Captive Insurance and Cyber Risk


Published on

This presentation explains how captive insurance companies are great vehicles for the under-writing of cyber risk

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Captive Insurance and Cyber Risk

  1. 1. Cyber Exposures: RisksWell-Suited for CaptiveInsurersJean Lamfers, Esq.Author of Cyber Insurance Policies, Consultant toNational & International Insurers and Partnerwith the Law Firm ofLamfers, Sheehan & Ozegovic, and Lsolaw.com913-962-8200
  2. 2. Why Is Cyber Exposure a Concern for My Business? Because virtually all businesses access or store confidential information. Because employees and independent contractors DO make mistakes in how they handle private information. Because the employer is responsible for the acts of their employees. Because federal and state laws, in response to constituents’ demands, have evolved into essentially “strict liability” for privacy breaches.
  3. 3. Examples of Common, Recent Incidents Theft of Mobile Devices ◦ A county-owned laptop was stolen from a Las Vegas hotel room with 35,000 county residents’ personal information ◦ Info came from Dept of Motor Vehicles included social security numbers & drivers’ license numbers ◦ The good news: The device was password protected. ◦ The bad news: Regardless of password protection, the county had to notify potentially affected residents and take other remedial actions.
  4. 4. Examples of Common, Recent Incidents Security Companies Are Breached ◦ RSA, known for their patented, second-layer password protection system, was secretly sabotaged for an extended time period ◦ The system uses keychain fobs, which receive & display numerical sequences updated approx. every 60 seconds ◦ Users enter the displayed sequence from the fob within a given time as a secondary password protection to access their company’s computers remotely ◦ The system was in use by many high- security industries and the government
  5. 5. Examples of Common, Recent Incidents Paper Data Breaches Are Common ◦ A billing service for 4 hospitals in MA improperly “recycled” 3 years of patient records at a recycling transfer station ◦ A newspaper employee witnessed the “disposal” and retrieved samples ◦ The result: a public relations nightmare and overwhelming notification/audit process
  6. 6. Examples of Common, Recent Incidents Rogue Employees ◦ During an investigation of an employee’s own residential burglary, police found more than they expected ◦ A Thomson CompuMark Data employee was implicated after police collected info suggesting the employee had removed paper records with customer payment card info from his employer ◦ These types of incidents occur with hair- raising frequency in the restaurant, hotel, retail and nearly-every, consumer-related industry.
  7. 7. Costs and Outcomes Can BeExtraordinary Florida Attorney General settled with a check services company for $850,000 for its investigative costs and attorney’s fees plus $125,000 contribution to an educational crime prevention program. A former employee stole the personal data. (He’s serving nearly 5 years in federal prison.) State and federal regulators are using high profile incidents with sizeable awards or settlements as examples to spur prevention and curb knowing violations.
  8. 8. What Does Cyber Insurance Cover?Damages claims by third parties for network security breachesCosts incurred to notify persons impacted by a data breachRegulatory fines imposed by governmentsCosts to restore data lost or compromisedInvestigation costs for computer forensic analysis
  9. 9. What Does Cyber Insurance Cover?Crisis management costs--public relations and damage controlCoverage for losses to or caused by data that’s maintained by a third party on your company’s behalfCoverage for “gaps” in typical general liability policies for claims arising out of the creation and distribution of content on websites, blogs, or social media
  10. 10. Why Choose a Captive for Cyber Risks? Captives can deliver cyber insurance uniquely tailored for your business. You and your program developer decide what risks to insure. Risk management and risk audits can improve your bottom line. Top-Down implementation is more successful, which the captive structure inherently encourages.
  11. 11. The Law Firm of Lamfers,Sheehan & Ozegovic, LLC Relevant experience writing cyber insurance and errors and omissions insurance policies for well- known companies Extensive claims management experience in niche markets of technology, media, cyber and privacy Ability to deliver risk management and ongoing product support without the large firm overhead. Insurance industry contacts for successful placement of any requisite reinsurance.
  12. 12. Cyber Exposures: RisksWell-Suited for CaptiveInsurersJean Lamfers, Esq.Author of Cyber Insurance Policies, Consultant toNational & International Insurers and Partnerwith the Law Firm ofLamfers, Sheehan & Ozegovic, LLC6333 Long Avenue, Suite 102Shawnee, Kansas and