Presentation is loading. Please wait.

Presentation is loading. Please wait.

Society of Risk Management Consultants

Published byTeresa Brooks Modified over 6 years ago

Similar presentations

Presentation on theme: "Society of Risk Management Consultants"— Presentation transcript:

1 Society of Risk Management Consultants
Cyber Risk Current market(s) and drivers of change Scott Kannry Society of Risk Management Consultants

2 1st Party Damages (to your organization)
3rd Party Damages (to others) Losses due to cyber events (data breaches, destructive attacks, and other unauthorized access or use of your computer systems) can be categorized into these four quadrants Financial Damages Tangible (Physical) Damages Cyber Loss Spectrum Society of Risk Management Consultants

3 Cyber Insurance Timeline
Cyber: The New CAT Ingram Micro v. American Guarantee & Liability CA SB 1386 Breach Notification Stuxnet Events 46 State-level Notification Laws 1990 2000 2010 More robust electronic data exclusions P&C carriers strengthen exclusions, e.g. CL380 Cyber coverages begin to appear Privacy Breach Liability Coverage New cyber coverages emerge Coverages Breach Regulatory Event Expense Future?Affirmative coverage in existing lines Network Business Interruption Information Asset Protection Society of Risk Management Consultants

4 Financial Damages Upper two quadrants:
Society of Risk Management Consultants

5 Data Breach — Target, by the numbers
40 million credit cards million customer records stolen $54 million: income to cyber criminals $400 million: cost of replacing credit cards $150 million: Target initial response cost $1 billion: estimated ultimate cost to Target 140: number of active lawsuits against Target 2: Number of C-suite executives at Target who were fired 7: Number of Directors targeted by Institutional Shareholder Services for ouster, claiming failed duties to shareholders Important to watch because of unprecedented impact of Board and C-Suite and record-breaking damages. All data with black-market value is at risk. Society of Risk Management Consultants

6 1st Party Damages (to your organization)
Response costs: forensics, notifications, credit monitoring, crisis management, public relations Legal expenses: advice and defense Revenue losses from network or computer outages, including cloud Cost of restoring lost data Cyber extortion expenses Value of stolen intellectual property and associated revenue and market share losses Financial Damages 3rd Party Tangible (Physical) Damages Cyber Loss Spectrum Society of Risk Management Consultants

7 1st Party Damages (to your organization)
Response costs: forensics, notifications, credit monitoring, crisis management, public relations Legal expenses: advice and defense Revenue losses from network or computer outages, including cloud Cost of restoring lost data Cyber extortion expenses Value of stolen intellectual property and associated revenue and market share losses Widely available cyber insurance ~60 Insurers Limits of up to $200 million (or greater with some work) Specifics vary by carrier: triggers, cloud asset coverage, flexibility in service providers (read the policy) Financial Damages 3rd Party Unavailable coverage Tangible (Physical) Damages Available Insurance Society of Risk Management Consultants

8 3rd Party Damages (to others)
3rd Party Entities may seek to recover: Consequential revenue losses Restoration expenses Legal expenses Credit monitoring costs 3rd Party Entities may issue or be awarded civil fines and penalties Financial Damages 1st Party Tangible (Physical) Damages Cyber Loss Spectrum Society of Risk Management Consultants

9 Available Insurance Widely available cyber insurance
Financial Damages 1st Party Tangible (Physical) Damages 3rd Party Damages (to others) 3rd Party Entities may seek to recover: Consequential revenue losses Restoration expenses Legal expenses Credit monitoring costs 3rd Party Entities may issue or be awarded civil fines and penalties Widely available cyber insurance Subject to caveats on previous page (read your policy) Available Insurance Society of Risk Management Consultants

10 Tangible (Physical) Damages
Lower two quadrants: Tangible (Physical) Damages Society of Risk Management Consultants

11 Destructive Attack — BTC Pipeline
Source – Bloomberg.com , 12/10/2014 © 2015 Bloomberg 2008: Turkey deemed cyber attack in 2014 Cyber attack through wireless network for surveillance cameras Shut down alarms, Severed communications, and Super-pressurized oil in pipeline Impact Spilled 30,000 barrels of crude 3-week pipeline disruption Azerbaijan lost $1B in revenue BP lost $10 million in tariffs Replaces Stuxnet as first cyber attack resulting in major physical damage Image from Bloomberg: Society of Risk Management Consultants

12 Tangible (Physical) Damages
3rd Party 1st Party Damages (to your organization) Financial Damages Mechanical breakdown of your equipment Destruction or damage to your facilities or other property Environmental cleanup of your property Lost revenues from physical damage to your (or dependent) equipment or facilities (business interruption) Bodily injury to your employees Tangible (Physical) Damages Point out here that the lost revenue bullet point should perhaps be in the upper left quadrant, but has been placed here because it is typically covered by property insurance. Cyber Loss Spectrum Society of Risk Management Consultants

13 Tangible (Physical) Damages
3rd Party Financial Damages Tangible (Physical) Damages 1st Party Damages (to your organization) Mechanical breakdown of your equipment Destruction or damage to your facilities or other property Environmental cleanup of your property Lost revenues from physical damage to your (or dependent) equipment or facilities (business interruption) Bodily injury to your employees Excluded from traditional cyber insurance coverage Traditional Cyber Insurance Society of Risk Management Consultants

14 Tangible (Physical) Damages
3rd Party Financial Damages Tangible (Physical) Damages 1st Party Damages (to your organization) Coverage under traditional property insurance is uncertain Many policies are silent (litigation risk) Some policies contain complete cyber exclusions (e.g., CL-380) Other policies contain potential exclusions Electronic data Terrorism Read your policy Mechanical breakdown of your equipment Destruction or damage to your facilities or other property Environmental cleanup of your property Lost revenues from physical damage to your (or dependent) equipment or facilities (business interruption) Bodily injury to your employees Property Insurance Society of Risk Management Consultants

15 Tangible (Physical) Damages
3rd Party Financial Damages Tangible (Physical) Damages 1st Party Damages (to your organization) New forms of cyber insurance are available to close gaps in property policies — affirming coverage 2 insurers offer “gap- filler” coverage Another offers a standalone policy Challenge: lower limits are available than many property programs Mechanical breakdown of your equipment Destruction or damage to your facilities or other property Environmental cleanup of your property Lost revenues from physical damage to your (or dependent) equipment or facilities (business interruption) Bodily injury to your employees Mention the risk of having this coverage in a separate tower – unprovable cyber risk quandary. “New” Cyber Insurance Society of Risk Management Consultants

16 Tangible (Physical) Damages
1st Party Financial Damages 3rd Party Damages (to others) Mechanical breakdown of others’ equipment Destruction or damage to others’ facilities or other property Environmental cleanup of others’ property Bodily injury to others Tangible (Physical) Damages Cyber Loss Spectrum Society of Risk Management Consultants

17 Tangible (Physical) Damages
1st Party Financial Damages Tangible (Physical) Damages 3rd Party Damages (to others) Mechanical breakdown of others’ equipment Destruction or damage to others’ facilities or other property Environmental cleanup of others’ property Bodily injury to others Excluded from traditional cyber insurance coverage Questionable coverage in traditional casualty policies (similar to property policies) “New” cyber coverage is available — mind the triggers Insurance Society of Risk Management Consultants

18 AXIO’s APPROACH INVEST IN CYBER CAPABILITY DEVELOPMENT SUSTAIN CAPABILITY AND INVEST IN INSURANCE Insurance lowers the risk impact curve overall Perhaps the biggest challenge currently faced by CISO’s, Risk Managers and Boards of Directors is the lack of actionable insight and metrics related to cyber program performance and cyber risk exposure. These individuals yearn for better information to help inform investment, continually mature cyber programs, and communicate resilience to shareholders and stakeholders. The insurance industry has filled this void in others areas of risk, such as the tangible property world, where dependable exposure and loss metrics have help inform investment into protective controls. This insight helps risk professionals achieve better harmony of controls and more effectively spend their next dollar to achieve the greatest risk reduction benefit. Axio Global is changing the game to deliver the cyber risk engineering promise of the insurance industry and help firms harmonize investment into cyber security technology and cyber insurance. Society of Risk Management Consultants

19 AXIO PROCESS The Axio process includes 5-steps that result in an optimized response to your cyber risk. Depending on your situation, all 5 steps may not be needed—we offer each step as an independent engagement. The completion of all steps leads to deployment of insurance instruments to protect your balance sheet with more comprehensive risk transfer capacity. Cyber Sapience™ Dashboard Program evaluation workshop to deploy the Axio dashboard. Provides initial programmatic benchmark. Evaluation is based on C2M2, the Cybersecurity Capability Maturity Model — a recommended approach to deploy the NIST Cyber Security Framework. Cyber Loss Scenarios Create notional and feasible cyber loss scenarios. 1-Day Workshop to describe scenarios that could lead to covered and uncovered losses; estimate potential impacts. Cyber Risk Engineering Inform investment through in-depth analyses. Detailed impact studies, frequency estimation, loss controls, statistical modeling, and improvement planning. Insurance Placement With brokers and insurers, secure meaningful coverage. Various new coverage forms and enhanced existing forms are becoming available. Policy Analysis Work with broker to identify gaps in current insurance coverage. Understand the types of cyber events that are not covered by your current insurance. 1 2 3 4 5 Society of Risk Management Consultants

20 CYBER SAPIENCE™ DASHBOARD
Backed with financial data, CFOs are ready to brief the board at a moment’s notice. Axio’s Cyber Sapience™ Dashboard provides CISOs with the data set to do the same. The Cyber Sapience™ Dashboard provides CISOs constant visibility into cyber risk exposure and the overall health of the organization’s cyber program. Our holistic and cost effective solution: CYBER SAPIENCE INDEX PEER COMPARISON MEASURES IMPLEMENTATION & MATURITY Based on C2M2 — a recommended approach to deploy the NIST Cyber Security Framework. TRACKS PERFORMANCE By benchmarking internally and against peers. INFORMS INVESTMENT Helps prioritize investment decisions and defend your program’s budget. QUANTIFIES CYBER RISK EXPOSURE Captures impact estimates for your unique risks and helps understand the boundaries of your insurance program in covering those impacts. RISK IMPACT BENCHMARK BY SCENARIO WITH AND WITHOUT INSURANCE Society of Risk Management Consultants

21 Contact SCOTT KANNRY skannry@axioglobal.com 708-420-8611 New York, NY
Executive Vice President New York, NY Society of Risk Management Consultants

Download ppt "Society of Risk Management Consultants"

Similar presentations

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.

Discovery – The Next Generation!: Business Context of Risk Presentation to the North London Branch British Computer Society 19 March, 2008 Dr. Victoria.
Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,

Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,
Products Liability and Insuring Protection ForanGlennonPalandechPonzi&Rudloff PC.

Products Liability and Insuring Protection ForanGlennonPalandechPonzi&Rudloff PC.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
M&A & Insurance Mergers & Acquisitions Capabilities Presentation RIMS Fairfield/Westchester Chapter May 14 th, 2013.

M&A & Insurance Mergers & Acquisitions Capabilities Presentation RIMS Fairfield/Westchester Chapter May 14 th, 2013.
TERRORISM / POLITICAL VIOLENCE SOLUTIONS FAIR International Insurance Conference on Political Violence 12-13 April 2010 – Karachi Daniel O’Connell

TERRORISM / POLITICAL VIOLENCE SOLUTIONS FAIR International Insurance Conference on "Political Violence" April 2010 – Karachi Daniel O’Connell
CONSTRUCTION & THE FOOD INDUSTRY The Insurance Industry View Steve Exwood & Jon Miller.

CONSTRUCTION & THE FOOD INDUSTRY The Insurance Industry View Steve Exwood & Jon Miller.
NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.

NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.
Overview of Cybercrime

Overview of Cybercrime
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
AUGUST 25, 2015 Cyber Insurance:

AUGUST 25, 2015 Cyber Insurance:
2010 Virginia RIMS and PRIMA Conference October 5, 2010 Business Impact Analysis: The Road Map to Managing Risks.

2010 Virginia RIMS and PRIMA Conference October 5, 2010 Business Impact Analysis: The Road Map to Managing Risks.
Cyber Risk Insurance. Some Statistics Privacy Rights Clearinghouse o From 2005 – February 19, 2013 = 607,118,029 records reported breached. Ponemon Institute.

Cyber Risk Insurance. Some Statistics Privacy Rights Clearinghouse o From 2005 – February 19, 2013 = 607,118,029 records reported breached. Ponemon Institute.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

Similar presentations

Ads by Google