Presentation is loading. Please wait.

Presentation is loading. Please wait.

CYBER INSURANCE Luxury or necessary protection?. What is a data breach? A breach is defined as an event in which an individual’s name plus personal information.

Published byElvin Foster Modified over 8 years ago

Similar presentations

Presentation on theme: "CYBER INSURANCE Luxury or necessary protection?. What is a data breach? A breach is defined as an event in which an individual’s name plus personal information."— Presentation transcript:

1 CYBER INSURANCE Luxury or necessary protection?

2 What is a data breach? A breach is defined as an event in which an individual’s name plus personal information such as an address, phone number and/or financial record such as a social security number or credit card number is potentially put at risk—either in electronic or paper format. Also known as “PII” or Personally Identifiable Information or “PHI” Personal or protected health information is a record of a patient's treatment and medical history that includes personally identifiable information. John Smith Address: 1234 Main St. Any town, State 12345 John Smith Telephone Number: (123) 456-7890 John Smith Social Security Number: 123-45-6789 John Smith Credit Card Number: 9999 8888 7777 6666 Expires 12/20 Examples of PII

3 HACKED! Number of records breached: U.S. Government = 21.5 million Anthem = 80 million Target = 110 million Sony Playstation = 102 million And still 60% of ALL data breaches are at the small business level Small business = <500 employees or <$10M revenue

4 Is a Data Breach expensive? Expenses Related to Target Data Breach **Insurance Payout Cost to Target 2013 $191,000,000$46,000,000$145,000,000 2014 $61,000,000$44,000,000$17,000,000 Total $252,000,000$90,000,000$162,000,000 **Target Corp. only had $100 million in “network-security” insurance. Target will pay out-of-pocket for the balance of $162M

5 Cost of Data Breach *The average cost is $201 for each stolen record: Example 1: A laptop with employee personal information stolen out of a parked car Example 2: A Manufacturing Company network containing names and credit card number’s of customers breached Number of Records = 4,300 Cost per Record = $201 Total Costs = $864,300 Number of Records = 52,000 Cost per Record = $201 Total Costs = $10,452,000 Indirect Costs: time, effort & organizational $ to rectify breach etc. Direct Costs: forensics, legal, & notification to 3 rd parties etc. Opportunity Costs: negative publicity, turnover, loss of trust etc. Total Costs Incurred * Ponemon Institute 2013 study

6 Small Business at Risk: According to the “2014 Cost of Data Breach Study” performed by IBM: The results show that a probability of a material data breach involving a minimum of 10,000 records is more than 22 percent.

7 It happened to them. It could happen to you. A recent survey by Chubb Group of Insurance Companies found that 65 percent of public companies forego cyber insurance – even though they identify cyber risk as their number one concern. 25 percent surveyed are expecting a cyber breach in the coming year. 71 percent have cyber breach response plans in place. Over 72 percent of all data breaches occurred in Small/Medium-sized businesses. The average cost of a breach? Over five million dollars, Roughly 60% of small businesses go out of business within six months after an attack.

8 Types of Cyber Attacks Attacks contributing to largest losses Root cause of data breaches 2015

9 Reasons to purchase Cyber Insurance Business Interruption : If your computer systems are crippled, so too is your business. Notification Costs: Both legal and ethical obligations to inform your customers and the public that their information is at risk Credit Protection: If a breach occurs, your company will be financially liable for the credit monitoring services for your customers (required by law) Forensic Costs: You must investigate to determine how much damage was done. Specialists are expensive and vetting one is time-consuming Cyber Extortion: When a hacker holds your information hostage, you may have to pay to get it back, and maybe pay again Crisis Management: Fees for public relations to reestablish your business' name as a credible and reliable institution E&O Policy or GL exclusion: E&O Policies only cover errors in the course of professional services. You won’t get credit monitoring services coverage or notification expense coverage from an E&O policy

10 Federal Laws Consumer notification of potential loss is required in 47 states, Puerto Rico and D.C. Personally Identifiable Information (PII) and Protected Health Information (PHI) is currently governed by federal and state laws: ▫The Family Educational Rights Privacy Act (FERPA) ▫HIPPA ▫Children’s Online Privacy Protection Act ▫Gramm Leach Bliley Act (GLBA) ▫Fair Credit Reporting Act ▫Sarbanes-Oxley (SOX) ▫Federal Privacy Act ▫HITECH Act ▫Red Flags Rule ▫President Obama’s Cybersecurity Executive Order ▫California Civil Code Section 1798.25-1798.29 & 1798.80

11 1 st Party Risk vs. 3 rd Party Risk Coverage's Available: FIRST PARTY COVERAGETHIRD PARTY COVERAGE Direct loss incurred by our insured because of “injury” to electronic data or systems resulting from acts of others: Liability for financial losses or costs sustained by others resulting from internet or other electronic activities: Costs of fixing the problem Expenses to protect customers (including notification and credit monitoring costs) Other expenses to mitigate loss (including PR and publicity costs) Theft of data & intangible property Loss of future income Cyber extortion Defense Costs Damages resulting from customer suits and suits from others for personal/content injury, intellectual property claims, professional services, and injury from a security or privacy breach, or Regulatory fines/penalties

12 Factors affecting Premiums Identify Unique Risks Evaluate 1 st vs. 3 rd party coverage Buy What You Need Secure Appropriate Limits Beware of Exclusions Get Retroactive Coverage Take Advantage of Risk Mgmt. Services Understand “Triggers ” Consider data restoration costs

13 Typical Cyber Liability Coverage: Denial of Service (inability to access systems or website) Unauthorized access to, use of, or tampering with data Disclosure of confidential data (invasion of privacy) Loss of data or digital assets (malicious or accidental) Introduction of malicious code or viruses Cyber extortion or terrorism threats Personal media injury (defamation, libel, or slander) from electronic context Regulatory action, notification, or defense expenses Crisis management and public relations expenses Data or system restoration Business interruption expenses

14 Coverage is affordable Annual Premium = $1,880 Annual Revenue = $3,500,000 Coverage Limit = $1,000,000 Deductible = $5,000 Annual Premium = $1,260 Annual Revenue = $1,000,000 Coverage Limit = $500,000 Deductible = $5,000 Example #1 Example #2 This is only an example of a quote and not an offer of coverage, and that no coverage is provided until the customer enters into a contract with the insurance company. The price of a policy will change based on client unique circumstances and coverage needs.

15 Reduce your Risk Tighten your security system – Create a Security Policy and Procedure Manual. Protect outbound data - always encrypt data stored on portable devices (laptops, tablets, smart phones etc.) Implement inventory control and anti-theft devices. Ensure your data storage system has appropriate safeguards (patches and fixes up-to-date) and conduct periodic vulnerability scans – including all 3 rd party vendors being used. Keep your anti-virus, firewall, browser and operating system up to date. Stay up to date on state & federal breach notification laws. Do not allow employees to transfer sensitive information to/from their home computer. Raise Awareness and establish tight Password and Protection controls. SECURE CYBER INSURANCE COVERAGE from

16 Tools & Reference Materials Calculate your risk: https://www.databreachcalculator.comhttps://www.databreachcalculator.com Loss scenarios: http://www.databreaches.net/?cat=18http://www.databreaches.net/?cat=18 Security Policy: http://www.instantsecuritypolicy.comhttp://www.instantsecuritypolicy.com Ponemon Institute Data Breach Study: http://www.ponemon.org/blog/ponemon- institute-releases-2014-cost-of-data-breach-global-analysishttp://www.ponemon.org/blog/ponemon- institute-releases-2014-cost-of-data-breach-global-analysis IBM Data Breach Study: http://www-03.ibm.com/security/data-breach/http://www-03.ibm.com/security/data-breach/ Cyber Security in California: https://oag.ca.gov/cybersecurityhttps://oag.ca.gov/cybersecurity PCI Data Security Standards: https//www/pcisecuritystandards.org/ FCC guide to Cyber Planning: https://www.fcc.gov/cyberplanner Bartling Insurance Group: http://biginsure.comhttp://biginsure.com

Download ppt "CYBER INSURANCE Luxury or necessary protection?. What is a data breach? A breach is defined as an event in which an individual’s name plus personal information."

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Privacy Liability and Network Security May 17, 2011 L. Spencer Timmel, CITRMS PRESENTER Privacy and Network Security Specialist Hylant Executive Risk Practice.

Privacy Liability and Network Security May 17, 2011 L. Spencer Timmel, CITRMS PRESENTER Privacy and Network Security Specialist Hylant Executive Risk Practice.
Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,

Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.

Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
2 3 4 5 6 www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Northern Insuring Agency 1. 2 Important Notice ●This presentation is not a representation that coverage does or does not exist for any particular claim.

Northern Insuring Agency 1. 2 Important Notice ●This presentation is not a representation that coverage does or does not exist for any particular claim.
Cyber Liability Insurance Why we have it & How it works DRAFT – Version 3 May 28, 2015 SBCTC – BAR Commission Meeting Doug Selix, MBA, CISSP, CISM, PMP.

Cyber Liability Insurance Why we have it & How it works DRAFT – Version 3 May 28, 2015 SBCTC – BAR Commission Meeting Doug Selix, MBA, CISSP, CISM, PMP.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.
NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.

NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.

Similar presentations

Ads by Google