BACKGROUND Hawkes Bay Holdings/Aquila Underwriting LLP Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced with Brit % Worldwide capacity of GBP5,000,000/USD10,000,000 Primary or excess, direct or reinsurance
TRENDS Media: – convergence amongst media interests to exploit the Internet and the social networking generation – digital opportunities for content distribution, subscription income and web page advertising – expenditure on Internet advertising outstripping traditional TV media buying Technology: – explosive growth in web applications, bandwidth, business process outsourcing and development of Web 2.0 or Cloud computing Brand: – increase in value and importance of intellectual property assets and brand recognition, aided by exploitation via digital distribution and viral marketing
PRODUCTS Liability and first party offerings: Media Liability Technology PI Cyber Liability Unplanned Infrastructure Event Network Security/Privacy Brand Protection Miscellaneous PI Incidental General Liability
CYBER A blended media perils, professional liability and network risk programme aimed at information and web technology users Cover for claims arising out of negligent acts, errors or omissions in the provision of services, as well as coverage for “media” claims including design rights arising out of content distributed electronically over the internet or otherwise Cyber liability and elements of network risk coverage are also incorporated: business interruption, increased costs, data restoration, data privacy, cyber extortion and crisis management coverage
UNPLANNED INFRASTRUCTURE EVENT Covering business interruption, business restoration, data restoration, cyber extortion, crisis management and privacy exposures Triggered by malicious act, hack, denial of service attack, virus, pandemic, system breach, administrative or operational error affecting the insured or their business outsource partner Cover for credit history checks and brand rehabilitation expense
DATA PRIVACY NETWORK SECURITY Covering the traditional third party and privacy exposures with crisis management and public relations expenses included for businesses that retain significant databases of personal or sensitive information The policy will provide defence expense coverage for regulatory agency investigation and data breach fines Media perils coverage is incorporated for the content of websites or advertising liability
RISK ISSUES: Traditional and web based content and services Technology infrastructure – own and third party People – innocent and malicious intent
RISK ISSUES… Activity: passive content advertising products and services or more interactive – blogs, discussion forum social networking and user generated content collection of personal information downloads and purchase of goods or services using credit cards linking to other sites Issues: media liability exposure to claims for defamation or infringement of copyright or trademark in own or other’s content responsibilities under Data Protection laws for security of information virus propagation liability for fraudulent use of credit card information vicarious liability
RISK ISSUES… Technology: electrical supply telecommunications information technology and infrastructure functionality and security software, data, intellectual property servers, PC’s, laptops, PDA data collection, databases, data mining outsource service providers Issues: business interruption, increased cost of working and extra expense loss or theft of data and subsequent replacement or restoration costs breach of security and subsequent loss or misuse of private or confidential information investigation by data regulator loss of PCI status remedial credit monitoring
RISK ISSUES … Technology: electrical supply telecommunications information technology and infrastructure functionality and security software, data, intellectual property servers, PC’s, laptops, PDA data collection, databases, data mining outsource service providers Issues: social engineering scams impaired functionality or corruption of data following targeted attacks by hackers or disgruntled employee cyber extortion threats denial of service attacks virus infection of key operating system failure of OSP – security, service levels, pandemic
RISK ISSUES … Cloud computing – internet-based computing, whereby shared resources, software and information are provided to computers and other devices on demand – users no longer have need for expertise in, or control over, the technology infrastructure "in the cloud" that supports them. – over-the-Internet provision of dynamically scalable and often virtualized resources Issues: loss of control of vendor selection reliance on contractual provisions jurisdictional and geographical exposures cross border breach of Data Protection legislation
IN SUMMARY: Losses could fall into both first and third party categories, with liability and financial implications for an organisation, including business interruption or reputational damage Third party risks include media liability from hosted content, as well as liability for losses of third parties that occur due to shortcomings in the Insured's field of responsibility. These can be caused by forwarded computer viruses, contractual penalties due to IT failures, intellectual property and in particular, privacy infringements after data theft. Breaches of security may leave a company liable to fines from regulatory bodies on the back of breaches of data protection laws First party risks are those losses and extra expense directly impacting the organisation. These include loss of profits due to theft of intellectual property, destruction of corporate information or data and most significantly, business interruption due to hacker or virus attacks and software failures. This could also include lost business as a result of sensitive corporate information being leaked to a competitor, as well as the consequential loss of reputation or damage to brand