©2015, Amy Stewart PC Title Here Cyber Insurance: The Future is Now Texas Lawyer In-House Counsel Summit May 8, 2015 Texas Lawyer In-House Counsel Summit.

Slides:



Advertisements
Similar presentations
A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.
Advertisements

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Basics of Insurance Law PLI: Bridge the Gap II Robert H. Friedman May 26, 2005 Robert H. Friedman May 26,
Commercial Insurance: What Every GC Should Know Edwin L. Doernberger, Esq. Jeffrey J. Vita, Esq. Tuesday, October 7, 2008.
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,
Law I Chapter 18.
Managing Cyber Risk Through Insurance and Vendor Contracts
Page 1 Recording of this session via any media type is strictly prohibited. Edward M. Joyce Partner Jones Day Invasion of Privacy, Hacking & IP Claims:
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.
Recent Trends and Insurance Considerations March 2015

Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.
NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.
Overview of Cybercrime
Insurance Coverage for IT Security Breaches International Technology Law Association San Francisco, CA – May 4, 2006 Steven Brower Stephan Oringher Richman.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
NYSTA 2012 Annual Conference Telcom Insurance Group Presented by: Joyce Hermann, AU, CISR Sr. Account Executive Insure IT, Manage IT But Never Ignore IT…
AUGUST 25, 2015 Cyber Insurance:
Volunteer Leadership Learning Series Session: Chartered Alumni Organizations - Insurance Coverage Presenter: James A. Breeding, Director Risk Management.
Presented by David P. Schack, Partner June 29, 2006 Insurance Coverage For Multi- State Investigations: Can You Get Your Insurer to Pay for.
Cyber Risk Insurance. Some Statistics Privacy Rights Clearinghouse o From 2005 – February 19, 2013 = 607,118,029 records reported breached. Ponemon Institute.
Directors & Officers Liability Insurance against the decisions you make.
. E-Business Risk and Insurance.
17 - 1Copyright 2008, The National Underwriter Company Professional Liability/Errors & Omissions Insurance  What is it?  Individual’s or organization’s.
Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,
Matt Foushee University of Tulsa Tulsa, Oklahoma Cyber Insurance Matt Foushee University of Tulsa Tulsa, Oklahoma.
Cyber-insurance coverage: do you have it? Robert E. Sumner, IV, Esq. and Tosh Siao of Willis Group September 17, 2015.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
Managing Your Cyber/E&O Risk with Willis FINEX Robert Barberi, Vice President, Willis Cyber Practice.
Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Restaurant 1. 2 There are several different types of restaurant classifications, including: Family Style Fine Dining Fast Food Buffet.
NCBFAA Annual Conference 2015 Orlando Converging Logistics: Realities vs. Possibilities Cyber Insurance Bernie Cissek, Chairman.
Directors and Officers and Entities Oh My!! Chris Amrhein, AAI Amrhein and Associates, Inc. Lorton, VA
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
Professional Liability Insurance Overview of Exposure and Insurance Physicians Professional Liability Insurance Accountants Professional Liability Insurance.
Law Firm LLP | Cyber Insurance | July 16th, 2014 Page 1 Cyber Exposure Landscape "The single biggest threat still is people inadvertently bringing down.
JEFFREY L. HUNTER SR RISK ANALYST County of Riverside Human Resource Dept. Risk Management Div. Insurance Requirements In Contracts.
The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
Cyber Liability: New Exposures Presented by: Henriott Group © 2007, , Zywave Inc. All rights reserved.
INDEMNITY The University of Texas System Office of General Counsel Dana Hollingsworth, Attorney.
Cyber Insurance Overview July 30, 2016 Wesley Griffiths, FCAS International Association of Black Actuaries.
Cyber Insurance - Risk Exposures and Strategic Solutions
Cyber Liability Insurance for an unsecure world
Cyber Insurance Risk Transfer Alternatives
Breaking Down Cyber Liability
Financial Institutions – Cyber Risk
Managing a Cyber Event Steven P. Gibson President
Cyber Insurance Overview
Cyber Insurance: An Update on the Market’s Hottest Product
Society of Risk Management Consultants Annual Conference
Cyber Issues Facing Medical Practice Managers
Cyber Trends and Market Update
Understanding Cyber Insurance NASCUS/CUNA Cybersecurity Symposium
Cyber Exposures The Importance of Risk Identification and Transfer
Forensic and Investigative Accounting
Retirement Benefit Fund, Trustee and Third Party Provider Insurance
Cyber Security: What the Head & Board Need to Know
Presentation transcript:

©2015, Amy Stewart PC Title Here Cyber Insurance: The Future is Now Texas Lawyer In-House Counsel Summit May 8, 2015 Texas Lawyer In-House Counsel Summit May 8, 2015

©2015, Amy Stewart PC Cyber Risks in 2015  Two years ago – “not if, but when”  Today – those who know they’ve been hacked and those who haven’t yet discovered the breach  Risks evolving rapidly  As corporate America tries to get ahead of cyber exposures, insurance industry scurrying to provide solutions  Assessing constantly-changing risks  Underwriting challenges

©2015, Amy Stewart PC Cyber Risks in 2015  Cyber security breaches rose 48% between 2013 and 2014, with 42.8 million incidents reported  Financial losses attributed to these incidents also increased 34% in 2014  Institutions hit in 2014—  Adobe = 152 million records  eBay = 145 million records  JP Morgan Chase = 76 million records  Target = 70 million records  Home Depot = 56 million records

©2015, Amy Stewart PC Cyber Risks in 2015  Many businesses unaware of the magnitude of their cyber risk exposure  Others are working hard to get their arms around the risk  Less than 25% of Fortune 500 companies have adequate cyber coverage in place  More than 50 insurers provide some sort of cyber insurance, some very limited  Traditional policies = very limited (if any) coverage, especially today

©2015, Amy Stewart PC Cyber Risks in 2015  Most businesses unaware of the magnitude of their cyber risk exposure  Less than 25% of Fortune 500 companies have adequate cyber coverage in place  More than 50 insurers provide some sort of cyber insurance, some very limited  Traditional policies = very limited (if any) coverage

©2015, Amy Stewart PC Limitations of Conventional Coverage  Commercial General Liability (CGL)  Coverage A – “Bodily Injury or Property Damage”  ISSUE : Electronic data is NOT tangible property  Coverage B – “Advertising and Personal Injury”  ISSUE : Too narrow to protect insured as it covers specific types of injury—not including misuse or disclosure of private information

©2015, Amy Stewart PC Limitations of Conventional Coverage  Case Study – Sony  2011 Playstation II Breach  Breach = publication under CGL, Coverage B  Trial court said coverage only if publication was by Sony; liability arising from hacker actions not covered  While appeal pending, Sony and Zurich settled (April 30, 2015)

©2015, Amy Stewart PC Limitations of Conventional Coverage  Case Study – Sony  Incident  Sony Pictures CEO: company was covered by cyber policy  Insurers paid most of loss, estimated at $100 million  Uninsured cost to Sony = $15 million

©2015, Amy Stewart PC Limitations of Conventional Coverage  Professional Liability | Errors & Omissions (E&O)  May provide coverage depending on nature of the “professional services”  ISSUE : non-technology insureds are unlikely to have coverage for common cyber exposures  Business Interruption Insurance  ISSUE : does not cover business interruption loss caused by damage to non-tangible property, i.e., data

©2015, Amy Stewart PC Cyber & Privacy Insurance  Broadly speaking, cyber insurance covers risks and liability associated with e-business, the Internet, computer networks and technology, privacy issues, computer virus transmission and other means by which compromised data is passed to a third party  Policies vary widely; not standardized (although ISO has begun promulgating forms)

©2015, Amy Stewart PC Cyber Policies – Basic Concepts  First-Party Coverage  Covers the insured’s own loss and expenses  Cyber theft  Failure of insured’s systems  Network interruption coverage  Privacy event management, breach notification costs, call center expenses  Cyber extortion – pays “ransom” costs  Forensic investigation costs  Cost associated with restoration of data (often subject to a large retention)

©2015, Amy Stewart PC Cyber Policies – Basic Concepts  Third-Party Coverage  Covers the insured’s exposure to others  Defense costs for litigation initiated against insured  Indemnity for cyber-related claims  Damages to third-party claimants  Fines + penalties  Breach notification costs  Crisis management  Call centers  Credit / identity monitoring

©2015, Amy Stewart PC Cyber Policies – Basic Concepts  Insuring agreement – sample #1 The Company shall pay Loss on behalf of an Insured on account of any Claim first made against such Insured during the Policy Period, or, if exercised, during the Extended Reporting Period, for Injury.

©2015, Amy Stewart PC Cyber Policies – Basic Concepts  Insuring agreement – sample #2 The Insurer shall pay on an Insured’s behalf all Loss in excess of the applicable Retention that such Insured is legally obligated to pay resulting from a Claim alleging a Security Failure or a Privacy Event.

©2015, Amy Stewart PC Cyber Policies – Basic Concepts  Definition of Claim —  a written demand for money, services, non- monetary relief or injunctive relief;  a Suit ; or  a Regulatory Action Regulatory Action = request for information, civil investigative demand or civil proceeding brought by or on behalf of a governmental agency, including requests for information.

©2015, Amy Stewart PC Cyber Policies – Basic Concepts  Claims-made coverage v. occurrence- based coverage  Claims-made = coverage triggered when a claim is made against an insured (common for third-party coverages)  Occurrence-based = coverage triggered by an injury  Some policies providing multiple coverages may combine the two types—can be confusing  Important for determining which policy is triggered

©2015, Amy Stewart PC Specific Cyber Coverages  Breach Notification Expenses  Necessary due to emerging regulations on notifying those affected by a security breach  May be provided with no deductible  E-Theft  Protects insured from fraudulent transfers of funds or property as result of theft-related cyber crimes  Loss, damage or destruction of media (non-tangible property) may also be included in cyber theft coverage

©2015, Amy Stewart PC Specific Cyber Coverages  Crisis Management & Reward Expenses  Likely need coverage for a team to manage publicity surrounding a privacy or security breach. This team might include:  Breach Coach  Legal Counsel  Information security forensic investigator  Public Relations Consultant  Advertising or Media Relations  Also covers reward expenses incurred due to the investigation of a cyber-security event

©2015, Amy Stewart PC Specific Cyber Coverages  Denial or Impairment of E-Service  Fills gap in business interruption policy by covering losses caused by damage to non-tangible property  Specifically, will cover loss incurred as the result of impairment or denial of insured’s business activities caused by a  Hacker,  Rogue employee, or  Cyber terrorist

©2015, Amy Stewart PC Specific Cyber Coverages  E-Communication  Covers a loss caused by:  transfer of fund or property,  debiting of an account or  establishment of credit pursuant to the direction of a fraudulent e- communication that purports to have been initiated by the insured  Might protect from risk of loss to third parties for which the insured may be liable

©2015, Amy Stewart PC Specific Cyber Coverages  E-Vandalism  Loss to data and intangible property caused by cyber terrorists or hackers  E-Threat  “Kidnap and Ransom” coverage  Cyber extortion  E-Signature  Loss resulting from insured’s acceptance of and reliance upon a fraudulent e-signature

©2015, Amy Stewart PC Common Exclusions Basic exclusions—  Claims arising from violations of ERISA  Criminal, fraudulent or dishonest acts by an insured  Breach of contract  Claims brought by insureds  Patent infringement  Bodily injury

©2015, Amy Stewart PC Common Exclusions Exclusions designed to push risks back to the insured—  Data lost from unencrypted devices  Inadequate security about which the insured knows (potential D&O issue)  Failure to take steps to design, maintain and upgrade security systems (D&O)  Failures of security software (D&O)

©2015, Amy Stewart PC Negotiating Points  Make sure entities are covered, not just insured persons  Pay attention to policy provisions that limit covered locations  Make sure any war exclusions have a cyberterrorism carve-back  Consider sublimits in view of risk transfer objectives  Request pre-approval of vendors, if desired

©2015, Amy Stewart PC Questions?

Contact Information Amy Elizabeth Stewart AMY STEWART LAW Mockingbird Station 5307 E. Mockingbird Lane, Suite 425 Dallas, Texas main

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.