Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Slides:



Advertisements
Similar presentations
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Advertisements

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
Privacy (or Data) Breaches - Examples South Carolina Department of Revenue Hackers got into the SCDOR’s computers, and stole information on up to 3.2 Million.
Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,
“This workforce solution was funded by a grant awarded under Workforce Innovation in Regional Economic Development (WIRED) as implemented by the U.S. Department.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance October 6, 2009.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.
Recent Trends and Insurance Considerations March 2015

Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.
Overview of Cybercrime
©2015, Amy Stewart PC Title Here Cyber Insurance: The Future is Now Texas Lawyer In-House Counsel Summit May 8, 2015 Texas Lawyer In-House Counsel Summit.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
Non Physical Business Interruption Malcolm Randles, Underwriter, Kiln Syndicate February 2011.
AUGUST 25, 2015 Cyber Insurance:
Cyber Risk Insurance. Some Statistics Privacy Rights Clearinghouse o From 2005 – February 19, 2013 = 607,118,029 records reported breached. Ponemon Institute.
Cyber Security Nevada Businesses Overview June, 2014.
Onebeaconpro.com t f Cyber Liability Insurance Coverages and Trends Affecting Community Banks Craig M. Collins President,
CYBER INSURANCE Luxury or necessary protection?. What is a data breach? A breach is defined as an event in which an individual’s name plus personal information.
Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,
Matt Foushee University of Tulsa Tulsa, Oklahoma Cyber Insurance Matt Foushee University of Tulsa Tulsa, Oklahoma.
Cyber-insurance coverage: do you have it? Robert E. Sumner, IV, Esq. and Tosh Siao of Willis Group September 17, 2015.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Carlsmith Ball LLP Cyber Issues For Lawyers Deborah Bjes October 22 nd, 2015.
Managing Your Cyber/E&O Risk with Willis FINEX Robert Barberi, Vice President, Willis Cyber Practice.
Have the Time? Steps to Deal with Cybercrime HFTP Annual Conference Bellevue, Washington October 23, 2015 Presented by: John D. Daum, CPA Scott Perry (Just.
Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Restaurant 1. 2 There are several different types of restaurant classifications, including: Family Style Fine Dining Fast Food Buffet.
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
Understanding and Taking Risks Presented By: Steve Felker /2011.
Law Firm LLP | Cyber Insurance | July 16th, 2014 Page 1 Cyber Exposure Landscape "The single biggest threat still is people inadvertently bringing down.
PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM Insurance Operations Update HIROC Risk Management Conference April 28, 2014 Heather Brown, Vice President.
Cyber Summit 2016 Data Bytes and Frights Presented by: President and CEO Peter J. Elliott, CPCU.
The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
MEDICAL OFFICE COVERAGES. This is a short review over many insurance coverage parts necessary to a doctor’s practice. Not all apply, and there are other.
Retail & Service 1. 2 The Retail & Service industry encompasses a wide variety of businesses. This segment includes: Businesses engaged in selling goods.
How can your Captive help you manage Cyber risks?.
Cyber Liability: New Exposures Presented by: Henriott Group © 2007, , Zywave Inc. All rights reserved.
Cyber Insurance Overview July 30, 2016 Wesley Griffiths, FCAS International Association of Black Actuaries.
Cyber Insurance - Risk Exposures and Strategic Solutions
Cyber Liability Insurance for an unsecure world
Cyber Insurance Risk Transfer Alternatives
Breaking Down Cyber Liability
Financial Institutions – Cyber Risk
Financial Technology in Cyber Risks
Managing a Cyber Event Steven P. Gibson President
Cyber Insurance Overview
Chapter 3: IRS and FTC Data Security Rules
Cyber Insurance: An Update on the Market’s Hottest Product
Society of Risk Management Consultants Annual Conference
Cyber Issues Facing Medical Practice Managers
Cyber Trends and Market Update
Understanding Cyber Insurance NASCUS/CUNA Cybersecurity Symposium
FAIR 2018 – Cyber Risks & Markets
Cyber Exposures The Importance of Risk Identification and Transfer
Cyber Liability Coverage – Sell it or get sued
Forensic and Investigative Accounting
Cyber Security: What the Head & Board Need to Know
Presentation transcript:

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February 19, 2014 Open Agenda Item 6 – Cyber Risk

PAGE 2 AGENDA ● A NEW ENVIRONMENT ● CYBER RISKS IN NUMBERS ● IMPACT & CONSEQUENCES ● LOSS EXAMPLES BY COVERAGE TYPE ●QUESTIONS & ANSWERS State Compensation Insurance Fund Audit Committee Meeting – February 19, 2014 Open Agenda Item 6 – Cyber Risk

PAGE 3 A NEW ENVIRONMENT

PAGE 4 Laws & Regulations Regulatory changes with aggressive enforcement and penalties Failing to protect Personally Identifiable Information (e.g. employee, customer, vendor) or Personal Health Information or Corporate Confidential Information (e.g. customers, patients, members, employees) has material financial & regulatory consequences Risk Exposure Frequency and severity of cyber breaches has not improved with increased security spending and regulation “Industrialization” of private or confidential data theft Financial impact of a privacy breach can exceed $100MM Loss Trends Expenses & liabilities growing as underwriters are paying multi-million dollar losses Credit card issuers/banks are suing for cost to reissue cards Defrauded merchants are suing breached organizations Cyber Insurance Cost of risk transfer has decreased as more & more companies buy Cyber Insurance but there have been some recent market changes with large losses in late 2013 Insurer negotiated discounts on notification / credit monitoring services “Cyber” Insurance has broadened to address these risks A NEW ENVIRONMENT Privacy ~ A Heightened & Evolving Exposure State Compensation Insurance Fund Audit Committee Meeting – February 19, 2014 Open Agenda Item 6 – Cyber Risk

PAGE 5 New Culprits Loosely formed groups of people who are very good at hacking and work together to do so –(e.g. Anonymous; Lulzsec) State actors (e.g. China; Iran) New Information Targeted Corporate data and trade secrets Inside information Embarrassing information Corporate weaknesses New Motives Political and ideological Personal War / terrorism Revenge “Hacktivism” A NEW ENVIRONMENT What’s New In Cyber World?! State Compensation Insurance Fund Audit Committee Meeting – February 19, 2014 Open Agenda Item 6 – Cyber Risk

PAGE 6 CYBER RISKS IN NUMBERS

PAGE 7 Average records lost per breach: Over 383,000 in 2013 versus 83,870 in 2012 Total records breached: 822 million in 2013 versus 260 million in 2012 Other 2013 stats: Total breaches: over 2,100 Breaches per day: nearly 6 8 of 15 largest breaches of all time occurred during 2013 WILLIS BREACH STATS 2013 State Compensation Insurance Fund Audit Committee Meeting – February 19, 2014 Open Agenda Item 6 – Cyber Risk

PAGE 8 VERIZON REPORT 2013

PAGE 9 NUMBER OF BREACHES US DataLossDB.org State Compensation Insurance Fund Audit Committee Meeting – February 19, 2014 Open Agenda Item 6 – Cyber Risk

PAGE 10 CYBER RISKS IN NUMBERS A Global Exposure Source: 2012 Data Breach Investigations Report (Verizon) Breaches by Industry Group State Compensation Insurance Fund Audit Committee Meeting – February 19, 2014 Open Agenda Item 6 – Cyber Risk

PAGE 11 IMPACT & CONSEQUENCES

PAGE 12  Costs to comply with notification to consumers / employees, credit monitoring costs, cost of restoring data / public relations  Civil penalties and fines  Class Action suits  Legal costs: –Civil, regulatory and possibly criminal defense –Data Privacy counsel can cost over $700 p/hour; major breach involves millions in legal costs  Business Interruption Costs IMPACT & CONSEQUENCES High Potential Cost of a Data Breach State Compensation Insurance Fund Audit Committee Meeting – February 19, 2014 Open Agenda Item 6 – Cyber Risk

PAGE 13 LOSS EXAMPLES BY COVERAGE TYPE

PAGE 14 Privacy Injury Liability Private lawsuits as a result of unauthorized disclosure or use of private information in violation of privacy laws, government regulations or institutional policies. This coverage includes online and offline information and the cause can be by third-party custodians of information, employee mistakes or unsanctioned willful actions.  Loss Example – 40 million credit card numbers were stolen from large retailer, the resulting lawsuits from banks and customers exceeded $100 million Privacy Regulatory Proceedings and PCI Fines Covers defense of a proceeding or action brought by a privacy regulator and fines imposed where covered by law. Can include cover for PCI fines.  Loss Example – $2.25 million fine imposed on a drug store chain by the FTC and Department of Health and Human Services Settlement for the loss of millions of pharmacy records. LOSS EXAMPLES Privacy Liability State Compensation Insurance Fund Audit Committee Meeting – February 19, 2014 Open Agenda Item 6 – Cyber Risk

PAGE 15 Network Security Liability Covers claims arising from an inability to use or access your network, infection of others networks, information damage to other networks, inability of others to rely upon the accuracy, validity or integrity of their information residing on your network.  Loss Example – Hackers obtained access to debit card account records and changed limit parameters resulting in fraud and a liability of $10 million. Content Injury Liability Defamation, disparagement, copyright, trademark, publicity rights and content errors, etc. Covers computer readable content and can be expanded to all media  Can cover unauthorized expression and other exposures over social media sites by employees or others for whom a company might be responsible LOSS EXAMPLES Network & Content Liability State Compensation Insurance Fund Audit Committee Meeting – February 19, 2014 Open Agenda Item 6 – Cyber Risk

PAGE 16 Covers expenses incurred in responding to adverse publicity or media attention arising from a claim covered in the policy and other required response costs including: Privacy breach-related “Duty to Notify” costs Costs to procure credit monitoring services on behalf of customers. Call center costs Legal costs from responding to a breach Response coaching costs Forensic costs IT security response costs LOSS EXAMPLES Public Relations & Response State Compensation Insurance Fund Audit Committee Meeting – February 19, 2014 Open Agenda Item 6 – Cyber Risk

PAGE 17 Network Loss or Damage Covers costs to recreate or restore network pre-loss conditions. Attacks covered include those instigated by employees.  Loss Example – A broker dealer spent more than $3.5 million to remove timed malicious code designed to bring down the network. Business Interruption & Extra Expenses Covers lost online & offline income, as long as your income is network dependent and the loss is caused by security breach or errors plus expenses of avoiding such a loss.  Loss Example – Professional services firm was the victim of a hacker and lost all its work on an engineering project at a cost of $10 million. LOSS EXAMPLES Network Damages State Compensation Insurance Fund Audit Committee Meeting – February 19, 2014 Open Agenda Item 6 – Cyber Risk

PAGE 18 Electronic Theft Covers for theft via a network of money, securities, goods, services and intangible property (e.g., intellectual property).  Loss Example – Stolen credit cards numbers used to obtain goods through an online site and bank procedures are not followed preventing reimbursement form the acquiring bank Network Extortion Pays credible extortionist demands and response costs to demands for money against threats to release private information or bring down a network.  Loss Example – A large media company incurred significant costs responding to a hacker who showed he had access to the company’s networks and sought money from its celebrity CEO against a threat to bring the network down LOSS EXAMPLES Network Crime State Compensation Insurance Fund Audit Committee Meeting – February 19, 2014 Open Agenda Item 6 – Cyber Risk

PAGE 19 QUESTIONS & ANSWERS