1. CYBER & Product Liability & Professional Indemnity
Crawford & Company
CYBER & Product Liability & Professional Indemnity
‘Everything you always wanted to know about claims ‘
Mark Vos, Head of GTS CEMEA
June 2013
Version 18 June 2013

2. Now back to the basics + discussion of a case.

3. What is your Cyber Risk
Many definitions C

4. How structured is your organisation ?

5. What is Cyber Liability
Many definitions C

6. CYBER Risk definition Criminal Yearly Benefit Emerging Recurring Risk
2011: Norton 
2013 USA

7. It is another Risk, which comes back in every kind of policy like Property, Casualty, Construction , Marine & Transportation; without national limitations.
Loss of
Control and Integrity
* Hardware, * Software,
* Data

8. Product Liability Professional Indemnity
Defining the product
What is Cyber proof?
A Dynamic Risk
Encryption & log–in strategy
Procurement
Over-selling & Under-delivery
Misperception of expectation
Contract
What does the client say, he wants
What does the final user actually needs
Technical / Functionality specification
Validation
Warranty & Limited Liability
Fit for purpose < -- > Critical in the Business Continuity

9. Who worries about our safety
Chief Information Officer
Who worries about the information storage and retrieval
Days of the Business Process management data mining
Chief Technology Officer
Who worries about interconnectivity of systems
Chief Digital Officer
Who worries about total usage and management of data
Big data en IP6
Data Protection Officer
EU regulation 2104 applied per 2016:
Data Protection Directive 95/46/EC
Company > 250 staff
Notify breaches to Authorities
< 24 hrs

10. Anti Virus software Fire wall Anti Virus software System patches N-1 N
Response on N-1
System patches

11. The Contamination

14. The Contamination

15. Liability starts at First Party running on Products (Product L + PI)
Material damage ?  BI / drop of Share price
Virus or hacker
Down time and Business Interruption / Loss of Goodwill
Regulation impact
First Party Policy Requirements
Internal protocols
Back up
USB clause
Virus software clause
Hardware or Data not necessarily at risk location
Computer Centre
Cloud (Public, Private, Hybrid) & EU Data Protection Directive 95/46/EC
Spread throughout organisation
Revalidation of software
Master policy coverage versus local policy

16. Will your Company be hacked?
Cyber crime is larger than Narcotics.
Identity theft: USA 2007 $56 Billion  2011 $ 37 Billion / 8 Million people
You do not die in the Internet
Drivers
Money transfer/ credit card data
Knowledge / espionage
Competition benefits
Nuisance / power / authority / war
Risk factors
External
Crime
Nuisance
Internal
Content leakage
Espionage
Rotation of staff
Fraud

17. 10 Steps to Cyber Security

19. 10 Steps to Cyber Security
1. Secure Configuration
2. Network Security
3. Malware Protection
4. Removable Media Controls
5. Managing User Privileges
6. User Education Awareness
7. Home & Mobile Working
Contractors
&
Consultants
The World
8. Information Risk Management Regime
9. Monitoring
10. Incident Management

20. Incident Management
Can you shut down? Generally No, unless you are shut down
Pre-select the appropriate companies, which can review your systems, and provide direct 24/7 support.
Bring systems back in control.
Make an inventory of level of First Party damage, and analyse virus in back-ups.
Make an inventory of level of Third party damage, and analyse commercial and legal exposure.
Report to insurers & Report to Press.
Involve loss adjusters, who understand your problem.

21. Cyber Risk team
Dr Mark Hawksworth, UK
Mark Vos, CEMEA, Rotterdam

22. Crawford & Company Many countries Many languages Many specialists
Many services
ONE point of contact: