Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance October 6, 2009.

Published byCuthbert Wilson Modified over 9 years ago

Similar presentations

Presentation on theme: "Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance October 6, 2009."— Presentation transcript:

1 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance October 6, 2009

2 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 1 Michelle Lafferty – Corporate Counsel, Specialty Claims Counsel, Executive Risk Practice Hylant Group Cleveland Office

3 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 2 Agenda Examples & Statistics – Data Breach Examples & Statistics - Cyber attack Legislative Environment Insurance Coverage Policy Gap Analysis Insurers

4 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 3 Who is this man?!?

5 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 4 Laptop anyone?

6 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 5 Data Breach Examples Historical Large Losses  America Online: 30 Million  US Dept. of Veterans Affairs: 26.5 Million  Citigroup: 30 Million  TJX: 94 Million (double the original estimate) ♦ Required to provide three years of credit monitoring and three years of victim assistance as part of their class action settlement ♦ Criminals had access to the TJX system for 17 months ♦ TJX loss is estimated to be over $1.35 billion (source: Forrester Research)

7 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 6 Data Breach Examples Last 12 Months  Countrywide Financial: 2 Million (customers)  Hannaford Bros.: 1.5 Million (customers)  Fallon Community Health Plan: 30,000 (patients)  Harvard Law School: 21,000 (clients)  Barclays Bank: 17,000 (customers)  National Guard Bureau: 131,000 (soldiers)  Naval Hospital Pensacola: 38,000 (pharmacy customers)  Network Solutions: 573,000 (credit card holders)

8 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 7 Data Breach Examples  Heartland Payment Systems  6 th largest credit-card payment processor in the country  100 million card transactions each month, 250,000 businesses  May – November, 2008 spyware installed  Unencrypted credit card data – 250 million records  Magnetic strip data & names  More than 220 banks affected  Defense: No PII breached – 3 class action lawsuits anyway  $12.6MM expenses to date

9 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 8 Data Breach Examples More than 150 million American’s have had their information put at risk in the last 2 years. www.privacyrights.org

10 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 9 Personal Data Statistics Summary of Ponemon Institute, LLC’s 2006 Annual Study: Cost of a Data Breach: Total Average Cost: $182 per lost record $4.8 million per breach Range of $226,000 to $22 million per breach Lost productivity costs averaged $30 per lost record Customer opportunity costs averaged $98 per lost record (turnover of existing customers and increased difficulty acquiring new customers) Direct incremental costs averaged $54 per lost record (unbudgeted spending for legal counsel, notification letters, discounted product offers, etc.)

11 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 10 Personal Data Statistics 23 million U.S. adults have received notification of a breach from companies 60% of respondents terminated or considered terminating their relationship with the company 14% were not concerned Almost 30% of reported breaches originated with external partners, consultants, outsourcers, or contractors More than 90% of all breaches were in digital form (laptops, electronic backups, and hacked or attacked systems) 47 states have passed some version of a database notification law

12 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 11 Cyber Attack Examples  Express Scripts (cyber extortion)  TD Waterhouse (unauthorized access)  YouTube (web site content)  Care First of Maryland (web site content)  Authorize.net (denial of service attack)  Six Apart, ltd. (denial of service attack)  Paine Weber (malicious code)

13 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 12 Cyber Statistics (2008 Computer Security Survey Report) 43% of companies surveyed experienced Cyber Security incidents in 2008 27% of the companies surveyed experience targeted attacks Companies that experienced incidents, reported the following types Virus (50%) Insider Abuse (44%) Laptop theft/compromise (42%) Unauthorized access (29%) Bots (internet/web robots) (20%) Computer related financial fraud (12%) DNS compromised (domain names system) (8%) Over $500 per employee is spent by U.S. companies on IT Security The average direct financial loss reported was $289,000

14 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 13 Legislative Environment State Notification Laws HIPAA Gramm-Leach-Bliley FTC Red Flag Rules

15 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 14 Red Flag Rules recently became effective in January 2008 and compliance is required by November 1, 2009. Under these rules, covered accounts, creditors and businesses:  Must develop and implement a written privacy and security program  Must obtain approval of the initial written program from either its Board of Directors or an appropriate committee of the board of directors  Small businesses are not exempt  A covered entity cannot escape its obligation to comply by outsourcing  Businesses must exercise appropriate and effective oversight of service providers.  Service providers and contractors must comply by implementing reasonable policies and procedures designed to detect, prevent and mitigate the risk of identity theft FACTA Red Flag Rules

16 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 15 Insurance – First Party Liability Business Interruption Lost income realized as a result of a hacker attack or a virus Extra expense Dependant business interruption Crisis Expenses Public relations expenses Notification expenses Regulatory defense Credit-monitoring and other services to customers Digital Asset Coverage Cost to restore or recollect data lost or stolen Extortion & Criminal Reward Fund Extortion monies paid and the cost of a cyber investigator Reward for information leading to arrest of hacker, cyber criminal

17 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 16 Insurance – Third Party Coverage Network Security Liability Protection for claims brought by third parties for the following: Theft of personally identifiable data Denial of service attack Virus transmitted to the third party Electronic Media Liability/Internet Liability Protection for claims brought by third parties alleging invasion of privacy, libel, defamation, copyright, title or trademark infringement with regard to information posted on an Insured’s website Privacy Extension Protection from claims arising out of theft or compromise of personally identifiable data regardless of method

18 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 17 Policy Gap Analysis General Liability Insurance - Coverage for bodily injury or property damage - Intentional acts are excluded - Intangible property is excluded Property Insurance - Coverage for loss of tangible property caused by a covered peril - Computer viruses are excluded - Intangible property is excluded - Business interruption coverage only applies if there has been a direct physical loss Crime Insurance - Coverage for theft of money, securities or other property - No coverage for theft of information, trade secrets and other types of confidential information Directors & Officers Liability Insurance - Coverage for claims alleging acts, errors and/or omissions committed by directors or officers of a company in such capacity Technology Errors & Omissions Liability Policy - Coverage for claims resulting from an Insured’s rendering or failure to render professional services to others for a fee

19 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 18 Policy Gap Analysis

20 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 19 Cyber Risk Insurers AIG Arch Beazley Chubb C.N.A. Darwin Hartford Hiscox U.S. Lloyd’s of London (AGM Syndicate)

21 Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance 20

Download ppt "Overview of Identity Theft, Data Breaches and Cyber/Privacy Liability Insurance October 6, 2009."

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Red Flags Rule BAS Forum August 18, 2010. What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.

Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
Privacy Liability and Network Security May 17, 2011 L. Spencer Timmel, CITRMS PRESENTER Privacy and Network Security Specialist Hylant Executive Risk Practice.

Privacy Liability and Network Security May 17, 2011 L. Spencer Timmel, CITRMS PRESENTER Privacy and Network Security Specialist Hylant Executive Risk Practice.
Information Security Jim Cusson, CISSP. Largest Breaches 110,000 2009-11-27 NorthgateArinso, Verity Trustees 6,400 2009-11-25 Aurora St. Luke's Medical.

Information Security Jim Cusson, CISSP. Largest Breaches 110, NorthgateArinso, Verity Trustees 6, Aurora St. Luke's Medical.
Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,

Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.

Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.
2 3 4 5 6 www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.

Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
Northern Insuring Agency 1. 2 Important Notice ●This presentation is not a representation that coverage does or does not exist for any particular claim.

Northern Insuring Agency 1. 2 Important Notice ●This presentation is not a representation that coverage does or does not exist for any particular claim.
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.
NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.

NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.
Overview of Cybercrime

Overview of Cybercrime
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

Similar presentations

Ads by Google