CYBER INSURANCE: APPLICATION REPRESENTATIONS & ONGOING POLICYHOLDER OBLIGATIONS January 26, 2017.

Slides:

Advertisements

Similar presentations

A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.

Advertisements

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

© 2013 Sri U-Thong Limited. All rights reserved. This presentation has been prepared by Sri U-Thong Limited and its holding company (collectively, “Sri.

Pension Fund Trustees Liability Ncedi Mbongwe. Introduction to Camargue Underwriting Managers Established in 2001 Underwriters: Mutual and Federal and.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

Presented By: John D. Miller

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

Recent Trends and Insurance Considerations March 2015

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.

Session 3 – Information Security Policies

ICSA Professional Indemnity, Directors & Officers Insurance for Financial Institutions Magnus McGurk, Business Development Manager, SME Professional Lines.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Risk Management Overview with Meg Tully, CAE Meg Tully, CAE Association Development Director.

REGULATORY LEGAL AND CONTRACTUAL ASPECTS OF PPP IN WATER AJAY RAGHAVAN Counsel Training Workshop, Bhopal, February 2009.

Construction Contracts What You Need to Know March 19, 2015.

HIPAA PRIVACY AND SECURITY AWARENESS.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

March 15, Insurance Seminar Penn Biotech Group.

Page 1 Recording of this session via any media type is strictly prohibited. Page 1 We Have a Plant There? u Managing International Property Insurance and.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Presented by David P. Schack, Partner June 29, 2006 Insurance Coverage For Multi- State Investigations: Can You Get Your Insurer to Pay for.

Directors & Officers Liability Insurance against the decisions you make.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

What Keeps Your Board Up at Night? Sylvia Kerrigan, Exec. VP, General Counsel & Secretary – Marathon Oil Sean Gorman, Partner – Bracewell & Giuliani.

Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

Incident Response November 2015 Navigating a Cybersecurity Incident.

PROFESSIONAL INDEMNITY INSURANCE COUNCIL OF ENGINEERS JANUARY 22, 2014.

Oracle Fusion Applications 11gR1 ( ) Functional Overview (L2) Manage Inbound Logistics (L3) Manage and Disposition Inventory Returns.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Chapter 8 Auditing in an E-commerce Environment

INSURANCE VOCABULARY BY: CECILY DUNLAP. CLAIM – Insurance Claim: A formal request to an insurance company asking for a payment based on the terms of the.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

1 Horror Entertainment, LLC dba FEARnet Directors and Officers Liability & Employment Practices Liability Insurance Summary May 7, 2012 to May 7, 2013.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

1 PMI Insurance Overview Name of Presenter, 18pt Regular DD Month YYYY.

The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.

Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Oracle Proprietary and Confidential. 1.

INDEMNITY The University of Texas System Office of General Counsel Dana Hollingsworth, Attorney.

Cyber Insurance Overview July 30, 2016 Wesley Griffiths, FCAS International Association of Black Actuaries.

Cyber Insurance - Risk Exposures and Strategic Solutions

Cyber Liability Insurance for an unsecure world

Cyber Insurance Risk Transfer Alternatives

Chapter 51 Insurance Law Chapter 51: Insurance Law

The Time is to Act Now March

New A.M. Best Cyber Questionnaire

E&O Risk Management: Meeting the Challenge of Change

Obligations of Educational Agencies: Parents’ Bill of Rights

Coverage B - Personal and Advertising Injury Liability

Cyber Insurance Overview

Chapter 3: IRS and FTC Data Security Rules

Unit 7 – Organisational Systems Security

Society of Risk Management Consultants Annual Conference

Cyber Issues Facing Medical Practice Managers

Cyber Security: The Risk to Associations Today’s Speakers:

Speaker: Sarah Chambers, Esq. Claims Counsel| Professional Liability

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Cyber Exposures The Importance of Risk Identification and Transfer

County HIPAA Review All Rights Reserved 2002.

Cybersecurity compliance for attorneys

Find the Problems with the Provisions May 11, 2016 Presented By:

Retirement Benefit Fund, Trustee and Third Party Provider Insurance

Cyber Security: What the Head & Board Need to Know

© 2013 Sri U-Thong Limited. All rights reserved

PMI Insurance Overview

Anatomy of a Common Cyber Attack

Presentation transcript:

CYBER INSURANCE: APPLICATION REPRESENTATIONS & ONGOING POLICYHOLDER OBLIGATIONS January 26, 2017

Cyber Insurance Coverage Assessments Lessons Learned

Questions Insurers Ask on Their Applications Does the Applicant have a formal program in place to test or audit network security controls? How often are internal audits performed? How often are outside/third party audits performed? Does the Applicant use firewall technology? Does the Applicant use anti-virus software? Is anti-virus software installed on all of the Applicant’s computer systems, including laptops, personal computers, and networks? Does the Applicant use intrusion detection software to detect unauthorized access to internal networks and computer systems? Is it the Applicant’s policy to upgrade all security software as new releases or improvements become available? Is a multi-factor authentication process (multiple security measures used to reliably authenticate/verify the identity of a customer or other authorized user) or a layered security approach required to access secure areas of Applicant’s website? Please describe authentication/verification methods used. Source: Travelers CyberRisk Coverage Application

Questions Insurers Ask on Their Applications Is all valuable/sensitive data backed-up by the Applicant on a daily basis? If No, please describe exceptions: Does the Applicant conduct training regarding security issues and procedures for employees that utilize computer systems? Does the Applicant publish and distribute written computer and information systems policies and procedures to its employees? Does the Applicant terminate all associated computer access and user accounts as part of the regular exit process when an employee leaves the company? Does the Applicant have a formal documented procedure in place regarding the creation and periodic updating of passwords used by employees or customers? Source: Travelers CyberRisk Coverage Application

Questions Insurers Ask on Their Applications Source: THE HARTFORD DATA PRIVACY ~ NETWORK SECURITY LIABILITY INSURANCE POLICY APPLICATION

Coverage Danger Zones Consent Requirements Panel Professionals Timely Notice Liability Assumed Under Contract Failure to Maintain Minimal Cybersecurity Standards Data Controlled by Third Parties Wrongful or Unlawful Data Collection Regulatory Fines Professional Services – Coverage Grant or Exclusion? Property, General Liability, Errors and Omissions, Kidnap and Ransom

Notice What you must do in the event 1. of a claim or loss Should a senior executive officer become aware of any claim, loss or damage, the following obligations must be complied with by you: a) You must not admit liability for or settle or make or promise any payment in respect of any claim, loss or damage which may be covered under this Policy. Neither must you incur any costs and expenses in connection with such a claim, loss or damage without our written agreement.

Ongoing Requirements 8. Your duty to advise us of changes If a senior executive officer becomes aware that any of the information that you have given us in the Application Form or elsewhere in connection with your application for this insurance has materially changed then you must advise us as soon as is practicable. In this event, we reserve the right to amend the terms, conditions or premium of the Policy.

Ongoing Requirements 9. Risk management conditions If we attach any additional conditions to your Policy regarding any risk survey or risk management timetable or any other similar Conditions then it is your responsibility to ensure that these conditions are complied with by the deadlines shown in the conditions.

Ongoing Requirements XVI. MERGERS AND ACQUISITIONS A. Newly Acquired Subsidiaries During the Policy Period, if the Named Insured or any Subsidiary acquires another entity whose annual revenues are more than ten percent (10%) of the Named Insured’s total annual revenues for the four quarterly periods directly preceding inception of the Policy Period, such acquired entity shall not be a Subsidiary, and no Insured shall have coverage under this Policy for any Claim or Loss that arises out of any act, error, omission, incident or event whether committed before or after such acquisition: 1. by or on behalf of the acquired entity or any person employed by the acquired entity; 2. involving or relating to the assets, liabilities, Covered Media Activities or policies or procedures of the acquired entity or to data, information, computers, or networks, security systems, of or under the care, custody or control of the acquired entity, a Business Associate of the acquired entity, or a third party on behalf of the acquired entity; or 3. by any person or independent contractor holding, processing or transferring information or operating Computer Systems on behalf of the acquired entity; unless the Named Insured gives the Insurer written notice prior to the acquisition, obtains the Insurer’s written consent to extend coverage to such additional entities, assets, exposures, or Computer Systems, and agrees to pay any additional premium required by the Insurer.

Effective Indemnity Agreements on Cyber Coverage “With respect to all Insuring Clauses, [Federal] shall not be liable for any Loss on account of any Claim, or for any Expense . . . based upon, arising from or in consequence of any . . . liability assumed by any Insured under any contract or agreement.” Federal Insurance Co. is part of Chubb

How Do You Submit a Claim? Documentation requirements Application of waiting periods/sub-limits (e.g., business interruption versus network interruption) Common items of dispute in the adjustment process

Conclusion

Our Cybersecurity Services Cyber Risk Management Strategy & Program Design Cyber Risk Assessment & Security Testing Data Privacy & Protection Security Architecture & Transformation Incident Response Planning Business Continuity Planning & Disaster Recovery Digital Forensics & Cyber Investigations Cyber Insurance Claim Preparation & Coverage Adequacy Evaluation

SPEAKER’S PAGE JUDY SELBY Managing Director BDO Consulting Technology Advisory Services +1 203 905-6252 | jselby@bdo.com Judy Selby is a Managing Director in BDO Consulting’s Technology Advisory Services practice, having more than 20 years of experience in insurance and technology. Known as “one of the premier voices in legal technology” by Legaltech News, she consults with clients on cyber insurance, cybersecurity, information governance, data privacy and complex insurance matters. She advises clients on best practices for handling information throughout its life cycle, from creation or collection through disposition. In addition, Judy works with organizations and their counsel to advise on data privacy and cyber insurance issues, having depth of experience in coverage adequacy evaluation, international arbitration and all phases of insurance coverage litigation as well as policy drafting and gap analysis. Prior to joining BDO, Judy was a partner at Baker Hostetler, where she was Co- chair of the Information Governance team and founder of the eDiscovery and Technology team. She is the Co-chair of the Claims and Litigation Management (CLM) Alliance Cyber Liability Committee and serves on the Law360 Insurance and Legaltech News editorial boards. Judy has completed courses on the internet of things (IoT), big data, crisis management / business continuity and cybersecurity at the Massachusetts Institute of Technology.

THANK YOU !