NYSTA 2012 Annual Conference Telcom Insurance Group Presented by: Joyce Hermann, AU, CISR Sr. Account Executive Insure IT, Manage IT But Never Ignore IT…

Slides:



Advertisements
Similar presentations
How to Request Evidence of AHRP Insurance
Advertisements

A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Basics of Insurance Law PLI: Bridge the Gap II Robert H. Friedman May 26, 2005 Robert H. Friedman May 26,
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Copyright © 2008 Pearson Addison-Wesley. All rights reserved. Chapter 27 Crime Insurance and Surety Bonds.
Gramm-Leach-Bliley Act for Financial Aid Val Meyers Associate Director Michigan State University.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Board of Director’s Training December 5, Board’s Ultimate Responsibility.
What a Company Needs (Essentials) and Why in the Start- up Phase of Growth – and What They can Expect as They Become Successful Marc Honorof Costello Insurance.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
Protection Detail: Insurance Coverage in 2012 Presented By: Nezih Hasanoglu and Kim Singleton M3 Insurance Solutions for Business.
Teresa Macklin Information Security Officer 27 May, 2009 Campus-wide Information Security Activities.
General Awareness Training
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.
NEFEC - Cyber Liability MICHAEL GUZMAN, ARM ARTHUR J. GALLAGHER & CO.
Construction Contracts What You Need to Know March 19, 2015.
BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
CUNA Mutual Group Proprietary Reproduction, Adaptation or Distribution Prohibited © 2014 CUNA Mutual Group, All Rights Reserved. Understanding Cyber Insurance.
AUGUST 25, 2015 Cyber Insurance:
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Data Security: Steps to Improved Information Security September 22, 2015 Presented by: Alex Henderson General Counsel and Chief Administrative Officer.
© Copyright 2011, Vorys, Sater, Seymour and Pease LLP. All Rights Reserved. Higher standards make better lawyers. ® CISO Executive Network Executive Breakfast.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Developing Plans and Procedures
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
CYBER INSURANCE Luxury or necessary protection?. What is a data breach? A breach is defined as an event in which an individual’s name plus personal information.
Chapter 27 Crime Insurance and Surety Bonds. Copyright ©2014 Pearson Education, Inc. All rights reserved.27-2 Agenda ISO Commercial Crime Insurance Program.
. E-Business Risk and Insurance.
Finance 431 Professional Liability. Historically only covered liability from Professional Services to others Medical malpractice Doctors Errors and Omissions.
Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.
Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.
PROFESSIONAL INDEMNITY INSURANCE COUNCIL OF ENGINEERS JANUARY 22, 2014.
Managing Your Cyber/E&O Risk with Willis FINEX Robert Barberi, Vice President, Willis Cyber Practice.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.
Restaurant 1. 2 There are several different types of restaurant classifications, including: Family Style Fine Dining Fast Food Buffet.
Directors and Officers and Entities Oh My!! Chris Amrhein, AAI Amrhein and Associates, Inc. Lorton, VA
Understanding and Taking Risks Presented By: Steve Felker /2011.
JEFFREY L. HUNTER SR RISK ANALYST County of Riverside Human Resource Dept. Risk Management Div. Insurance Requirements In Contracts.
The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.
Cyber Insurance Risk Transfer Alternatives Heather Soronen - Operations Director Rocky Mountain Insurance Information Association.
MEDICAL OFFICE COVERAGES. This is a short review over many insurance coverage parts necessary to a doctor’s practice. Not all apply, and there are other.
Retail & Service 1. 2 The Retail & Service industry encompasses a wide variety of businesses. This segment includes: Businesses engaged in selling goods.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Cyber Insurance Overview July 30, 2016 Wesley Griffiths, FCAS International Association of Black Actuaries.
Cyber Liability Insurance for an unsecure world
Cyber Insurance Risk Transfer Alternatives
CYBER INSURANCE: APPLICATION REPRESENTATIONS & ONGOING POLICYHOLDER OBLIGATIONS January 26, 2017.
Financial Institutions – Cyber Risk
E&O Risk Management: Meeting the Challenge of Change
Protection of CONSUMER information
Cyber Risk Management Through Vendor Contracts
Cyber Insurance Overview
Chapter 3: IRS and FTC Data Security Rules
Society of Risk Management Consultants Annual Conference
Cyber Issues Facing Medical Practice Managers
Red Flags Rule An Introduction County College of Morris
Cyber Trends and Market Update
Understanding Cyber Insurance NASCUS/CUNA Cybersecurity Symposium
Cyber Exposures The Importance of Risk Identification and Transfer
Cyber Security: What the Head & Board Need to Know
Presentation transcript:

NYSTA 2012 Annual Conference Telcom Insurance Group Presented by: Joyce Hermann, AU, CISR Sr. Account Executive Insure IT, Manage IT But Never Ignore IT… Network Security and Data Liability Because it has always been a matter of trust…

Network Security and Data Liability Risk Management is a great way to deal with any exposure but as we all know it’s not fool proof. One method of risk management is the transfer the exposure and the most common method is insurance. Lets review the exposure to determine if management is enough or does a transfer need to be explored. This exposure is created by a breach. So, what is a breach? Personal information that is an a format that can be easily read and used by a third party is stolen and personal information is in unauthorized hands!

Because it has always been a matter of trust… Who Is Held Accountable? Board of Directors and Senior Management By Contract-- 3 rd Parties? IT Services Providers Certain laws make those responsible, responsible to do certain things after a breach: Sarbanes Oxley-Shareholder Notification State Laws-Consumer Notification

Because it has always been a matter of trust… Network Security and Data Liability Flow of a breach and parties involved. Business Customer Breach State AG FTC/FCC Industry

Because it has always been a matter of trust… Use a Layered Approach to Risk Management and Transfer Recognize the risk, analyze the exposure, plan for the possibility, implement a plan, and re-visit the issue frequently. Determine security gaps and fill them with technology or business practice answers. If this still leaves doubt, transfer the risk. Insurance is a transfer of risk option that allows access to counsel, monitoring, and coverage for all aspects of restoration.

Because it has always been a matter of trust… Use a Layered Approach to Risk Management and Transfer Recognize business processes and who has access to what information Review security processes and procedures Know what your outside vendors/suppliers/business partners do with your data Identify VPN, extranets, intranet, Internet exposures

Because it has always been a matter of trust… Analyze Defense Mechanisms Virus control (anti-virus updates) Perimeter defenses (firewalls, remote access) Physical security (restrict access, passwords, timeout, laptop/smart phone procedures) Confidentiality (collect/distribute only needed information on employees and customers)

Because it has always been a matter of trust… Plan and Implement Defense Mechanisms Security Policy (patches, procedures for distribution of sensitive information) Disaster Recovery (identify IT resources/ backups) Incident Response Plan (notification requirements by state if there’s a breach of confidential information)

Because it has always been a matter of trust… Who, What and Why? Personal information has street value. Consider a wider use of background checks. Might a clerical employee who is modestly compensated be tempted by easy money for supplying data to another? Pay special attention to portable devices and set standards/restrictions on the data that can be stored on them and in what format.

Because it has always been a matter of trust… Basic Business Practices Limit access to sensitive information and even potentially encrypt it Watch the disposal of paper records or files. It’s so easy to forget this exposure, but recent claims prove this to be a real risk. Shred paper files and records and destroy old hard drives by drilling holes in them Keep security patches up to date

Because it has always been a matter of trust… Network Security and Data Liability Insurance Protection is available for risk transfer in a few different formats: General Liability coverage extensions Monoline NSDL policies As part of an Errors and Omissions Policy

Because it has always been a matter of trust… Network Security and Data Liability Insurance Protection varies but a few of the common coverages that are offered include: Indemnification of 3 rd party claims for damages Expense Reimbursement to clean-up your system Expense Reimbursement for required corrective actions to assist victims Regulatory fine reimbursement

Because it has always been a matter of trust… Network Security and Data Liability Insurance Protection varies but a few of the common coverages that are offered include: Public Relations Expenses Media and Communications Liability Errors and Omissions (more on this later) First party property coverage direct and indirect loss Extortion

Because it has always been a matter of trust… Network Security and Data Liability Insuring Agreement: We will pay for “loss” that the “insured” becomes legally obligated to pay, and “defense expenses”, as a result of a “claim” first made against the “insured” during the “policy period” or during the applicable Extended Reporting Period for a “wrongful act” or a series of “interrelated wrongful acts” taking place on or after the Retroactive Date, if any, shown in the Declarations, and before the end of the “policy period”.

Because it has always been a matter of trust… Network Security and Data Liability A Common Exclusion: Based upon, attributable to or arising out of any action by a governmental or quasi-governmental authority or agency including, but not limited to, regulatory actions brought against you on behalf of the Federal Trade Commission, Federal Communications Commission, or other regulatory agency. However, this exclusion shall not apply to the actions brought by governmental authority acting solely in its capacity as a customer of the “named insured” or one of its “subsidiaries”.

Because it has always been a matter of trust… Network Security and Data Liability What if a third party we use, like a billing entity, has a breach? “Named insured” means the entity or entities shown in the Declarations and any “subsidiary”. “Subsidiary” means any organization in which more that 50% of the outstanding securities or voting rights representing the present right to vote for the election of directors, or equivalent position, is owned, in any combination, by one or more “named insured”. Independent contractors need to be added by endorsement.

Because it has always been a matter of trust… Where To Start 1 st and 3 rd Party? 1 st Party- An entity has an insurable interest in property and in the event of damage will have direct loss of value and potentially indirect financial loss of use or lost income. Examples of 1 st Party Property with Data/Network Exposure Computers (Hardware/Software) and Peripheral Devices Networks Data/Records/Paper

Because it has always been a matter of trust… What Coverage Is Available For 1 st Party Exposure? Software, Data and Media Coverage Software is covered by most forms but by strict definition that means the cost of the program will be reimbursed and not the value of the data or the time and labor to populate the program to make it useful. Pay careful attention to how your policy is worded in this area. Even if media is covered, is the time and effort to duplicate the data covered? Remember policy construction is very important. If you do not have the hacker related peril coverage do you really have much protection? Finally, does your policy cover data of others and is that important?

Because it has always been a matter of trust… Additional Coverage Available For 1 st Party Exposure Generally Only on Network Security Forms: Data and Media Coverage Offsite Voluntary Parting Access to Your Network is Blocked – “Denial of Service” Cyber Extortion Regulatory Proceeding Expense Crisis Coverage Expense

Because it has always been a matter of trust… What Coverage Is Available For 3rd Party Exposure? Network and Data Liability coverage is available. It will pay for damages incurred by claimants from a breach and expense incurred due to the violation. It will also cover the regulatory fines from failure to abide by laws and regulations and this will include CPNI, Cable TV Operators, and any applicable state issues. Generally, punitive is covered if allowable by state law. It is more than identity theft which is a veneer of protection. ID theft is partial help after a loss of data occurs, but it is not protection before an event happens.

Because it has always been a matter of trust… What Coverage Isn’t Available For 3rd Party Exposure? Network and Data Liability standard coverage exclusions include: fraud, SEC violations, fiduciary claims, RICO and collusion events, ERISA, EPLI, D&O, insured vs. insured, war, terrorism, pollution, and BI/PD.

Because it has always been a matter of trust… Resources

Because it has always been a matter of trust… Thank you! Joyce Hermann, AU, CISR Ext

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.