Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2015, Amy Stewart PC Title Here Cyber Insurance: The Future is Now Texas Lawyer In-House Counsel Summit May 8, 2015 Texas Lawyer In-House Counsel Summit.

Published byRonald Kristopher Washington Modified over 8 years ago

Similar presentations

Presentation on theme: "©2015, Amy Stewart PC Title Here Cyber Insurance: The Future is Now Texas Lawyer In-House Counsel Summit May 8, 2015 Texas Lawyer In-House Counsel Summit."— Presentation transcript:

1 ©2015, Amy Stewart PC Title Here Cyber Insurance: The Future is Now Texas Lawyer In-House Counsel Summit May 8, 2015 Texas Lawyer In-House Counsel Summit May 8, 2015

2 ©2015, Amy Stewart PC Cyber Risks in 2015  Two years ago – “not if, but when”  Today – those who know they’ve been hacked and those who haven’t yet discovered the breach  Risks evolving rapidly  As corporate America tries to get ahead of cyber exposures, insurance industry scurrying to provide solutions  Assessing constantly-changing risks  Underwriting challenges

3 ©2015, Amy Stewart PC Cyber Risks in 2015  Cyber security breaches rose 48% between 2013 and 2014, with 42.8 million incidents reported  Financial losses attributed to these incidents also increased 34% in 2014  Institutions hit in 2014—  Adobe = 152 million records  eBay = 145 million records  JP Morgan Chase = 76 million records  Target = 70 million records  Home Depot = 56 million records

4 ©2015, Amy Stewart PC Cyber Risks in 2015  Many businesses unaware of the magnitude of their cyber risk exposure  Others are working hard to get their arms around the risk  Less than 25% of Fortune 500 companies have adequate cyber coverage in place  More than 50 insurers provide some sort of cyber insurance, some very limited  Traditional policies = very limited (if any) coverage, especially today

5 ©2015, Amy Stewart PC Cyber Risks in 2015  Most businesses unaware of the magnitude of their cyber risk exposure  Less than 25% of Fortune 500 companies have adequate cyber coverage in place  More than 50 insurers provide some sort of cyber insurance, some very limited  Traditional policies = very limited (if any) coverage

6 ©2015, Amy Stewart PC Limitations of Conventional Coverage  Commercial General Liability (CGL)  Coverage A – “Bodily Injury or Property Damage”  ISSUE : Electronic data is NOT tangible property  Coverage B – “Advertising and Personal Injury”  ISSUE : Too narrow to protect insured as it covers specific types of injury—not including misuse or disclosure of private information

7 ©2015, Amy Stewart PC Limitations of Conventional Coverage  Case Study – Sony  2011 Playstation II Breach  Breach = publication under CGL, Coverage B  Trial court said coverage only if publication was by Sony; liability arising from hacker actions not covered  While appeal pending, Sony and Zurich settled (April 30, 2015)

8 ©2015, Amy Stewart PC Limitations of Conventional Coverage  Case Study – Sony  2014 Email Incident  Sony Pictures CEO: company was covered by cyber policy  Insurers paid most of loss, estimated at $100 million  Uninsured cost to Sony = $15 million

9 ©2015, Amy Stewart PC Limitations of Conventional Coverage  Professional Liability | Errors & Omissions (E&O)  May provide coverage depending on nature of the “professional services”  ISSUE : non-technology insureds are unlikely to have coverage for common cyber exposures  Business Interruption Insurance  ISSUE : does not cover business interruption loss caused by damage to non-tangible property, i.e., data

10 ©2015, Amy Stewart PC Cyber & Privacy Insurance  Broadly speaking, cyber insurance covers risks and liability associated with e-business, the Internet, computer networks and technology, privacy issues, computer virus transmission and other means by which compromised data is passed to a third party  Policies vary widely; not standardized (although ISO has begun promulgating forms)

11 ©2015, Amy Stewart PC Cyber Policies – Basic Concepts  First-Party Coverage  Covers the insured’s own loss and expenses  Cyber theft  Failure of insured’s systems  Network interruption coverage  Privacy event management, breach notification costs, call center expenses  Cyber extortion – pays “ransom” costs  Forensic investigation costs  Cost associated with restoration of data (often subject to a large retention)

12 ©2015, Amy Stewart PC Cyber Policies – Basic Concepts  Third-Party Coverage  Covers the insured’s exposure to others  Defense costs for litigation initiated against insured  Indemnity for cyber-related claims  Damages to third-party claimants  Fines + penalties  Breach notification costs  Crisis management  Call centers  Credit / identity monitoring

13 ©2015, Amy Stewart PC Cyber Policies – Basic Concepts  Insuring agreement – sample #1 The Company shall pay Loss on behalf of an Insured on account of any Claim first made against such Insured during the Policy Period, or, if exercised, during the Extended Reporting Period, for Injury.

14 ©2015, Amy Stewart PC Cyber Policies – Basic Concepts  Insuring agreement – sample #2 The Insurer shall pay on an Insured’s behalf all Loss in excess of the applicable Retention that such Insured is legally obligated to pay resulting from a Claim alleging a Security Failure or a Privacy Event.

15 ©2015, Amy Stewart PC Cyber Policies – Basic Concepts  Definition of Claim —  a written demand for money, services, non- monetary relief or injunctive relief;  a Suit ; or  a Regulatory Action Regulatory Action = request for information, civil investigative demand or civil proceeding brought by or on behalf of a governmental agency, including requests for information.

16 ©2015, Amy Stewart PC Cyber Policies – Basic Concepts  Claims-made coverage v. occurrence- based coverage  Claims-made = coverage triggered when a claim is made against an insured (common for third-party coverages)  Occurrence-based = coverage triggered by an injury  Some policies providing multiple coverages may combine the two types—can be confusing  Important for determining which policy is triggered

17 ©2015, Amy Stewart PC Specific Cyber Coverages  Breach Notification Expenses  Necessary due to emerging regulations on notifying those affected by a security breach  May be provided with no deductible  E-Theft  Protects insured from fraudulent transfers of funds or property as result of theft-related cyber crimes  Loss, damage or destruction of media (non-tangible property) may also be included in cyber theft coverage

18 ©2015, Amy Stewart PC Specific Cyber Coverages  Crisis Management & Reward Expenses  Likely need coverage for a team to manage publicity surrounding a privacy or security breach. This team might include:  Breach Coach  Legal Counsel  Information security forensic investigator  Public Relations Consultant  Advertising or Media Relations  Also covers reward expenses incurred due to the investigation of a cyber-security event

19 ©2015, Amy Stewart PC Specific Cyber Coverages  Denial or Impairment of E-Service  Fills gap in business interruption policy by covering losses caused by damage to non-tangible property  Specifically, will cover loss incurred as the result of impairment or denial of insured’s business activities caused by a  Hacker,  Rogue employee, or  Cyber terrorist

20 ©2015, Amy Stewart PC Specific Cyber Coverages  E-Communication  Covers a loss caused by:  transfer of fund or property,  debiting of an account or  establishment of credit pursuant to the direction of a fraudulent e- communication that purports to have been initiated by the insured  Might protect from risk of loss to third parties for which the insured may be liable

21 ©2015, Amy Stewart PC Specific Cyber Coverages  E-Vandalism  Loss to data and intangible property caused by cyber terrorists or hackers  E-Threat  “Kidnap and Ransom” coverage  Cyber extortion  E-Signature  Loss resulting from insured’s acceptance of and reliance upon a fraudulent e-signature

22 ©2015, Amy Stewart PC Common Exclusions Basic exclusions—  Claims arising from violations of ERISA  Criminal, fraudulent or dishonest acts by an insured  Breach of contract  Claims brought by insureds  Patent infringement  Bodily injury

23 ©2015, Amy Stewart PC Common Exclusions Exclusions designed to push risks back to the insured—  Data lost from unencrypted devices  Inadequate security about which the insured knows (potential D&O issue)  Failure to take steps to design, maintain and upgrade security systems (D&O)  Failures of security software (D&O)

24 ©2015, Amy Stewart PC Negotiating Points  Make sure entities are covered, not just insured persons  Pay attention to policy provisions that limit covered locations  Make sure any war exclusions have a cyberterrorism carve-back  Consider sublimits in view of risk transfer objectives  Request pre-approval of vendors, if desired

25 ©2015, Amy Stewart PC Questions?

26 Contact Information Amy Elizabeth Stewart amy@amystewartlaw.com AMY STEWART LAW Mockingbird Station 5307 E. Mockingbird Lane, Suite 425 Dallas, Texas 75206 214 233 7076 main

Download ppt "©2015, Amy Stewart PC Title Here Cyber Insurance: The Future is Now Texas Lawyer In-House Counsel Summit May 8, 2015 Texas Lawyer In-House Counsel Summit."

Similar presentations

A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.

A GIA is a contract between a surety company and a contractor (or subcontractor)/principal. A GIA is a standard, typical document in the construction.
Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Basics of Insurance Law PLI: Bridge the Gap II Robert H. Friedman May 26, 2005 Robert H. Friedman May 26, 2005 1.

Basics of Insurance Law PLI: Bridge the Gap II Robert H. Friedman May 26, 2005 Robert H. Friedman May 26,
Commercial Insurance: What Every GC Should Know Edwin L. Doernberger, Esq. Jeffrey J. Vita, Esq. Tuesday, October 7, 2008.

Commercial Insurance: What Every GC Should Know Edwin L. Doernberger, Esq. Jeffrey J. Vita, Esq. Tuesday, October 7, 2008.
Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.

Insurance in the Cloud Ben Hunter, Canadian Underwriting Specialist Technology Insurance Specialty Chubb Insurance Company of Canada.
Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.

Presented at: Ctuit Software and Lathrop & Gage LLP Food & Hospitality Roundtable San Francisco, CA April 29, 2013 Presented by: Leib Dodell, Esq.
Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.

Cyber Liability- Risks, Exposures and Risk Transfer for a Data Breach June 11, 2013.
IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.
Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,

Cyber Insurance Today: Lots of Interest, Lots of Product Innovation, and Lots of Risk Richard S. Betterley, CMC Betterley Risk Consultants, Inc. Sterling,
Law I Chapter 18.

Law I Chapter 18.
Managing Cyber Risk Through Insurance and Vendor Contracts

Managing Cyber Risk Through Insurance and Vendor Contracts
Page 1 Recording of this session via any media type is strictly prohibited. Edward M. Joyce Partner Jones Day Invasion of Privacy, Hacking & IP Claims:

Page 1 Recording of this session via any media type is strictly prohibited. Edward M. Joyce Partner Jones Day Invasion of Privacy, Hacking & IP Claims:
Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.

Lockton Companies International Limited. Authorised and regulated by the Financial Services Authority. A Lloyd’s Broker. Protecting Your Business from.
Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved. 4025 W. Peterson Ave. Chicago, IL 60646-6085.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.

Financial Institutions – Cyber Risk Managing Cyber Risks In An Interconnected World State Compensation Insurance Fund Audit Committee Meeting – February.
Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.

Presented by: Jamie Orye, JD, RPLU Beazley Group Pennsylvania Association of Mutual Insurance Companies Annual Spring Conference March 12, 2015.
Recent Trends and Insurance Considerations March 2015

Recent Trends and Insurance Considerations March 2015
2 3 4 5 6 www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.

Presented by: Paul J. Miola, CPCU, ARM Executive Director October, 2013.
BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius 4444 50% Hiscox 33 50% to May 2010, replaced.

BACKGROUND  Hawkes Bay Holdings/Aquila Underwriting LLP  Established 2009 utilising Lloyd’s capacity: Canopius % Hiscox 33 50% to May 2010, replaced.

Similar presentations

Ads by Google