Presentation is loading. Please wait.

Presentation is loading. Please wait.

OESAI COMPREHENSIVE GENERAL INSURANCE TECHNICAL TRAINING.

Published byStanley Harris Modified over 9 years ago

Similar presentations

Presentation on theme: "OESAI COMPREHENSIVE GENERAL INSURANCE TECHNICAL TRAINING."— Presentation transcript:

1 OESAI COMPREHENSIVE GENERAL INSURANCE TECHNICAL TRAINING

2 Cyber Insurance OESAI COMPREHENSIVE GENERAL INSURANCE TECHNICAL TRAINING Ezekiel Macharia Group Actuary - Jubilee Holdings Limited Day 2, Tuesday 10th November, 2015

3 AGENDA Cyber Risk & Cyber Risk Insurance Product Development Life Cycle – Demand Research & Pricing – Underwriting & Policy Terms – Claim Underwriting Conclusion

4 Insert Pictures no OESAI background Cyber Risk any risk of financial loss, disruption or damage to the reputation of an organisation from some sort of failure of its information technology systems (includes networks & the internet).

5 Insert Pictures no OESAI background Key Insurable Cyber Risks Theft: – Identity theft – Theft of digital assets Business interruption – Lost Income – Recovery of damaged data records – Reputational damage – Cost of Credit Monitoring of impacted clients Malware & Human Error (bugs) Legal suits alleging trademark/copyright infringement

6 Cyber Risk: Malware Software that is intended to damage or disable computers (systems) Malware (Malicious Software) COMMON TYPES OF MALWARE NameDescriptionExampleFunction Worm Exploit vulnerability of operating systems & spread without human intervention Infected emailsSpread & delivery payloads (most common) Trojan Trick user that they are using legitimate software Fake installation fileUsed to install other malwares Virus Software capable of copying itself and spreading to other computers (need human intervention) Script filesSpreading itself and carrying other malware AdwareAutomatically delivers advertsPop up AdsAnnoying/Deliver Spyware Bot Automatically perform a specific operation BotNets & SpambotsCo-ordinated attacks BugFlaw in system designHuman ErrorAllow attackers to bypass user authentication Ransomware Hold a computer captive - restrict user access Encrypted files/Locked down systemRansom to pay creator of malware Rootkit Remote access or control without detection BackdoorStealth entry to steal/alter/install or control Spyware Spying on user activity without knowledge Keystrokes collectorActivity monitoring & data harvesting

7 Case Study Kenya: Top Malware Attacks 79% of malicious software attacks in Kenya are worms Virus attack is only 2% Source: Technology Service Provider of Kenya Technology Service Providers of Kenya (TESPOK) (www.tespok.co.ke ) tracks malware attacks in Kenya

8 Case Study Kenya: Top Malware Sources Top malware cyber attacks in Kenyan IT infrastructure are from China & USA sources (IP address) Attackers use sophisticated tools Source: Technology Service Provider of Kenya Attackers are international – any criminal in the world with an internet connection can now attack your clients business

9 Product Development? Demand Research: Is there need for cyber risk insurance? Pricing

10 Is there need for cyber risk insurance?

11 How developed is Cyber Security in OESAI member countries? Report developed by International Telecommunication Union (ITU) Key indicators for cyber security development are: Legal Technical capacity Organizational Capacity Building Cooperation Source: GLOBAL Cybersecurity Index & Cyberwellness Profiles Report 2015

12 Case study: Tanzania Cyber Crimes Bill (2015) Data Espionage Obtain data without permission Pornography Dissemination Publication of False Information Information – data/facts in form of pictures/text/symbols Racist/Xenophobic Material Publication or dissemination Unsolicited Messages Sms/Email/Ads?? Cyber Bullying Bullying online Violation of Intellectual Property Infringement on commercial / non-commercial basis Laws supporting Insurable Risk Liability

13 Pricing Cyber Risk Strength of Security System Likelihood of intrusion Risk Management Culture Control in place & role of compliance & audit GSI Index Macro factors Frequency Severity Disaster Recovery Ability to recover from attack Rating of Service Providers Reliability of cloud providers, backup providers, website, etc Legal Fees & Fines IT Staff Costs Data restoration PR & Marketing Costs Extortion Customer Support Lost Income

14 Underwriting Cyber Insurance Policy Terms Underwriting considerations

15 Policy Terms Legal Liability Not complying with privacy laws Crisis Management Costs Informing customers, public relations & adverts Data Extortion Ransom Payment First Party Risks Third Party Risks Loss of Income As a result of network failure & downtime Data Recovery IT Staff overtime, data retrieval & verification Security Liability Liability arising from breach of security Multimedia Liability Liability arising from insured’s internet, advertising & marketing activities Professional Liability Liability arising out of negligence in providing IT Services

16 Underwriting considerations Business – Type of business – Size of business – Scope of the business Number of customers Multimedia – Presence on the Web – Data collected and stored Enterprise Risk Management (ERM) techniques applied by the business to protect its computer network and its assets. – Risk management procedure & culture Don’t tell anyone!! Non-disclosure of cyber risk policy

17 Claim Management In addition to traditional claim management, the insurer may want to hire Third Party IT experts to review the claims – post insurance underwriting

18 Claims Underwriting Comparing capacity of the insured at policy purchase date and claim date (moral hazard) – Ability of employees and others to access data systems – Utilization of antivirus and anti-malware software – Frequency of updates – Performance of firewalls Claim incidence details compared to risk-management techniques applied by the business to protect its network and its assets – what failed. Utilization of disaster response plan (DRP) when the claim occurred to the business’s networks, website, physical assets and intellectual property.

19 Conclusion Cyber risk is an emerging risk in the world Legal framework for insurable legal liability is generally under development across east & southern African countries There is demand for cyber risk insurance Where pricing data is not available – proxies can be developed Underwriting will depend on risk management and culture of the client

20 ? QUESTIONS ezekiel.macharia@gmail.com +254 722 540 045

21

Download ppt "OESAI COMPREHENSIVE GENERAL INSURANCE TECHNICAL TRAINING."

Similar presentations

Its a new digital world with new digital dangers….

Its a new digital world with new digital dangers….
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Adware and Spyware. Objectives u Define terms, scope, and motivation u Discuss impact (personal and business) u Review basic technical aspects u Provide.

Adware and Spyware. Objectives u Define terms, scope, and motivation u Discuss impact (personal and business) u Review basic technical aspects u Provide.
What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.

What are computer viruses and its types? Computer Viruses are malicious software programs that damage computer program entering into the computer without.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Crime and Security in the Networked Economy Part 4.

Crime and Security in the Networked Economy Part 4.
1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.

1 COMPUTER SECURITY AND ETHICS Chapter Five. Computer Security Risks 2.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy

Chapter 8 Chapter 8 Digital Defense: Securing Your Data and Privacy
7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.

7.1 Copyright © 2011 Pearson Education, Inc. 7 Chapter Securing Information Systems.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.

Reliability and Security. Security How big a problem is security? Perfect security is unattainable Security in the context of a socio- technical system.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Securing Information Systems

Securing Information Systems

Similar presentations

Ads by Google