Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.

Slides:

Advertisements

Similar presentations

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Advertisements

Travelers CyberRisk for Insurance Companies

Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.

Security Controls – What Works

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Commonwealth of Massachusetts Office of the State Comptroller March 2007.

© 2006 PCE Systems Ltd IT Systems Integrity Chris Nabavi BSc SMIEEE.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.

© 2009 IDBI Intech, Inc. All rights reserved.IDBI Intech Confidential 1 Information (Data) Security & Risk Mitigation.

NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.

Overview of Cybercrime

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

PCI: As complicated as it sounds? Gerry Lawrence CTO

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Cyber Risk Insurance. Some Statistics Privacy Rights Clearinghouse o From 2005 – February 19, 2013 = 607,118,029 records reported breached. Ponemon Institute.

PCI Compliance: The Gateway to Paradise PCI Compliance: The Gateway to Paradise.

Data Security and Payment Card Acceptance Presented by: Brian Ridder Senior Vice President First National September 10, 2009.

CYBER INSURANCE Luxury or necessary protection?. What is a data breach? A breach is defined as an event in which an individual’s name plus personal information.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

Cyber-insurance coverage: do you have it? Robert E. Sumner, IV, Esq. and Tosh Siao of Willis Group September 17, 2015.

ThankQ Solutions Pty Ltd Tech Forum 2013 PCI Compliance.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

OESAI COMPREHENSIVE GENERAL INSURANCE TECHNICAL TRAINING.

Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Chapter 8 Auditing in an E-commerce Environment

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

Law Firm LLP | Cyber Insurance | July 16th, 2014 Page 1 Cyber Exposure Landscape "The single biggest threat still is people inadvertently bringing down.

PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM Insurance Operations Update HIROC Risk Management Conference April 28, 2014 Heather Brown, Vice President.

Being there When you need us Thats our policy. Cyber Awareness – what can be done?

The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

Cyber: risk without borders Airmic 2016 Harrogate International Centre Tuesday 7 th June 2016.

Welcome to the ICT Department Unit 3_5 Security Policies.

Cyber Liability: New Exposures Presented by: Henriott Group © 2007, , Zywave Inc. All rights reserved.

Cyber Insurance Overview July 30, 2016 Wesley Griffiths, FCAS International Association of Black Actuaries.

Cyber Liability Insurance for an unsecure world

Cyber Insurance Risk Transfer Alternatives

Clients and Prospective Clients on the Threat of Cyber Crime

Breaking Down Cyber Liability

Financial Institutions – Cyber Risk

E&O Risk Management: Meeting the Challenge of Change

John A. Wright, CEO WIPFLI Client Appreciation June 8, 2017

Managing a Cyber Event Steven P. Gibson President

Cyber Insurance Overview

Chapter 3: IRS and FTC Data Security Rules

Information Security: Risk Management or Business Enablement?

I have many checklists: how do I get started with cyber security?

Society of Risk Management Consultants Annual Conference

Andy Hall – Cyber & Tech INSURANCE Specialist

Cyber Issues Facing Medical Practice Managers

Cyber Trends and Market Update

Understanding Cyber Insurance NASCUS/CUNA Cybersecurity Symposium

Forensic and Investigative Accounting

Cyber Security: What the Head & Board Need to Know

Presentation transcript:

Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter

Insurance of the risk Agenda What is ‘cyber’? Policy cover Claim response Underwriting information Risk management Summary 2

Insurance of the risk Policy covers – what is cyber? 3

Data –Personal or Commercial –Tangible or intangible –Loss or misuse –Negligence or malice Cyber –Hacks –Viruses –Denial of service attacks –Liability for online presence/activities 4

Insurance of the risk Policy covers – ‘First party’ 5 Cover overviewMain areas Breach costsCosts incurred in responding to an actual or suspected data breach Legal fees IT forensics Notification costs Credit monitoring services Call centre set up Cyber business interruptionBusiness interruption following cyber incident, including as a result of reputational damage Loss of income Increased costs of working Hacker damageCosts incurred in replacing/repairing damage caused by a hacker Computer systems Computer programmes Data held electronically Cyber extortionCosts incurred in the event of a threat to damage or disrupt computer systems, or publish information Ransom payment Consultant to handle negotiation

Insurance of the risk Policy covers – ‘Third party’ 6 Cover overviewMain areas Privacy protectionDefence costs and awards / settlements made following legal action or investigation as a result of a data breach, invasion of privacy, or breach of confidentiality Any breach of Data Protection Act Breach of confidence Regulatory fines / awards PCI charges Claims by employees Media liabilityDefence costs and awards / settlements made following legal action as a result of a company’s online presence Breach of intellectual property Defamation Transmission of a virus

It’s not just about the policy cover

Insurance of the risk Claim response 8 Time is of the essence when it comes to responding to an incident Structure enables rapid, expert response Provides access to expert partners to effectively manage an incident Insured is able to continue with running their business

What is the killer underwriting information?

Insurance of the risk Underwriting issues - data What? How much? Where? Why? How long? What protections? Previous breaches / investigations / complaints Breach preparedness 10

Insurance of the risk Underwriting issues - data 11

Insurance of the risk Underwriting issues - cyber Industry Controversiality Size / complexity of network Reliance on website / network Disaster recovery plan Remote access 12

Insurance of the risk Underwriting issues – risk management The basics Regular mandatory password updates Anti-virus software Defined process to patch systems Configured firewall Procedures to revoke access Compliance with DPA and PCI-DSS (if applicable) Written data security policy in place 13

Insurance of the risk Underwriting issues – risk management Intermediate / advanced Regular network scans Track, monitor and restrict access to personal data Data retention / purge policy CISO (or equivalent) in place Third party audit of privacy practices/network security Full data breach incident response plan in place Intrusion detection systems End-to-end encryption 14

Insurance of the risk Summary It’s not just about IT risk Claim response is even more important than underlying policy cover Turnover isn’t an adequate indicator of risk Basic steps can significantly reduce the risk 15

Thank you