Presentation is loading. Please wait.

Presentation is loading. Please wait.

CYBER INSURANCE: APPLICATION REPRESENTATIONS & ONGOING POLICYHOLDER OBLIGATIONS January 26, 2017.

Published byAmice Pope Modified over 6 years ago

Similar presentations

Presentation on theme: "CYBER INSURANCE: APPLICATION REPRESENTATIONS & ONGOING POLICYHOLDER OBLIGATIONS January 26, 2017."— Presentation transcript:

1 CYBER INSURANCE: APPLICATION REPRESENTATIONS & ONGOING POLICYHOLDER OBLIGATIONS
January 26, 2017

2

3 Cyber Insurance Coverage Assessments Lessons Learned

4 Questions Insurers Ask on Their Applications
Does the Applicant have a formal program in place to test or audit network security controls? How often are internal audits performed? How often are outside/third party audits performed? Does the Applicant use firewall technology? Does the Applicant use anti-virus software? Is anti-virus software installed on all of the Applicant’s computer systems, including laptops, personal computers, and networks? Does the Applicant use intrusion detection software to detect unauthorized access to internal networks and computer systems? Is it the Applicant’s policy to upgrade all security software as new releases or improvements become available? Is a multi-factor authentication process (multiple security measures used to reliably authenticate/verify the identity of a customer or other authorized user) or a layered security approach required to access secure areas of Applicant’s website? Please describe authentication/verification methods used. Source: Travelers CyberRisk Coverage Application

5 Questions Insurers Ask on Their Applications
Is all valuable/sensitive data backed-up by the Applicant on a daily basis? If No, please describe exceptions: Does the Applicant conduct training regarding security issues and procedures for employees that utilize computer systems? Does the Applicant publish and distribute written computer and information systems policies and procedures to its employees? Does the Applicant terminate all associated computer access and user accounts as part of the regular exit process when an employee leaves the company? Does the Applicant have a formal documented procedure in place regarding the creation and periodic updating of passwords used by employees or customers? Source: Travelers CyberRisk Coverage Application

6 Questions Insurers Ask on Their Applications
Source: THE HARTFORD DATA PRIVACY ~ NETWORK SECURITY LIABILITY INSURANCE POLICY APPLICATION

7 Coverage Danger Zones Consent Requirements Panel Professionals
Timely Notice Liability Assumed Under Contract Failure to Maintain Minimal Cybersecurity Standards Data Controlled by Third Parties Wrongful or Unlawful Data Collection Regulatory Fines Professional Services – Coverage Grant or Exclusion? Property, General Liability, Errors and Omissions, Kidnap and Ransom

8 Notice What you must do in the event 1. of a claim or loss
Should a senior executive officer become aware of any claim, loss or damage, the following obligations must be complied with by you: a) You must not admit liability for or settle or make or promise any payment in respect of any claim, loss or damage which may be covered under this Policy. Neither must you incur any costs and expenses in connection with such a claim, loss or damage without our written agreement.

9 Ongoing Requirements 8. Your duty to advise us of changes If a senior executive officer becomes aware that any of the information that you have given us in the Application Form or elsewhere in connection with your application for this insurance has materially changed then you must advise us as soon as is practicable. In this event, we reserve the right to amend the terms, conditions or premium of the Policy.

10 Ongoing Requirements 9. Risk management conditions If we attach any additional conditions to your Policy regarding any risk survey or risk management timetable or any other similar Conditions then it is your responsibility to ensure that these conditions are complied with by the deadlines shown in the conditions.

11 Ongoing Requirements XVI. MERGERS AND ACQUISITIONS A. Newly Acquired Subsidiaries During the Policy Period, if the Named Insured or any Subsidiary acquires another entity whose annual revenues are more than ten percent (10%) of the Named Insured’s total annual revenues for the four quarterly periods directly preceding inception of the Policy Period, such acquired entity shall not be a Subsidiary, and no Insured shall have coverage under this Policy for any Claim or Loss that arises out of any act, error, omission, incident or event whether committed before or after such acquisition: 1. by or on behalf of the acquired entity or any person employed by the acquired entity; 2. involving or relating to the assets, liabilities, Covered Media Activities or policies or procedures of the acquired entity or to data, information, computers, or networks, security systems, of or under the care, custody or control of the acquired entity, a Business Associate of the acquired entity, or a third party on behalf of the acquired entity; or 3. by any person or independent contractor holding, processing or transferring information or operating Computer Systems on behalf of the acquired entity; unless the Named Insured gives the Insurer written notice prior to the acquisition, obtains the Insurer’s written consent to extend coverage to such additional entities, assets, exposures, or Computer Systems, and agrees to pay any additional premium required by the Insurer.

12 Effective Indemnity Agreements on Cyber Coverage
“With respect to all Insuring Clauses, [Federal] shall not be liable for any Loss on account of any Claim, or for any Expense based upon, arising from or in consequence of any liability assumed by any Insured under any contract or agreement.” Federal Insurance Co. is part of Chubb

13 How Do You Submit a Claim?
Documentation requirements Application of waiting periods/sub-limits (e.g., business interruption versus network interruption) Common items of dispute in the adjustment process

14 Conclusion

15 Our Cybersecurity Services
Cyber Risk Management Strategy & Program Design Cyber Risk Assessment & Security Testing Data Privacy & Protection Security Architecture & Transformation Incident Response Planning Business Continuity Planning & Disaster Recovery Digital Forensics & Cyber Investigations Cyber Insurance Claim Preparation & Coverage Adequacy Evaluation

16 SPEAKER’S PAGE JUDY SELBY Managing Director BDO Consulting
Technology Advisory Services | Judy Selby is a Managing Director in BDO Consulting’s Technology Advisory Services practice, having more than 20 years of experience in insurance and technology. Known as “one of the premier voices in legal technology” by Legaltech News, she consults with clients on cyber insurance, cybersecurity, information governance, data privacy and complex insurance matters. She advises clients on best practices for handling information throughout its life cycle, from creation or collection through disposition. In addition, Judy works with organizations and their counsel to advise on data privacy and cyber insurance issues, having depth of experience in coverage adequacy evaluation, international arbitration and all phases of insurance coverage litigation as well as policy drafting and gap analysis. Prior to joining BDO, Judy was a partner at Baker Hostetler, where she was Co- chair of the Information Governance team and founder of the eDiscovery and Technology team. She is the Co-chair of the Claims and Litigation Management (CLM) Alliance Cyber Liability Committee and serves on the Law360 Insurance and Legaltech News editorial boards. Judy has completed courses on the internet of things (IoT), big data, crisis management / business continuity and cybersecurity at the Massachusetts Institute of Technology.

17 THANK YOU !

Download ppt "CYBER INSURANCE: APPLICATION REPRESENTATIONS & ONGOING POLICYHOLDER OBLIGATIONS January 26, 2017."

Similar presentations

A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.

A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
© 2013 Sri U-Thong Limited. All rights reserved. This presentation has been prepared by Sri U-Thong Limited and its holding company (collectively, “Sri.

© 2013 Sri U-Thong Limited. All rights reserved. This presentation has been prepared by Sri U-Thong Limited and its holding company (collectively, “Sri.
Pension Fund Trustees Liability Ncedi Mbongwe. Introduction to Camargue Underwriting Managers Established in 2001 Underwriters: Mutual and Federal and.

Pension Fund Trustees Liability Ncedi Mbongwe. Introduction to Camargue Underwriting Managers Established in 2001 Underwriters: Mutual and Federal and.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.

©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
Presented By: John D. Miller

Presented By: John D. Miller
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA 2014. The policy advocacy and regulatory work of the GSMA Mobile Money team.

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
ICSA Professional Indemnity, Directors & Officers Insurance for Financial Institutions Magnus McGurk, Business Development Manager, SME Professional Lines.

ICSA Professional Indemnity, Directors & Officers Insurance for Financial Institutions Magnus McGurk, Business Development Manager, SME Professional Lines.
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
Risk Management Overview with Meg Tully, CAE Meg Tully, CAE Association Development Director.

Risk Management Overview with Meg Tully, CAE Meg Tully, CAE Association Development Director.
REGULATORY LEGAL AND CONTRACTUAL ASPECTS OF PPP IN WATER AJAY RAGHAVAN Counsel Training Workshop, Bhopal, February 2009.

REGULATORY LEGAL AND CONTRACTUAL ASPECTS OF PPP IN WATER AJAY RAGHAVAN Counsel Training Workshop, Bhopal, February 2009.
Construction Contracts What You Need to Know March 19, 2015.

Construction Contracts What You Need to Know March 19, 2015.
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
March 15, 2011 2011 Insurance Seminar Penn Biotech Group.

March 15, Insurance Seminar Penn Biotech Group.
Page 1 Recording of this session via any media type is strictly prohibited. Page 1 We Have a Plant There? u Managing International Property Insurance and.

Page 1 Recording of this session via any media type is strictly prohibited. Page 1 We Have a Plant There? u Managing International Property Insurance and.

Similar presentations

Ads by Google