cyber liaility insurance the basics

CYBER LIABILITY INSURANCE

Koushik ACII

What is Cyber Risk ??

Types of Damages

How are industries exposed to this risk ?

Common Misconceptions in Cyber Risk

Cyber Liability Exposures

Cyber Risk Impact ( Energy Sector )

Insurable Cyber Risks

Pricing & UW Considerations

Managing Cyber Risks

OUR DISCUSSION TODAY

Cyber Risk• any risk of financial loss, disruption

or damage to the reputation of an organisation from some sort of failure of its information technology systems (includes networks & the internet).

Non-Physical Damage

• Data Corruption

• Theft of Intellectual property

• Financial Data Theft

• Extortion

Physical Damage

• Infection of software

• Manipulation / overriding system controls

• Operations disruption

Types of Damages

2 Types of companies

• Companies who have had a security breach

• Companies who don’t Know that they have had a breach

ALL COMPANIES HAVE CYBER RISK

“ We have a 3rd Party Payment process , so we have transferred our exposure “

Even if a breach happens with payment processor, Primary company will be still held liable under privacy laws

We have upgraded our security by transferring our data to a cloud provider “

Cloud Service providers are the best opportunity for hackers , And guess what the data handled by them is YOUR CUSTOMER DATA AND THEFT OF THAT DATA IS GOIN TO PUT YOU IN TROUBLE

Common Misconceptions

Cyber Liability Exposures

Market Disruption

• Hacking into company data on reserves – cause industry wide impact

• Commodity pricing

Physical Damage

• Attack on dams – Massive PD & compromise water supply

• Gaining control of wind turbine – damage of equipment

IMPLICATIONS ON ENERGY SECTOR

Human Harm

• Hacking a Nuclear plant – Core meltdown – radioactive catastrophe – Another Chernobyl !!!!

• Infiltration of Electric grid – Result in mass black-out

Financial Loss

• Business interruption / CBI

• Data Theft

• Liability of power producers towards manufactures

• Regulatory Fines

WHY ENERGY ??

Economic & physical consequences of cyber attack on

energy could be

SEVERE !!

2015, Ukraine , Power Grid

• Hack on 3 distribution companies

• Affected 80,000 Energy Customers

2012, SAUDI ARABIA , ARAMCO

• 30,000 Computers affected because of virus ( SHAMOON)

• Systems offline for 10 Days, 85 % of company's hardware destroyed

2003, Ohio Nuclear Plant

• Slammer fastest worm in history disabled safety monitoring systems for 5 Hrs

List of Past Cyber Attacks

Theft:

• Identity theft

• Theft of digital assets

Business interruption

• Lost Income

• Recovery of damaged data records

• Reputational damage

• Cost of Credit Monitoring of impacted clients

Key Insurable Cyber Risks

Pricing Cyber Risk

Strength of Security SystemLikelihood of intrusion

Risk Management CultureControl in place & role of compliance & audit

Frequency Severity

Disaster RecoveryAbility to recover from attack

Rating of Service ProvidersReliability of cloud providers, backup providers, website, etc

Legal Fees & Fines

IT Staff Costs

Data restoration

PR & Marketing Costs

Extortion

Customer Support

Lost Income

Policy Terms

Legal LiabilityNot complying with privacy laws

Crisis Management CostsInforming customers, public relations & adverts

Data ExtortionRansom Payment

First Party Risks Third Party Risks

Loss of IncomeAs a result of network failure & downtime

Data RecoveryIT Staff overtime, data retrieval & verification

Security LiabilityLiability arising from breach of security

Multimedia LiabilityLiability arising from insured’s internet, advertising & marketing activities

Professional LiabilityLiability arising out of negligence in providing IT Services

Business

• Type of business

• Size of business

• Scope of the business

Number of customers

Multimedia

• Presence on the Web

• Data collected and stored

Enterprise Risk Management (ERM) techniques applied by the business to protect its computer network and its assets.

• Risk management procedure & culture

UW Considerations

Cyber Crime – Global Costs -

Sources: 1 World Bank (2013) 2Net Losses: Estimating the Global Cost of Cyber-Crime, CSIS/McAfee 3Allianz Global Corporate & Specialty

Respondents by region

Reasons for buying cyber insurance

Greatest concern for cyber risk purchase ( Rated in scale of 1-5)

Coverage requirement for new cyber insurance buyers

Top Factors for influencing Cyber insurance

Policies in which Cyber Extension is given through endorsement

Challenges in Selling Cyber

Risk Identification / proposal Form

Potential Risk Event LikelihoodPotential Impact

Website copyright/trademark infringement claims

Legal liability to others for computer security breaches(non-privacy)

Legal liability to others for privacy breaches

Privacy breach notification costs & credit monitoring

Privacy regulatory action defense and fines

Costs to repair damage to your information assets

Loss of revenue due to a failure of security or computer attack

Loss of revenue due to a failure of security at a dependent technology provider

Cyber Extortion Threat

• Cyber risk is an emerging risk in the world

• Cyber risk is no-longer an IT issue, it is a Board Level issue

• Increasing Interconnection & Digitization

• Technology vendors play a critical role

• Cyber insurance is one mechanism of risk transfer

Conclusions

In the end everything is

D&O liability !!

Key Statistics & sources of information

• Key Statistics- Source Advisen Ltd – Partner re Publication Oct 2016

• Aon Cyber Survey 2016

• Marsh Global economic Forum – Energy Risk Cyber Article

• Allianz Cyber risk Articles

• Liberty Specialty Presentation on Cyber

?QUESTIONS