emerging risk management and coverage challenges
play

Emerging Risk Management and Coverage Challenges Presented by the - PowerPoint PPT Presentation

Aug 08, 2023 •41 likes •391 views

Emerging Risk Management and Coverage Challenges Presented by the Internet of Things and Vendor Breaches John D. Hackett & Margaret A. Shipitalo , Cassiday Schade LLP Kenneth K. Suh , Technology, Media, and Business Services, Beazley Group

  1. Emerging Risk Management and Coverage Challenges Presented by the Internet of Things and Vendor Breaches John D. Hackett & Margaret A. Shipitalo , Cassiday Schade LLP Kenneth K. Suh , Technology, Media, and Business Services, Beazley Group Neil Blauvelt , Enterprise Risk Management, United Airlines W W W . C H I C A G O L A N D R I S K F O R U M . O R G

  2. What is the Internet of Things (IoT)? • Definition – The concept of connecting any device with an on/off switch to the Internet. – “A Simple Explanation of the Internet of Things,” Forbes , May 13, 2014. • Origin - The term “Internet of Things” was coined as early as 1999 by Kevin Ashton while working at Proctor and Gamble as an assistant brand manager. – Shawn DuBravac & Carlo Ratti, “The Internet of Things: Evolution or Revolution” (2015). 2

  3. IoT Statistics In 2003, there were about 500 million devices connected to the internet. Today, • there are more than 6.4 billion, with approximately 5 million more connecting to the internet each day. 50 billion IoT devices are projected to be utilized by 2020, and consumer IoT • products are expected to be the third largest segment of market purchases. Global spending on IoT products is forecasted to reach $1.2 trillion by 2020. • 3

  4. IoT Examples – Streetlights – Security systems – Factory equipment – Automobiles – Fitness trackers and other health monitoring devices – Home appliances (e.g., smart locks, thermostats, lightbulbs, smart plugs, refrigerators) – Smart speakers (e.g., Google Assistant, Amazon Echo) – Even cement! 4

  5. Affected Industries - Manufacturing - Transportation - Agriculture - Retail - Logistics - Banks - Infrastructure - Food Services - Utilities - Hospitality - Healthcare 5

  6. Entities Affected by IoT • Manufacturers of IoT devices; • Businesses that use IoT devices; and • Businesses that have vendors and suppliers that use IoT devices. 6

  7. IoT Security Issues – Billions of IoT devices are constantly acquiring vast amounts of information regarding people and their surroundings. – They generally have little security features. – They typically don’t run standard operating systems that support commonly-used security tools or just don’t have enough memory for them. – Many also lack the ability to apply firmware updates, making it impossible to patch security vulnerabilities as they come to light. 7

  8. IoT Security Issues • Software malfunction resulting in financial loss, property damage, or bodily injury • Attacks leading to financial loss, property damage, or bodily injury • Attacks leading to the collection and/or dissemination of sensitive personal data 8

  9. Security Issues and Recent Events Notable Hacks Involving IoT: • Turkish Pipeline (2008) • FDA Recall of Pacemakers (2017) • WannaCry (2017) • British Casino (2018) 9

  10. Risk Management and Data Breach 10

  11. Data Breach Costs – 2018 Ponemon Institute Study 1 Cost per Records breached Direct Cost 2 Record <10,000 $0.7M $133 10,000 - 25,000 1.0 56 25,000 - 50,000 1.5 43 50,000 - 100,000 2.0 29 1 million 24 24 10 million 95 9 50 million 232 5 1. Ponemon Institute 2018 Cost of a Data Breach Study: Global Overview, sponsored by IBM Security. 2. For breaches <100,000 records, indirect costs, which account for 65% of the total, are excluded. For breaches >1 million, “lost business costs” are excluded. 11

  12. Data Protection Currently, there is no U.S. federal law on data protection and breach response, but… – 48 U.S. states have their own laws that define notification requirements, etc. – European Union General Data Protection Regulations (EU GDPR) Became effective 25 May 2018 � Penalties up to 4% of a company’s global revenue � Personally Identifiable Information is a critical risk exposure 12

  13. Traditional Insurance Policies IoT losses can consist of the compromise of data, malfunctions within the • physical device itself, or malfunctions of the remote computer programs or algorithms. The results are normally financial losses, bodily injury, or physical damage to tangible property. Traditional first-party property policies are often silent on whether they respond • to cyber-related damage. Since 2014, CGL policies have typically contained an electronic data exclusion , • or an access or disclosure of confidential personal information exclusion. Other common CGL exclusions might also apply. • 13

  14. Traditional Policies • Gaps in Traditional CGL policies create coverage issues with respect to cyber-related risks. – Capitol Comm’n v. Capitol Ministries , 2013 WL 5493013, *4 (E.D. N.C. 2013) (electronic data and computer software is not “tangible property” within meaning of a CGL policy). – Zurich American Ins. Co. v. Sony Corp. , 2014 WL 8382554 (N.Y. Sup. Ct. 2014) (no “publication” of material within meaning of CGL policy’s “personal and advertising coverage” when hacker steals insured’s data and posts it on the web). 14

  15. Cyber/Privacy Insurance Coverage Breach Event Expenses – costs to respond to a data privacy or security incident – Computer forensics – Legal expenses – Public relations costs – Consumer notification – Consumer monitoring services (usually for 1 year) – Post-breach call center – Expenses for notifying affected banks and credit card companies – Identity theft monitoring 15

  16. Cyber/Privacy Insurance Coverage First Party Losses • Business Interruption • Extra Expense • Digital Asset Protection 16

  17. Cyber/Privacy Insurance Coverage First Party Losses (cont.) * Business Email Loss • Cyber Crime • Cyber Extortion • Computer Fraud • Funds Transfer Fraud 17

  18. Cyber/Privacy Insurance Coverage Liability Coverage – Privacy Liability • Covers defense costs and damages suffered by others for any failure to protect personally identifiable or confidential third-party corporate information, whether or not due to the failure of network security. • May include unintentional violations of the insured’s privacy policy and actions of rogue employees. – Security Liability • Covers defense costs and damages suffered by others resulting from a failure of computer security. • Includes liability caused by theft or disclosure of confidential info, unauthorized access, unauthorized use, denial of service attack or transmission of a computer virus. 18

  19. Cyber/Privacy Insurance Coverage Liability Coverage (cont.) – Regulatory Proceedings • Covers defense costs for proceedings brought by a governmental agency in connection with a failure to protect private info and/or a failure of network security. – Payment Card Industry Fines and Assessments • Covers fines and penalties assessed against the insured (to the extent such fines/penalties are insurable by law) and defense costs incurred in conjunction with a proceeding brought by a credit card company alleging the insured failed to comply with payment card industry data security standards. • Claims typically arise in connection with a wrongful act covered under security/privacy liability coverage. 19

  20. Technology E&O Insurance – Combines multimedia insurance and professional liability insurance. – Covers providers of technology services or products for financial loss. – Applies to errors and omissions and liability assumed by contract. 20

  21. Cyber/Tech E&O Insurance Developments Standard forms yet to be developed. • Cyber policies typically exclude bodily injury and property • damage. – But some insurers are now marketing cyber policies that more clearly afford coverage for bodily injury and property damage losses. Numerous exclusions that limit coverage. • Policies are complex and there are few court decisions • interpreting them. It is therefore critical for a company seeking cyber insurance to • not assume protection for all IoT/data breach-related losses, to carefully identify gaps in existing coverage, and proactively work with insurers to obtain coverage for potential risks. 21

  22. Cyber Case Law – Few Reported Decisions PF Chang’s China Bistro, Inc. v. Fed. Ins. Co. , 2016 U.S. Dist. LEXIS 70749 (D. Arizona 2016) – PF Chang’s entered into an agreement with Bank of America Merchant Services (“BAMS”) for BAMS to process credit card payments. PF Chang’s agreed to reimburse BAMS for fees and penalties imposed on BAMS by credit card issuers. – BAMS also had an agreement with MasterCard requiring BAMS to pay certain fees and assessments to MasterCard in the event of a data breach. – Hackers obtained and posted on the internet 60,000 credit cards belonging to PF Chang’s customers. – BAMS was required to pay MasterCard nearly $2 million in fees and other expenses related to the data breach, and sought reimbursement from PF Chang’s. PF Chang’s reimbursed BAMS and then sought coverage under its CyberSecurity policy through Federal Insurance. 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Research &amp; Education Challenges in Risk Analysis &amp; Risk Management Improved

Research &amp; Education Challenges in Risk Analysis &amp; Risk Management Improved

Research &amp; Education Challenges in Risk Analysis &amp; Risk Management Improved Understanding of Risk Management Type Matching Risks, Risk Analysis &amp; Risk Response Maritime Risk Symposium 2011 Rutgers University 9 November, 2011

1.18k views • 82 slides
New Opportunities and Challenges for . www Emerging Fund Managers

New Opportunities and Challenges for . www Emerging Fund Managers

Emerging Asset Management Building Strong Foundations .bm eam New Opportunities and Challenges for . www Emerging Fund Managers 26th F ebruary 2013, New Y ork 1 Emerging Asset Management Building

112 views • 8 slides
EXCESS LIABILITY INSURANCE COVERAGE THROUGH PUBLIC RISK INNOVATION, SOLUTIONS, AND MANAGEMENT

EXCESS LIABILITY INSURANCE COVERAGE THROUGH PUBLIC RISK INNOVATION, SOLUTIONS, AND MANAGEMENT

EXCESS LIABILITY INSURANCE COVERAGE THROUGH PUBLIC RISK INNOVATION, SOLUTIONS, AND MANAGEMENT (PRISM) JPA July 21, 2020 BACKGROUND The City is self-insured for the first $2 million of liability coverage and has historically carried $20

341 views • 7 slides
Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk

Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk

FREE Lifelong Learning Event for Fasset Members Risk Management Workshop 1 Risk management workshop Why do we Risk Risk and need risk assessment control matrix management process Governance Risk appetite Agenda for and risk Risk

1.28k views • 105 slides
Market Risk Management Gen Ins. Risk Management Life Ins. Risk Management Op.

Market Risk Management Gen Ins. Risk Management Life Ins. Risk Management Op.

Market Risk Management Gen Ins. Risk Management Life Ins. Risk Management Op. Risk Management Board of Enterprise Risk Senior Management Committees Directors Management Credit Risk Cross-Border Exposure Country Rating

453 views • 6 slides
Ontario Higher Education Risk Management Symposium CURIE Pollution Coverage Property &amp;

Ontario Higher Education Risk Management Symposium CURIE Pollution Coverage Property &amp;

Ontario Higher Education Risk Management Symposium CURIE Pollution Coverage Property &amp; Liability May 23-24, 2013 University of Guelph Property (First Party) Pollution Coverage The property policy contains two pollution related

391 views • 25 slides
Trust Management in Emerging countries: International cooperation research challenges for Horizon

Trust Management in Emerging countries: International cooperation research challenges for Horizon

Trust Management in Emerging countries: International cooperation research challenges for Horizon 2020 Paper authors: Marijke Coetzee, Jan Eloff , Donovan Isherwood, James Clarke, Manmohan Chaturvedi, Abhishek Sharma, Karima Boudaoud , Mounib

663 views • 29 slides
What is Risk Management? What is Risk Management? A (great) management tool Focus

What is Risk Management? What is Risk Management? A (great) management tool Focus

Proudly Presents How To Establish Functional Risk Management in Your Public Entity R. J oy J ackson, City of London Tina Gardiner, Region of York RIMS, Ottawa, 2011 What is Risk Management? What is Risk Management? A (great)

463 views • 24 slides
Current and emerging concerns about chemical contaminants in foods A PROPOSED RISK MANAGEMENT

Current and emerging concerns about chemical contaminants in foods A PROPOSED RISK MANAGEMENT

Current and emerging concerns about chemical contaminants in foods A PROPOSED RISK MANAGEMENT APPROACH TO ADDRESS CHEMICALS INADVERTENTLY PRESENT IN FOOD AT LOW LEVELS RAJ RAJASEKAR MINISTRY FOR PRIMARY INDUSTRIES NEW ZEALAND Food

295 views • 11 slides
CREDIT STRESS TESTING FRAMEWORK USES &amp; CHALLENGES TO BANK MANAGEMENT USES &amp;

CREDIT STRESS TESTING FRAMEWORK USES &amp; CHALLENGES TO BANK MANAGEMENT USES &amp;

CREDIT STRESS TESTING FRAMEWORK USES &amp; CHALLENGES TO BANK MANAGEMENT USES &amp; CHALLENGES TO BANK MANAGEMENT Jrgen Wienes Richard Vasicek Group Risk Management Enterprise Risk Solutions UniCredit Group UniCredit Group Moody's

469 views • 20 slides
Preparedness Preliminary risk management Risk assessment Risk management Risk

Preparedness Preliminary risk management Risk assessment Risk management Risk

FAO/WHO guide for application of risk analysis principles to food safety emergencies Food Recall and Traceability (February 2013, Thailand) Preparedness Preliminary risk management Risk assessment Risk management Risk

440 views • 39 slides
2017 OFFICE OF RISK MANAGEMENT ANNUAL REPORT SUMMARY PRESENTED BY THE OFFICE OF LEGAL COUNSEL AND

2017 OFFICE OF RISK MANAGEMENT ANNUAL REPORT SUMMARY PRESENTED BY THE OFFICE OF LEGAL COUNSEL AND

2017 OFFICE OF RISK MANAGEMENT ANNUAL REPORT SUMMARY PRESENTED BY THE OFFICE OF LEGAL COUNSEL AND THE OFFICE OF RISK MANAGEMENT COMPREHENSIVE RISK FINANCING PROGRAM Primary coverage areas: Property General Liability and Educators

137 views • 9 slides
Technical Challenges of Risk- and Results-Based Multipollutant Air Quality Management William T.

Technical Challenges of Risk- and Results-Based Multipollutant Air Quality Management William T.

Technical Challenges of Risk- and Results-Based Multipollutant Air Quality Management William T. Pennell NARSTO Management Coordinator NYSERDA EMEP Conference October 15, 2009 Purpose of this Presentation Review the motivations for this

525 views • 20 slides
Enterprise Risk Management in (Re)Insurance Saskia Goedhart CRO, Munich Re North America (Life)

Enterprise Risk Management in (Re)Insurance Saskia Goedhart CRO, Munich Re North America (Life)

Enterprise Risk Management in (Re)Insurance Saskia Goedhart CRO, Munich Re North America (Life) Topics of Discussion Enterprise Risk Management Risk management structure and tasks in a global insurance company Emerging risks and

634 views • 40 slides
Agricultural Risk Coverage &amp; Price Loss Coverage Acreage History Update ARC/PLC Process

Agricultural Risk Coverage &amp; Price Loss Coverage Acreage History Update ARC/PLC Process

2014 Farm Bill Training October 14 - 17, 2014 Agricultural Risk Coverage &amp; Price Loss Coverage Acreage History Update ARC/PLC Process ARC/PLC Program Process has three PARTS : Update : Owner(s) choice to reallocate base acres

1.27k views • 102 slides
management. Managing risk or risk factors? Igor Sergienko, PhD, MD Russian Cardiology Research

management. Managing risk or risk factors? Igor Sergienko, PhD, MD Russian Cardiology Research

Practical challenges in CV risk management. Managing risk or risk factors? Igor Sergienko, PhD, MD Russian Cardiology Research Complex, Russian National Atherosclerosis Society DYSIS study. Real clinical practice Very high and

596 views • 26 slides
HSARPA Cyber Security Division Internet Measurement and Attack Modeling Project Active Internet

HSARPA Cyber Security Division Internet Measurement and Attack Modeling Project Active Internet

HSARPA Cyber Security Division Internet Measurement and Attack Modeling Project Active Internet Measurement Systems Workshop (AIMS) February 6-8, 2013 Ann Cox, PhD. Program Manager Cyber Security Division Homeland Security Advanced Research

545 views • 21 slides
1 Basic Info n Breakfast, coffee breaks n Meals n Lunch provided both days n Supported by

1 Basic Info n Breakfast, coffee breaks n Meals n Lunch provided both days n Supported by

1 Basic Info n Breakfast, coffee breaks n Meals n Lunch provided both days n Supported by University of Pittsburgh Provosts Office, SCI n n Dinner on your own n WiFi password: n Need help? n Kelly Shaffer, Program Director at SCI n Runhua

951 views • 38 slides
This webinar is Parish Emergency Operations Planning Session 1: Beginning the Basic Plan October

This webinar is Parish Emergency Operations Planning Session 1: Beginning the Basic Plan October

This webinar is Parish Emergency Operations Planning Session 1: Beginning the Basic Plan October 22, 2018 Welcome Questions - Chat feature During our initial workshops, I introduced you to this model for capabilities- based planning. I want

497 views • 33 slides
Future of Privacy Forum Higher Education Working Group GLBA Safeguards Rule Dean Forbes Counsel

Future of Privacy Forum Higher Education Working Group GLBA Safeguards Rule Dean Forbes Counsel

Future of Privacy Forum Higher Education Working Group GLBA Safeguards Rule Dean Forbes Counsel September 29, 2017 Agenda Introductions Department of Education Publications on Protecting Student Information GLBA Privacy and

739 views • 45 slides
Session 1 Introduction to Computer Security Sbastien Combfis Fall 2019 This work is

Session 1 Introduction to Computer Security Sbastien Combfis Fall 2019 This work is

I5020 Computer Security Session 1 Introduction to Computer Security Sbastien Combfis Fall 2019 This work is licensed under a Creative Commons Attribution NonCommercial NoDerivatives 4.0 International License. Objectives Computer

864 views • 61 slides
HIMSS Public Policy Initiatives in 2015: Using Health IT to Enable Healthcare Transformation

HIMSS Public Policy Initiatives in 2015: Using Health IT to Enable Healthcare Transformation

HIMSS Public Policy Initiatives in 2015: Using Health IT to Enable Healthcare Transformation Jeff Coughlin Senior Director Federal &amp; State Affairs March 26, 2015 Agenda Meaningful Use Stage 3 NPRM 2015 Program Changes

738 views • 27 slides
August 5, 2015 Affordable Care Act (ACA) Requirements Health insurance/Medicaid Tax

August 5, 2015 Affordable Care Act (ACA) Requirements Health insurance/Medicaid Tax

August 5, 2015 Affordable Care Act (ACA) Requirements Health insurance/Medicaid Tax Credits for Premiums Health Care Exchanges Establishment Grants and Sustainability States with state-run exchanges States using the

530 views • 10 slides
featuring Department of Treasury August 26, 2020 THANK YOU TO OUR PATRONS Engage with Federal

featuring Department of Treasury August 26, 2020 THANK YOU TO OUR PATRONS Engage with Federal

Federal Insights Exchange featuring Department of Treasury August 26, 2020 THANK YOU TO OUR PATRONS Engage with Federal Insights Exchange (FIE) Agency-focused programs that provide substantive conversation on topics of mutual interest to

473 views • 24 slides

More recommend