Presentation is loading. Please wait.

Presentation is loading. Please wait.

NYSTA 2012 Annual Conference Telcom Insurance Group Presented by: Joyce Hermann, AU, CISR Sr. Account Executive Insure IT, Manage IT But Never Ignore IT…

Published byJerome Hugh George Modified over 8 years ago

Similar presentations

Presentation on theme: "NYSTA 2012 Annual Conference Telcom Insurance Group Presented by: Joyce Hermann, AU, CISR Sr. Account Executive Insure IT, Manage IT But Never Ignore IT…"— Presentation transcript:

1 NYSTA 2012 Annual Conference Telcom Insurance Group Presented by: Joyce Hermann, AU, CISR Sr. Account Executive Insure IT, Manage IT But Never Ignore IT… Network Security and Data Liability Because it has always been a matter of trust…

2 Network Security and Data Liability Risk Management is a great way to deal with any exposure but as we all know it’s not fool proof. One method of risk management is the transfer the exposure and the most common method is insurance. Lets review the exposure to determine if management is enough or does a transfer need to be explored. This exposure is created by a breach. So, what is a breach? Personal information that is an a format that can be easily read and used by a third party is stolen and personal information is in unauthorized hands!

3 Because it has always been a matter of trust… Who Is Held Accountable? Board of Directors and Senior Management By Contract-- 3 rd Parties? IT Services Providers Certain laws make those responsible, responsible to do certain things after a breach: Sarbanes Oxley-Shareholder Notification State Laws-Consumer Notification

4 Because it has always been a matter of trust… Network Security and Data Liability Flow of a breach and parties involved. Business Customer Breach State AG FTC/FCC Industry

5 Because it has always been a matter of trust… Use a Layered Approach to Risk Management and Transfer Recognize the risk, analyze the exposure, plan for the possibility, implement a plan, and re-visit the issue frequently. Determine security gaps and fill them with technology or business practice answers. If this still leaves doubt, transfer the risk. Insurance is a transfer of risk option that allows access to counsel, monitoring, and coverage for all aspects of restoration.

6 Because it has always been a matter of trust… Use a Layered Approach to Risk Management and Transfer Recognize business processes and who has access to what information Review security processes and procedures Know what your outside vendors/suppliers/business partners do with your data Identify VPN, extranets, intranet, Internet exposures

7 Because it has always been a matter of trust… Analyze Defense Mechanisms Virus control (anti-virus updates) Perimeter defenses (firewalls, remote access) Physical security (restrict access, passwords, timeout, laptop/smart phone procedures) Confidentiality (collect/distribute only needed information on employees and customers)

8 Because it has always been a matter of trust… Plan and Implement Defense Mechanisms Security Policy (patches, procedures for distribution of sensitive information) Disaster Recovery (identify IT resources/ backups) Incident Response Plan (notification requirements by state if there’s a breach of confidential information)

9 Because it has always been a matter of trust… Who, What and Why? Personal information has street value. Consider a wider use of background checks. Might a clerical employee who is modestly compensated be tempted by easy money for supplying data to another? Pay special attention to portable devices and set standards/restrictions on the data that can be stored on them and in what format.

10 Because it has always been a matter of trust… Basic Business Practices Limit access to sensitive information and even potentially encrypt it Watch the disposal of paper records or files. It’s so easy to forget this exposure, but recent claims prove this to be a real risk. Shred paper files and records and destroy old hard drives by drilling holes in them Keep security patches up to date

11 Because it has always been a matter of trust… Network Security and Data Liability Insurance Protection is available for risk transfer in a few different formats: General Liability coverage extensions Monoline NSDL policies As part of an Errors and Omissions Policy

12 Because it has always been a matter of trust… Network Security and Data Liability Insurance Protection varies but a few of the common coverages that are offered include: Indemnification of 3 rd party claims for damages Expense Reimbursement to clean-up your system Expense Reimbursement for required corrective actions to assist victims Regulatory fine reimbursement

13 Because it has always been a matter of trust… Network Security and Data Liability Insurance Protection varies but a few of the common coverages that are offered include: Public Relations Expenses Media and Communications Liability Errors and Omissions (more on this later) First party property coverage direct and indirect loss Extortion

14 Because it has always been a matter of trust… Network Security and Data Liability Insuring Agreement: We will pay for “loss” that the “insured” becomes legally obligated to pay, and “defense expenses”, as a result of a “claim” first made against the “insured” during the “policy period” or during the applicable Extended Reporting Period for a “wrongful act” or a series of “interrelated wrongful acts” taking place on or after the Retroactive Date, if any, shown in the Declarations, and before the end of the “policy period”.

15 Because it has always been a matter of trust… Network Security and Data Liability A Common Exclusion: Based upon, attributable to or arising out of any action by a governmental or quasi-governmental authority or agency including, but not limited to, regulatory actions brought against you on behalf of the Federal Trade Commission, Federal Communications Commission, or other regulatory agency. However, this exclusion shall not apply to the actions brought by governmental authority acting solely in its capacity as a customer of the “named insured” or one of its “subsidiaries”.

16 Because it has always been a matter of trust… Network Security and Data Liability What if a third party we use, like a billing entity, has a breach? “Named insured” means the entity or entities shown in the Declarations and any “subsidiary”. “Subsidiary” means any organization in which more that 50% of the outstanding securities or voting rights representing the present right to vote for the election of directors, or equivalent position, is owned, in any combination, by one or more “named insured”. Independent contractors need to be added by endorsement.

17 Because it has always been a matter of trust… Where To Start 1 st and 3 rd Party? 1 st Party- An entity has an insurable interest in property and in the event of damage will have direct loss of value and potentially indirect financial loss of use or lost income. Examples of 1 st Party Property with Data/Network Exposure Computers (Hardware/Software) and Peripheral Devices Networks Data/Records/Paper

18 Because it has always been a matter of trust… What Coverage Is Available For 1 st Party Exposure? Software, Data and Media Coverage Software is covered by most forms but by strict definition that means the cost of the program will be reimbursed and not the value of the data or the time and labor to populate the program to make it useful. Pay careful attention to how your policy is worded in this area. Even if media is covered, is the time and effort to duplicate the data covered? Remember policy construction is very important. If you do not have the hacker related peril coverage do you really have much protection? Finally, does your policy cover data of others and is that important?

19 Because it has always been a matter of trust… Additional Coverage Available For 1 st Party Exposure Generally Only on Network Security Forms: Data and Media Coverage Offsite Voluntary Parting Access to Your Network is Blocked – “Denial of Service” Cyber Extortion Regulatory Proceeding Expense Crisis Coverage Expense

20 Because it has always been a matter of trust… What Coverage Is Available For 3rd Party Exposure? Network and Data Liability coverage is available. It will pay for damages incurred by claimants from a breach and expense incurred due to the violation. It will also cover the regulatory fines from failure to abide by laws and regulations and this will include CPNI, Cable TV Operators, and any applicable state issues. Generally, punitive is covered if allowable by state law. It is more than identity theft which is a veneer of protection. ID theft is partial help after a loss of data occurs, but it is not protection before an event happens.

21 Because it has always been a matter of trust… What Coverage Isn’t Available For 3rd Party Exposure? Network and Data Liability standard coverage exclusions include: fraud, SEC violations, fiduciary claims, RICO and collusion events, ERISA, EPLI, D&O, insured vs. insured, war, terrorism, pollution, and BI/PD.

22 Because it has always been a matter of trust… Resources www.sans.org www.cert.org www.windowsecurity.com www.slashdog.org www.cio.com www.infosyssec.net www.idtheftcenter.org

23 Because it has always been a matter of trust… Thank you! Joyce Hermann, AU, CISR 800.222.4664 Ext. 3204 jah@telcominsgrp.com www.telcominsgrp.com

Download ppt "NYSTA 2012 Annual Conference Telcom Insurance Group Presented by: Joyce Hermann, AU, CISR Sr. Account Executive Insure IT, Manage IT But Never Ignore IT…"

Similar presentations

How to Request Evidence of AHRP Insurance

How to Request Evidence of AHRP Insurance
A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.

A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Basics of Insurance Law PLI: Bridge the Gap II Robert H. Friedman May 26, 2005 Robert H. Friedman May 26, 2005 1.

Basics of Insurance Law PLI: Bridge the Gap II Robert H. Friedman May 26, 2005 Robert H. Friedman May 26,
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Copyright © 2008 Pearson Addison-Wesley. All rights reserved. Chapter 27 Crime Insurance and Surety Bonds.

Copyright © 2008 Pearson Addison-Wesley. All rights reserved. Chapter 27 Crime Insurance and Surety Bonds.
Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.

Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.

Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Board of Director’s Training December 5, 2012. Board’s Ultimate Responsibility.

Board of Director’s Training December 5, Board’s Ultimate Responsibility.
What a Company Needs (Essentials) and Why in the Start- up Phase of Growth – and What They can Expect as They Become Successful Marc Honorof Costello Insurance.

What a Company Needs (Essentials) and Why in the Start- up Phase of Growth – and What They can Expect as They Become Successful Marc Honorof Costello Insurance.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
Protection Detail: Insurance Coverage in 2012 Presented By: Nezih Hasanoglu and Kim Singleton M3 Insurance Solutions for Business.

Protection Detail: Insurance Coverage in 2012 Presented By: Nezih Hasanoglu and Kim Singleton M3 Insurance Solutions for Business.

Similar presentations

Ads by Google