Presentation is loading. Please wait.

Presentation is loading. Please wait.

Travelers CyberRisk for Insurance Companies

Published byJadyn Munson Modified over 9 years ago

Similar presentations

Presentation on theme: "Travelers CyberRisk for Insurance Companies"— Presentation transcript:

1 Travelers CyberRisk for Insurance Companies
Heather Coelho - March 2015

2 Important Notice This presentation is not a representation that coverage does or does not exist for any particular claim or loss under any insurance policy. This presentation is not intended as legal advice. A company should always seek the advice of a qualified attorney when evaluating legal or statutory considerations. This presentation is not intended as insurance advice. A company should always seek the advice of a qualified insurance agent or broker when considering their insurance coverage.

3 Cyber Liability “There are only two types of companies. Those that have been hacked and those that will be.” — Robert Mueller, FBI Director, 2012

4 Agenda Reasons to think about Cyber Risk Management Techniques
Costs Associated with Cyber exposures Dispel Risk Management Myths

5 New Cyber Threat Ransomware: Examples:
Takes user information hostage and requires payment for its return Examples: CryptoLocker CryptoWall Kovter

6 Risk Management Evaluation
What loss control initiatives do you have in place? Have you implemented regular audit procedures of all information security protocols and systems? Do you have a formal: business continuity plan? disaster recovery plan? information security policy? procedure for handling a data breach incident? Who is responsible for information security? Are employees trained on all policies relating to information security? What is your company policy for employee usage of company assets (computers, mobile devices, etc.)?

7 Top Five Types of Security Risks
Network Security Virus, SQL Injection, Malware, Trojan Horses, etc. Physical Loss or Theft Lost or stolen laptop; physical file security Cyber Extortion Gaining access to sensitive data and threatening to release it Employee Mistakes IT professionals can’t prevent these types of losses Denial of Service Attack Targeted attack to slow or stop a network

8 Cyber Liability The average cost per record of a data breach increased to $201 in from $188 in 2013. - Ponemon 2014 Cost of Data Breach: Global Analysis

9 Information Security Policy
Safeguard Privacy of Information Establish Password Management Govern Internet Usage Manage Usage Govern Company-owned mobile devices Establish Approval Process for Employee Owned Devices Govern Social Media Usage Oversee Software Copyright & Licensing Report Security Incidents

10 Network Security Strategies
Set clear administrative privileges Secure your private network Secure endpoints by configuring DMZ Monitor the network Maintain firewalls Establish intrusion detection and prevention systems Protect remote access Isolate guest WLAN Use encryption programs Define and practice continuity plans/disaster recovery

11 Cyber Liability Incident response plans reduced the per record cost of a breach by an average of $12.77 - Ponemon 2014 Cost of Data Breach: Global Analysis

12 Incident Response Plan
Develop and test it! Key Steps: Assemble your incident team Decide on effective outside help Validate the breach Manage the evidence Take action to mitigate the impact Clean your network of malicious code Notify data owners Conduct “lessons learned”

13 Lost Laptops (and other Mobile Information Devices)
A 2008 Ponemon Institute study indicates that business travelers are losing over 10,000 laptops every week at U.S. Airports Only 1/3 of them are reclaimed Laptops not reclaimed are often sold at auction or donated to charity after 30 days More than 53% of business travelers polled say their laptops contain private or confidential information Further, 65% admit they do not take precautions to secure the information on their laptop

14 “Costs” of a Lost Device
Average value of a lost laptop is around $50,000 and of a lost smartphone is $37,000 Replacement cost, detection, forensics, data breach, lost IP costs, lost productivity, and legal, consulting and regulatory expenses When data breach is possible, this exposure represents 80% of the costs $20,000 less costly when encrypted

15 Cyber Liability 31% of all breaches have occurred in organizations of 2,500 or fewer employees and 30% in organizations of fewer than 250 employees. - Symantec 2014 Internet Security Threat Report

16 Risk Management Myth #1 I Don’t Need to Consider Insurance Coverage: I’ve Never Had a Problem and I Don’t Know Anyone Who’s Had a Loss The legal landscape addressing the Internet is still developing Recent legal and statutory changes are requiring disclosure of security breaches – State Departments of Insurance, State Attorney Generals, FCC The requirement of insurance protection for data liability is beginning to be included in many customer contracts Can a company afford to handle all aspects of a data breach on its own? Traditional insurance products were not designed for current exposures. Insurance products continue to develop in response to the need.

17 Risk Management Myth #2 Only High Profile Companies Have Exposure To Internet Liability Types Of Claims The nature of the exposure is changing “Hacking” moving from thrill-seekers to the criminal realm Criminals are targeting small to midsize businesses because their security is easier to penetrate Hacking large corporations and government entities makes “news” but most data breaches involve companies with fewer than employees (Verizon 2013 Data Breach Investigations Report) Virus attack and transmission is blind to size or prominence of company

18 Risk Management Myth #3 Risk Management Will Eliminate Exposures
Good risk management reduces exposure and helps in defense of a claim but does not eliminate the exposure. High profile cases of large companies damaged by computer viruses and hacked by outsiders. Do you have better data security than each of these companies and government agencies? Dept. of Defense, FBI, NASA, Apple, Amazon, CIA, Google, etc. All of these companies have been hacked since the start of 2011. Firewalls, virus protection, intrusion detection, etc. are good…but they can be compromised, both externally and internally. Almost half of all data breach incidents are caused by staff mistake, lost device or rogue employee.

19 References Follows Us /company/travelers @travelers /travelers
Contact Me The SANS Institute: Ponemon Institute: NetDiligence:

20 Questions?

Download ppt "Travelers CyberRisk for Insurance Companies"

Similar presentations

ETHICAL HACKING A LICENCE TO HACK

ETHICAL HACKING A LICENCE TO HACK
Identifying and Responding to Security Incidents in the Law Firm

Identifying and Responding to Security Incidents in the Law Firm
Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
2 3 4 5 6 www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Introducing Computer and Network Security

Introducing Computer and Network Security
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
Northern Insuring Agency 1. 2 Important Notice ●This presentation is not a representation that coverage does or does not exist for any particular claim.

Northern Insuring Agency 1. 2 Important Notice ●This presentation is not a representation that coverage does or does not exist for any particular claim.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Information Security Technological Security Implementation and Privacy Protection.

Information Security Technological Security Implementation and Privacy Protection.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.

Similar presentations

Ads by Google