Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Insurance presentation for: The 2nd Anti Cybercrime Forum Beirut, 29th November 2016 Alexander Blom, Head of Financial Lines, AIG MENA.

Published byRuth McDowell Modified over 6 years ago

Similar presentations

Presentation on theme: "Cyber Insurance presentation for: The 2nd Anti Cybercrime Forum Beirut, 29th November 2016 Alexander Blom, Head of Financial Lines, AIG MENA."— Presentation transcript:

1 Cyber Insurance presentation for: The 2nd Anti Cybercrime Forum Beirut, 29th November 2016 Alexander Blom, Head of Financial Lines, AIG MENA

2 Threat Actors Criminals Spies Hacktivists Insiders Military Terrorists

3 Cyber Risk in the Financial Services Sector
Theft or Loss of Data Personal data, business data, any data with black-market value is at risk Motive: financial or competitive gain Data Destruction Wiping or scrambling electronic data Motive: ideological, extortion, terrorism, or war Communication Disruptions Website or network disruption; website defacement; social media takeover Theft of Monies, Securities, Funds, etc. Beyond the theft of data: money and securities are a high value target both physically and electronically Motive: financial

4 Financial Institutions Cyber Risk
Sensitivity of Data Headline Risk & High Value Targets Regulatory Oversight Financial data is a special class much like medical data Financial data is both inherently valuable and useful for facilitating other threat vectors Both consumer and commercial customers have sensitive data Financial data has monetary value both on the black market and intrinsically Financial institutions are often considered critical infrastructure and systemically important Money and securities are a high value target both physically and electronically Reputation is extremely important and a high value / high impact target Attacks against financial institutions make great headlines Financial institutions are one of the most regulated industries The combination of increasing data privacy regulatory scrutiny and financial regulatory oversight creates increased challenges to firms Cost of regulatory compliance in addition to cyber security and operations spend

5 End-to-End Risk Management Approach
Prevention Insurance Coverage Breach Resolution Team Education via CyberEdge®, RiskTool, and eRisk Hub Third-Party Loss Resulting From a Security or Data Breach 24/7 Breach Support Compliance via RiskTool Direct First-Party Costs of Responding to a Breach Legal and Forensics Services Assessment via K2 Intelligence, Bitsight, IBM, Axio, and RSA Security Lost Income and Operating Expense Resulting From a Security or Data Breach Notification, Credit, and ID Monitoring Call Center Protection via RiskAnalytics Shunning Tool Threats to Disclose Data or Attack a System to Extort Money Crisis Communication Experts Consultation by KPMG Online Defamation and Copyright and Trademark Infringement Over 15 Years’ Experience Handling Cyber-Related Claims

6 (To Your Organization)
Cyber Loss Spectrum Losses due to cyber events (data breaches, destructive attacks, and other unauthorized access or use of your computer systems) can be categorized into these four quadrants: 1st Party Damages (To Your Organization) 3rd Party Damages (To Others) Financial Damages Tangible (Monetary) Damages

7 Financial / 1st Party Damages
Cyber Loss Spectrum Response costs: forensics, credit monitoring, notifications, crisis management, public relations Legal expense: advice and defense Revenue losses from network or computer outages, including cloud Cost of restoring lost data Cyber extortion expenses 3rd Party Tangible (Monetary)

8 (To Your Organization) (To Your Organization)
Financial / 1st Party Damages Available Insurance AIG offers this coverage as a part of CyberEdge, in the Event Management, Network Interruption, and Cyber Extortion coverage sections. 1st Party Damages (To Your Organization) 3rd Party Damages (To Others) Response costs: forensics, credit monitoring, notifications, crisis management, public relations Legal expense: advice and defense Revenue losses from network or computer outages, including cloud Cost of restoring lost data Cyber extortion expenses 1st Party Damages (To Your Organization)

9 Financial / 3rd Party Damages
Cyber Loss Spectrum 3rd party entities may seek to recover: Consequential revenue losses Restoration expenses Legal expenses Their credit monitoring costs Value of their intellectual property stolen from you 3rd party entities may issue or be awarded civil fines and penalties. 1st Party Tangible (Monetary)

10 (To Your Organization) (To Your Organization)
Financial / 3rd Party Damages Available Insurance 3rd party entities may seek to recover: Consequential revenue losses Restoration expenses Legal expenses Their credit monitoring costs Value of their intellectual property stolen from you 3rd party entities may issue or be awarded civil fines and penalties. AIG offers this coverage as a part of CyberEdge, in the Security and Privacy Liability coverage section. 1st Party Damages (To Your Organization) 3rd Party Damages (To Others) 1st Party Damages (To Your Organization) 1st Party Tangible (Monetary)

11 Tangible (Monetary) / 1st Party Damages
Cyber Loss Spectrum 3rd Party Financial Theft of Funds of your monies, securities, funds, etc. Destruction or damage to your facilities or other property Reputational Harm to your operation (valuation) Lost revenues from physical damage or reputational harm Your Intellectual Property compromise, both value and use

12 Tangible (Monetary) / 1st Party Damages
Available Insurance 3rd Party Financial Property policies and fidelity/crime policies may cover these cyber-peril losses. Potential pitfalls: Silence Cyber exclusions Other applicable exclusions (data, terrorism, etc.) Theft of Funds of your monies, securities, funds, etc. Destruction or damage to your facilities or other property Reputational Harm to your operation (valuation) Lost revenues from physical damage or reputational harm Your Intellectual Property compromise, both value and use (Traditional) cyber policies typically exclude bodily injury (BI), property damage (PD), Theft of Funds and Intellectual Property & Reputation value loss

13 Tangible (Monetary) / 3rd Party Damages
Cyber Loss Spectrum 1st Party Financial Mechanical breakdown of others’ equipment Destruction or damage to others’ facilities or property Theft of Funds of customers, in your custody Lost revenues from physical damage Bodily injury to others

14 Tangible (Monetary) / 3rd Party Damages
Available Insurance 1st Party Financial Mechanical breakdown of others’ equipment Destruction or damage to others’ facilities or property Theft of Funds of customers, in your custody Lost revenues from physical damage Bodily injury to others Other policies may cover these cyber losses; subject to the same potential issues as Property. (Traditional) cyber policies typically exclude bodily injury (BI) and property damage (PD)

15 Addressing Financial Institutions Cyber Loss
Insurance market needs: A better understanding of the risks, threats and vulnerabilities faced by the financial services sector so that insurance can provide more comprehensive solutions Further exploration of “cyber as a peril” and how many policies can be impacted (E&O, EPL, Fidelity, D&O, etc.) Financial Tangible (Monetary) 3rd Party 1st Party Financial Institutions’ needs: Clarifications in cyber insurance policies, cyber coverages and additional cyber risk mitigation services Continually developing insurance offering customized to financial institutions’ needs

16 Pricing and Underwriting Considerations
Factor Considerations Industry/Revenue What industry does the insured belong to? What is the insured’s annual revenue? Claims History How many claims are made annually on average? What is the largest claim payment experienced by the insured? Type of Data What type of data and information is processed, stored, and maintained? How hard is the data to replace or recreate? IT Controls Are all technology platforms updated regularly with their respective security patches? Does the organization enforce encryption controls for all sensitive data at rest and transit? Regulatory Compliance Is the applicant compliant with applicable regulations (PCI, HIPAA, etc.)? Governance Does the applicant have formal information security and privacy policies in place? Outsource Vendors What is the applicant’s due diligence process prior to engaging a new vendor? Do contracts with vendors contain an indemnification provision? Internal Threat Does the applicant require all computer users to undergo security awareness training program?

17 Contact Information Alexander Blom Head of Financial Lines, MENA AIG MEA Limited, Dubai Aisling Malone Professional Indemnity & Cyber Lead, MENA AIG MEA Limited, Dubai

18 American International Group, Inc
American International Group, Inc. (AIG) is a leading international insurance organization serving customers in more than 130 countries.. AIG companies serve commercial, institutional, and individual customers through one of the most extensive worldwide property-casualty networks of any insurer. In addition, AIG companies are leading providers of life insurance and retirement services in the United States. AIG common stock is listed on the New York Stock Exchange and the Tokyo Stock Exchange. Additional information about AIG can be found at | YouTube: | | LinkedIn: AIG is the marketing name for the worldwide property-casualty, life and retirement, and general insurance operations of American International Group, Inc. For additional information, please visit our website at All products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Products or services may not be available in all countries, and coverage is subject to actual policy language. Non-insurance products and services may be provided by independent third parties. Certain property-casualty coverages may be provided by a surplus lines insurer. Surplus lines insurers do not generally participate in state guaranty funds, and insureds are therefore not protected by such funds.

Download ppt "Cyber Insurance presentation for: The 2nd Anti Cybercrime Forum Beirut, 29th November 2016 Alexander Blom, Head of Financial Lines, AIG MENA."

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.

Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,

Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.

Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
TERRORISM / POLITICAL VIOLENCE SOLUTIONS FAIR International Insurance Conference on Political Violence 12-13 April 2010 – Karachi Daniel O’Connell

TERRORISM / POLITICAL VIOLENCE SOLUTIONS FAIR International Insurance Conference on "Political Violence" April 2010 – Karachi Daniel O’Connell
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
Understanding the Risks & Liberating the Business Michael Jensen, Head of Commercial Lines, Arabia The Business Of Governance, 4 th September 2013.

Understanding the Risks & Liberating the Business Michael Jensen, Head of Commercial Lines, Arabia The Business Of Governance, 4 th September 2013.
Overview of Cybercrime

Overview of Cybercrime
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
AUGUST 25, 2015 Cyber Insurance:

AUGUST 25, 2015 Cyber Insurance:
Cyber Risk Insurance. Some Statistics Privacy Rights Clearinghouse o From 2005 – February 19, 2013 = 607,118,029 records reported breached. Ponemon Institute.

Cyber Risk Insurance. Some Statistics Privacy Rights Clearinghouse o From 2005 – February 19, 2013 = 607,118,029 records reported breached. Ponemon Institute.
Combustible Dust: Solutions Delayed Presentation with Update and Discussion REEF Meeting – October 3, 2014 Edmund B. Cordova, CSP.

Combustible Dust: Solutions Delayed Presentation with Update and Discussion REEF Meeting – October 3, 2014 Edmund B. Cordova, CSP.
Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.

Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.

Similar presentations

Ads by Google