Is That a Worm or a Bot? Cyber Liability Insurance P R E S E N T E - - PowerPoint PPT Presentation

is that a worm or a bot cyber liability insurance
SMART_READER_LITE
LIVE PREVIEW

Is That a Worm or a Bot? Cyber Liability Insurance P R E S E N T E - - PowerPoint PPT Presentation

Dec 23, 2022 117 likes •328 views

Is That a Worm or a Bot? Cyber Liability Insurance P R E S E N T E D T O C A S U A L T Y A C T U A R I A L S O C I E T Y B A L T I M O R E , M D O C T O B E R 4 , 2 0 1 2 B Y J O H N M E R C H A N T F R E E D O M S P E C I A L T Y I

slide-1
SLIDE 1

P R E S E N T E D T O C A S U A L T Y A C T U A R I A L S O C I E T Y B A L T I M O R E , M D O C T O B E R 4 , 2 0 1 2 B Y J O H N M E R C H A N T F R E E D O M S P E C I A L T Y I N S U R A N C E C O M P A N Y J O H N . M E R C H A N T @ F R E E D O M S P E C I A L T Y I N S . C O M

Is That a Worm or a Bot? Cyber Liability Insurance

slide-2
SLIDE 2

What is Cyber Risk?

Many answers…

too many actually

The inherent risk of reliance on technology

slide-3
SLIDE 3

Cyber Risk

Knight Capital 2010 Flash Crash United Airlines/ Continental merger Facebook IPO

slide-4
SLIDE 4

How do we Underwrite?

  • r
slide-5
SLIDE 5

Underwriting

Key Factors

Nature of Data Number of Records Industry – Regulatory exposure Use of Vendors with access to Network Contractual Provisions for Data Security IT Security Controls Policies and Procedures Enterprise Data Risk Management position

slide-6
SLIDE 6

Information Gathering

Key Sources of Underwriting Info Include:

New Business Application Public filings (new SEC guidance took effect 1/ 1/ 12) Sample contracts Loss Runs Google searches Third party security assessments NetDiligence Verizon Symantec

slide-7
SLIDE 7

Where do Losses Come From?

Direct Costs:

Notification, Forensics, Call Center, Credit Monitoring,

Defense

Average cost per record approx. $1.50 - $5.00 NetDiligence 2010 Claims Report – actual insured losses

Indirect Costs:

Customer Churn, In house investigations, lower customer

acquisition rates, supply chain interruption

All business risk loss, so non-insurable

slide-8
SLIDE 8

Melting Pot of Coverage Offerings

First Party Third Party Liability Occurrence Regulatory Loss Control

slide-9
SLIDE 9

First Party Coverages

First Party Coverages

Network Business Interruption Loss of revenues due to an outage caused by a network security breach Dependent Business Interruption “Cloud” provider coverage Cyber Extortion K&R type coverage for data Data Asset Loss/ Restoration Costs to replace, restore or reconstruct 1st party data affected by a

breach

slide-10
SLIDE 10

Liability Coverage Offerings

Privacy

Damages from Loss/ Compromise of Sensitive 3rd Party Data Statutory and Punitive Can cover multiple privacy torts

Network Security

Damages to Third Party due to breach of security Virus transmission, DDoS attack

e-Media

Damages to Third Party due to libel, slander, defamation, misuse or

misappropriation of trademark, service mark or other IP

Can cover software code infringement in some cases

slide-11
SLIDE 11

Expense Coverages

Expenses related to a loss of data

46 states have breach notification laws Companies may elect to provide some form of ID protection Credit Monitoring ID Theft Monitoring ID Restoration Network forensics should be performed

Will not provide $$ for network security upgrades,

improvements or 1st party remediation costs

slide-12
SLIDE 12

Regulatory Coverage

Regulatory Defense

Federal and state regulatory agencies and AG’s may launch an

investigation if breach is large and/ or sensitive enough

Regulatory Fines, Fees and Penalties

FCRA, FACTA, HIPPA, HITECH, etc…

  • violations can lead to

fines

slide-13
SLIDE 13

Industry Group Coverages

Payment Card Industry – Data Security Standard:

“PCI-DSS”

Visa, MasterCard, Discover and other card issuers have

established this group to self-regulate data security

If a merchant transacts debit/ credit cards, they MUST adhere

to this standard

PCI can assess fines and penalties for ANY breach Highest fine assessed was $60MM – Heartland Payment

Systems, 2010

slide-14
SLIDE 14

The “Cloud”

Dependent or Contingent Business Interruption

slide-15
SLIDE 15

Computer Crime

Estimated to exceed International Narcotics

slide-16
SLIDE 16

Hacktivism

slide-17
SLIDE 17

Cyber Terrorism

Rise of the 9-5 government hacker

slide-18
SLIDE 18

Conclusion

The risk is real The risk is underwriteable Losses are being incurred Coverage terms are becoming more standardized ALL companies have exposure

slide-19
SLIDE 19

Questions

slide-20
SLIDE 20

P R E S E N T E D T O C A S U A L T Y A C T U A R I A L S O C I E T Y B A L T I M O R E , M D O C T O B E R 4 , 2 0 1 2 B Y J O H N M E R C H A N T F R E E D O M S P E C I A L T Y I N S U R A N C E C O M P A N Y J O H N . M E R C H A N T @ F R E E D O M S P E C I A L T Y I N S . C O M

Is That a Worm or a Bot? Cyber Liability Insurance