1. Page 1 Recording of this session via any media type is strictly prohibited. Page 1 Cyber as a Boardroom Issue Date: Wednesday, April 30, 2014 Time: 9:00 AM - 11:00 AM Room: 603

2. Page 2 Recording of this session via any media type is strictly prohibited. Yvette Connor, Managing Director, Alvarez & Marsal Risk Management Advisory Services, has more than 20 years of experience building, quantifying, and testing operational, financial, hazard, and reputational risk frameworks. Before that, Ms. Connor served as the Director of Client Engagement for Marsh. Prior to joining Marsh in 2010, Ms. Connor was the Director of Risk Management at Vulcan Inc., a privately-held company, with a diverse portfolio of over 200 operating companies. Jimmy Kirtland, VP, Corporate Risk Management, Voya Financial, Inc. (f.k.a. ING U.S., Inc.) is responsible for the placement of all domestic and foreign corporate insurance coverages for Voya. Mr. Kirtland has been with ING since 1987. He has been a member of several industry advisory boards, has participated in numerous industry conferences as a speaker and panelist, and is active in several community outreach programs.

3. Page 3 Recording of this session via any media type is strictly prohibited. John Mullen, Lewis Brisbois Bisgaard & Smith and Chair, US Data Privacy and Network Security Group, holds a BS from Pennsylvania State University and a JD from Arizona State University, College of Law (1991). Mr. Mullen has been on the forefront of developing the cyber insurance market and continues to assist insurers, brokers, risks managers, underwriters, product specialists, and professional claims personnel in navigating this rapidly-developing territory. Jon Leibowitz is a partner in Davis Polk’s Washington, DC and New York offices. His practice focuses on the complex antitrust aspects of mergers and acquisitions, as well as government and private antitrust investigations and litigation. He also provides counsel in the developing area of privacy law. Mr. Leibowitz was Chairman of the Federal Trade Commission from 2009 through 2013 and served as a Commissioner from 2004 to 2009. While at the FTC, his priorities included health care and high-tech competition.

4. Page 4 Recording of this session via any media type is strictly prohibited. Robert Parisi is a Managing Director and National Practice Leader for Privacy & Network Risk for Marsh. His practice includes advising clients on issues related to intellectual property, technology, privacy, and cyber related risks as well as negotiating with insurers on terms and conditions. Prior to joining Marsh, Mr. Parisi held several executive underwriting and legal positions at AIG, where he developed and launched the first commercial cyber policy. He began his career as outside coverage counsel to Lloyds of London.

5. Page 5 Recording of this session via any media type is strictly prohibited. What to Expect There is growing awareness that cyber risk – arising from the use of technology and the collection and handling of data – is as much a corporate governance issue as any other aspect of your company's operations. But what is driving this board-level awareness? Explore the evolving risk landscape and regulatory changes that are fueling concerns. Examine information security laws and the Securities and Exchange Commission guidance for the materiality of technology risks, which has led more companies to devote a section of their annual reports to technology risks. Better understand these board-level risks and how to manage them. Learning Objective: Determine how evolving cyber threats affect boardroom concerns. Identify the areas of technology risk for your organization. Examine the evolving nature of cyber risks for businesses. Tools to manage cyber threats and opportunities.

6. Page 6 Recording of this session via any media type is strictly prohibited. Not in the C-Suite Top Ten: up to #12 from #26 Ranked Top 5 in survey of General Counsel Nearly 85% of Board members acknowledged familiarity with basic Information Security standards such as ISO 27001/2; however only 35% knew where their organization stood as regards complying with basic information security standards. In the first six months of 2013, there were over 800 regulatory filings that mentioned cyber-related risks. This represents a 106% increase from the same time in 2012.

7. Page 7 Recording of this session via any media type is strictly prohibited. Questions, Final Comments, and Contact Information John F. Mullen john.mullen@lewisbrisbois.com 215-977-4056 Jon Leibowitz jon.leibowitz@davispolk.com 202-962-7050 Yvette K. Connor yconnor@alvarezandmarsal.com 303-253-0234 Jimmy Kirtland jimmy.kirtland@us.ing.com 770-850-7612 Robert A. Parisi, Jr. robert.parisi@marsh.com 212-345-5924