Meeting the Cyber Risk Challenge
Mark Fishleigh
Director, Detica
Jérôme Gossé
Financial Lines Underwriter, Zurich Global C...
Questions?
OCTOBER 17, 2012
To ask a question
… click on the
“question icon” in
the lower-right
corner of your
screen.
Mark Fishleigh
Director
Detica
Meeting the Cyber Risk Challenge
Sponsored by
NOVEMBER 27, 2012
Jérôme Gossé
Financial Lines Underwriter
Zurich Global Corporate France
Meeting the Cyber Risk Challenge
Sponsored by
NOVE...
Julia Graham
Chief Risk Officer
DLA Piper International LLP
Meeting the Cyber Risk Challenge
Sponsored by
NOVEMBER 27, 2012
Andrew Horrocks
Partner
Clyde & Co
Meeting the Cyber Risk Challenge
Sponsored by
NOVEMBER 27, 2012
What Is Cyber Risk?
Sponsored by
Setting the scene
• Information and the Information Age
• An asset like no other – the Digital Revolution
• Privacy
• Pers...
• Three-quarter of respondents report growing concern around
information security and privacy
• Only 16.3% have a chief in...
Agenda
Sponsored by
• Challenges in Regulation and
Compliance
• Who Leads the Efforts Around Managing
Cyber Risk
• Mobiliz...
Challenges in Legislation and
Compliance
Sponsored by
NOVEMBER 27, 2012
Data Protection Act 1998 (DPA)
• Eight data protection principles:
1. Processed fairly and lawfully
2. Obtained only for s...
• Sanctions and enforcement
– Information
Commissioner’s Office
(ICO)
– Enforcement notices
– Fines (up to £500,000)
– Cri...
The Draft European Regulation on Data
Protection
– Fines of up to £2million of annual worldwide
turnover for companies and...
Fines and Penalties
– FSA sanctions
– ICO fines
• s.55 Data Protection Act 1988
• Safeway Stores Ltd v Twigger
(2010) CA
•...
Cyber Risk is an Enterprise-wide risk
• Enterprise-Wide Risk Management (“ERM”)
– a strategic business discipline that sup...
A rising tide in Regulation and Compliance
• Business operations – Shorter term / tactical / often cyclical
• Strategic – ...
Who Leads the Efforts to
Manage Cyber Risk?
How Will You Mobilize to
Meet the Challenges?
Sponsored by
NOVEMBER 27, 2012
Who Is Leading the Efforts Around
Managing Cyber Risk
• All are applying pressure to IS budgets
– Strategists more than mo...
Integrating to Meet the Challenges
• Confidentiality of information
1. Contracts
2. Policies
3. Training
4. Monitoring
5. ...
Governance
Governance Advisory Board
• Core set of Principles defined by the organization and owned by
leadership and stak...
Ten Steps - Raising Board Awareness and
Setting the Tone
1. Home and mobile working
2. User education and awareness
3. Inc...
Key steps in cyber loss prevention and
control
Prepare
Understand cyber risks and
plan their mitigation
Protect
Protect in...
Key steps in cyber loss prevention and
control
Prepare
Understand cyber risks and
plan their mitigation
Protect
Protect in...
The cyber threat is multi-faceted
Threats
Commercial malware
Denial of Service (Dos)
External hacking of internal
systems ...
Align security strategy to your risk
position
Identify threat
Assess probability
Assess impact
Assess
vulnerability
Identi...
Key steps in cyber loss prevention and
control
Prepare
Understand cyber risks and
plan their mitigation
Protect
Protect in...
Key steps in cyber loss prevention and
control
Prepare
Understand cyber risks and
plan their mitigation
Protect
Protect in...
Key steps in cyber loss prevention and
control
Prepare
Understand cyber risks and
plan their mitigation
Protect
Protect in...
The Role of Insurance and Insurers
Sponsored by
31
The role of Insurance and Insurers
Why the interest?
• Frequency and costs are escalating
• Data breaches are well publ...
The role of Insurance and Insurers
Potential incident
Traditional
policy
Cyber policy
Legal liability resulting from compu...
33 33
Transferable Costs of a Cyber incident
Crisis Management / Cost to Restore Reputation (Direct Expenses)
• Legal, pub...
34
Financial Impact (cont.)
34
Additional Costs of a Cyber incident
Damage to Reputation
Customer Churn/Loss of consumer c...
The role of Insurance and Insurers
• Insurance does not replace but can enhance risk management
• Underwriting of cyber ri...
What Happens in the Aftermath of An
Incident?
Sponsored by
Commercial in Confidence 37 June 2012
Responding to an incident
“Is this a real incident?”
“Are my clients likely to find ...
38
Speed of understanding is key to loss
mitigation
Time
Attacker
activity
Understanding
Informed decision
1 2
3
1
2
3
Tim...
Commercial in Confidence 39 June 2012
Incident response approach
Establish the
facts
Establish the
facts
Immediate actionI...
Questions?
OCTOBER 17, 2012
To ask a question
… click on the
“question icon” in
the lower-right
corner of your
screen.
Thank you for joining us!
Sponsored by
Upcoming SlideShare
Loading in …5
×

Meeting the cyber risk challenge

1,546 views

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,546
On SlideShare
0
From Embeds
0
Number of Embeds
439
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Prepare Risk is the product of threat, impact and vulnerability. While there are many firms in the market that can measure vulnerability and impact, Detica through its experience of protecting the UK’s most sensitive information assets from advanced attacks, has the means to accurately assess the risk of a targeted attack. We review risk in the context of the firm’s existing controls and degree of risk it is willing to tolerate to make a risk assessment and if appropriate, create and blueprint and business case to implement measures for bringing the firm’s security controls in line with the risks it’s prepared to accept. Protect Advise and build secure IT systems, we deploy X-domain technology to provided protected access to highly sensitive data. We enable organisations to integrate IT and physical security, and share intelligence. Monitor Detica Treidan is an enterprise cyber risk management platform developed specifically to detect targeted attacks. Treidan collects network activity data and uses this data, together with data already collected by the firm and data from 3 rd parties’ sources, to detect potentially suspicious activities. Sophisticated analytical techniques employing statistical and behavioural analysis, and our experience of how targeted attacks are perpetrated, are used to spot anomalous activity within the firm’s network and identify the stage of a targeted attacks. We then recommend remedial action based on what we can observe about the attacker’s intent. A managed service providing 24/7 protective monitoring of client networks up to and including IL3 focussed on non-targetted attacks such as virus outbreaks, denial of service attacks and speculative intrusion attempts. > Able to provide global coverage > Near real-time alerting > Cost competitive with others in the SOC market SOC based in Leeds and provides monitoring services to organisations such as HMG and BAE Systems Respond Currently asked to respond to several incidents each month 1 of 3 companies used by Centre for Protection of National Infrastructure to respond to security incidents across commercial base We support major incident response by Confirm: Establish the facts around the initial compromise Capture: Capture logs, network and host agent data for analysis Expose: Fully understand the origin and extent of the compromise Remediate: Safely inhibit the attack and secure the network Resume: Return to normal operations with enhanced security Our aim is to restore the network to a ‘clean’ state in order to resume normal activities We use experienced investigators available for investigations of suspicious activity Catalogue services: Incident review Disk analysis Malware analysis Network and application event log analysis Email analysis We provide actionable intelligence on compromised assets and active threats We have sophisticated tools and proprietary data to help us attribute the attack source.
  • Prepare Risk is the product of threat, impact and vulnerability. While there are many firms in the market that can measure vulnerability and impact, Detica through its experience of protecting the UK’s most sensitive information assets from advanced attacks, has the means to accurately assess the risk of a targeted attack. We review risk in the context of the firm’s existing controls and degree of risk it is willing to tolerate to make a risk assessment and if appropriate, create and blueprint and business case to implement measures for bringing the firm’s security controls in line with the risks it’s prepared to accept. Protect Advise and build secure IT systems, we deploy X-domain technology to provided protected access to highly sensitive data. We enable organisations to integrate IT and physical security, and share intelligence. Monitor Detica Treidan is an enterprise cyber risk management platform developed specifically to detect targeted attacks. Treidan collects network activity data and uses this data, together with data already collected by the firm and data from 3 rd parties’ sources, to detect potentially suspicious activities. Sophisticated analytical techniques employing statistical and behavioural analysis, and our experience of how targeted attacks are perpetrated, are used to spot anomalous activity within the firm’s network and identify the stage of a targeted attacks. We then recommend remedial action based on what we can observe about the attacker’s intent. A managed service providing 24/7 protective monitoring of client networks up to and including IL3 focussed on non-targetted attacks such as virus outbreaks, denial of service attacks and speculative intrusion attempts. > Able to provide global coverage > Near real-time alerting > Cost competitive with others in the SOC market SOC based in Leeds and provides monitoring services to organisations such as HMG and BAE Systems Respond Currently asked to respond to several incidents each month 1 of 3 companies used by Centre for Protection of National Infrastructure to respond to security incidents across commercial base We support major incident response by Confirm: Establish the facts around the initial compromise Capture: Capture logs, network and host agent data for analysis Expose: Fully understand the origin and extent of the compromise Remediate: Safely inhibit the attack and secure the network Resume: Return to normal operations with enhanced security Our aim is to restore the network to a ‘clean’ state in order to resume normal activities We use experienced investigators available for investigations of suspicious activity Catalogue services: Incident review Disk analysis Malware analysis Network and application event log analysis Email analysis We provide actionable intelligence on compromised assets and active threats We have sophisticated tools and proprietary data to help us attribute the attack source.
  • Prepare Risk is the product of threat, impact and vulnerability. While there are many firms in the market that can measure vulnerability and impact, Detica through its experience of protecting the UK’s most sensitive information assets from advanced attacks, has the means to accurately assess the risk of a targeted attack. We review risk in the context of the firm’s existing controls and degree of risk it is willing to tolerate to make a risk assessment and if appropriate, create and blueprint and business case to implement measures for bringing the firm’s security controls in line with the risks it’s prepared to accept. Protect Advise and build secure IT systems, we deploy X-domain technology to provided protected access to highly sensitive data. We enable organisations to integrate IT and physical security, and share intelligence. Monitor Detica Treidan is an enterprise cyber risk management platform developed specifically to detect targeted attacks. Treidan collects network activity data and uses this data, together with data already collected by the firm and data from 3 rd parties’ sources, to detect potentially suspicious activities. Sophisticated analytical techniques employing statistical and behavioural analysis, and our experience of how targeted attacks are perpetrated, are used to spot anomalous activity within the firm’s network and identify the stage of a targeted attacks. We then recommend remedial action based on what we can observe about the attacker’s intent. A managed service providing 24/7 protective monitoring of client networks up to and including IL3 focussed on non-targetted attacks such as virus outbreaks, denial of service attacks and speculative intrusion attempts. > Able to provide global coverage > Near real-time alerting > Cost competitive with others in the SOC market SOC based in Leeds and provides monitoring services to organisations such as HMG and BAE Systems Respond Currently asked to respond to several incidents each month 1 of 3 companies used by Centre for Protection of National Infrastructure to respond to security incidents across commercial base We support major incident response by Confirm: Establish the facts around the initial compromise Capture: Capture logs, network and host agent data for analysis Expose: Fully understand the origin and extent of the compromise Remediate: Safely inhibit the attack and secure the network Resume: Return to normal operations with enhanced security Our aim is to restore the network to a ‘clean’ state in order to resume normal activities We use experienced investigators available for investigations of suspicious activity Catalogue services: Incident review Disk analysis Malware analysis Network and application event log analysis Email analysis We provide actionable intelligence on compromised assets and active threats We have sophisticated tools and proprietary data to help us attribute the attack source.
  • Prepare Risk is the product of threat, impact and vulnerability. While there are many firms in the market that can measure vulnerability and impact, Detica through its experience of protecting the UK’s most sensitive information assets from advanced attacks, has the means to accurately assess the risk of a targeted attack. We review risk in the context of the firm’s existing controls and degree of risk it is willing to tolerate to make a risk assessment and if appropriate, create and blueprint and business case to implement measures for bringing the firm’s security controls in line with the risks it’s prepared to accept. Protect Advise and build secure IT systems, we deploy X-domain technology to provided protected access to highly sensitive data. We enable organisations to integrate IT and physical security, and share intelligence. Monitor Detica Treidan is an enterprise cyber risk management platform developed specifically to detect targeted attacks. Treidan collects network activity data and uses this data, together with data already collected by the firm and data from 3 rd parties’ sources, to detect potentially suspicious activities. Sophisticated analytical techniques employing statistical and behavioural analysis, and our experience of how targeted attacks are perpetrated, are used to spot anomalous activity within the firm’s network and identify the stage of a targeted attacks. We then recommend remedial action based on what we can observe about the attacker’s intent. A managed service providing 24/7 protective monitoring of client networks up to and including IL3 focussed on non-targetted attacks such as virus outbreaks, denial of service attacks and speculative intrusion attempts. > Able to provide global coverage > Near real-time alerting > Cost competitive with others in the SOC market SOC based in Leeds and provides monitoring services to organisations such as HMG and BAE Systems Respond Currently asked to respond to several incidents each month 1 of 3 companies used by Centre for Protection of National Infrastructure to respond to security incidents across commercial base We support major incident response by Confirm: Establish the facts around the initial compromise Capture: Capture logs, network and host agent data for analysis Expose: Fully understand the origin and extent of the compromise Remediate: Safely inhibit the attack and secure the network Resume: Return to normal operations with enhanced security Our aim is to restore the network to a ‘clean’ state in order to resume normal activities We use experienced investigators available for investigations of suspicious activity Catalogue services: Incident review Disk analysis Malware analysis Network and application event log analysis Email analysis We provide actionable intelligence on compromised assets and active threats We have sophisticated tools and proprietary data to help us attribute the attack source.
  • Prepare Risk is the product of threat, impact and vulnerability. While there are many firms in the market that can measure vulnerability and impact, Detica through its experience of protecting the UK’s most sensitive information assets from advanced attacks, has the means to accurately assess the risk of a targeted attack. We review risk in the context of the firm’s existing controls and degree of risk it is willing to tolerate to make a risk assessment and if appropriate, create and blueprint and business case to implement measures for bringing the firm’s security controls in line with the risks it’s prepared to accept. Protect Advise and build secure IT systems, we deploy X-domain technology to provided protected access to highly sensitive data. We enable organisations to integrate IT and physical security, and share intelligence. Monitor Detica Treidan is an enterprise cyber risk management platform developed specifically to detect targeted attacks. Treidan collects network activity data and uses this data, together with data already collected by the firm and data from 3 rd parties’ sources, to detect potentially suspicious activities. Sophisticated analytical techniques employing statistical and behavioural analysis, and our experience of how targeted attacks are perpetrated, are used to spot anomalous activity within the firm’s network and identify the stage of a targeted attacks. We then recommend remedial action based on what we can observe about the attacker’s intent. A managed service providing 24/7 protective monitoring of client networks up to and including IL3 focussed on non-targetted attacks such as virus outbreaks, denial of service attacks and speculative intrusion attempts. > Able to provide global coverage > Near real-time alerting > Cost competitive with others in the SOC market SOC based in Leeds and provides monitoring services to organisations such as HMG and BAE Systems Respond Currently asked to respond to several incidents each month 1 of 3 companies used by Centre for Protection of National Infrastructure to respond to security incidents across commercial base We support major incident response by Confirm: Establish the facts around the initial compromise Capture: Capture logs, network and host agent data for analysis Expose: Fully understand the origin and extent of the compromise Remediate: Safely inhibit the attack and secure the network Resume: Return to normal operations with enhanced security Our aim is to restore the network to a ‘clean’ state in order to resume normal activities We use experienced investigators available for investigations of suspicious activity Catalogue services: Incident review Disk analysis Malware analysis Network and application event log analysis Email analysis We provide actionable intelligence on compromised assets and active threats We have sophisticated tools and proprietary data to help us attribute the attack source.
  • Meeting the cyber risk challenge

    1. 1. Meeting the Cyber Risk Challenge Mark Fishleigh Director, Detica Jérôme Gossé Financial Lines Underwriter, Zurich Global Corporate France Julia Graham Chief Risk Officer, DLA Piper International LLP Andrew Horrocks Partner, Clyde & Co NOVEMBER 27, 2012 Sponsored by
    2. 2. Questions? OCTOBER 17, 2012 To ask a question … click on the “question icon” in the lower-right corner of your screen.
    3. 3. Mark Fishleigh Director Detica Meeting the Cyber Risk Challenge Sponsored by NOVEMBER 27, 2012
    4. 4. Jérôme Gossé Financial Lines Underwriter Zurich Global Corporate France Meeting the Cyber Risk Challenge Sponsored by NOVEMBER 27, 2012
    5. 5. Julia Graham Chief Risk Officer DLA Piper International LLP Meeting the Cyber Risk Challenge Sponsored by NOVEMBER 27, 2012
    6. 6. Andrew Horrocks Partner Clyde & Co Meeting the Cyber Risk Challenge Sponsored by NOVEMBER 27, 2012
    7. 7. What Is Cyber Risk? Sponsored by
    8. 8. Setting the scene • Information and the Information Age • An asset like no other – the Digital Revolution • Privacy • Personally identifiable information is collected and stored. Improper control can cause issues which may arise from a range of information sources, such as healthcare records and financial institution transactions • Confidentiality – Different Categories of information • Cyber – Third party risks – First party risks • The Challenge – As technology advances the desire for data privacy increases Tim Berners-Lee, left, and Robert Cailliau, right, inventors of the World Wide Web, pose next to the first Web server 8
    9. 9. • Three-quarter of respondents report growing concern around information security and privacy • Only 16.3% have a chief information security officer: 40% say CIO head of IT is most likely to be in charge • More than half said board involvement is growing. • Majority said government and business must work together. But 55% half cited concerns about restrictive data protection rules: 48.7% about adoption of breach notification. • Thirty six percent said training is conducted at enterprise level for all employees: only 36.3% said training occurs either annually or biannually. • Less than half – 44.1% – said their company's budget for managing cyber risk has increased Cyber Risk Survey Results Sponsored by
    10. 10. Agenda Sponsored by • Challenges in Regulation and Compliance • Who Leads the Efforts Around Managing Cyber Risk • Mobilizing to Meet the Challenges • The role of Insurance and Insurers • What Happens in the Aftermath of an Incident
    11. 11. Challenges in Legislation and Compliance Sponsored by NOVEMBER 27, 2012
    12. 12. Data Protection Act 1998 (DPA) • Eight data protection principles: 1. Processed fairly and lawfully 2. Obtained only for specified lawful purposes 3. Adequate, relevant and not excessive 4. Accurate 5. Not kept for longer than is necessary 6. Processed in accordance with individual’s rights 7. Secure 8. Not transferred to countries outside the EEA without adequate protection
    13. 13. • Sanctions and enforcement – Information Commissioner’s Office (ICO) – Enforcement notices – Fines (up to £500,000) – Criminal offences – Civil claims • Rights – Rights of access – Right to object to processing • Notification to ICO? Data Protection Act 1998 (DPA)
    14. 14. The Draft European Regulation on Data Protection – Fines of up to £2million of annual worldwide turnover for companies and administrative sanctions of up to £1million for individuals – The “right to be forgotten” – Reporting and notification requirements – Private rights of action – Requires large businesses to appoint a Data Protection Officer – Applies to businesses – including those based outside the EU
    15. 15. Fines and Penalties – FSA sanctions – ICO fines • s.55 Data Protection Act 1988 • Safeway Stores Ltd v Twigger (2010) CA • Griffin v Hacker Young (2010)
    16. 16. Cyber Risk is an Enterprise-wide risk • Enterprise-Wide Risk Management (“ERM”) – a strategic business discipline that supports the achievement of the organization's objectives by addressing the full spectrum of its risks and managing the combined impact of those risks as an interrelated risk portfolio • ERM reflects current practice in that it: – encompasses all areas of risk – prioritizes and manages exposures as a risk portfolio – evaluates the portfolio in the context of significant internal and external environments, systems, circumstances, and stakeholders – recognizes individual risks are interrelated and can create a combined exposure that differs from the sum of the individual risks – provides a structured process for the management of all risks – views the effective management of risk as a competitive advantage; and – seeks to embed risk management as a management discipline • Why should cyber risks be treated differently? 16
    17. 17. A rising tide in Regulation and Compliance • Business operations – Shorter term / tactical / often cyclical • Strategic – Longer term / deeper / wider / less cyclical • Technology enables many of the systems that result in tactical risks • Business leaders deluded in information strategy and execution? • Information security spend justified by the "stick" of: – laws and regulations – client requirements – potential liability – Industry practice • Most important information: – customer – financial – IP and trade secrets – corporate – employee 17
    18. 18. Who Leads the Efforts to Manage Cyber Risk? How Will You Mobilize to Meet the Challenges? Sponsored by NOVEMBER 27, 2012
    19. 19. Who Is Leading the Efforts Around Managing Cyber Risk • All are applying pressure to IS budgets – Strategists more than most – Lack of vision – Lack of an effective information security strategy • Articulate in their own "languages" • Focus – Prevention – Detection – Web-related technologies • Knowledge of breaches has improved • APT a driver of government focus 19
    20. 20. Integrating to Meet the Challenges • Confidentiality of information 1. Contracts 2. Policies 3. Training 4. Monitoring 5. Restricting access • Information security – Governance – Risk – Compliance – People – Process – Technology 20
    21. 21. Governance Governance Advisory Board • Core set of Principles defined by the organization and owned by leadership and stakeholders including: – HR – Finance – Marketing. – Relevant legal expert/s – Information Security – Information Technology – Knowledge Management – Risk Management – Compliance and Audit
    22. 22. Ten Steps - Raising Board Awareness and Setting the Tone 1. Home and mobile working 2. User education and awareness 3. Incident management 4. Information risk management regime 5. Managing use privileges 6. Removable media controls 7. Monitoring 8. Secure configuration 9. Malware protection 10. Network security ….. Cover 80% of the ground
    23. 23. Key steps in cyber loss prevention and control Prepare Understand cyber risks and plan their mitigation Protect Protect information and IT from attack and reduce the potential impacts of incidents Monitor Monitor systems to detect and prevent incipient incidents Respond Manage the consequences of an incident to minimise its impact 23
    24. 24. Key steps in cyber loss prevention and control Prepare Understand cyber risks and plan their mitigation Protect Protect information and IT from attack and reduce the potential impacts of incidents Monitor Monitor systems to detect and prevent incipient incidents Respond Manage the consequences of an incident to minimise its impact 24
    25. 25. The cyber threat is multi-faceted Threats Commercial malware Denial of Service (Dos) External hacking of internal systems (targeted attacks) SCADA and Industrial Control Insider-assisted data loss Website hacking (information theft, vandalism) Organised Crime Activists Script Kids Industrial Espionage State Sponsored Sophistication/Scope Technological Vulnerabilities exploitation Thrill/Bragging Rights Reputational Damage Financial Gain/Fraud Commercial Advantage Economic and Political Advantage Attackers Intent Social vulnerabilities exploitation A number of actors are motivated to user cyber attacks to meet their goals The most sophisticated actors have a range of capabilities available Attacks tend to exhibit a stable set of behaviours 25
    26. 26. Align security strategy to your risk position Identify threat Assess probability Assess impact Assess vulnerability Identify mitigation options Decide Plan Data asset registers Supply chain Economic analysis Security experience Systems, processes, operating procedures, organisation, training, management, resilience Residual riskUnmitigated risk Business priorities Risk tolerance Risk management objectives Costed business case Risk mitigation improvement plan Threat intelligence Risk mitigation strategy INPUTS OUTPUTS Security improvement options Security strategy 26
    27. 27. Key steps in cyber loss prevention and control Prepare Understand cyber risks and plan their mitigation Protect Protect information and IT from attack and reduce the potential impacts of incidents Monitor Monitor systems to detect and prevent incipient incidents Respond Manage the consequences of an incident to minimise its impact 27
    28. 28. Key steps in cyber loss prevention and control Prepare Understand cyber risks and plan their mitigation Protect Protect information and IT from attack and reduce the potential impacts of incidents Monitor Monitor systems to detect and prevent incipient incidents Respond Manage the consequences of an incident to minimise its impact 28
    29. 29. Key steps in cyber loss prevention and control Prepare Understand cyber risks and plan their mitigation Protect Protect information and IT from attack and reduce the potential impacts of incidents Monitor Monitor systems to detect and prevent incipient incidents Respond Manage the consequences of an incident to minimise its impact 29
    30. 30. The Role of Insurance and Insurers Sponsored by
    31. 31. 31 The role of Insurance and Insurers Why the interest? • Frequency and costs are escalating • Data breaches are well publicized • Companies are increasingly reliance on new technologies (cloud computing, mobile devices, digital wallets, etc…) • Regulatory environment complex and becoming more demanding • Fill the gaps of traditional insurance policies
    32. 32. The role of Insurance and Insurers Potential incident Traditional policy Cyber policy Legal liability resulting from computer security breaches or data breaches Partial cover Full cover Costs related to a data breach: notification costs, call centres, credit monitoring, etc. No cover Full cover Loss or destruction of data / information* Partial cover Full cover Extra expenses to continue the activity following a cyber attack* No cover Full cover Loss of revenues resulting from a cyber attack* No cover Full cover Loss or damage to reputation No cover Partial cover Cyber extortion Partial cover Full cover * Without any material damage
    33. 33. 33 33 Transferable Costs of a Cyber incident Crisis Management / Cost to Restore Reputation (Direct Expenses) • Legal, public relations or other service fees • Advertising or related communications Forensics Investigation Cost of Notification / Call Center Services • Printing, postage or other communications to customers • Cost to engage call center Credit/Identity monitoring, fraud remediation services Business Interruption Losses • Loss of Income • Costs to Recreate Lost or Stolen Data or determine whether data can be restored • Extra Expenses Regulatory: Data Protection Agencies: CNIL, OIC, FSA, FTC, SEC, etc… PCI DSS Fines and Penalties Legal Liability • Suits from customers and vendors (including class actions) • Suits from business partners (breach of NDA) 1st Party Expenses 3rd Party Liability Financial Impact
    34. 34. 34 Financial Impact (cont.) 34 Additional Costs of a Cyber incident Damage to Reputation Customer Churn/Loss of consumer confidence Stock Devaluation Cost to implement a comprehensive written information security program (WISP) Overtime pay for staff Cost to upgrade network security Cost to repair or upgrade damaged property Devaluation of intellectual property and trade secrets Redesign/engineering of critical infrastructure Personnel reclassification Medical bills for physically injured parties 1st Party Expenses 3rd Party Liability
    35. 35. The role of Insurance and Insurers • Insurance does not replace but can enhance risk management • Underwriting of cyber risks demands professional competence –As it should for a buyer ……… • Incident / breach response should form part of the process 35
    36. 36. What Happens in the Aftermath of An Incident? Sponsored by
    37. 37. Commercial in Confidence 37 June 2012 Responding to an incident “Is this a real incident?” “Are my clients likely to find out?” “How do we stop it?” “How long has this been going on for?” “Who is doing this to us?” “How did they do it?” “What have they done?” “How do we stop it happening again?” ? ? ?
    38. 38. 38 Speed of understanding is key to loss mitigation Time Attacker activity Understanding Informed decision 1 2 3 1 2 3 Time taken to identify an attack Speed of understanding Level of understanding 3
    39. 39. Commercial in Confidence 39 June 2012 Incident response approach Establish the facts Establish the facts Immediate actionImmediate action Investigate the incidentInvestigate the incident RemediateRemediate Assess the impact and vulnerabilitiesAssess the impact and vulnerabilities Improve security posture Improve security posture 1. Rapid response 2. Remediation 3. Incident analysis
    40. 40. Questions? OCTOBER 17, 2012 To ask a question … click on the “question icon” in the lower-right corner of your screen.
    41. 41. Thank you for joining us! Sponsored by

    ×