Presentation is loading. Please wait.

Presentation is loading. Please wait.

CyberEdge® Risk Management Solution

Published byLesley Porter Modified over 6 years ago

Similar presentations

Presentation on theme: "CyberEdge® Risk Management Solution"— Presentation transcript:

1 CyberEdge® Risk Management Solution

2 Today’s Discussion Topics
Cyber as a Peril The Need for an End-to-End Risk Management Approach for Cyber 2 2

3 What’s New Cyber as a Peril CyberEdge Plus 3

4 Cyber Impact Framework
Potential damages from a cyber event 1st Party Damages 3rd Party Damages Financial Cyber event impacts and insurance coverages map to these four quadrants Tangible

5 Impacts from a Cyber Event — the details
Cyber impacts will align with one or more of these four quadrants 1st Party Damages 3rd Party Damages Response costs: forensics, notifications, credit monitoring Legal: advice and defense Public Relations: brand protection Revenue losses from network or computer outages, including cloud Cost of restoring lost data Cyber extortion expenses Value of intellectual property 3rd Parties may seek to recover: Consequential revenue losses Restoration expenses Legal expenses Shareholder losses Contractual liabilities Other financial damages 3rd Party Entities may issue or be awarded civil fines and penalties Mechanical breakdown of your equipment Destruction or damage to your facilities or other property Environmental cleanup of your property Lost revenues from physical damage to your (or dependent) equipment or facilities (business interruption) Bodily injury to your employees Mechanical breakdown of others’ equipment Destruction or damage to others’ facilities or other property Environmental cleanup of others’ property Bodily injury to others Financial Tangible

6 Destructive Cyber Attack
Security failure was of the pipeline owner’s computer system Resulted in pipeline breach and spilled 30,000 barrels of oil Impact summary: 1st 3rd Financial Tangible Environmental Cleanup Property Damage Business interruption

7 Cyber Product Liability
Unlike the other 2 examples, security failure was of a computer system designed by the Auto maker, but was owned by vehicle owner Demonstration of capability to hack, did not result in accidents, but did result in recall by auto manufacturer to minimize potential for accidents and injuries Potential impact summary: 1st 3rd Financial Tangible Investigation expenses Public relations and other event response expenses Accidents and injuries did not occur, but could have, which would have resulted in damages in this quadrant INTERNAL USE ONLY

8 End-to-End Risk Management Solution
8 8 8

9

10

11

12 Claims Narratives in CyberEdge App

13 CyberEdge Hotline: 1-800-CYBR-345
Infrastructure Vulnerability Scanning Powered by IBM Key Components Reports demonstrate compliance with federal, state and industry regulations Assess an environment from either the external or internal perspective IBM expertise improves accuracy of findings and reduces mitigation time Consultation on recommendations for improved security CyberEdge Hotline: CYBR-345 24/7 hotline staffed by IBM experts to respond to Insureds concern that they may be victim of a breach The IBM experts will go over key indicators of a breach with the Insured’s IT department to determine if one has indeed occurred. If a breach is suspected or has occurred, Insureds will be automatically connected with our CyberEdge Breach Resolution Team. Provides vulnerability management led by an experienced security consultant Detects vulnerabilities across network devices, servers, web applications, and databases to help reduce risk exposure and better manage compliance requirements Strong security expertise provides vulnerability identification with resulting prioritized plan for remediation and improved security CyberEdge Hotline: CYBR-345 IBM experts respond to Insureds and review key indicators of a breach with the Insured’s IT 13

14 RiskAnalytics CyberEdge RiskTool Proactive Shunning Services
Managing the human element of risk Proactive Shunning Services New layer of network security 14

15 75% of breaches reported were due to human error/negligence.
CyberEdge RiskTool 75% of breaches reported were due to human error/negligence. Web-based customizable risk management platform Manage the human element of cyber risk and manage compliance Pre-populated with: Corporate security policies Training with exams Self assessments and risk guides Simplifies and documents end user training Unlimited use

16 What is Shunning? Service blocks CrimeWare through multiple appliance options Matched to network speed and failover requirements Positioned outside the firewall, no impact to existing network Real-time updates

17 Cybersecurity Maturity Assessment
Leverages the NIST Cybersecurity Framework Organizations will have a view of gaps between their current and ideal cybersecurity posture. Insureds have access to RSA’s Advanced Cyber Defense (ACD) practice to provide operational expertise in closing the gaps and protecting the critical business assets.

18 NIST Cybersecurity Framework Overview
Core Tiers Profile Functions Categories Subcategories Informative References IDENTIFY PROTECT DETECT RESPOND RECOVER Tier 1: Partial Ad hoc risk management Limited cybersecurity risk awareness Low external participation Tier 2: Risk Informed Some risk management practices Increased awareness, no program Informal external participation Tier 3: Repeatable Formalized risk management Organization-wide program Receives external partner info Tier 4: Adaptive Adaptive risk management practices Cultural, risk-informed program Actively shares information Current Profile Current state of alignment between Core elements and organizational requirements, risk tolerance, & resources. Where am I today relative to the Framework? Roadmap Target Profile Desired state of alignment between Core elements and organizational requirements, risk tolerance, & resources. Where do I aspire to be relative to the Framework?

19 BitSight Security Ratings
Security ratings for organizations to measure and monitor their own network and those of their third-party vendors. Continuous measuring of externally observable event and diligence data

20 BitSight Security Ratings

21 BitSight Security Ratings – sample report
21 21

22 Dark Net Intelligence Powered by K2 Intelligence
Intel of latest chatter inside the black hacker markets and forums, ‘dark net’ Mines the dark net for data using web crawlers and sophisticated human intelligence Value Add Proactive threat intelligence Due diligence during M&A transactions 22 22

23 Portfolio Analysis Powered by Axio Global
One-day loss scenario workshop to estimate the financial impact of information technology and control systems Analysis of a client’s entire Property and Casualty insurance portfolio to identify how it would respond to a complex cyber event Self-evaluation of a client’s cybersecurity program based on the Cybersecurity Capability Maturity Model (C2M2) 23 23

24 Consultation Two complimentary hours from a specialized law firm to provide guidance on building and executing an incident response plan, as well as ensuring an organization is compliant with regulatory standards. One complimentary hour from a forensic firm on what an organization’s technical response plan should include. One complimentary hour from a vetted public relations firm to discuss an effective crisis communication plan to handle and mitigate the potential reputational and brand risk an organization would face in the event of a breach.

25 DRAFT - NOT FINAL & NOT FOR USE
CyberEdge Pre-loss Complimentary Services Service Name Value Summary Included RiskTool Employee Awareness, Training, & Compliance Unlimited use, customizable solution that reduces the single largest risk to an organization - human error. Blacklist IP Blocking Powered by Global Threat Intelligence Stops criminal activity on your network by blocking bad DNS and IP traffic – inbound or outbound SecureDNS Secures your DNS for a safer Internet Takes away a very critical route cyber criminals need to phish and trick users to deliver Ransomware, infect systems, exfiltration stolen data and cause a cyber breach. It redirects users to a safe landing page and sends bad traffic to a sinkhole for analysis Domain Protection Identify and Block typo squatting domains Protects your organization by identifying and then blocking knockoff domains used by criminals through social engineering to trick employees into clicking and accepting Infrastructure Vulnerability Scan Identification of high risk infrastructure vulnerabilities Select parts of your infrastructure to have experts discover and identify vulnerabilities that are open to potential exploits by cyber criminals Risk Consultation – Legal Review and strengthen Incident Response capabilities Two hours of consultation from an expert on incident response planning, regulatory compliance, security awareness, and privacy training. Risk Consultation --Forensic Organizational preparedness for different threat scenarios One hour from a forensic expert on what an organization needs to think about and prepare for different threat scenarios Risk Consultation -- Public Relations Crisis communication plan best practices and preparation One hour from an expert to discuss preparations and plans for your organization to handle potential scenarios should they occur CyberEdge Hotline 24/7/365 cyber forensic hotline Experts immediately available to call and review Indicators of Attack or Indicators of Compromise to triage potential cyber events Insurance Portfolio Diagnostic Cyber as a peril analysis against insurance portfolio Experts review your entire property and casualty portfolio to determine how it is anticipated to respond to the full spectrum of cyber predicated financial and tangible losses. Cybersecurity Information Portal Online Access to Cybersecurity Information 24/7 365 access to current cybersecurity information .

26 Discounted Fee Based Partner Services
Dark Net Intelligence, Advisory Services Customized human intelligence gathering to help clients stay apprised of what the latest chatter is inside the black hacker markets and forums aka “dark net.” Cybersecurity Maturity Assessment RSA’s Governance, Risk, and Compliance (GRC) solution helps organizations assess their cybersecurity risk. BitSight Security Ratings Generates security ratings for organizations to measure and monitor their own network and those of their third-party vendors. Portfolio Analysis Provides clients with a holistic picture of their cyber exposure by addressing the full range of potential cyber losses. Configuration, Auditing, and Management Tool Focuses on compliance and remediation requirements for key areas like PCI DSS 3.0, HIPAA, ISO, CSA, etc. Security Regulation Resource Cybersecurity resource featuring information on mandates in 23 key markets

27 Discounted Fee Based Partner Services
Anti-Phishing Simulated phishing attacks, auto enrollment, and interactive training modules for employees Vendor Security Ratings Generates security ratings for organizations to measure and monitor their own network and of their third party vendors Visit and watch our CyberEdge Partner video series. … and more to be announced shortly!

28 Contact Information Bridget Sakach Network Security & Privacy Specialist

29 American International Group, Inc
American International Group, Inc. (AIG) is a leading international insurance organization serving customers in more than 130 countries. AIG companies serve commercial, institutional, and individual customers through one of the most extensive worldwide property-casualty networks of any insurer. In addition, AIG companies are leading providers of life insurance and retirement services in the United States. AIG common stock is listed on the New York Stock Exchange and the Tokyo Stock Exchange. Additional information about AIG can be found at | YouTube: | | LinkedIn: AIG is the marketing name for the worldwide property-casualty, life and retirement, and general insurance operations of American International Group, Inc. For additional information, please visit our website at All products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Products or services may not be available in all countries, and coverage is subject to actual policy language. Non-insurance products and services may be provided by independent third parties. Certain property-casualty coverages may be provided by a surplus lines insurer. Surplus lines insurers do not generally participate in state guaranty funds, and insureds are therefore not protected by such funds. 29

Download ppt "CyberEdge® Risk Management Solution"

Similar presentations

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,

Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.
Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.

Click to add text © 2010 IBM Corporation OpenPages Solution Overview Mark Dinning Principal Solutions Consultant.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
Understanding the Risks & Liberating the Business Michael Jensen, Head of Commercial Lines, Arabia The Business Of Governance, 4 th September 2013.

Understanding the Risks & Liberating the Business Michael Jensen, Head of Commercial Lines, Arabia The Business Of Governance, 4 th September 2013.
Overview of Cybercrime

Overview of Cybercrime
Enterprise Computing Community June 13 - 15, 2010February 27, 2010 1 Information Security Industry View Linda Betz IBM Director IT Policy and Information.

Enterprise Computing Community June , 2010February 27, Information Security Industry View Linda Betz IBM Director IT Policy and Information.
Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.

Copyright © 2006 CyberRAVE LLC. All rights reserved. 1 Virtual Private Network Service Grid A Fixed-to-Mobile Secure Communications Framework Managed Security.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.

PATCH MANAGEMENT: Issues and Practical Solutions Presented by: ISSA Vancouver Chapter March 4, 2004.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Data Center Firewall. 2 Common IT Security Challenges Does my network security protect my IT environment and sensitive data and meet the regulatory compliances?

Data Center Firewall. 2 Common IT Security Challenges Does my network security protect my IT environment and sensitive data and meet the regulatory compliances?
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Combustible Dust: Solutions Delayed Presentation with Update and Discussion REEF Meeting – October 3, 2014 Edmund B. Cordova, CSP.

Combustible Dust: Solutions Delayed Presentation with Update and Discussion REEF Meeting – October 3, 2014 Edmund B. Cordova, CSP.
Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.

Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved. 4025 W. Peterson Ave. Chicago,

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,
Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.

Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.
Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Data Security & Privacy: Fundamental Risk Mitigation Tactics 360° of IT Compliance Anthony Perkins, Shareholder Business Law Practice Group Data Security.

Similar presentations

Ads by Google