Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber-insurance coverage: do you have it? Robert E. Sumner, IV, Esq. and Tosh Siao of Willis Group September 17, 2015.

Published byAshlyn Simmons Modified over 8 years ago

Similar presentations

Presentation on theme: "Cyber-insurance coverage: do you have it? Robert E. Sumner, IV, Esq. and Tosh Siao of Willis Group September 17, 2015."— Presentation transcript:

1 Cyber-insurance coverage: do you have it? Robert E. Sumner, IV, Esq. and Tosh Siao of Willis Group September 17, 2015

2

3 Topics to be covered: 1.What is a data breach? 2.Incidence/frequency of data breaches. 3.Data on the cost/expenses associated with breaches. 4.CGL standard policies.

4 Topics to be covered: 5.Cyber policies and endorsements. 6.State of the cyber insurance market. 7.Evolving coverage issues 8.Role of your insurance broker.

5 Topics to be covered: 9. Navigating through the underwriting process. 10. How much coverage? 11. Examples of cyber insurance programs. 12. What to do when the breach occurs.

6 WHAT IS A DATA BREACH?

7 What is a data breach?

8 Key Defined Terms Personal Information (PI) or Personally Identifiable Information (PII)– “Generally, the definition requires both a name (first initial and last name often suffices), and some additional item of information that could be used to steal a person’s identity or access his or her financial accounts (or, in some cases, healthcare information) without authorization.”

9 Florida definition (FIPA) “Personal information” means either of the following: 1. Individual’s first name or first initial and last name one of the following: (a) A social security number; (b) A driver license or identification card number; (c) A financial account number with security code,; (d) An individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional; or (e) An individual’s health insurance policy or ID #. 2. A user name or e-mail address, in combination with a password or security question and answer that would permit access to an online account.

10 Key Defined Terms Personal Health Information (PHI) – “Individually identifiable health information.” PHI relates to: i. Individual’s past, present or future physical or mental health or condition; ii. Provision of health care to the individual; or iii. Past, present or future payment for the provision of health care.

11 Key Defined Terms Data incident – IT term (nerd term); something “not normal”. Data breach – legal term (matter of interpretation); unauthorized access to PII or PHI. A “breach” triggers the reporting/response. Types of breaches: i.Cyber hacking (hacktivism, cyber espionage) ii.Unintentional loss of information iii.Employee misconduct iv.Bad business practices v.Theft

12 DATA BREACH EMPIRICAL DATA

13

14 Empirical Data: Verizon Data Breach Investigation Report (2015) 79,790 security incidents in 2014; 2122 confirmed data breaches in 2014;. Net Diligence Cyber Claims Study (2014) [Mark Greisinger]  $698,797: average cost of defense of a data breach lawsuit; and  $733,109: average claim payout ($1.3M for Healthcare);  $558,520: average settlement for a data breach lawsuit;  $1,041,906: average cost for defense of regulatory matter.

15 Empirical Data: Ponemon Institute Study (2015) [Symantec & Ponemon Benchmark Study]  $3.79 million is the average total cost of data breach;  23% increase in total cost of data breach since 2013;  Healthcare industry has the highest cost associate with breach;  $6.53 million: average cost per data breach for U.S. company;  $417,000: average detection cost per breach (2014)  $509,237: average notification cost per breach (2014);  $1,599.996: average post data breach cost (2014)  Lost business cost increased from $1.33 million last year to $1.57 million in 2015.;

16

17

18

19

20

21 CGL Standard Policies do not have Cyber-Coverage General commercial liability policies include three types of coverages: „ Coverage A, which covers bodily injury and property damage Coverage B, which covers personal and advertising injury Coverage C, which covers medical payments for bodily injury. These policies define property damage as a physical injury to or the loss of use of tangible property. Most policies specify that electronic data is not tangible property.

22 Cyber Policies and Endorsements Effective May 1, 2014 in many jurisdictions, ISO introduced several endorsements: CG 21 06 05 14 (Exclusion – Access Or Disclosure Of Confidential Or Personal Information And Data-Related Liability – With Bodily Injury Exception) — excludes coverage, under Coverages A and B, for injury or damage arising out of any access to or disclosure of any person’s or organization’s confidential or personal information, including patents, trade secrets, processing methods, customer lists, financial information, credit card information, health information or any other type of nonpublic information.

23 Cyber Policies and Endorsements CG 21 07 05 14 (Exclusion – Access Or Disclosure Of Confidential Or Personal Information And Data-Related Liability – Limited Bodily Injury Exception Not Included) – which is very similar to CG 21 06 but does not include the bodily injury exception described above. CG 21 08 05 14 (Exclusion – Access Or Disclosure Of Confidential Or Personal Information (Coverage B Only) — exclusion with respect to any access to or disclosure of any person’s or organization’s confidential or personal information is limited to personal and advertising injury.

24 Cyber Policies and Endorsements ISO Electronic Data Liability Coverage Form CG 00 65 Broad coverage: Actual loss of data – no requirement for “physical injury to tangible property” Claims made Covers loss caused by “electronic data incident”

25 Cyber Policies and Endorsements ISO Electronic Data Liability Coverage ISO Business Owner Policies: Endorsement BP 05 95 – Electronic Data Liability – limited coverage endorsement (direct damage to data of others due to insured’s negligence) Endorsement BP 05 96 – Electronic Data Liability – broad coverage endorsement (like ISO Form CG 00 65)

26 Available Cyber Coverages Privacy Liability: Provides defense and liability coverage for claims resulting from your failure to maintain the privacy of information entrusted to you. Examples of Sensitive Information: Protected Health Information; Personally Identifiable Information; or a Third Party’s Confidential Corporate Information that you are required to keep confidential. Breach Events Costs: Provides coverage for costs incurred due to a breach of individuals personally identifiable information or protected health information for public relations; notification (Voluntary notification available from some carriers) of individuals; credit monitoring; call centers; obtaining legal counsel; and forensic experts and for any other expenses approved by the insurer, to respond to a breach. New: Coverage may be written as a dollar amount or person amount.

27 Available Cyber Insurance Coverages (Cont’d) Regulatory Defense Fines and Penalties: Provides coverage for proceedings brought by a government agency for an alleged violation of privacy regulations resulting from a breach of personal information. Coverage includes, defense, consumer redress, fines and penalties (where allowable by law). PCI Fines and Penalties: Provides coverage for a monetary assessment of a fine or penalty by a Card Association or Acquiring Bank due to insured’s non-compliance with a PCI Data Security Standard. Cyber Extortion: Coverage for Costs to investigate and terminate a threat to commit an intentional attack against your Computer System. Crisis Management: Expenses for managing public relations and media outlets.

28 Evolving coverage concerns and issues Property Damage, yes. Bodily Injury, not sure. “Dumpster Diving” Defense Costs erode policy limits Legacy exposures Maintain “top shelf” coverage Vendors and subcontractors

29 Broker’s Role in Cyber Liability Advise on evolving risk with non-stop change Understand the financial and reputational impact Know best access points to the insurers Manage detailed underwriting and claims Build the “moat” with vendor management

30 Navigating the underwriting process Highest risks are retail, health care, and technology UWs understand there is no perfect account Plenty of underwriting capacity Revenues and deductibles drive pricing Application process

31 What is the right amount of coverage?

32 How much coverage do you need?

33 Program Example #1

34 Program Example #2

35 When the breach occurs  Gather details of the incident  Determine insuring agreements, limits, and retentions that will apply  What triggers a loss or claim under the policy?  What are the notice requirements?  Timing around an upcoming policy renewal/expiring policy period that require an expedited notice?

36

Download ppt "Cyber-insurance coverage: do you have it? Robert E. Sumner, IV, Esq. and Tosh Siao of Willis Group September 17, 2015."

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Basics of Insurance Law PLI: Bridge the Gap II Robert H. Friedman May 26, 2005 Robert H. Friedman May 26, 2005 1.

Basics of Insurance Law PLI: Bridge the Gap II Robert H. Friedman May 26, 2005 Robert H. Friedman May 26,
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.

Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
Responding to a Data Security Breach

Responding to a Data Security Breach
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.

Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.

Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.
September 14, 2011 Network Risk/Privacy Insurance Exposure and Coverage Issues.

September 14, 2011 Network Risk/Privacy Insurance Exposure and Coverage Issues.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.

Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.

Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.
NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.

NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.
Overview of Cybercrime

Overview of Cybercrime

Similar presentations

Ads by Google