cyber liability break out session
play

CYBER LIABILITY BREAK OUT SESSION Dakota Manufacturers' Day Summit - PowerPoint PPT Presentation

Dec 22, 2023 •43 likes •313 views

CYBER LIABILITY BREAK OUT SESSION Dakota Manufacturers' Day Summit October 5, 2016 Beth M. Watkins, CRM, CIC, CISR Director of Management Liability Marsh & McLennan Agency 763-746-8220 Beth.Watkins@MarshMMA.com TODAYS DISCUSSION

  1. CYBER LIABILITY BREAK OUT SESSION Dakota Manufacturers' Day Summit October 5, 2016 Beth M. Watkins, CRM, CIC, CISR Director of Management Liability Marsh & McLennan Agency 763-746-8220 Beth.Watkins@MarshMMA.com

  2. TODAY’S DISCUSSION • What does Cyber Liability look like • Legal & Financial Consequences • Managing Your Risk 1 MARSH & McLENNAN AGENCY LLC

  3. HOW A DATA BREACH OCCURS Actual or alleged theft, loss, or unauthorized collection/disclosure of confidential information that is in the care, custody, or control of the Insured, or a 3rd for whom the Insured is legally liable. Discovery can come about in several ways: Discovery • Self discovery — usually the best case. • Customer inquiry or vendor discovery. • Call from regulator or law enforcement. Forensic Investigation and Legal Review First Response • Forensic tells you what happened. • Legal sets out options/obligations. Remedial Public External Issues Notification Service Relations Offering Regulatory Damage to Fines, Long-Term Consequences Income Loss Brand or Penalties, and Civil Litigation Reputation Consumer Redress 2 MARSH & McLENNAN AGENCY LLC

  4. AN EXPOSURE SOME WANT TO IGNORE • Not easily monetized, or visualized • Many cases are kept quiet “There are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.” • Not tangible – Robert S. Mueller, III Director, FBI • Seen as an IT issue, challenging to understand 3 BARNES & THORNBURG, LLP MARSH & McLENNAN AGENCY LLC

  5. DOES YOUR BUSINESS OR ORGANIZATION HAVE EXPOSURE? • Do you store confidential information in your network (e.g., social security numbers, birth dates, employee evaluations, customer lists, trade secrets)? • Does your business utilize, wireless networks, laptops, smartphones or other portable devices? • Can your customers access their information via your website? • Do you receive/transmit sensitive information from/to vendors or other third parties? What about the cloud? • Do you process credit card transactions? • Are your employees able to communicate outside your business? 4 BARNES & THORNBURG, LLP MARSH & McLENNAN AGENCY LLC

  6. WHAT DATA IS EXPOSED? • Confidential client or customer information – Customer lists – Business/acquisition plans – Employee records (past, present and applicants) – Intellectual property • PII/PHI – Social Security and drivers license numbers – Credit card and financial account numbers – HIPAA 5 MARSH & McLENNAN AGENCY LLC

  7. Cyber Statistics 6

  8. NetDiligence 2015 Claims Study 7 MARSH & McLENNAN AGENCY LLC

  9. NetDiligence 2015 Claims Study 8 MARSH & McLENNAN AGENCY LLC

  10. DATA BREACH STATISTICS What Commonalities Exist • 75% driven by financial motives • 71% targeted user devices • 54% compromised servers • 75% considered opportunistic attacks • 78% rated as low difficulty • 69% discovered by external parties • 66% took months, or more to discover Source: Verizon 2013 Data Breach Investigations Report 9 MARSH & McLENNAN AGENCY LLC

  11. COMMON TYPES OF CLAIMS • Cryptolocker – Small sums demanded and paid – Forensics & investigation • Employee error – Inadvertent email to thousands of unintended recipients – Lost laptops with confidential files • Online Breaches – Accessing individual records – Self reported to payment card brands – Breach vendors engaged • Phishing and Spear Phishing Attacks – Access to confidential information and network – Social Engineering schemes 10 MARSH & McLENNAN AGENCY LLC

  12. LEGAL CONSEQUENCES OF BREACH • Notification & remediation laws – Patchwork of laws (47 states, D.C., Puerto Rico, Virgin Islands) – No Federal Law, International Laws developing - 30+ countries outside the U.S. now require or strongly recommend notification – Jurisdiction in which affected party resides governs notification requirement • Claims by clients, customers or employees, regulators – Negligence, invasion of privacy, breach of fiduciary duty, intellectual property infringement, unfair/deceptive business practices – Class Actions – Active Attorney Genera l 11 MARSH & McLENNAN AGENCY LLC

  13. A SINGLE EXPOSURE CAN RESULT IN: • Direct Legal Liability • Vicarious liability for acts of vendors/service providers • Compliance with breach notification laws • Loss of revenue/extra expense due to a system outage • Loss or damage to brand reputation • Regulatory actions and scrutiny • Loss or damage to data/information 12 MARSH & McLENNAN AGENCY LLC

  14. FINANCIAL CONSEQUENCES OF BREACH • First-Party Loss • Third-Party Liability 13 MARSH & McLENNAN AGENCY LLC

  15. FIRST PARTY LOSS • Notification and credit monitoring expenses • Crisis management expenses (including public relations) • Computer forensics/data restoration • Business income loss and extra expense including dependent business interruption • Extortion payments • Reputational harm 14 MARSH & McLENNAN AGENCY LLC

  16. THIRD-PARTY LIABILITY • Defense fees and expenses • Damages (Judgments/Settlements) • Plaintiff attorney’s fees and expenses • Punitive Damages • Regulatory fines and penalties 15 MARSH & McLENNAN AGENCY LLC

  17. RISK MANAGEMENT • Identify and assess the risk • Reduce the risk • Transfer the risk 16 MARSH & McLENNAN AGENCY LLC

  18. ASSESS THE RISK • What types of sensitive data does your company store/send/receive? • How vulnerable is the data to a security breach? • What would be the potential severity of loss or liability in the event of a breach? 17 MARSH & McLENNAN AGENCY LLC

  19. REDUCE THE RISK • What reasonable measures can your company implement to reduce the likelihood and severity of a data security breach? • Do those measures meet/exceed the standard of care for data security in your type of business? • What can your company do to educate employees about the risks and consequences of data security breaches, and to enforce their compliance with data security measures? • What can you do to ensure compliance by vendors and other third parties? • Do you have a disaster recovery plan, incident response plan and business continuity plan? 18 MARSH & McLENNAN AGENCY LLC

  20. TRANSFER THE RISK • Contractually through Indemnity Agreements – Limitations of Liability? – Proof of Insurance? – Availability of Insurance? • Insurance • Traditional insurance does not respond well to cyber liability – Errors and Omissions (E&O) – tech & and sometimes mfg are excepted here; – Commercial General Liability (CGL); – Property; – Crime; – Kidnap and Ransom (K&R); – Directors and Officers (D&O) 19 MARSH & McLENNAN AGENCY LLC

  21. CYBER / NETWORK SECURITY INSURANCE • Little standardization • Fills in gap in traditional insurance • Stand-alone policies (vs. endorsed onto existing polices such as property or general liability) generally include 1st & 3rd party extensions • A good program can be a risk prevention, risk management and insurance product all in one • Claims response services and suppport are a crucial piece 20 MARSH & McLENNAN AGENCY LLC

  22. AVOID COVERAGE ISSUES BY NEGOTIATING FAVORABLE TERMS • Limited to electronic data? • Broad definition of “claim”? • Trigger on discovery or wrongful act? • Prior Acts Coverage? • Coverage for fines, penalties, punitive damages? • Coverage for Business Interruption? Data Restoration? Extortion? • Rogue Employee Coverage? • Does coverage extend to your notification of customer’s affected parties? • Exclusions – Failure to update software? – Unecrypted portable devices ? • If E&O is in place, how do these programs work (or not work) together? • Breach Response Service – pre and post loss 21 MARSH & McLENNAN AGENCY LLC

  23. It’s Not Just The Big Guys. . . IN REALITY  In 2013, businesses with revenues less than $300M accounted for over 62% of cyber claims .1  1 out of 5 small businesses falls victim to cyber crime each year. Of those, about 60% go out of business within 6 months. 2 Does Insurance Really Pay?  In 2014:  average claim payout was $733,109  average cost for legal defense was $698,797  average cost for legal settlement was $558,520 1  Small businesses can expect forensic costs alone to run $10,000 to $100,000 3 When It Happens To You, Who Do You Call? A single call connects you to a team of experts who provide all the services you need to manage a breach and mitigate 1. Net Diligence Cyber Claims Study 2014 litigation. Services Include: 2. “The Case for Cyber” National Underwriter, May 2015 citing National Cyber Security Alliance  Forensics 1. Beazley PE Data Breach Report  Legal services  Breach notification services  Call center services  Credit monitoring and restoration services 22 MARSH & McLENNAN AGENCY LLC

  24. Information Security is a Work in Progress not an Endpoint 23 MARSH & McLENNAN AGENCY LLC

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

EMA EFPIA workshop EMA EFPIA workshop Break- -out session no. 4 out session no. 4 Break

EMA EFPIA workshop EMA EFPIA workshop Break- -out session no. 4 out session no. 4 Break

EMA EFPIA workshop EMA EFPIA workshop Break- -out session no. 4 out session no. 4 Break Longitudinal model-based test as primary analysis in phase III B. Bieth*, D. Renard*, I. Demin*, B. Hamrn*, G. Heimann*, Sigrid Balser** *

402 views • 15 slides
- the development of a digital procurement model Break-out session The session started with

- the development of a digital procurement model Break-out session The session started with

Break- out session From municipal to private enterprise - the development of a digital procurement model Break-out session The session started with presentations followed with a panel discussion including questions from the audience.

359 views • 34 slides
EMA EFPIA workshop EMA EFPIA workshop Break- -out session no. out session no. 2 2 Break

EMA EFPIA workshop EMA EFPIA workshop Break- -out session no. out session no. 2 2 Break

EMA EFPIA workshop EMA EFPIA workshop Break- -out session no. out session no. 2 2 Break Case Study Title: Design of a model based Case Study Title: dose-finding study in diabetes Marie Sandstrm, Global Director Clinical Pharmacometrics,

605 views • 14 slides
Day 2 VLSI Microprocessor Design Flow Session A: Circuit design styles Break Session B: Design

Day 2 VLSI Microprocessor Design Flow Session A: Circuit design styles Break Session B: Design

Day 2 VLSI Microprocessor Design Flow Session A: Circuit design styles Break Session B: Design paths Lunch Session C: Verification Break Session D: Manufacture, fabrication testing, packaging Today Organized Bottom-Up Circuit design style

518 views • 28 slides
Welcome 11:00 Session 2 Guiding Youth in Discernment 12:15 p.m. Have Lunch and Break 1:00

Welcome 11:00 Session 2 Guiding Youth in Discernment 12:15 p.m. Have Lunch and Break 1:00

2/16/2018 Schedule 9:00 a.m. Welcome and Gather in Prayer 9:20 Session 1 Accompanying Youth Today / Becoming a Faith Companion 10:45 Take a Break Welcome 11:00 Session 2 Guiding Youth in Discernment 12:15 p.m. Have Lunch and Break

464 views • 9 slides
Day 3 Advanced Vector Architectures Session A: Vector Instruction Execution Pipelines Break

Day 3 Advanced Vector Architectures Session A: Vector Instruction Execution Pipelines Break

Day 3 Advanced Vector Architectures Session A: Vector Instruction Execution Pipelines Break Session B: Vector Flag Processing & Vector Register Files Lunch Session C: Virtual Processor Caches Break Session D: Vector IRAM Vector

498 views • 22 slides
Cyber Liability Insurance and How to Respond to a Breach Financial Managers Society NY/NJ Chapter

Cyber Liability Insurance and How to Respond to a Breach Financial Managers Society NY/NJ Chapter

Cyber Liability Insurance and How to Respond to a Breach Financial Managers Society NY/NJ Chapter February 17, 2016 John Lawrence Director, Financial Institution Services Assistant Vice President M&T Insurance Agency Todays Agenda

371 views • 18 slides
EMA EFPIA workshop EMA EFPIA workshop Break- -out session no. 3 out session no. 3 Break

EMA EFPIA workshop EMA EFPIA workshop Break- -out session no. 3 out session no. 3 Break

EMA EFPIA workshop EMA EFPIA workshop Break- -out session no. 3 out session no. 3 Break Pharmacokinetic- -pharmacodynamic assessment of pharmacodynamic assessment of Pharmacokinetic topiramate dosing regimens for children with

421 views • 12 slides
Exposure NRASP - July 15, 2020 Dan Hanson, CPCU SVP Management Liability and Client Experience

Exposure NRASP - July 15, 2020 Dan Hanson, CPCU SVP Management Liability and Client Experience

Cyber Security The Complex & Inevitable Exposure NRASP - July 15, 2020 Dan Hanson, CPCU SVP Management Liability and Client Experience Marsh & McLennan Agency Mario Paez, RPLU, MBA, CIPP/US Director, Cyber & Technology E&O

606 views • 31 slides
What Commercial Litigators Need to Know Protecting and Defending Against New and Emerging Cyber

What Commercial Litigators Need to Know Protecting and Defending Against New and Emerging Cyber

Presenting a live 90-minute webinar with interactive Q&A Data Breaches and Cyber Liability: What Commercial Litigators Need to Know Protecting and Defending Against New and Emerging Cyber Risks WEDNESDAY, JUNE 3, 2015 1pm Eastern |

758 views • 32 slides
Cyber Security Awareness Seminar Presented By: Ryan Moore Ohio Cyber Range Institute, University

Cyber Security Awareness Seminar Presented By: Ryan Moore Ohio Cyber Range Institute, University

Cyber Security Awareness Seminar Presented By: Ryan Moore Ohio Cyber Range Institute, University of Cincinnati About This Seminar Designed for everyday cyber citizens Online Webinar 2 hour Presentation 10 Minute break

607 views • 57 slides
EMA EFPIA workshop EMA EFPIA workshop Break- -out session no. out session no. 3 3 Break

EMA EFPIA workshop EMA EFPIA workshop Break- -out session no. out session no. 3 3 Break

EMA EFPIA workshop EMA EFPIA workshop Break- -out session no. out session no. 3 3 Break Case Study Title: Evaluation of fixed dose Evaluation of fixed dose Case Study Title: combinations in paediatric indications - - Use of

399 views • 23 slides
Is That a Worm or a Bot? Cyber Liability Insurance P R E S E N T E D T O C A S U A L T Y A C T

Is That a Worm or a Bot? Cyber Liability Insurance P R E S E N T E D T O C A S U A L T Y A C T

Is That a Worm or a Bot? Cyber Liability Insurance P R E S E N T E D T O C A S U A L T Y A C T U A R I A L S O C I E T Y B A L T I M O R E , M D O C T O B E R 4 , 2 0 1 2 B Y J O H N M E R C H A N T F R E E D O M S P E C I A L T Y I

326 views • 20 slides
MTN Reginal Meeting Pharmacy Break-out Session October 2, 2012 Pharmacy Session Overview

MTN Reginal Meeting Pharmacy Break-out Session October 2, 2012 Pharmacy Session Overview

MTN Reginal Meeting Pharmacy Break-out Session October 2, 2012 Pharmacy Session Overview Dapivirine Clinical Pharmacology Product Complaint Process Shipping, to VAT or not to VAT Pharmacists Role in ASPIRE Used Ring

570 views • 41 slides
SESSION 1: Accounting 101 for starting your business Liability limited by a scheme approved

SESSION 1: Accounting 101 for starting your business Liability limited by a scheme approved

SESSION 1: Accounting 101 for starting your business Liability limited by a scheme approved under Professional Standards Legislation Introducing: MHP Jean-Pierre Lesley Liability limited by a scheme approved under

857 views • 46 slides
Lawyers Professional Liability (LPL) Title Agent Errors & Omissions (E&O) CFPB

Lawyers Professional Liability (LPL) Title Agent Errors & Omissions (E&O) CFPB

Lawyers Professional Liability (LPL) Title Agent Errors & Omissions (E&O) CFPB Coverage Cyber Liability Escrow Security Bond/Computer Crime Fraudulent Wire Coverage Broad Professional Services Defined as:

345 views • 15 slides
TECHNICAL INFORMATION TABLE OF CONTENTS ARMSCOR OBJECTIVES ARMSCOR SITE AND USERS

TECHNICAL INFORMATION TABLE OF CONTENTS ARMSCOR OBJECTIVES ARMSCOR SITE AND USERS

A-TEMP-009 -1 ISSUE 002 ERP IMPLEMENTATION TECHNICAL INFORMATION TABLE OF CONTENTS ARMSCOR OBJECTIVES ARMSCOR SITE AND USERS ARMSCOR STRUCTURE BUSINESS CHALLENGES REQUIRED SOLUTIONS NUMBER OF USERS

380 views • 12 slides
Third session of the Council 8-9 June 2013, Songdo Agenda C/3/11 Introduction and Background

Third session of the Council 8-9 June 2013, Songdo Agenda C/3/11 Introduction and Background

C/3/11 GGGI Capital Budget Requirement for ERP Implementation Third session of the Council 8-9 June 2013, Songdo Agenda C/3/11 Introduction and Background ERP Implementation Road Map Summary of Capital Budget Requirements 1

291 views • 6 slides
Response Paula Clark and Elena Bertocci Division of Materials Management MAINE DEPARTMENT OF

Response Paula Clark and Elena Bertocci Division of Materials Management MAINE DEPARTMENT OF

LD 1431 and Response Paula Clark and Elena Bertocci Division of Materials Management MAINE DEPARTMENT OF ENVIRONMENTAL PROTECTION Protecting Maines Air, Land and Water LD 1431: Resolve to Support Municipal Recycling Programs Directs

1.46k views • 6 slides
Admicom Oyj: Investor presentation July 1st 2020 This presentation is not a Company Description

Admicom Oyj: Investor presentation July 1st 2020 This presentation is not a Company Description

Admicom Oyj: Investor presentation July 1st 2020 This presentation is not a Company Description described in the Securities Markets Act (746/2012). This presentation is solely for information purposes and is not intended to form part of or be the

499 views • 22 slides
YOUR CUSTOMER LOYALTY PROGRAMME MORE SALES MORE REVENUE CARD HOLDER Cashback with every

YOUR CUSTOMER LOYALTY PROGRAMME MORE SALES MORE REVENUE CARD HOLDER Cashback with every

YOUR CUSTOMER LOYALTY PROGRAMME MORE SALES MORE REVENUE CARD HOLDER Cashback with every purchase Additional Shopping Points Offers in exchange for Shopping Points LOYALTY MERCHANTS Customer loyalty Acquisition of new

509 views • 20 slides
Radar-based alert system to operate a sewerage network: relevance and operational effectiveness

Radar-based alert system to operate a sewerage network: relevance and operational effectiveness

Radar-based alert system to operate a sewerage network: relevance and operational effectiveness after several years of use D. Faure*, O. Payrastre**, P. Auchet*** * ALICIME, 541 rue des grillons, F69400 Gleiz, FR (E-mail :

739 views • 9 slides
Liquidated Damages, Attorneys' Fees Structuring Enforceable Provisions, Navigating the Interplay

Liquidated Damages, Attorneys' Fees Structuring Enforceable Provisions, Navigating the Interplay

Presenting a live 90-minute webinar with interactive Q&A Drafting Remedies Clauses in Commercial Contracts: Consequential Damage Waivers, Liquidated Damages, Attorneys' Fees Structuring Enforceable Provisions, Navigating the Interplay With

498 views • 30 slides
2012 Credit Suisse Energy Summit Moray Dewhurst Vice Chairman and CFO February 7, 2012

2012 Credit Suisse Energy Summit Moray Dewhurst Vice Chairman and CFO February 7, 2012

2012 Credit Suisse Energy Summit Moray Dewhurst Vice Chairman and CFO February 7, 2012 Cautionary Statements And Risk Factors That May Affect Future Results Any statements made herein about future operating and/or financial results and/or

880 views • 41 slides

More recommend