introduction to cyber risk insurance
play

Introduction to Cyber Risk & Insurance Prepared for the - PowerPoint PPT Presentation

Nov 27, 2023 •336 likes •649 views

Introduction to Cyber Risk & Insurance Prepared for the Construction Financial Management Association Date: August 18, 2016 Agenda An Overview of Cyber Risk Exposures 1. Legal & Regulatory Trends 2. Marshs Cyber Risk Management

  1. Introduction to Cyber Risk & Insurance Prepared for the Construction Financial Management Association Date: August 18, 2016

  2. Agenda An Overview of Cyber Risk Exposures 1. Legal & Regulatory Trends 2. Marsh’s Cyber Risk Management Framework 3. Cyber Insurance Coverages 4. 5. Cyber Risk Management Best Practices 1 MARSH

  3. Cyber Attacks – A Growing Global Risk • Costs businesses $400B+ per year • The world is becoming more dependent on the internet – an estimated 50 billion connected devices in the world by 2020 – 6.5 devices for every person on the planet. Source: Marsh & McLennan Companies CYBER RISK HANDBOOK 2015 2 MARSH

  4. Broader Exposures & Threats CYBER BY THE NUMBERS Market Overview Cost of Cyber $5.9 million $446 billion Average cost of a Estimated annual cost data breach in of cybercrime to the US in 2014. global economy. 40% $120 billion Percentage of Expected size of the breaches that global cyber security exceed $500,000 market in 2017. in losses. • Liability to Customers, Key 40 million $1.8 million Vendors and Employees Number of people in Average post- the US who had their • Operational Disruptions breach costs. personal information • Regulatory Scrutiny stolen by hackers in $3.3 million 2014. • Notification Requirements Average lost business costs. • Reputation 3 MARSH

  5. An Evolving & Headlining Risk Headline News WHY IT MATTERS? • Value of Personal Data Target Hacked: Retailer Confirms • Cost of Cyber Breach Unauthorized Access of Credit ($5.9M average) Card Data • Enterprise-Wide Risk Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus non odio non ligula aliquet tempus eu at velit. Donec in viverra libero. Maecenas vel tellus eu Issue enim consectetur euismod. Proin suscipit justo vitae justo sollicitudin pretium. Sed nisl odio, commodo ac leo in, consequat lacinia leo. euismod, quam vel tempus • Difficulty Quantifying the Risk Extramarital Affair Website Ashley • Frequency and Madison Has Been Hacked Severity of Losses Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus non odio non ligula aliquet tempus eu at velit. Donec in viverra libero. Maecenas vel tellus eu enim consectetur euismod. Proin suscipit justo vitae justo sollicitudin pretium. Sed Seen • Regulatory concerns 21.5 Million Exposed in Second Hack of Ransomware Wreaking Havoc in Federal Office American & Canadian Hospitals Lorem ipsum dolor sit amet, consectetur Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus non odio non adipiscing elit. Phasellus non odio non ligula ligula aliquet tempus eu at velit. Donec in viverra libero. Maecenas vel tellus eu aliquet eu at velit. Donec in viverra libero. enim consectetur euismod. Proin suscipit justo vitae justo sollicitudin pretium. Sed nisl odio, commodo ac leo in, consequat lacinia leo. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus non odio non ligula aliquet eu at velit. Donec in viverra libero. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus non odio non ligula aliquet eu at velit. Donec in viverra libero. MARSH 4

  6. Recent Cyber Breaches in Construction 1. Turner Construction (2016) • Spear-phishing scam targeting 41 companies • Employee sent tax information on current and past employees to a fraudulent email account • Information included the full name, social security number, state of residency and tax withholding amounts. 2. Whiting-Turner Contracting (2016) • Vendor hired to perform tax services for Whiting-Turner • Whiting-Turner experienced suspicious activity on their systems and some employees reported fraudulent tax filings in their names • Vendor’s access was shut down and the investigation is ongoing • Potentially exposed information includes names, dates of birth, social security numbers and the names of any minor dependents. 5 MARSH

  7. There are Many Types of Cyber-Vulnerable Assets Financial Assets Brand & Technology Infrastructure Reputation Third-Party Data Cyber- Exposed Corporate IP Physical Assets 6 MARSH

  8. The Threat Environment Technology Internal  Viruses, SQL Injections,  Rogue employees DDoS attacks, etc.  Careless staff Regulatory  Social Media/Networking  BYOD  DHHS - HIPAA  Phishing  SEC, FTC, state attorney generals  47 State breach notification laws (NM External proposed)  Vendors/Suppliers  PCI Compliance (contractors, outside counsel, cloud providers)  Foreign and domestic organized crime Old School  Hackers/Hacktivists  Laptop theft  Dumpster diving  Photocopier 7 MARSH

  9. Types of Data Breaches: 2006 - 2015 Source: Verizon Data breach report 2016 8 MARSH

  10. The Uncontrollable Human Element Source: Verizon Data breach report 2015 9 MARSH

  11. The Reality… 10 MARSH

  12. Cyber Litigation Overview Cyber litigation falls into 3 areas: 1. State Enforcement Actions • The state alleges a failure to provide adequate security for personal information and/or a failure to provide timely notification to affected individuals or the AG’s office • 47 state breach notification laws, with similar but differing requirements 2. Federal Trade Commission Enforcement Actions • FTC Act prohibits “unfair or deceptive acts or practices in or affecting commerce” • Over 50 settlements with companies over the failure to protect personal information of consumers • Wyndham hotels case affirmed FTC’s ability to regulate 3. Civil Suits • Cause of actions include negligence, breach of contract, unfair/deceptive trade practices and violations of privacy/cyber security statutes • Key issue = whether plaintiffs have standing to sue 11 MARSH

  13. Civil Suits – Surviving the Motion to Dismiss Courts are now approving class actions relating to cyber breaches brought by: Consumers • Previously the Supreme Court held that the likelihood of injury to consumers arising from cyber breach is not sufficient to bring a class action 1 • Cases of Adobe 2 and Neiman Marcus 3 found that likelihood of injury was sufficient and allowed class action to proceed Employees • Case of Sony 4 allowed class action brought by employees affected by data breach to proceed Financial institutions • In September 2015 5 banks affected by the Target cyber breach were allowed to proceed with a class action Clapper v Amnesty International 133 S. Ct. at 1147 1. 2. re Adobe Sys. Privacy Litig. No. 13-CV-05226, 2014 U.S. Dist. LEXIS 124126 (N.D. Cal. Sep. 4, 2014) Remijas et al. v. The Neiman Marcus Group LLC , 14-3122, U.S. Court of Appeals 7 th Circuit (July 20, 2015) 3. re Sony Gaming Networks and Customer Data Security ( 996 F. Supp. 2d 942 (S.D. Cal. 2014) 4. 5. re: Target Corporation Customer Data Security Breach Litigation, M DL No. 14-2522, (September 15, 2015) 12 MARSH

  14. Regulatory Trends to Watch… Securities Exchange Commission (“SEC”)  Conducting investigations of public companies regarding:  Adequate disclosure of cyber risks  Proper internal controls to prevent breach  Proper disclosure to market following cyber breach  Target investigated following breaches – no prosecution but significant expenses in responding to investigations  SEC Guidance notes released in April 2015 and September 2015 aimed at investment industry. Highly likely that further guidance will be released relating to other industries 13 MARSH

  15. Marsh’s Cyber Risk Management Framework Manage Assess Respond A thorough understanding of You can’t eliminate cyber - Prevent | Prepare | Transfer your risk profile is critical for attacks, but you can control how cyber risk management, and Cyber risk management requires a you handle them, and the that means more than just the balanced approach of: decisions you make after an typical compliance audit. You event make a big difference. Prevention — to stop cyber- need to inventory your cyber- When a threat, breach, or attack attacks from succeeding. vulnerable assets, identify new occurs, you need to detect it as Preparation — to make sure you and emerging threats, and soon as possible and react are ready when an event happens. model the potential impact of quickly. A quick, effective an event. And given the Risk Transfer — to transfer cyber response and clear dynamic and ever-evolving risk off your balance sheet. communication with internal and nature of the risk, you must external stakeholders is have the discipline to essential. continuously gauge changes in your risk profile – and adapt. Cyber Event 14 MARSH

  16. Understanding the Gaps in Coverage GENERAL LIABILITY D&O PROPERTY TYPES OF POLICIES ERRORS AND FIDELITY OMISSIONS AND CRIME 15 MARSH

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cyber Insurance: Protect Your Wine Business Against Data Security Breaches and Other Cyber Risks

Cyber Insurance: Protect Your Wine Business Against Data Security Breaches and Other Cyber Risks

AUGUST 25, 2015 Cyber Insurance: Protect Your Wine Business Against Data Security Breaches and Other Cyber Risks Tyler Gerking, Partner David B. Smith, CPCU, ARM, Insurance & Risk Management Consultant What is Cyber Insurance?

368 views • 10 slides
Demystifying Cyber Insurance European Legal Security Forum 2016 12 th July 2016 Agenda The

Demystifying Cyber Insurance European Legal Security Forum 2016 12 th July 2016 Agenda The

Demystifying Cyber Insurance European Legal Security Forum 2016 12 th July 2016 Agenda The Evolution of Cyber Insurance Is Cyber Risk Already Insured? Cyber And Data Protection Is Not Just An IT Issue Case Study Cyber Risk Stakeholders The

1.03k views • 8 slides
Cyber Risk Insurance or loss of information from, IT systems and networks. 1. Do I need it? As

Cyber Risk Insurance or loss of information from, IT systems and networks. 1. Do I need it? As

Cyber insurance covers the losses relating to damage to, Cyber Risk Insurance or loss of information from, IT systems and networks. 1. Do I need it? As a business of any size, it is likely you will rely on information technology (IT)

253 views • 6 slides
Risk Mitigation Services in Cyber Insurance Underwriting Sponsored By: 1 Risk Mitigation

Risk Mitigation Services in Cyber Insurance Underwriting Sponsored By: 1 Risk Mitigation

Risk Mitigation Services in Cyber Insurance Underwriting Sponsored By: 1 Risk Mitigation Services in Cyber Insurance Underwriting www.advisenltd.com Paper Beware the Botnets: Botnets Correlated to a Higher Likelihood of a Significant

671 views • 22 slides
Cyber risk and insurance Dr. Katsiaryna (Kate) Labunets Safety and Security Sciences group TPM,

Cyber risk and insurance Dr. Katsiaryna (Kate) Labunets Safety and Security Sciences group TPM,

Cyber risk and insurance Dr. Katsiaryna (Kate) Labunets Safety and Security Sciences group TPM, TU Delft E: k.labunets@tudelft.nl 1 Outline Who am I? Definitions Motivation Cyber insurance market: Current practice

828 views • 46 slides
Technology and Cyber Wrap up Navigating the changing and challenging risk landscape How to

Technology and Cyber Wrap up Navigating the changing and challenging risk landscape How to

Technology and Cyber Wrap up Navigating the changing and challenging risk landscape How to prepare for Cyber Risk: 3 2 1 Understand the tech & Cyber insurance Focus on company interconnected risks culture 2 Policy: Protection &

774 views • 18 slides
Blockchain and Cyber Risk Part of an Ongoing Webinar Series on Insurance Innovation October 18 th

Blockchain and Cyber Risk Part of an Ongoing Webinar Series on Insurance Innovation October 18 th

Blockchain and Cyber Risk Part of an Ongoing Webinar Series on Insurance Innovation October 18 th , 2017, 11 AM Eastern Blockchain and Cyber Risk Visit www.advisenltd.com at the end of this webinar to download: Copy of these slides

537 views • 19 slides
The Role Of Insurance In A Cyber Risk Management Strategy By James E. Scheuermann July 14, 2017,

The Role Of Insurance In A Cyber Risk Management Strategy By James E. Scheuermann July 14, 2017,

Portfolio Media. Inc. | 111 West 19 th Street, 5th Floor | New York, NY 10011 | www.law360.com Phone: +1 646 783 7100 | Fax: +1 646 783 7161 | customerservice@law360.com The Role Of Insurance In A Cyber Risk Management Strategy By James E.

358 views • 4 slides
Assessing your Cyber Risk A Real Life Case Study Presented by: Liz Limjuco, Marsh Mike Paulino,

Assessing your Cyber Risk A Real Life Case Study Presented by: Liz Limjuco, Marsh Mike Paulino,

Assessing your Cyber Risk A Real Life Case Study Presented by: Liz Limjuco, Marsh Mike Paulino, CSG International Cindy Stevens, Colorado Springs Utilities Agenda What is Cyber Insurance Overview of Cyber Risk Quantifying Cyber

508 views • 23 slides
Cyber Risk as Systemic Risk Jon Danielsson Systemic Risk Centre London School of Economics

Cyber Risk as Systemic Risk Jon Danielsson Systemic Risk Centre London School of Economics

Introduction Systemic Risk Cyber as systemic Conclusion Cyber Risk as Systemic Risk Jon Danielsson Systemic Risk Centre London School of Economics www.systemicrisk.ac.uk June 10 th 2016 Introduction Systemic Risk Cyber as systemic

351 views • 24 slides
What do we know? What can we measure? Martin Eling OECD Expert Workshop, May 13, 2017

What do we know? What can we measure? Martin Eling OECD Expert Workshop, May 13, 2017

Cyber Risk and Cyber Risk Insurance: What do we know? What can we measure? Martin Eling OECD Expert Workshop, May 13, 2017 Management Summary Research Approach: Overview of the main research topics in the fields of cyber risk and

579 views • 12 slides
Cyber Risk in Healthcare AOHC, 3 June 2015 Kopiha Nathan , Senior Healthcare Risk Management and

Cyber Risk in Healthcare AOHC, 3 June 2015 Kopiha Nathan , Senior Healthcare Risk Management and

Cyber Risk in Healthcare AOHC, 3 June 2015 Kopiha Nathan , Senior Healthcare Risk Management and Data Specialist James Penafiel , Underwriting Supervisor, Insurance Operations PARTNERING TO CREATE THE SAFEST HEALTHCARE SYSTEM CFPC Conflict of

498 views • 33 slides
Welcome to the Cyber Risk Insights Conference! Welcoming Remarks Rebecca Bole EVP &

Welcome to the Cyber Risk Insights Conference! Welcoming Remarks Rebecca Bole EVP &

Welcome to the Cyber Risk Insights Conference! Welcoming Remarks Rebecca Bole EVP & Editor-in-Chief Advisen Leading the way to smarter and more efficient risk and insurance communities, Advisen delivers: The right information into The

861 views • 60 slides
Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT ITY How cyber is becoming a key aspect of the ubiquity generation. CYBER SUMMIT More to come 3 2018 Deloitte Cyber Risk Services 4 2018

514 views • 19 slides
Cyber Risks, Systemic Risks, and Cyber Insurance James E. Scheuermann* A BSTRACT The literature

Cyber Risks, Systemic Risks, and Cyber Insurance James E. Scheuermann* A BSTRACT The literature

Cyber Risks, Systemic Risks, and Cyber Insurance James E. Scheuermann* A BSTRACT The literature on cyber insurance is replete with statements to the effect that cyber risks are systemic risks. Through an analysis of the concept of

350 views • 32 slides
Transaction Risk Insurance (TRI) A brief introduction Contents Transaction Risks Insurance

Transaction Risk Insurance (TRI) A brief introduction Contents Transaction Risks Insurance

International Group Transaction Risk Insurance (TRI) A brief introduction Contents Transaction Risks Insurance Product and History TRI Solutions TRI Products Warranty & Indemnity (W&I) Tax Indemnity

762 views • 38 slides
Cyber Security: Espionage and Social Networking Presented by SSA Elvis Chan San Francisco

Cyber Security: Espionage and Social Networking Presented by SSA Elvis Chan San Francisco

UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE ONLY Cyber Security: Espionage and Social Networking Presented by SSA Elvis Chan San Francisco Division UNCLASSIFIED//FOR OFFICIAL USE ONLY UNCLASSIFIED//FOR OFFICIAL USE

500 views • 39 slides
CIVIC ENGAGEMENT AND POLICY PRIORITIES SPOTLIGHT ON THE 50+ AAPI POPULATION DECEMBER 10, 2014

CIVIC ENGAGEMENT AND POLICY PRIORITIES SPOTLIGHT ON THE 50+ AAPI POPULATION DECEMBER 10, 2014

CIVIC ENGAGEMENT AND POLICY PRIORITIES SPOTLIGHT ON THE 50+ AAPI POPULATION DECEMBER 10, 2014 @APIAVote @AAPIdata @AARPAAPI #aapivoices OUTLINE OF TALK Rapidly growing segment, in fastest growing racial group But, lag in voting and

961 views • 46 slides
Public Awareness Campaign March 2015 #bbbtop10scams http://go.bbb.org/BC-bbbtop10scams Campaign

Public Awareness Campaign March 2015 #bbbtop10scams http://go.bbb.org/BC-bbbtop10scams Campaign

Public Awareness Campaign March 2015 #bbbtop10scams http://go.bbb.org/BC-bbbtop10scams Campaign Overview Strives to be the most consumer and industry focused awareness campaign in British Columbia, Canada and North America Highlights

179 views • 14 slides
Protecting Consumers Consumer Protection is the largest division and most often interacts with

Protecting Consumers Consumer Protection is the largest division and most often interacts with

Protecting Consumers Consumer Protection is the largest division and most often interacts with the public Common Scams and How to Avoid Them Overview of Common Scams 1. IMPOSTER SCAMS 2. TELEPHONE/ONLINE MARKETING SCAMS 3. HOME REPAIR SCAMS

485 views • 12 slides
Research Objectives To measure change in overall awareness of the Oregon Insurance Division with

Research Objectives To measure change in overall awareness of the Oregon Insurance Division with

Oregon I nsurance Division Aw areness Tracking Study Decem ber 2 0 1 5 Top Line Results Decem ber 3 0 , 2 0 1 5 Research Objectives To measure change in overall awareness of the Oregon Insurance Division with tracking questions also

511 views • 36 slides
Co-Chairs: Sherri Akers, Tatjana Luethi & Birgitta Kastenbaum Co-Founders: Sherri Akers

Co-Chairs: Sherri Akers, Tatjana Luethi & Birgitta Kastenbaum Co-Founders: Sherri Akers

Co-Chairs: Sherri Akers, Tatjana Luethi & Birgitta Kastenbaum Co-Founders: Sherri Akers & Tatjana Luethi Committee Meetings - Third Thursday of each month at 6: 00 PM Meetings held at Windward School, Room 1030 Contact:

276 views • 3 slides
COIT Budget & Performance Subcommittee Special Meeting April 6, 2018 1 Dr. Carlton B.

COIT Budget & Performance Subcommittee Special Meeting April 6, 2018 1 Dr. Carlton B.

COIT Budget & Performance Subcommittee Special Meeting April 6, 2018 1 Dr. Carlton B. Goodlett Place, City Hall, Room 305 San Francisco, CA 94102 1 Agenda Call to Order by Chair Roll Call Approval of Meeting Minutes from March

942 views • 91 slides
This webinar is brought to you by Community Law School (Sarnia Lambton) Inc. , a nonprofit,

This webinar is brought to you by Community Law School (Sarnia Lambton) Inc. , a nonprofit,

This webinar is brought to you by Community Law School (Sarnia Lambton) Inc. , a nonprofit, Community Law School (Sarnia Lambton) Inc. , a nonprofit, registered charitable organization devoted to public legal education and community advocacy

425 views • 16 slides

More recommend