.  NetDiligence supports and is endorsed by some of the world's largest network liability insurance underwriters.

38

39 eRiskHub®  eriskhub.com/usli  Access Code: 08451

40 USLI can work with you to support your sales and marketing efforts  Knowledgeable Underwriting Support  Customized marketing materials  Cross Sell Opportunities

41 Moving forward  Questions and answers  Thank you for your time  Contact me for more information: Meredith Bennett, , ext Learn more about USLI products - usli.com/webinars