Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Slides:

Advertisements

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Advertisements

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Travelers CyberRisk for Insurance Companies

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

AFM INTERNAL AUDIT NETWORK MEETING MUTUAL ONE GROVE PARK, LEICESTER Current ‘Hot Topics’ in Information Security Governance Auditing David Tattersall 03.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Cyber Insurance cs5493(7493). AKA E-commerce insurance E-business insurance Information system insurance Network intrusion insurance.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Recent Trends and Insurance Considerations March 2015

Security Controls – What Works

Network security policy: best practices

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Northern Insuring Agency 1. 2 Important Notice ●This presentation is not a representation that coverage does or does not exist for any particular claim.

October The Insider Financial Crime and Identity Theft Hacktivists Piracy Cyber Espionage and Sabotage.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Why are Small and Mid-Size Companies Easy Targets for Hackers, and What can You do to Protect Yourself? 2/11/2015 Asher Dahan.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Overview of Cybercrime

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

BUSINESS B1 Information Security.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

AUGUST 25, 2015 Cyber Insurance:

Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.

Cyber Risk Insurance. Some Statistics Privacy Rights Clearinghouse o From 2005 – February 19, 2013 = 607,118,029 records reported breached. Ponemon Institute.

CYBER INSURANCE Luxury or necessary protection?. What is a data breach? A breach is defined as an event in which an individual’s name plus personal information.

Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,

Matt Foushee University of Tulsa Tulsa, Oklahoma Cyber Insurance Matt Foushee University of Tulsa Tulsa, Oklahoma.

Cyber-insurance coverage: do you have it? Robert E. Sumner, IV, Esq. and Tosh Siao of Willis Group September 17, 2015.

Managing Your Cyber/E&O Risk with Willis FINEX Robert Barberi, Vice President, Willis Cyber Practice.

Friday, October 23, Jacqueline Harris, CPM®, CCIM® Director of Training & Administration Digital Realty Jacqueline Harris, CPM®, CCIM® Director.

Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.

Cybersecurity Risk, Remediation, Response Nathan Gibson, CCE, CEH.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Restaurant 1. 2 There are several different types of restaurant classifications, including: Family Style Fine Dining Fast Food Buffet.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

What lessons can we learn from other data breaches? Target Sentry Insurance Dynacare Laboratories 1 INTRODUCTION.

Cyber Summit 2016 Data Bytes and Frights Presented by: President and CEO Peter J. Elliott, CPCU.

Company Proprietary and Confidential Texas Association of Community Health Centers - Proprietary and Confidential Fourth and Goal: Score with Meaningful.

The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

Retail & Service 1. 2 The Retail & Service industry encompasses a wide variety of businesses. This segment includes: Businesses engaged in selling goods.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Cyber Insurance Overview July 30, 2016 Wesley Griffiths, FCAS International Association of Black Actuaries.

Cyber Insurance - Risk Exposures and Strategic Solutions

Cyber Liability Insurance for an unsecure world

Cyber Insurance Risk Transfer Alternatives

New A.M. Best Cyber Questionnaire

Financial Institutions – Cyber Risk

E&O Risk Management: Meeting the Challenge of Change

Managing a Cyber Event Steven P. Gibson President

Responding to Intrusions

Current ‘Hot Topics’ in Information Security Governance Auditing

Chapter 3: IRS and FTC Data Security Rules

Today’s Risk. Today’s Solutions. Cyber security and

Cyber Insurance: An Update on the Market’s Hottest Product

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

Cyber Issues Facing Medical Practice Managers

Cyber Trends and Market Update

Understanding Cyber Insurance NASCUS/CUNA Cybersecurity Symposium

1 Advanced Cyber Security Forensics Training for Law Enforcement Building Advanced Forensics & Digital Evidence Human Resource in the Law Enforcement sector.

Forensic and Investigative Accounting

Cyber Security: What the Head & Board Need to Know

Colorado “Protections For Consumer Data Privacy” Law

Anatomy of a Common Cyber Attack

Presentation transcript:

Tamra Pawloski Jeff Miller

The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of Chubb & Son. This presentation is advisory in nature and necessarily general in content. No liability is assumed by reason of the information provided. The information provided should not be relied on as legal advise or a definitive statement of the law in any jurisdiction. For such advise, a listener or reader should consult their own legal counsel.

Cyber Insurance: Having the Right Coverage Matters Agenda What is Cyber Insurance, who needs it and why? What questions should you ask your broker? What are the Typical Breach Expenses? How should a Company respond to or report cyber incidents? How can a Company minimize its risk with its Supply Chain?

What is Cyber Insurance, who needs it and why? Sometimes called “Data Breach Insurance”. Collect, store, and transmit some type of private information or use computer systems. Not all Breaches are Hackers 59% Negligence (Human Error, System Problems) 41% Criminal Act Total average cost of a data breach is now $5.4 million about $188 per person. Approx. cost $1,500 per $1M of coverage (depending on Carrier)

What is Cyber Insurance, who needs it and why? Cyber-insurance policies will depend on a company's size and the industry in which it operates, how much data it has and what a company already does to secure it. Coverage may include: Data Breach/Privacy Crisis Management Private Information Multimedia/Media Lost Laptop, Mobile Device Extortion Insider Activity Network Security Malware Online

What Questions should you ask about the Coverage? What security controls can you put into place that will reduce the premium? Will you have to undertake a security risk review of some sort? What is expected of you to reduce or limit the risks? The security / protection industry is very fast changing, how can the insurance ensure that your policy is current?

What Questions should you ask about the Coverage? Do all portable media/computing devices need to be encrypted? What about unencrypted media in the care or control of your third-party processors? Are all and any court attendances to defend claims from others covered? Are malicious acts by employees covered?

What Questions should you ask about the Coverage? Will you have to provide evidence of compliance to existing Data Protection Principles, in relation to your actual processing, to prove you were not acting disproportionately? Could you claim if you were not able to detect an intrusion until several months or years have elapsed, so you are outside the period of the cover, (as with the Red October malware which was discovered after about five years)?

What are the Typical Breach Expenses Forensics IT Forensic Expert Legal Expenses Cost of Examination Cost to Remediate what is found Notification Crafting, Printing, Mailing Letters $2 per person Call Centers Public Relations Public Relations Firm /Press Releases Credit Monitoring ($30 or $40 per person) Loss of Business Reputation Diversion of Personnel

How should a Company respond to or report cyber incidents? Have preventative measures Report the alleged crime to your law enforcement agency Engage an organization that specializes in cybercrime Contact your Insurance provider

3 rd Party Data Breach Management Sample types of breaches Personal Health Information Passwords Credit / debt cards, savings, checking, etc. Social Security Numbers Services Notification Services (customers) Call Center Services (incident response website, enrollment services and bureau alerts) Credit Monitoring, account restoration, and remediation services

How can a Company minimize its risk with its Supply Chain? Your business – Cyber Insurance & breach management services Suppliers – Cyber Insurance that are connected with your business network Supplier’s - suppliers? PII PHI ? ? Your BusinessYour Supplier Their Suppliers?

How can a Company minimize its risk with its Supply Chain? While natural disasters such as earthquakes, tsunamis and flooding have disrupted supply chains around the world, cyber attacks pose even greater risks as companies rely more on computers and the Internet to conduct their business.

How can a Company minimize its risk with its Supply Chain? Companies should implement a supply chain risk management program to proactively address these exposures, which does include insurance requirements.

How can a Company minimize its risk with its Supply Chain? Contract Language: Insurance for Internet, e-commerce, cyber security, network risk and exposures relating thereto (“Cyber- Liability Insurance”) which includes coverage for (1) computer or network systems attacks (2) denial or loss of service (3) introduction, implantation, or spread of malicious software code (4) unauthorized Access and use of computer systems and (5) privacy liability (meaning liability arising from the loss or disclosure of confidential information no matter how it occurs) with limits in an amount not less than $5,000,000 per occurrence and annual aggregate.

HOW READY ARE YOU???? Cyber-attacks typically target individual organizations or a well- defined group of organizations, but they have the potential to cripple a business sector, or even an entire country.