Presentation is loading. Please wait.

Presentation is loading. Please wait.

CYBER RISK INFORMATION CFO Division Office of Risk Services November, 2010.

Published byAnnabelle Barker Modified over 8 years ago

Similar presentations

Presentation on theme: "CYBER RISK INFORMATION CFO Division Office of Risk Services November, 2010."— Presentation transcript:

1 CYBER RISK INFORMATION CFO Division Office of Risk Services November, 2010

2 1 U N I V E R S I T Y O F C A L I F O R N I A THE ART of INSURANCE 101010101010 101010100010 111101010101 101010101010 111111111111 101010101010 101010100010 111101010101 101010101010 111111111111 101010101010 101010100010 111101010101 101010101010 111111111111 101010101010 101010100010 111101010101 101010101010 111111111111 101010101010 101010100010 111101010101 101010101010 111111111111 101010101010 101010100010 111101010101 101010101010 111111111111 IIT Meets Insurance

3 2 U N I V E R S I T Y O F C A L I F O R N I A The Threat The Pentagon's second-in-command, Deputy Secretary William J. Lynn III asserted that the threat to intellectual property of businesses, universities and the government may be "the most significant cyberthreat" facing the country. By Ellen NakashimaEllen Nakashima Washington Post Staff Writer Thursday, September 16, 2010

4 3 U N I V E R S I T Y O F C A L I F O R N I A The Risks 498 breaches reported in 2009, which is down from 656 breaches reported in 2008, but up from 446 breaches reported in 2007 1 : 16% of all reported breaches occurred in the educational sector 13% of breaches occurred in the healthcare and medical sectors Since 2001, 20% of reported breaches involve the Educational sector and 13% involve the Healthcare/Medical sector. 2 The average direct cost of a data breach in 2009 was $6.8 million, about $204 per name – an increase of 48% over 2005. 3 This cost includes The largest increase in this cost is related to increased legal costs associated in the ex post response. The size of the breaches experienced by companies surveyed ranged from approximately 5,000 compromised records to approximately 101,000 compromised records, with a cost range of approximately $750,000 up to nearly $31 million. Source: 1. Identity Theft Resource Center, US Department of Justice, 2009 Data Breach Stats 2. 2009 Open Security Foundation/DataLossDB Reports 3. 2009 Annual Study: U.S. Cost of a Data Breach, Ponemon Institute, LLC

5 4 U N I V E R S I T Y O F C A L I F O R N I A Impact of Data Breach Direct Costs Discovery / Data Forensics Notification costs Identity monitoring costs Real-time crisis management costs Additional security measures, remediation Defense Costs/Settlements Regulatory fines Call Center Management Civil Suits Indirect Costs Loss of student/faculty confidence Executive management distraction from core objectives Loss of employee productivity Alumni impact, giving etc. Impact on enrollment Loss of management credibility

6 5 U N I V E R S I T Y O F C A L I F O R N I A Data Breaches at UC Campuses - 2005 to present From Privacy Rights Clearinghouse (PrivacyRights.org) Location# of Records Compromised # of Incidents UCSD6,8002 UCB256,8933 UCSF74,3557 UCD2,2202 UCLA800,9002 UCI7,2872 TOTAL1,148,455*18* *Does not include an unconfirmed breach at UCSF of an additional 6,313 records At the current average direct cost of $204 per record, the total costs of these breaches would be $234,284,820

7 6 U N I V E R S I T Y O F C A L I F O R N I A Known Costs of Regents Cyber Events Claim Cost currently covered under GL Program Smith (UCSF): Indemnity reserve - $1M Defense reserve - $858K; Paid - $685K Powell (UCSD): Indemnity reserve - $500K Defense reserve - $1.5M; Paid - $387K By exception extended defense coverage – under self-insured retention. Pending coverage opinion from excess carrier on potential breach fees of $1,000 per record which could total $230m Recent Uninsured Events UCLA data breach in 2008 incurred approximately $500K in related costs. Berkeley/UHS cyber breach 2008-09 incurred approximately $430K in related costs.

8 7 U N I V E R S I T Y O F C A L I F O R N I A Recent Higher Education/Med Center High Profile Events October 2010 – A University of Hawaii faculty member inadvertently uploaded files to an unprotected server, exposing the names, academic performance, disabilities and other sensitive information of 40,101 students who attended the Manoa campus from 1990 to 1998 and in 2001. June 2010 – University of Louisville has alerted roughly 700 patients in the university’s dialysis program that personal information, including names and S.S. #’s, was briefly accessible outside of the program. The information was not password protected and was leaked to the public domain on the internet. March 2010 – University of Calgary Clinic. Patients were cautioned that their personal medical history may have been revealed to hackers after a virus hit a computer that stored medical data. Jan 2010 – Eastern Washington University has notified present and former students of a massive data breach of it systems that could affect up to 130,000 people. Data involved dates back to 1987 and includes names, S.S. #’s and birth dates.

9 8 U N I V E R S I T Y O F C A L I F O R N I A Additional Costs relating to Privacy Breach HIPAA Breaches of patient information may also result in HIPAA Fines, which can range from $100 to $50,000 per violation, up to $1.5 million maximum. HHS Office of Civil Rights reports over 50,000 complaints have been reported since HIPAA enforcement began in 2003. Approximately 21% of complaints that fell within OCR’s juristiction resulted in some corrective action by a covered entity. FERPA Breaches of student records may result in penalties including a cutoff of federal funding to the institution, including grants and financial aid.

10 9 U N I V E R S I T Y O F C A L I F O R N I A Best Practices – Protecting UC’s Brand and Integrity Protecting against Cyber Risks should be an organizational commitment – ERM Insurance is becoming more available, but should be the last line of defense Traditional underwriting was not an option for UC CRO/Broker approached insurance markets regarding a new solution - reverse underwriting concept. “Reverse Underwriting”: Underwrite to standards rather than to existing conditions Provide CIOs with a tool to drive improved behavior around cyber risk Provides first dollar insurance coverage for those that meet UC’s policies – rewarding best practices Provides a secondary savings through consolidation of systems (utility cost, space, maintenance, IT redundancy) Supports improved post-loss Risk Response

11 10 U N I V E R S I T Y O F C A L I F O R N I A Security & Privacy Insurance Policy Coverage Overview Risks Coverage Existing Insurance Policies Improved Insurance Policies Legal liability to others for privacy breaches Privacy Liability: Harm suffered by others due to the disclosure of confidential information Legal liability to others for computer security breaches Network Security Liability: Harm suffered by others from a failure of your network security Loss or damage to data/ information Property Loss: The value of data stolen, destroyed, or corrupted by a computer attack Loss of revenue due to a computer attack Loss of Revenue: Business income that is interrupted by a computer attack Extra expense to recover/ respond to a computer attack Cyber Extortion: The cost of investigation and the extortion demand Loss or damage to reputation Identity TheftExpenses resulting from identity theft Privacy Notification Requirements Cost to comply with privacy breach notification statues Regulatory ActionsLegal defense for regulatory actions Legend:No coverageLimited coverageFull coverage

12 11 U N I V E R S I T Y O F C A L I F O R N I A Cyber Insurance Coverage Limits Property- $5 Billion Limits $7.5 Million deductible Covers physical loss or damage to hardware and software. Liability- $275 Million Limits $2.5 Million deductible Covers negligent acts or omissions. Cyber/Privacy Breach- $2 Million Aggregate $1 Million deductible Covers damages and expenses caused by a privacy, confidentiality or security breach. First dollar coverage for campuses within self-insurance program

Download ppt "CYBER RISK INFORMATION CFO Division Office of Risk Services November, 2010."

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.

Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
06B – DATA INCIDENTS AND LITIGATION Jeffrey L. Poston Partner Crowell & Moring, LLP.

06B – DATA INCIDENTS AND LITIGATION Jeffrey L. Poston Partner Crowell & Moring, LLP.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,

Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,
Presented by: Dan Landsberg August 12, 2011. Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.

Presented by: Dan Landsberg August 12, Agenda  What is Social Media?  Social Media’s Professional Side  Benefits of Social Media  Regulatory.
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.

Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.
2 3 4 5 6 www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.

Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.

Cyber Risk Enhancement Coverage. Cyber security breaches are now a painful reality for virtually every type of organization and at every level of those.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Similar presentations

Ads by Google