Indian Actuarial Profession Serving the Cause of Public Interest

Slides:

Advertisements

Similar presentations

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Advertisements

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.

Global Information Security Issues According to the E&Y Global Survey, Managers Say the Right Thing… –90% of 1400 companies surveyed in 66 countries say.

Sapient Insurance Partners. Overview & Services We have almost four decades of combined experience in the property & casualty insurance and reinsurance.

Overview of Cybercrime

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

Non Physical Business Interruption Malcolm Randles, Underwriter, Kiln Syndicate February 2011.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Liability Issues for TRIO Programs Managing Your Project’s Risk.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,

Introduction to Information Security

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

New A.M. Best Cyber Questionnaire

Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Restaurant 1. 2 There are several different types of restaurant classifications, including: Family Style Fine Dining Fast Food Buffet.

Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

By, CA K RAGHU, PAST PRESIDENT – INSTITUTE OF CHARTERED ACCOUNTANTS OF INDIA.

Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.

Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

Retail & Service 1. 2 The Retail & Service industry encompasses a wide variety of businesses. This segment includes: Businesses engaged in selling goods.

Cyber Risk Management and Insurance

Cyber Security Phillip Davies Head of Content, Cyber and Investigations.

Cyber Insurance - Risk Exposures and Strategic Solutions

Cyber Liability Insurance for an unsecure world

Actuarial Review of Emerging Risks

Cyber Insurance Risk Transfer Alternatives

Cybersecurity as a Business Differentiator

Technology and Business Continuity

Falling Interest Rates

Physical Security Governance Model

Overview and Services March 2015

New A.M. Best Cyber Questionnaire

Cyber Insurance presentation for: The 2nd Anti Cybercrime Forum Beirut, 29th November 2016 Alexander Blom, Head of Financial Lines, AIG MENA.

Insurance Technology Forums: ‘IT Matters’ Forum

4th SG13 Regional Workshop for Africa on “Future Networks for a better Africa: IMT-2020, Trust, Cloud Computing and Big Data” (Accra, Ghana, March.

Managing a Cyber Event Steven P. Gibson President

Cyber Insurance – FFs & CHBs

Responding to Intrusions

COMP3357 Managing Cyber Risk

Current ‘Hot Topics’ in Information Security Governance Auditing

Risk Management Definition

Indian Actuarial Profession Serving the Cause of Public Interest

LEGAL & ETHICAL ISSUES InsurTech & Health Insurance Providers

Chapter 3: IRS and FTC Data Security Rules

Unit 7 – Organisational Systems Security

Cyber Insurance: An Update on the Market’s Hottest Product

Cyber Security in Ports Business as Usual?

Cyber Issues Facing Medical Practice Managers

Cyber Trends and Market Update

14 Risk Management 14-1 Overview of Risk Management

Understanding Cyber Insurance NASCUS/CUNA Cybersecurity Symposium

By Joseph Carnevale, CIP Partner & Director of Sales

Cybersecurity compliance for attorneys

INFORMATION SYSTEMS SECURITY and CONTROL

Cyber security Policy development and implementation

Societal resilience analysis

SOUTH AFRICAN INSURANCE ASSOCIATION

Protect Your Ecommerce Site From Hacking and Fraud

Forensic and Investigative Accounting

INTRODUCTION For years there have been attacks around the United States for sometimes now, which is unexpected. However; there have not been good restoration.

6 questions = 8% of the exam

Strategic threat assessment

No!. [NEXT SLIDE] LOGO HERE.

Figuring out CyberSecurity Return On Investment

Presentation transcript:

Indian Actuarial Profession Serving the Cause of Public Interest 28th India Fellowship Seminar Topic: Cyber Risk Insurance and the Role of Cyber Security: Why is this the need of the hour and challenges faced by insurance companies? Guide Name: Mehul Shah Presenters Name: 1. Mark R. Shapland, FCAS, FSA, MAAA 2. Jean Cloutier, FCAS Date: 9 November 2017 Mumbai Indian Actuarial Profession Serving the Cause of Public Interest

Acknowledgements We developed these slides to help us discuss the key issues and opportunities regarding Cyber Risk Insurance and the Role of Cyber Security. The material is drawn mainly from two papers: “Ten Key Questions on Cyber Risk and Cyber Risk Insurance” The Geneva Association “Cybersecurity: Impact on Insurance Business and Operations” Joint Risk Management Section of the CIA, CAS and SOA Both of these papers can serve as a valuable source for further research and contain a wealth of information which far exceed our limited time slot for presentation. www.actuariesindia.org

Agenda What is Cyber Risk? Cyber Risk Insurance Role of Cyber Security Challenges for the Industry Q&A www.actuariesindia.org

What is Cyber Risk? Any risk emerging from the use of information and communication technology (ICT) that compromises the confidentiality, availability, or integrity of data or services Cyber risk is either caused by natural disasters (e.g., flooding or earthquakes) or is man-made where the latter can emerge from human failure, cyber criminality (e.g., extortion, fraud), cyberwar, or cyber terrorism www.actuariesindia.org

What is Cyber Risk? The impairment of operational technology (OT) eventually leads to business disruption, (critical) infrastructure break down, and physical damage to humans and properties It is characterised by interdependencies, potential extreme events, high uncertainty with respect to data and modelling approaches, and the risk of change www.actuariesindia.org

What is Cyber Risk? Cyber risk can be categorized according to several dimensions The most obvious approach would be to differentiate between man-made threats and such caused by natural disasters. For example, flooding, earthquake and fire alike can cause physical damage to IT infrastructure such as servers and networks www.actuariesindia.org

What is Cyber Risk? Man-made cyber risk can be classified according to: the activity (criminal, non-criminal, intentional, accidental), the type of attack (e.g., malware, insider attack, spam, DoS, botnet, hard- or software failure), or the source (e.g., terrorists, criminals, governments) The attacks depend mainly on the activity and are reinforced by network effects (e.g., worms) The vulnerability of the company then determines whether an attack is successful www.actuariesindia.org

What is Cyber Risk? Consequences: which in turn leads to monetary loss depend on the aim of the attackers (e.g., espionage, sabotage, extortion, exploiting information) might compromise the availability of IT services might compromise the integrity and confidentially of data which in turn leads to monetary loss reputational damage business interruption, or damage to humans www.actuariesindia.org

Agenda What is Cyber Risk? Cyber Risk Insurance Role of Cyber Security Challenges for the Industry Q&A www.actuariesindia.org

Cyber Risk Insurance Cyber insurance market is very small at present, but expected to increase significantly The U.S. market is much more developed than its European counterpart, partly because the U.S. have had reporting requirements for cyber attacks in place for several years with relatively heavy fines for violations Outside the U.S., insurance coverage for cyber risk is not well known and little used www.actuariesindia.org

Cyber Risk Insurance Conventional GL policies are frequently silent on whether losses caused by cyber incidents are covered Often the terms of contract are even silent on what cyber events exactly would be included While the customer might think that cyber incidents are covered, the insurer assumes that they are not www.actuariesindia.org

Cyber Risk Insurance Insurers may seek more explicit terms of contract in two ways, either: the insurer could adapt its policies by explicitly excluding cyber risks in traditional policies and providing dedicated policies (standalone cyber policy), or it could explicitly include cyber risks and adjust the premiums accordingly (affirmative cyber policy) www.actuariesindia.org

Cyber Risk Insurance Besides the low coverage of cyber risk in businesses, the market of cyber insurance for individuals is even less well-developed There exist only very few personal cyber insurance products, and most people are not even aware of their existence www.actuariesindia.org

Cyber Risk Insurance Affirmative cyber policies offer the following advantages: Ensures good degree of information exchange to support the underwriting Establishes clear / definable coverage set Minimizes litigation among other lines of insurance Ensures right experts are involved in risk assessment www.actuariesindia.org

Cyber Risk Insurance Capacity now available up to US$ 350 M Initially designed as Property Damage and Business Interruption Uses IT consultancy and cyber vendors to support underwriting www.actuariesindia.org

Cyber Risk Insurance Other coverages now offered as market expanding: Non damage business interruption Loss mitigation expenses Digital asset restoration Cyber extortion Crisis management costs www.actuariesindia.org

Cyber Risk Insurance Other coverages now offered as market expanding: Bodily injury Contingent business interruption System failure Notification costs www.actuariesindia.org

Agenda What is Cyber Risk? Cyber Risk Insurance Role of Cyber Security Challenges for the Industry Q&A www.actuariesindia.org

Role of Cyber Security Cyber Security budgets for many midsize and small companies are minimal As a result, those companies often have little or no IT expertise, are unable to follow through on IT consultant recommendations and accordingly focus only on “putting out fires” rather than managing long-term cyber risk issues www.actuariesindia.org

Role of Cyber Security Currently, there’s a general lack of objective proof that particular controls—policies, processes, technologies and otherwise—have measurable and positive risk management impacts Limited technology solutions exist for addressing cyber risks Most vendor options fall short of needed protection, and they don’t seem to be improving Technical controls are often too complicated and/or costly for businesses to implement www.actuariesindia.org

Role of Cyber Security The lack of available information about which cyber risks are most likely to materialize compounds these problems Without more security intelligence, most organizations cannot make informed decisions about where to best spend their limited cyber security budgets Some companies may be inclined to buy cyber security insurance rather than spend money on technology solutions and other cyber security controls They may opt to transfer risk entirely rather than invest in expensive and largely unproven cyber risk mitigation efforts www.actuariesindia.org

Agenda What is Cyber Risk? Cyber Risk Insurance Role of Cyber Security Challenges for the Industry Q&A www.actuariesindia.org

Challenges for the Industry Increasing regulatory pressure: UK Prudential Regulatory Authority expects firms to be able to identify, quantify and manage cyber insurance underwriting risk AM Best expects companies to be proactive and forthcoming with evaluation and measurement of cyber exposures www.actuariesindia.org

Challenges for the Industry General Liability is a large, profitable business for many insurers Lack of uniformity in implementation of cyber exclusions Insureds will test the markets if their current carrier cannot provide necessary coverages Cyber Risk is a growing line of business, with potential to generate future revenue increases www.actuariesindia.org

Challenges for the Industry Many of the risks that arise in cyberspace are not new (e.g., intellectual property theft, lost profits, privacy and reputational damages), and other professions are looking to actuaries to take the lead Actuaries are uniquely qualified to process this information to develop new, and enhance existing, Cyber Risk insurance products www.actuariesindia.org

Challenges for the Industry One major issue in Cyber Risk insurance is what level of cyber security carriers should demand from the insured If these levels are made too onerous, the marketability of the product will suffer However, standards that are too lax will encourage insureds to skimp on expensive cyber protection solutions Some have expressed the opinion that demanding the latest software patch updates from all employees is unreasonably onerous www.actuariesindia.org

Challenges for the Industry There are many causes of loss, and a data breach may be caused by several While not all of these causes can be controlled by insureds, one report found that 90 percent of cyber attacks over the previous year were preventable with simple or intermediate systems in place There’s clearly room for improvement in most organizations when it comes to cyber risk management www.actuariesindia.org

Challenges for the Industry Insurance should not cover those breaches in the insured’s control it exists to cover those things outside the insured’s control Carriers should motivate insureds to do what they can, through both compulsory precautions and policy terms www.actuariesindia.org

Challenges for the Industry Frequency and severity of events are the “holy grail” of cyber security risk management While companies can analyze the frequency of cyber incidents based on some available data, estimating severity is more difficult Different industries are held to different standards (e.g., the medical industry has higher cyber claims frequency because of the rigorous information security and privacy standards of the Health Insurance Portability and Accountability Act in the U.S.) www.actuariesindia.org

Challenges for the Industry Frequency is short tailed and companies generally find out quickly if they have been breached This has two implications: First, it makes it easier to price, and therefore a more insurable risk Second, it is rare more than one policy will be triggered with one event, and those rare events, generally related to cloud providers, can be specifically excluded from contracts www.actuariesindia.org

www.actuariesindia.org