1. Cyber Liability and Data Security+

2. 22 AGENDA What is Cyber? Exposure to Cyber Attacks Cyber Risk Management Anatomy of a Data Breach Insurance Coverage

3. What is Cyber?

4. 44 Development of Cyber Exposure  What is “Cyber” Cyber generally refers to Data Breach and related liabilities Includes non-digital exposures (e.g. loss of paper records) As there is no standard definition, it is important to read this term in context

5. 55 Development of Cyber Exposure Definition of Terms Personally Identifiable Information (PII) Private consumer information including Social Security Number, Driver’s License Number, Credit Card or Bank Account Number, and Medical Information Definition now includes a User ID and Password in combination (CA and FL) Personal Health Information (PHI) Private medical information A subset of PII

6. 66 Development of Cyber Exposure Definition of Terms (Continued) Data Breach Unauthorized theft or disclosure of private data (PII or PHI) Network Security and Privacy Liability Most common term for liability arising from a data breaches or other privacy violations Often used in contractual requirements for insurance

7. 77 Laws Protecting Consumers & Businesses  A series of overlapping State and Federal laws govern Data Privacy in the United States  Primarily enforced by the Federal Trade Commission, Department of Health and Human Services, and States’ Attorneys General.  Legal regime started in late 90’s early 2000’s in response to perceived lack of care by those collecting private data

8. 88 Laws Protecting Consumers & Businesses Overarching theme of data privacy laws: If you collect, store, or transmit protected consumer data, you must keep it safe!

9. 99 Laws Protecting Consumers & Business  California S.B. 1386 Effective July 1, 2003 First breach notification law of its kind Requires notification of “any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person” (source: www.leginfo.ca.gov)

10. 10 Laws Protecting Consumers & Business  47 States plus Washington DC now have data breach laws. Exceptions are Alabama, New Mexico, and South Dakota Applicable state breach law depends on state of domicile of the consumer, not the location of the affected business Encryption is a safe harbor

11. 11 Laws Protecting Consumers & Business HIPAA – Health Insurance Portability and Accountability Act (1996) HITECH – The Health Information Technology for Economic and Clinical Health Act (2009) Gramm-Leach-Bliley Act (1999) Red Flag Rules – Created by the FTC in 2008 Children’s Online Privacy Protection Act (1998) Payment Card Industry Data Security Standard (PCI- DSS)

12. Exposure to Cyber Attacks

13. 13 *Source: NetDiligence 2014 Claims Study

14. 14 What are the Exposures?  Hackers 30%  Virus/Malware 12%  Staff Error 14%  Rogue Employee 11%  Lost/Stolen Mobile Devices (laptops, smartphones, etc.) 10%  Paper Records 9%  Theft of Hardware 4%

15. 15 What is Social Engineering?  Use of deception to obtain unauthorized access. Phishing: Sending fake, but convincing emails to targets to obtain secure info Baiting: Leaving malware infected devices around target area Tailgating: Following authorized individuals into secure area

16. 16 What is Ransomware?  a type of malicious software designed to block access to a computer system until a sum of money is paid

17. Anatomy of a Breach What does a claim look like?

18. 18 Anatomy of a Data Breach  A business discovers private data was compromised… What do they do?

19. 19 Anatomy of a Data Breach  What NOT to do… Do not delete or wipe affected computer systems! Do not immediately notify customers or press! DO seek out experienced professionals for help

20. 20 Anatomy of a Data Breach  Breach Coach Expert attorney with specialization in data breach Communication is then privileged Understands patchwork of applicable laws  State, Federal, and Foreign Law can all apply  Expert attorney with specialization in data breach Good Breach Coaches provide calm, reasoned approach in time of crisis.

21. 21 Anatomy of a Data Breach  Forensics Team  Notification  Credit Monitoring  Call Center  Public Relations  Defense, Settlement, Fines, Penalties

22. 22 USLI PRODUCT FEATURES  $1500 average policy premium  Four Part Policy Part A: Data Breach Liability Part B: Data Breach Expense Part C: Website Liability Part D: Identity Theft Expense  Retentions start at $2500 ($0 for Identity Theft)  Separate limits for each coverage part Shared aggregate limit available for a premium reduction

23. 23 Cyber Liability and Data Security + Product Features Coverage Part A:  Data Breach Liability – Claims for failure to protect private information.  Security Breach Liability –Claims due to failure of security controls (anti-virus, firewalls..) to prevent data manipulation, transmission of malicious code and denial of service attacks.  Defense of Regulatory Proceedings – due to violations of federal or state laws regulating the protection of private information.  PCI Fines & Penalties – credit or debit card industry fines and penalties for inadequately securing payment card information.

24. 24 Cyber Liability and Data Security + Product Features Limits:  Part A – Data Breach Liability - $1million aggregate $1million Data Breach Liability $1million Security Breach Liability Up to $250,000 Defense of Regulatory proceedings Up to $100,000 PCI Fines & Penalties

25. 25 Cyber Liability and Data Security + Product Features Coverage Part B:  Data Breach Expense – Expenses incurred in responding to a Data Breach including; notification costs, public relations, forensics, data restoration and credit monitoring. Pay on behalf expense coverage Business Interruption available  Cyber Extortion Threat Expense– Extortion payments, expense to hire negotiators and rewards to catch extorters.

26. 26 Cyber Liability and Data Security + Product Features Limits:  Part B - $1,000,000 Aggregate Limit Data Breach Expense – $1,000,000 Business Interruption - $1,000,000 Cyber Extortion Threat Expense – Up to $25,000

27. 27 Cyber Liability and Data Security + Product Features Coverage Part C:  Website Liability- Coverage for claims of libel, slander, invasion of privacy, plagiarism, misappropriation of ideas and infringement of copyright and trademark arising from the Organization’s website activity  Limits: $1million aggregate

28. 28 Cyber Liability and Data Security + Product Features Coverage Part D:  Identity Theft – includes credit monitoring and other personal expenses incurred by board members, owners or partners in resolving Identity Theft. ID Experts’ team of Identity Theft specialists will guide any board member or owner through the process of resolving Identity Theft issues.  Limits: up to $100,000

29. Underwriting Cyber Liability

30. 30 Underwriting  Class  Revenue  Number of Records  Type of Records  Website  Security Measures

31. 31 Our product targets over 60 classes Accountants Architects/Engineers Contractors Consultants Convenience Stores Doctor’s Offices E-Commerce Sites Employment Agencies Hotels Motels Insurance Agencies Non-Profits Property Managers Restaurants Retail Stores Sales/Distributors Supermarkets Transportation

32. 32 The USLI Cyber Story  Growing demand for cyber coverage for small to medium businesses Ponemon Institute survey of businesses under $10 million in revenue found: 55% had a data breach, 53% had multiple breaches 70% would purchase insurance to mitigate the costs  $1 billion market in 2012. In comparison, Employment Practices Liability Insurance was $1.4 billion but has been around twice as long as Cyber Liability.  Cyber market is projected to grow to over $5 Billion!  General Liability forms may not cover privacy exposures

33. 33 The USLI Cyber Story  We are writing accounts with up to $25 million in revenue  100,000 Records/Credit Card Swipes

34. 34 Selling Cyber Liability and Data Security +

35. 35  The Business Resource Center offers a variety of services available on all USLI products including:

36. 36  The Business Resource Center only works to win business when it is a part of your sales discussion. Every quote includes an attachment promoting this message after the pre-filled application Our cost calculator can show your clients how to save big!

37. 37 eRisk Hub – managed by NetDiligence  Using proprietary tools anchored in proven risk management principals, NetDiligence provides a full range of enterprise-level information security, e-risk insurability and regulatory compliance assessment and testing services.  NetDiligence supports and is endorsed by some of the world's largest network liability insurance underwriters.

38. 38

39. 39 eRiskHub®  eriskhub.com/usli  Access Code: 08451

40. 40 USLI can work with you to support your sales and marketing efforts  Knowledgeable Underwriting Support  Customized marketing materials  Cross Sell Opportunities

41. 41 Moving forward  Questions and answers  Thank you for your time  Contact me for more information: Meredith Bennett, mbennett@usli.com, 888-523-5545, ext. 2598 Learn more about USLI products - usli.com/webinars