1. Managing Your Cyber/E&O Risk with Willis FINEX Robert Barberi, Vice President, Willis Cyber Practice

2. 2 Quantifying The Loss: Analytics TOTAL COST = (# PEOPLE) X $363 OLD  NEW  ANALYTICS & LOSS MODELING

3. 3 Quantifying The Loss: Estimated Breach Costs

4. 4

5. 5 Program Considerations A range of limit, retention and privacy breach response cost sub-limit options are available All options have certain trade offs, which must be identified and weighed Third Party only First and Third Party Costs coverage options  Full limits  Per Person Coverage  Notification coverage inside or outside the Policy Aggregate Limit  Quota Share When considering the types of coverage that is appropriate, the organization should consider the following: Internet & Network Business Interruption. What is the impact of an interruption on the organizations network or web-site service? What percentage of sales/customer offerings are being offered online or are network dependent? Loss of Data through an IT security Event or Theft. What is the value of your data or programs? What would the expense of recovering your data cost your operations? What customer lists, customer preference information, supplier information, pricing information and other vital competitive information may be at risk for theft by a thief or hacker? Liability for loss or disclosure of confidential information. What confidential information does the organization hold and what is the potential loss if a class action were to be commenced? What would be the cost of notifying and providing credit monitoring for those customers? What are the costs of defending an investigation by regulators and how much might fines be if they are imposed? Liability of loss as a result of the acts of a third-party. What activities are third party vendors doing on your behalf? What important commercial or confidential data do they hold and what would be the loss or liability if it were to be corrupted or released? Media Exposure. What is your exposure to potential trademark infringement from domain name, slogan or advertising message, product names, etc.; copyright violations for content on websites, brochures or elsewhere; accusations of false advertising and unfair competition; infringement of trade secrets

6. 6 Program Considerations Coverage Enhancements: Privacy Expense:  Outside of liability limits options  New express coverage (e.g., ID Theft Restoration Response)  Large (Full+) Limits  Coverage for breaches in the cloud Regulatory and/or PCI Fines/Penalties – larger limits available Excess “Drop Down” Limits  Excess carriers can drop down over all underlying sublimits 1st Party Coverage  Administrative Error Triggers  Lower BI Waiting Periods  Cloud Failure Coverage Examples of Coverage Issues: Breaches or Disruptions in the Cloud Acts of Rogue Employees Encryption Exclusions Credit Monitoring Coverage Terrorism Limited 1 st Party Coverage

7. 7 Contact Information ROBERT O. BARBERI, JR., Vice President WILLIS 617.351.7490 robert.barberi@willis.com COLIN ZICK Partner and Chair, Privacy & Data Security Practice FOLEY HOAG LLP czick@foleyhoag.com 617.832.1275 FRED HOWELL, MBA, MSISM, CISSP Manager of Security and Privacy Consulting Services RSM LLP Fred.Howell@RSMUS.com 617.241.1520 STEVE SCHOENBERGER Vice President WILLIS 617.351.7550 steve.schoenberger@willis.com