September 18, 2018.

Slides:



Advertisements
Similar presentations
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Advertisements

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,
1 Credit card operation and the recent CardSystems incident HONG KONG MONETARY AUTHORITY 4 July 2005.
Responding to a Data Security Breach
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance October 6, 2009.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
INFORMATION SECURITY & PRIVACY OVERVIEW September 23, 2014.
Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.

Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Northern Insuring Agency 1. 2 Important Notice ●This presentation is not a representation that coverage does or does not exist for any particular claim.
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.
NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.
Overview of Cybercrime
Leadership, Knowledge, Solutions…Worldwide. Privacy & Data Security Understanding Identity theft The art of managing a crisis Jim Leonard – Marsh FINPRO.
©2015, Amy Stewart PC Title Here Cyber Insurance: The Future is Now Texas Lawyer In-House Counsel Summit May 8, 2015 Texas Lawyer In-House Counsel Summit.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
Business Continuity from an Insurance Perspective Presented by Jim Carter Manager, Risk & Insurance.
AUGUST 25, 2015 Cyber Insurance:
Cyber Risk Insurance. Some Statistics Privacy Rights Clearinghouse o From 2005 – February 19, 2013 = 607,118,029 records reported breached. Ponemon Institute.
Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.
CYBER INSURANCE Luxury or necessary protection?. What is a data breach? A breach is defined as an event in which an individual’s name plus personal information.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,
Cyber-insurance coverage: do you have it? Robert E. Sumner, IV, Esq. and Tosh Siao of Willis Group September 17, 2015.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Have the Time? Steps to Deal with Cybercrime HFTP Annual Conference Bellevue, Washington October 23, 2015 Presented by: John D. Daum, CPA Scott Perry (Just.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Security Mindset Lesson Introduction Why is cyber security important?
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
Cyber Summit 2016 Data Bytes and Frights Presented by: President and CEO Peter J. Elliott, CPCU.
The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Cyber Insurance Overview July 30, 2016 Wesley Griffiths, FCAS International Association of Black Actuaries.
Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.
Cyber Insurance - Risk Exposures and Strategic Solutions
Cyber Liability Insurance for an unsecure world
Breaking Down Cyber Liability
Financial Institutions – Cyber Risk
Financial Technology in Cyber Risks
Cyber Insurance presentation for: The 2nd Anti Cybercrime Forum Beirut, 29th November 2016 Alexander Blom, Head of Financial Lines, AIG MENA.
E&O Risk Management: Meeting the Challenge of Change
Managing a Cyber Event Steven P. Gibson President
Preparing for a Security Incident Response: Are You Compromise Ready?
Cyber Insurance Overview
Cyber Insurance 101 South Texas Chapter Risk & Insurance Management Society May 17, 2017 Matt C. Green, Marsh.
Chapter 3: IRS and FTC Data Security Rules
Cyber Insurance: An Update on the Market’s Hottest Product
Society of Risk Management Consultants Annual Conference
Cyber Issues Facing Medical Practice Managers
Red Flags Rule An Introduction County College of Morris
Cyber Trends and Market Update
HIPAA PRIVACY AWARENESS, COMPLIANCE and ENFORCEMENT
Ethics, Part 2 Chapter 5 pp National Income Tax Workbook™
FAIR 2018 – Cyber Risks & Markets
Cyber Exposures The Importance of Risk Identification and Transfer
By Joseph Carnevale, CIP Partner & Director of Sales
Cyber Liability Coverage – Sell it or get sued
Forensic and Investigative Accounting
Cyber Security: What the Head & Board Need to Know
Texas Assisted Living Association 2019 Conference
Presentation transcript:

September 18, 2018

Where to Find the Risks Technology Viruses, SQL Injections, DDoS attacks Structural vulnerability Social Media / Networking Phishing Internal Rogue employees Careless staff Regulatory SEC, FTC, state attorneys general 47 State Breach notification laws NIST Cybersecurity Framework HHS, HIPAA & HIPAA HITECH Identity Theft Red Flags Rule Foreign Laws General Data Protection Regulation Old School Laptop theft Dumpster diving External Customers Authors, producers, publishers, competitors Business associates Vendors / Suppliers Foreign and domestic organized crime Hackers / Hacktivists 2

Threat Vectors Simplified 3

The Value of Your Data Of the following, which is the least valuable type of data on the black market? Healthcare information (names, birth dates, insurance policy numbers, diagnosis codes) Credit card data Twitter username and password Social Security Number and date of birth (but no name) 4

The Value of Your Data Of the following, which is the least valuable type of data on the black market? Healthcare information (names, birth dates, insurance policy numbers, diagnosis codes) Credit card data Twitter username and password Social Security Number and date of birth (but no name) 5

Third Party Coverages Description Coverage Overview Coverage Part Third Party Coverages Description Privacy Liability Defense and liability for failure to keep information private or for failure of others that you have entrusted with information to keep it private (ex. pension actuary, data storage facility, credit card processor). Also includes liability for not properly notifying of a privacy breach. Coverage has expanded to include corporate confidential information and non-computer related information. Likely Claimants: Customers, employees Security Liability Defense and liability for failure of systems to prevent spread of virus or a denial of service to those that rely on systems due to a failure in network security. Likely Claimants: Customers Media Liability Online or Full Media? Defense and liability for libel, slander, disparagement, misappropriation of name or likeness, plagiarism, copyright infringement, negligence in content to those that relied on content. Likely Claimants: Authors, producers, publishers, competitors Technology Errors & Omissions Defense and liability for failure of technology products to perform their intended purpose or the failure to render technology services as intended. 6

First Party Coverages Description Coverage Overview Coverage Part First Party Coverages Description Breach Response Costs The following costs resulting from a privacy breach: To hire computer forensics investigator To hire a law firm to identify statutory obligations to notify affected individuals/regulators To provide notifications To setup a call center To offer of fraud monitoring to those impacted individuals Crisis Management / Public Relations Expenses Costs of public relations firm due to privacy or security incident. Regulatory Defense / Fines & Penalties Costs Costs to defend an action by Attorneys General, FTC, Office of Civil Rights or other regulators due to a privacy breach. Can also include associated fines & penalties. Likely Claimants: Attorneys General, FTC, OCR PCI-DSS Assessments A written demand you receive from a card association or acquiring bank for a monetary assessment of a fine or penalty due to your non-compliance with PCI Data Security Standards. 7

First Party Coverages Description Coverage Overview Coverage Part First Party Coverages Description Business Interruption / Extra Expense Loss of income or extra expense due to system shut down from security failure. Waiting period applies. Coverage extension also available for accidental outages or unplanned outages. Dependent Business Interruption An entity not owned, operated or controlled by you that you depend on to conduct your business. Data Restoration Costs incurred to replace, restore, or recollect digital assets from written records or from partially or fully matching electronic data records due to their alteration, corruption or destruction from a network operations security failure. Cyber Extortion Costs of consultants and extortion monies for threats related to interrupting systems and releasing private information. 8

First Party Coverages Description Other Insurance and Cyber Risk Coverage Part First Party Coverages Description Crime/Fidelity Coverage Coverage for first party funds stolen as a result of a hacking incident or social engineering. Directors and Officers Liability Shareholder suit as a result of harm to a company from a network security incident. Property Damage Coverage/Bodily Injury/General Liability A hacking incident that results in physical damage or bodily harm. 9

Data Breach Timeline Discovery First Response External Issues Actual or alleged theft, loss, or unauthorized collection/disclosure of confidential information that is in the care, custody or control of the Insured, or a 3rd for whom the Insured is legally liable. Discovery can come about several ways: Self discovery: usually the best case Customer inquiry or vendor discovery Call from regulator or law enforcement Forensic Investigation and Legal Review Forensic tells you what happened Legal sets out options/obligations First Response Public Relations Notification Remedial Service Offering External Issues Income Loss Damage to Brand or Reputation Regulatory Fines, Penalties, and Consumer Redress Civil Litigation Long-Term Consequences 10

A GROWING THREAT ENVIRONMENT Companies Continue to be Exposed to Cyber Risks Sony suffered a breach in its video game online network exposing names, addresses and possibly credit card data belonging to 77 million user accounts in what is one of the largest-ever Internet security break-ins. JP Morgan Chase was subject to 76 million Data Records breached and Staples reported over 1 million payment cards were stolen. Criminals access the personal details and Social Security numbers of more than 70 million people—the biggest health-care data theft to date. Wells Fargo, Bank of America, Citi Group and JP Morgan Chase were affected in a series of cyber security attacks that affected millions of customers. Target reported a major data breach and warned that up to 110 million records, including debit / credit card info were compromised. Ebay was subject to 145 million User Data Records breached TJX Companies was hacked, exposing credit cards and transaction details for 94 million records. A flaw in Pinterest site’s API exposed users’ email addresses – 70 million records were affected. July 2008 January 2012 March 2013 October 2013 January 2014 April 2014 September 2014 December 2014 January 2007 September 2011 September 2012 March 2013 December 2013 May 2014 October 2014 February 2015 1.1 million payment cards exposed A data breach targeting Michaels – a national chain of arts and crafts stores – impacted more than 3 million customers. Over 24 million customers were impacted in massive security breach. Zappos CEO issues letter and urges all customers to change their passwords. Adobe announces that a hack of company systems exposed customer names, IDs, encrypted passwords, and debit/credit card info impacting 152 million records. Sony reported over 47,000 employee records, personal emails and documents were breached. Facebook experienced a glitch during testing of a new design that exposed 80 million records of users’ birth dates. Evernote is hacked and requests 50 million users to change their passwords. Multiple breaches impacting millions of payment cards and store locations, 56 million Payment cards and over 1,500 locations breached among this group of companies. Marsh FINPRO Cyber Practice

Breach Scenario Hackers are able to exploit a weakness in Big Box’s system through a facilities management vendor with less sophisticated controls and IT. Hackers install in Memory-Scraping Malware at many of Big Box’s POS terminals designed to capture unencrypted, plain text, credit card data prior to it being encrypted. Malware is designed to target Track 1 and Track 2 data – includes: a cardholder's name, card number, expiration date, and the card's three-digit security code (enough information to replicate a credit card) 12

Breach Scenario CEO to Risk Manager: What type of costs (1st party) and liability (3rd party) could we incur as a result? How will we pay for it all? Big Box’s direct 1st party costs: -Investigation: Computer forensics -Legal: Regulatory requirement ; Managing PCI investigation -Notify affected customers -Public relations firm, to deal with PR fallout -Overtime for Big Box employees -Possible lost sales due to consumer backlash. Do we have Insurance for this? -Yes, under a typical Security & Privacy insurance policy (aka Cyber insurance) the above is typically covered except for employee overtime and lost sales. 13

Breach Scenario What type of liability (3rd party) could we incur as a result? How will we pay for it all? PCI Assessments: (Specific PCI coverage under Cyber policy) a. “Fines “for non-compliance with PCI DSS b. Case Management Fee/Investigation c. “Assessments”: Cost of heightened fraud monitoring; card reissuance. Consumer class action: (Covered under privacy liability portions of a Cyber insurance policy) Regulatory action: investigation/defense of a regulatory action, resulting from an alleged violation of a Privacy Law. 14

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.