SLIDE 1
Demystifying Cyber Insurance European Legal Security Forum 2016 12 - - PowerPoint PPT Presentation
Demystifying Cyber Insurance European Legal Security Forum 2016 12 - - PowerPoint PPT Presentation
Demystifying Cyber Insurance European Legal Security Forum 2016 12 th July 2016 Agenda The Evolution of Cyber Insurance Is Cyber Risk Already Insured? Cyber And Data Protection Is Not Just An IT Issue Case Study Cyber Risk Stakeholders The
SLIDE 2
SLIDE 3
The Evolution of Cyber Insurance
SLIDE 4
Is Cyber Risk Already Insured? Traditional Insurance v. Cyber
Insurance Product Main Type of Losses Covered Potential Cyber Peril Gaps Property Physical asset damage
- Damage to software and data excluded (intangibles)
- Exclusions removing cyber attacks and triggers for non-
physical asset damage Business Interruption Lost revenues and additional cost incurred due to physical asset damage
- Lost revenues and additional cost incurred due to non-physical
asset damage General Liability Third party liabilities for physical property damage, bodily injury and advertising injury (liability claims arising from published content, including privacy violations)
- Exclusions of unauthorised disclosure of personal information
- No 1st party costs
Professional indemnity Third party liability arising from performance of services
- Liability to Regulators and employees
- Other exclusions (eg virus transmission, first party costs,
employee dishonesty) Directors and Officers Liabilities arising from duties owed to your shareholders
- Liability to 3rd parties, not including shareholders, for direct loss
arising out of a privacy or security failure by Crime First party costs as a result of theft of monies, securities and physical assets
- First party costs as a result of theft of data
- Third party liabilities as a result of data theft
SLIDE 5
Cyber And Data Protection Is Not Just An IT Issue
SLIDE 6
Cyber And Data Protection Is Not Just An IT Issue
Cyber Risk Stakeholders Cyber Role Cyber Risk Responsibility IT Department Manage and maintain a secure IT network. Implement strong perimeter defences. Legal PCI, IT outsourcer and NDA contract reviews. Ensure contractual liabilities, warranties and terms are acceptable. Chief Privacy Officer Understand what confidential data is held within the
- rganisation and which Privacy Regulations apply.
Ensure that sensitive data is adequately collected, stored and destroyed. Risk & Compliance Identify cyber risks and ensure the risks are either mitigated
- r managed effectively throughout the organisation.
Ensure controls and checks are in place to monitor protection performance. Report cyber risks to the board. HR Implementing training, controls and procedures to minimise cyber risks. Raise awareness and train organisation on mitigation of cyber risks. Implement internal controls limiting the potential for human error. Drive cultural change. Finance Managing budgets and investment in cyber risk prevention and risk transfer. BI analysis. Ensure cash is available in the event of a cyber
- breach. Liaise with Risk & Compliance concerning purchase
- f insurance.
Security Effectively control all physical perimeters. Ensure zero unauthorised physical access to premise, IT networks and sensitive information. Managing Partner/Management Board To mitigate cyber risks negatively affecting the organisation. Creation of Incident Response Plan. Ultimately responsible for all cyber risks within the organisation.
SLIDE 7
Cyber Risk Stakeholders The Pendulum Shift
SLIDE 8
Contact Us
Ed Lewis Partner – Specialty Insurance & Co. T: 020 7882 1992 E: ed.lewis@weightmans.com Erica Constance Senior Vice President T: 020 7280 8285 E: econstance@paragonbrokers.com