Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance October 6, 2009.

Slides:

Advertisements

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Advertisements

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Privacy Liability and Network Security May 17, 2011 L. Spencer Timmel, CITRMS PRESENTER Privacy and Network Security Specialist Hylant Executive Risk Practice.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.

Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.

Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Northern Insuring Agency 1. 2 Important Notice ●This presentation is not a representation that coverage does or does not exist for any particular claim.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.

Overview of Cybercrime

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

E-Government Information Privacy and Security Risk & Insurance STRIMA Portland, Maine September 10, 2007.

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

2 September 2015 Building Scalable Insurance Programs For Each Growth Stage of a Entrepreneurial Company.

AUGUST 25, 2015 Cyber Insurance:

Executive Risk Monday September 21, 2015 Northern Ohio Association for Financial Professionals 2015 Idea Exchange Seminar Data Security/Privacy (Cyber)

Cyber Risk Insurance. Some Statistics Privacy Rights Clearinghouse o From 2005 – February 19, 2013 = 607,118,029 records reported breached. Ponemon Institute.

W h y D o I N e e d C y b e r L i a b i l i t y I n s u r a n c e ?

CYBER INSURANCE Luxury or necessary protection?. What is a data breach? A breach is defined as an event in which an individual’s name plus personal information.

. E-Business Risk and Insurance.

Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,

Matt Foushee University of Tulsa Tulsa, Oklahoma Cyber Insurance Matt Foushee University of Tulsa Tulsa, Oklahoma.

Cyber-insurance coverage: do you have it? Robert E. Sumner, IV, Esq. and Tosh Siao of Willis Group September 17, 2015.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Have the Time? Steps to Deal with Cybercrime HFTP Annual Conference Bellevue, Washington October 23, 2015 Presented by: John D. Daum, CPA Scott Perry (Just.

Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Network Security & Privacy Discussion Colorado Community Health Network April 14, 2014 Presented by: Kevin Keilbach – Client Executive – Health Care Jeff.

Protecting Yourself from Fraud including Identity Theft Advanced Level.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

Law Firm LLP | Cyber Insurance | July 16th, 2014 Page 1 Cyber Exposure Landscape "The single biggest threat still is people inadvertently bringing down.

Cyber Summit 2016 Data Bytes and Frights Presented by: President and CEO Peter J. Elliott, CPCU.

The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

MEDICAL OFFICE COVERAGES. This is a short review over many insurance coverage parts necessary to a doctor’s practice. Not all apply, and there are other.

Cyber Liability: New Exposures Presented by: Henriott Group © 2007, , Zywave Inc. All rights reserved.

Cyber Insurance Overview July 30, 2016 Wesley Griffiths, FCAS International Association of Black Actuaries.

Cyber Insurance - Risk Exposures and Strategic Solutions

Cyber Liability Insurance for an unsecure world

Cyber Insurance Risk Transfer Alternatives

Clients and Prospective Clients on the Threat of Cyber Crime

Breaking Down Cyber Liability

Financial Institutions – Cyber Risk

E&O Risk Management: Meeting the Challenge of Change

Identity Theft Presentation

Managing a Cyber Event Steven P. Gibson President

Cyber Insurance Overview

Chapter 3: IRS and FTC Data Security Rules

Cyber Insurance: An Update on the Market’s Hottest Product

Society of Risk Management Consultants Annual Conference

Cyber Issues Facing Medical Practice Managers

Red Flags Rule An Introduction County College of Morris

Cyber Trends and Market Update

Understanding Cyber Insurance NASCUS/CUNA Cybersecurity Symposium

FAIR 2018 – Cyber Risks & Markets

Cyber Exposures The Importance of Risk Identification and Transfer

Cyber Liability Coverage – Sell it or get sued

Forensic and Investigative Accounting

Cyber Security: What the Head & Board Need to Know

Presentation transcript:

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance October 6, 2009

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 1 Michelle Lafferty – Corporate Counsel, Specialty Claims Counsel, Executive Risk Practice Hylant Group Cleveland Office

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 2 Agenda Examples & Statistics – Data Breach Examples & Statistics - Cyber attack Legislative Environment Insurance Coverage Policy Gap Analysis Insurers

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 3 Who is this man?!?

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 4 Laptop anyone?

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 5 Data Breach Examples Historical Large Losses  America Online: 30 Million  US Dept. of Veterans Affairs: 26.5 Million  Citigroup: 30 Million  TJX: 94 Million (double the original estimate) ♦ Required to provide three years of credit monitoring and three years of victim assistance as part of their class action settlement ♦ Criminals had access to the TJX system for 17 months ♦ TJX loss is estimated to be over $1.35 billion (source: Forrester Research)

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 6 Data Breach Examples Last 12 Months  Countrywide Financial: 2 Million (customers)  Hannaford Bros.: 1.5 Million (customers)  Fallon Community Health Plan: 30,000 (patients)  Harvard Law School: 21,000 (clients)  Barclays Bank: 17,000 (customers)  National Guard Bureau: 131,000 (soldiers)  Naval Hospital Pensacola: 38,000 (pharmacy customers)  Network Solutions: 573,000 (credit card holders)

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 7 Data Breach Examples  Heartland Payment Systems  6 th largest credit-card payment processor in the country  100 million card transactions each month, 250,000 businesses  May – November, 2008 spyware installed  Unencrypted credit card data – 250 million records  Magnetic strip data & names  More than 220 banks affected  Defense: No PII breached – 3 class action lawsuits anyway  $12.6MM expenses to date

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 8 Data Breach Examples More than 150 million American’s have had their information put at risk in the last 2 years.

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 9 Personal Data Statistics Summary of Ponemon Institute, LLC’s 2006 Annual Study: Cost of a Data Breach: Total Average Cost: $182 per lost record $4.8 million per breach Range of $226,000 to $22 million per breach Lost productivity costs averaged $30 per lost record Customer opportunity costs averaged $98 per lost record (turnover of existing customers and increased difficulty acquiring new customers) Direct incremental costs averaged $54 per lost record (unbudgeted spending for legal counsel, notification letters, discounted product offers, etc.)

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 10 Personal Data Statistics 23 million U.S. adults have received notification of a breach from companies 60% of respondents terminated or considered terminating their relationship with the company 14% were not concerned Almost 30% of reported breaches originated with external partners, consultants, outsourcers, or contractors More than 90% of all breaches were in digital form (laptops, electronic backups, and hacked or attacked systems) 47 states have passed some version of a database notification law

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 11 Cyber Attack Examples  Express Scripts (cyber extortion)  TD Waterhouse (unauthorized access)  YouTube (web site content)  Care First of Maryland (web site content)  Authorize.net (denial of service attack)  Six Apart, ltd. (denial of service attack)  Paine Weber (malicious code)

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 12 Cyber Statistics (2008 Computer Security Survey Report) 43% of companies surveyed experienced Cyber Security incidents in % of the companies surveyed experience targeted attacks Companies that experienced incidents, reported the following types Virus (50%) Insider Abuse (44%) Laptop theft/compromise (42%) Unauthorized access (29%) Bots (internet/web robots) (20%) Computer related financial fraud (12%) DNS compromised (domain names system) (8%) Over $500 per employee is spent by U.S. companies on IT Security The average direct financial loss reported was $289,000

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 13 Legislative Environment State Notification Laws HIPAA Gramm-Leach-Bliley FTC Red Flag Rules

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 14 Red Flag Rules recently became effective in January 2008 and compliance is required by November 1, Under these rules, covered accounts, creditors and businesses:  Must develop and implement a written privacy and security program  Must obtain approval of the initial written program from either its Board of Directors or an appropriate committee of the board of directors  Small businesses are not exempt  A covered entity cannot escape its obligation to comply by outsourcing  Businesses must exercise appropriate and effective oversight of service providers.  Service providers and contractors must comply by implementing reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft FACTA Red Flag Rules

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 15 Insurance – First Party Liability Business Interruption Lost income realized as a result of a hacker attack or a virus Extra expense Dependant business interruption Crisis Expenses Public relations expenses Notification expenses Regulatory defense Credit-monitoring and other services to customers Digital Asset Coverage Cost to restore or recollect data lost or stolen Extortion & Criminal Reward Fund Extortion monies paid and the cost of a cyber investigator Reward for information leading to arrest of hacker, cyber criminal

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 16 Insurance – Third Party Coverage Network Security Liability Protection for claims brought by third parties for the following: Theft of personally identifiable data Denial of service attack Virus transmitted to the third party Electronic Media Liability/Internet Liability Protection for claims brought by third parties alleging invasion of privacy, libel, defamation, copyright, title or trademark infringement with regard to information posted on an Insured’s website Privacy Extension Protection from claims arising out of theft or compromise of personally identifiable data regardless of method

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 17 Policy Gap Analysis General Liability Insurance - Coverage for bodily injury or property damage - Intentional acts are excluded - Intangible property is excluded Property Insurance - Coverage for loss of tangible property caused by a covered peril - Computer viruses are excluded - Intangible property is excluded - Business interruption coverage only applies if there has been a direct physical loss Crime Insurance - Coverage for theft of money, securities or other property - No coverage for theft of information, trade secrets and other types of confidential information Directors & Officers Liability Insurance - Coverage for claims alleging acts, errors and/or omissions committed by directors or officers of a company in such capacity Technology Errors & Omissions Liability Policy - Coverage for claims resulting from an Insured’s rendering or failure to render professional services to others for a fee

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 18 Policy Gap Analysis

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 19 Cyber Risk Insurers AIG Arch Beazley Chubb C.N.A. Darwin Hartford Hiscox U.S. Lloyd’s of London (AGM Syndicate)

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 20