1 YOUR PRESENTER Anthony Dagostino Lockton Executive Vice - PowerPoint PPT Presentation

1

YOUR PRESENTER Anthony Dagostino Lockton Executive Vice President Global Cyber & Technology Practice Leader ADagostino@lockton.com

Agenda 01 Cyber Facts 02 Cyber Insurance Basics 03 Claims 04 Best Practices 05 Lockton Cyber and Technology Practice

Cyber Facts General Information and Legal / Regulatory Landscape 75463

Cyber facts $3.5B ESTIMATES ARE THAT ONLY 2.5B 7.7B 10%-12% COST OF CYBERCRIME IN 2019 (AS REPORTED TO THE FBI’S MOBILE SUBSCRIBERS WORLD POPULATION OF CYBERCRIME INCIDENTS INTERNET CRIME COMPLAINT ARE REPORTED TO IC3 CENTER (IC3)) 25,575 1.2B $5.2T $3.92M RECORDS PREDICTED INCREASE IN COST OF CYBERCRIME AVERAGE COST OF INTERNET USERS FROM BY 2025 DATA BREACH5 AVERAGE SIZE 2019 TO 2025 OF A DATA BREACH 49% 4% 279 DAYS 43% OF C-LEVEL EXECUTIVES HAVE OF C-LEVEL EXECUTIVES HAVE AVERAGE LIFE CYCLE OF BREACHES AFFECT CYBERSECURITY ISSUES ON CYBERSECURITY ON OF A BREACH SMALL BUSINESS VICTIMS QUARTERLY BOARD AGENDAS MONTHLY BOARD AGENDAS KC: 72601

Cyber Facts Key Takeaways • Every organization is at serious risk without new-school security awareness training. 39 seconds • With an average employee susceptibility of 29.6 percent, companies could be exposed to social engineering and phishing scams by more than a quarter Frequency of hacker attacks of their workforce. • Any organization can strengthen security through staff training in as little as three 68% months. • The power of a good training program is to instill anti-phishing behavior management and social engineering education in a rapid timeframe. Don’t have cyber security insurance • An effective security awareness training strategy can help accelerate results, 67% especially for large organizations. • The struggle of some enterprise leaders to successfully implement security training effectively across the Increase in security breaches in organization is not surprising. But it the past five years does indicate that leaders can set themselves up for success by assessing 91% their goals and plotting an organizational strategy before rolling out training. Improvement in failure rate in organizations that actively engaged in 12 months of security awareness training and simulated phishing. Sources: FBI Internet Crime Compliant Center, IBM, Gartner, Security Magazine, Accenture, LOCKTON COMPANIES | 7 Cisco, Nationwide and 2019PhishingByIndustryBenchmarkingReport

The cybersecurity solution dilemma

Legal and Regulatory Landscape CCPA and other privacy regulations  What data are you collecting on consumers?  How is this being disclosed to consumers?

Cyber Insurance Basics Marketplace, Coverage, First and Third Party Coverage, Myths and Process Insert polling question #1 75463

The Marketplace $5.5 Billion Estimate gross written premium globally in 2020 $2.03 Billion US gross written premium in 2018 based on filings $450 Million Capacity available in the London wholesale marketplace alone ~ 200 Cyber Insurance Carriers we have a relationship with Sources: Lockton, AM best

The Coverage Notification, PCI DSS fines Business Digital data credit Privacy liability and penalties interruption restoration monitoring, call center Business Privacy Forensics, legal Dependent Network and interruption regulatory fines advice, public business Added expense information Social and penalties relations interruption security liability engineering Property business interruption Consequential Fraudulent and resulting reputational Cyber extortion Media liability wiring physical loss instructions damage 75463

A Deeper Dive – “First Party” Coverage Breach response costs Cyber extortion Network business Data restoration Reputational harm interruption • • • • Legal Reasonable and Costs to restore or replace Loss of net income as a necessary expenses • destroyed data as a result result of clients deciding to Loss of net income and • Forensics costs incurred as a result of a of a security failure of the no longer do business with extra expenses as a ransom demand due to insured’s computer the insured following a • Mandatory notification result of a security the threatened release of systems cyber event where data is failure of the insured’s costs (comply with security PII as a result of a breach lost or stolen computer systems breach notification laws) • Broader coverage of a computer system • • available in the Components of • Broader coverage Voluntary notification costs • Reasonable and marketplace reputational harm coverage available in the • Call center necessary expenses can be found within marketplace incurred to prevent or business interruption • Credit monitoring and/or end an attack against a insuring agreements identity computer system monitoring/ insurance • Public relations/ crisis management costs

A Deeper Dive – “Third Party” Coverage Network Security Liability Privacy Liability Privacy regulatory Payment card industry data Media Liability proceedings and fines security standards liability • • • Claim expenses and Claim expenses and Claim expenses and (PCI-DSS) damages emanating from damages emanating from • damages emanating from Claim expenses in network and non-network violation of a privacy tort, personal injury torts and connection with a • Fines, penalties, and security breaches law, or regulation intellectual property privacy regulatory assessments that are infringement (except patent inquiry, investigation, incurred as a result of a infringement) or proceeding breach of contract with a card brand or payment • • Claim expenses and Damages/fines (varies processor damages emanating from by market) Consumer electronic publishing Redress Fund • Assessments can include (website) and some will fraud assessments, card • Privacy regulations provide coverage for all reissuance costs, etc. fines and penalties ways in which a company can utter and disseminate matter 75463

Debunking the Myths Insert polling question #2 75463

The Process Qu Quantification: Assessment: How big are the risks? What are the risks? Data breach Risk discovery for insurance program design • • Business interruption Preparing for the underwriting submission • • Ransomware / malware In-house loss control and risk consulting • • Loss of digital assets Partnered technical solutions • • Third party claims • Regulatory claims • 75463

The Process Whether to insure How much to buy Getting a policy that works Coverage under other policies • • • • Loss modelling Comprehensive risk protection Dynamic capital modeling to Individually tailored insurance programs evaluate whether buying cyber programs • Comparative benchmarking with property, casualty, D&O, insurance is the most efficient analysis • Uniquely broad proprietary crime, and more. use of capital policy forms • Coverage gap analysis • Global carrier relationships and broader coverage provides clients with more options. 75463

Claims Trends and Impact 75463

Sample incidents MALWARE FACTORS TO CONSIDER An email purporting to be from your client is sent to one of your project • How to get back up and operational? managers, who clicks on the link. Unknown to your project manager or anyone • What happened to cause the incident? else at your organization, the threat actor installs malware onto your systems. • Your project manager thinks nothing of it and deletes the email. Everyone goes What are the notification obligations, if any? • back to business and work routines. Four months later, you come into the office Should this be reported to law enforcement? and try to turn on your computer, and there is a message stating that your • How much are your business interruption losses? computer has been locked and you will need to pay $575,000 to obtain the • What are the potential liability exposures of encryption keys. the company? SOCIAL ENGINEERING • What happened? • An email purporting to be from your CEO is sent to your accounting department What steps are necessary to contain the incident? requesting that all your employees’ W-2s be sent to the CEO immediately. The • What steps are necessary to mitigate the incident? accounting clerk sends an email back to the threat actor purporting to be the • What are the notification obligations, if any? CEO, attaching all your employees’ W-2s. • What are the potential liability exposures of the company because of the incident? PHYSICAL THEFT Your company issues laptops to your employees so that they can work remotely • Is the laptop encrypted? ,with clear instructions that no work materials should be saved on the desktop. • Is there the ability to wipe the laptop remotely? Your employee is working on an important project and, to save time, stores • What information on the laptop is potentially accessible several client health records on the desktop. After a long day working on the by a threat actor? project, your employee goes out to dinner and leaves the laptop in the back • What are the notification obligations, if any? seat of the car. The car is broken into, and the laptop is stolen. • Has a police report been filed? • What are the potential liability exposures of the company because of the incident? LOCKTON COMPANIES | 19