We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byHadley Sawyers
Modified over 2 years ago
Cyber, Computer Fraud & Electronics Funds Transfer Exposures A detailed look at hacking, bank accounts, stolen funds & recovery
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Speakers Matt Prevost, RPLU AVP, Underwriting D&O, E&O, Cyber Products-Western Territory Eric Zehnpfennig, CPCU, RPLU Underwriting Supervisor, Underwriting D&O,E&O, Cyber Products-Pacific Northwest and Rocky Mountain Regions
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Purpose “Organizations may choose to handle the risk in different ways, including mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk…” Framework for Improving Critical Infastructure Cybersecurity Version 1.0 National Institute of Standards and Technology Released 2/12/2014 Increase Awareness w/information sharing
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Today’s Agenda 15 Minutes How(and why) is this happening… 15 MinutesWho is responsible/exposed… 20 MinutesInsurance Coverage Impact… 5 MinutesQuestions/Answers
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Intro to Tech Terms Hack: computer based intrusion Mule: entity(ies) or individuals used as middleman in fraudulent transactions Phishing: masquerading as a trustworthy entity in an electronic communication to obtain data PCI DSS: Payment Card Industry Data Security Standard Skimming: using electronic device to swipe CC numbers Compromised: unauthorized point of entry
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Why is this happening? 2012 Business Banking Trust Trends Survey(Ponemon Institute August 2012): - 48% of respondents say their business conduct at least 50% of their banking online(increasing from 29% and 39% in previous years. - 43% say their bank take appropriate steps to proactively limit risky banking transactions - 42% agree that their bank makes it too difficult to access bank accounts and conduct online transactions - businesses are basically keeping the same technologies in place despite the increased scale and sophistication of fraud attacks “Any financial institution can put all of the controls they want in place, but if their client isn’t following the instructions or doing things properly, there are certain challenges,” Robbins said. “We do look for all of our clients to use dual controls. and we want to make sure there are multiple points of control. Because what we’re seeing today is that a malware compromise can happen at a single point in the system, and so there have to be multiple controls in place on the customer’s side.” –Virginia Robbins, CAO California Bank of commerce*
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. ‘The Smartest Ways to Get Paid’ Inc. Magazine November 2013 A bank is no longer just ‘a bank’… Examples of different payment methods: Name of Mobile Payment App “We like”“not so much”Cost PayPal Here Processes cards and checks…and paypal Speedy: You’ll get access to your funds within minutes of swiping a card Seller Beware: If you process more than $2,500 within a 7 day period, you might not receive the funds for up to 30 days 2.7% per transaction Mobile Pay on Demand A big bank is less likely to freak out over big charges and is equipped for fast growth businesses. Safe: BofA transactions are ultrasecure. Best for high dollar transactions. Printing receipts directly from the app is not yet available. 2.7% per transaction Paydiant You put your own brand on it. Its personal. Because customers register with you, you are able to collect valuable data on them as they use the app. You are reliant on customers downloading your app and associating their cards with it. Variable. SpotPay Easy Set up, a free reader and all the basics. Handy. Spot pay can take photos of the buyer or the purchases. Spotpay’s reader is bulky. 1.99% to 3.19%. Voice is 3.19%.
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. How it happens every time… http://www.youtube.com/watch?v=HHXYCPNJtvw
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. How is this happening? *Graphic provided by the FBI
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Incident Examples Marketing Firm Example: http://krebsonsecurity.com/2010/02/n-y-firm-faces-bankruptcy-from-164000-e-banking-loss Plumbing Supply Company Example: Cyber-crooks stole $1.2 million from Unique Industrial Product Co., a Sugar Land, Texas-based plumbing equipment supply company. The company's operations manager said a forensic analysis showed the attackers used malware planted on its computers to initiate 43 transfers out of the company's account within 30 minutes. Experi-Metal, Inc. http://www.yourmoneyisnotsafeinthebank.org/bank_v_customer.php http://www.yourmoneyisnotsafeinthebank.org/bank_v_customer.php http://krebsonsecurity.com/2010/06/the-case-for-cybersecurity-insurance-part-i/ Mt. Gox Example: Bitcoin exchange that was hacked faced 150,000 hack attacks every second. During a DDOS attack, which lasted for several days an estimated $575mm was stolen from the firm. The Tokyo-based exchange, which filed for bankruptcy protection in February 2014, has been sued by a British law firm in a class action suit.
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Who is responsible? Marketing Firm Example: ‘We don’t see the error on our side.’-TD Bank in response to Little & King, LLC etheft loss http://krebsonsecurity.com/2010/02/n-y-firm-faces-bankruptcy-from-164000-e-banking-loss/ “They feel that because [the thieves] compromised my computer that it’s my responsibility and that I should look into my insurance, but I don’t have insurance”- Little & King President Utah Pizza Place Example: Cisero’s Pizza Sues US BANK(1 st such suit in the US; 2011) http://www.wired.com/images_blogs/threatlevel/2012/01/Cisero-PCI-Countersuit.pdf “the McCombs allege that the bank, and the payment card industry (PCI) in general, force merchants to sign one-sided contracts that are based on information that arbitrarily changes without notice, and that they impose random fines on merchants without providing proof of a breach or of fraudulent losses and without allowing merchants a meaningful opportunity to dispute claims before money is seized.”
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Coverages potentially ‘in play’ Impacted Entity: Commercial Crime Stand alone Cyber Products Commercial General Liability D&O(failure to maintain or SH/derivative claims) Cyber endorsements Other(potentially responsible parties): Technology providers(E&O) Banks’ Financial Institution Coverage General E&O policies of others Certification Entities Lawyers E&O(drafting contractual language)
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Detailed Look at Crime EE Theft(rogue employee) Computer Fraud Electronic Funds Transfer Coverage Exclusions
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Detailed Look at Stand Alone Cyber Chubb Cybersecurity Policy Definitions
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Detailed Look at Cyber CFC C&P
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Detailed Look at Cyber Exclusions R.For, arising out of or resulting from any of the following: (1) trading losses, trading liabilities or change in value of accounts; any loss, transfer or theft of monies, securities or tangible property of others in the care, custody or control of the Insured Organization; (2) the monetary value of any transactions or electronic fund transfers by or on behalf of the Insured which is lost, diminished, or damaged during transfer from, into or between accounts; or (3) the value of coupons, price discounts, prizes, awards, or any other valuable consideration given in excess of the total contracted or expected amount;
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Impact on Claims handling 1.Various levels of urgency 2.Who is primary? 3.Contractual needs/requirements 4.Third party contracts and information hoarding 5.Allocation 6.Case-law is constantly changing 7.Experience of E&O/CGL adjusters with cyber-related events when cyber coverage is present 8.Separation of responsbilities(breach coach versus defense attorney) 9.PCI fines and penalties; but aren’t regulatory fines uninsurable? 10.Subrogation opportunity?
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Who (8wns) this exposure? Underwriting standpoint… Agent standpoint… Entity standpoint…
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Why ‘what if’ coverage scenarios are relevant… Start to gather a list of ideas from the technology team, legal team, CFO’s biggest concern and see how the coverage(s) interact. If your CTO asked you… If your CMO asked you… If your CEO’s son wants to use his computer… If your CMO thinks he can build revenue by accepting Bitcoins as payment…
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Where to learn more… Conferences: Netdiligence Cyber Conference(East and West Coast) PLUS RIMS Websites: www.gpo.gov/fdsys/pkg/FR-2013-02-19/pdf/2013-03915.pdf www.netdiligence.com www.datalossdb.com Other: Cyber underwriters Crime underwriters Agents/Brokers Case Law
© 2013 Philadelphia Consolidated Holding Corp., All Rights Reserved. Questions? This material does not amend, or otherwise affect, the provisions or coverages of any insurance policy issued by the Philadelphia Insurance Companies. It is not a representation that coverage does or does not exist for any particular claim or loss under any such policy. Coverage depends on the facts and circumstances involved in the claim or loss, all applicable policy provisions, and any applicable law. Availability of coverage referenced in this document can depend on underwriting qualifications and state regulations.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Cyber Insurance Overview July 30, 2016 Wesley Griffiths, FCAS International Association of Black Actuaries.
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
The Pitfalls of the Small Business Owner Protect Your Assets!
Onebeaconpro.com t f Cyber Liability Insurance Coverages and Trends Affecting Community Banks Craig M. Collins President,
Chapter 27 Crime Insurance and Surety Bonds. Copyright ©2014 Pearson Education, Inc. All rights reserved.27-2 Agenda ISO Commercial Crime Insurance Program.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Trade Finance: Risks and Rewards. Export Finance Adds Complexity More payment options More Risks Political Risks War is not the only political risk! Payment.
Recent Trends and Insurance Considerations March 2015
JEFFREY L. HUNTER SR RISK ANALYST County of Riverside Human Resource Dept. Risk Management Div. Insurance Requirements In Contracts.
Copyright © 2008 Pearson Addison-Wesley. All rights reserved. Chapter 27 Crime Insurance and Surety Bonds.
Overview of Cybercrime
Electronic Payment By: El Panda. What is an electronic payment? Electronic money (also known as e-currency, e-money, electronic cash, electronic currency,
Copyright © 2011 Pearson Prentice Hall. All rights reserved. Chapter 27 Crime Insurance and Surety Bonds.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Langara College PCI Awareness Training
HOME-BASED AGENTS Welcome to Unit 7. Review of unit reading material from textbook: Travel Career Development 8 th ed. Authors: Gagnon,P. & Houser, S.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
AUGUST 25, 2015 Cyber Insurance:
© 2017 SlidePlayer.com Inc. All rights reserved.