SlideShare a Scribd company logo

2015.10.06 Cyber Risks

Download as PPTX, PDF
FERMA
FERMA

Presentation on cyber risks during FERMA Forum 2015

Education
1 of 50
Navigating Cyber Risk Exposure and Insurance Stephen Wares EMEA Cyber Risk Practice Leader Marsh
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Presentation Format Four Key Questions  How important is cyber risk and how should we view the cyber threat?  To what extent do European organisations have a clear and documented understanding of their cyber risk profile and how can this be improved?  Where are the gaps in knowledge and data that might impair an organisation’s ability to make informed risk transfer choices?  Are the insurance products available meeting client demand or is the insurance market developing a product that clients do not believe they need? 2
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 3 How important is cyber risk and how should we view the cyber threat?
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 4 Importance of cyber risk? Context – National Level UK •“Attacks in cyberspace can have a potentially devastating real-world effect. Government, military, industrial, and economic targets, including critical services, could feasibly be disrupted by a capable adversary.” National Security Strategy, October 2010.
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 5 Importance of cyber risk? Context – National Level USA “Despite ever-improving network defenses, the diverse possibilities for remote hacking intrusions, supply chain operations to insert compromised hardware or software, and malevolent activities by human insiders will hold nearly all ICT systems at risk for years to come. In short, the cyber threat cannot be eliminated; rather, cyber risk must be managed.” Senate Armed Services Committee, February 2015.
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 6 Importance of cyber risk Context – European Cyber Risk Survey 2015 17% 28% 30% 25% Top five risk. Top ten risk. Outside the top 10. Not on the corporate risk register Where does cyber risk feature in the corporate risk register? The fact that over half of all organisations surveyed do not have cyber risk within the top 10 items on the risk register would suggest a divergence from the government view.
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 7 To what extent do European organisations have a clear and documented understanding of their cyber risk profile and how can this be improved?
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 8 Understanding of Cyber Risk Context – European Cyber Risk Survey 2015 4% 26% 49% 21% No understanding. Limited understanding. Basic understanding. Complete understanding. To what extent do you believe your organisation has a clear understanding of its exposure to cyber risk? 79% of organisations reported that they have, at best, a basic understanding of their cyber risk profiles.
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Understanding of Cyber Risk Context – European Cyber Risk Survey 2015 9 The fact that only slightly more than half (57%) of respondents have identified one or more cyber scenarios that could most affect their organisations would …suggest that the lack of a complete understanding and absence/low positioning of cyber on the risk register is, for many companies, filtering through to a lack of definition around specific scenarios that might impact their business. Have you identified one or more cyber scenarios that could most affect your organisation? No Yes
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 10 Understanding Cyber Risk Context – European Cyber Risk Survey 2015 65% 71% 75% 86% 67% 11% 75% 58% 65% 70% 50% 93% 66% 44% 76% 62% 56% 68% 11% 6% 5% 39% 9% 8% 15% 17% 7% 9% 22% 3% 6% 19% 8% 11% 24% 5% 33% 11% 5% 8% 15% 3% 30% 10% 8% 12% 15% Total Europe Belgium Turkey Switzerland Denmark France Portugal Sweden Netherlands Germany Cyprus Russia Austria & CEE Spain Italy Poland UK Ireland IT function including security. Board. Risk management. IT departments continue to take primary responsibility for cyber risk in the majority (65%) of organisations.
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Understanding Cyber Risk Marsh/HM Government, UK Cyber Security Report – Taxonomy 11
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 12 Understanding Cyber Risk Marsh/HM Government, UK Cyber Security Report – Risk Profile for a Large Business – Insurer View
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 13 Understanding Cyber Risk Scenario Gathering Process  Set parameters  Which group companies, business divisions are in scope?  Malicious events versus non-malicious events.  Map the IT value chain.  Gather exposure data  Single day workshop.  Structured interviews.  Questionnaire.  Select from a menu.  Refine to create risk scenarios for material exposures  Amalgamate common/similar items.  Write up as a scenario that can be considered for quantification.  Remove immaterial items, reallocate any that don’t fit parameters.
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Understanding Cyber Risk Scenario Example 14 Actor Criminal Motivation Acquisition of payment card details Means of access Remote via internet Point of attack Point of sale devices Damage • Investigation/response costs • PCI fines and assessments • Regulatory (ICO) fines and costs • Civil compensation claims o Banks o Customers o Shareholders • Reputational income loss
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 15 Where are the gaps in knowledge and data that might impair an organisation’s ability to make informed risk transfer choices?
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Preparedness for Risk Transfer 16 1. An understanding of the event that is to trigger an insurance. 2. An appreciation of the likely quantum. 3. An appreciation as to the likely frequency of the triggering event.
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 17  The majority of organisations (68%) have not yet made any attempt to estimate/calculate loss estimates making it difficult to direct mitigation efforts to areas of most potential harm. 17% 6% 10% 20% 13% 14% 10% 5% 22% 25% 9% 25% 12% 15% 6% 5% 4% 11% 10% 5% 25% 10% 4% 7% 15% 2% 5% 5% 4% 6% 6% 24% 10% 33% 10% 4% 8% 30% 16% 14% 25% 8% 14% 65% 56% 75% 67% 70% 77% 100% 62% 50% 75% 100% 78% 75% 73% 25% 66% 61% Austria & CEE Belgium Cyprus Denmark France Germany Ireland Italy Netherlands Portugal Russia Spain Sweden Switzerland Turkey Poland UK EUR1 million or below. EUR1 million to EUR2 million. EUR2 million to EUR5 million. EUR5 million and above. No loss estimates made. Preparedness for Risk Transfer Context – European Cyber Risk Survey 2015
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Preparedness for Risk Transfer Expert Judgement 18 Scale Description Financial Reputation Service / Operations 1 Negligible <$1m (max of 1% EBITDA) Public concern restricted to local complaints Insignificant fall in service quality, limited interruption to partnerships, insignificant effect on service standards 2 Significant $1m-$4.9m (max of 4% EBITDA) Minor adverse local/public/ media attention and complaints Minor fall in service quality, interruption to partnerships, some minor service standards are not met 3 Major $5m-$8.9m (max of 8% EBITDA) Serious negative national or regional criticism Major fall in service quality, major partnerships deteriorating, ongoing serious disruption in service standards 4 Catastrophic >$9m (exceeds 8% EBITDA) Prolonged international, regional & national condemnation Catastrophic fall in service quality, failure of several major partnerships, complete failure in service standards
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 19 Preparedness for Risk Transfer Expert Judgement
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 20 Are the insurance products available meeting client demand or is the insurance market developing a product that clients do not believe they need?
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Suitability of Insurance Products Context – European Cyber Risk Survey 2015 21 The insurance market continues to address the issues that represent organisations’ greatest concerns.
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Suitability of Insurance Products Context – European Cyber Risk Survey 2015 22 The insurance market appears to be innovating in the right direction to address the primary concern of risk managers.
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Suitability of Insurance Products Context – European Cyber Risk Survey 2015 23 Over half (57%) of respondents admit to having “insufficient knowledge” in order to assess the insurances available.
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October  Is this a conscious decision not to purchase following a thorough evaluation of the available insurance products or are companies not yet in a position to approach the market due to a lack of risk profiling in their own organisations? 24 Suitability of Insurance Products The Insurance Communications Gap
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Further Reading 25
Navigating Cyber Risk Exposure and Insurance Thank you This PowerPoint™ presentation is based on sources we believe reliable and should be understood to be general risk management and insurance information only,. The information contained herein is based on sources we believe reliable and should be understood to be general risk management and insurance information only. The information is not intended to be taken as advice with respect to any individual situation and cannot be relied upon as such. In the United Kingdom, Marsh Ltd is authorised and regulated by the Financial Conduct Authority. Copyright © 2015 Marsh Ltd All rights reserved
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Cyber Insurance Update: Policy Basics First Party Coverage • Business Interruption • Loss of First Party Data • Cyber Extortion • Customer Notification Expenses • Reputational Damages Third Party Coverage • Network Security Liability • Privacy Liability • Multimedia Liability • Loss of Third Party Data 27
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Cyber Insurance Update: Coverage Trends  Contingent Business Interruption  Administrative Costs Coverage  Regulatory Fines and Penalties Coverage  Emergency Costs  Crime Coverage  Bodily Injury / Property Damage Extensions  Cyber Exclusions under “Traditional” Property & Casualty Policies 28
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Cyber Insurance Trends: Evolving Cyber Proposition 29 Product Proposition
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Cyber Insurance Update: Post-Breach Remediation 30
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 5 - 24 hours 24 - 48 hours1 hour 2 - 5 hours Triage Call with all stakeholders Specialist/s investigations / discussions underway Stakeholder update conference call/s Notification to Incident Manager 24/7/365 Incident Manager appointed Incident Manager First call with Insured Incident Manager appoints specialists Next steps and actions agreed Stakeholder update conference call/s Specialists initial reports Clear Solution Plan emerges Immediate mitigations if appropriate Clear Discovery Plan emerges Cyber Insurance Update: Post-Breach Remediation
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Cyber Insurance Update: Pre-Breach Services Risk Assessments Contractual and Regulatory / Legal Review Analysis of Security & Privacy Practices Systems Monitoring Incident Response Planning Business Continuity Enhancement 32
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Cyber Insurance Update: Purchasing Trends 0% 10% 20% 30% 40% 50% 60% 70% 2011 2012 2013 2014 2015 U.S. Europe Asia 33 Source: Zurich / Advisen Information Security & Cyber Liability Risk Management Reports for U.S. and Europe; 2011-2015
Cyber risks, a view from the industry Philippe COTELLE Head of Insurance Risk Management
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October A new industrial revolution 35 Where the aeronautic industry had been so a century ago… … this is how we see this in the coming decade :
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 36
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Cyber risks exposure Internet : a tool allowing the sharing of information between people in order to create an open world Difficulties to protect companies and their datas from the outside. 37
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Reputation What are the obstacles to a good assessment of our cyber risks ? 38 Wrong perception Confidentiality
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October SPICE initiative (Scenario Planning to Identify Cyber Exposure) 39 A program for Business impact analysis on disaster scenarios affecting our operational capabilities related to a cyber-event Gathering representatives of all the functions as well as IT and IM Security to overcome 3 hurdles : • Explain to the operational people that we need them • Address the security issue with extreme care, • Be prepared to openly discuss some potential scenarios of exposure. No company shall assume that it is impossible to be hacked.
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Scenarios identification 40 Scenario identification • Focus on disaster scenarios • clear hypothesis
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Assessing financial costs 41 Assessing financial cost of each scenario • Split scenarios in 4 different phases • Simplify the list of impacted functions • Compute over/under charge per scenario, per phase 10 46 88 22 Phase A Phase B Phase C Phase D 10 46 88 22 … Financial costs Scenario x Security Breach Crisis Remediation Investments Vigilance Security Breach Detection
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Assessing financial costs Lessons learned 42  NUMBERS are related to our financial exposure  There is no final number  The objective is to reach a consensus:  acceptable by everyone  valid for our analysis
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Evaluate probability of occurence 43 Quantify the technical probability of success of a scenario to occur • For each step of a given scenario, identify technical ways to proceed • Rate each step with a probability of occurrence (using internal probability scale) Assessment performed by the local Information Management Security APT Kill Chain description used in the technical threat scenario
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Evaluate probability of occurrence Lessons learned 44 Same method but different numbers !? 2 different approaches: • Need an homogeneous approach • Associate to each scenario the type of hacker and their motives If an attacker was seriously considering hacking a major company, then this must be a very strong organisation which in itself should have gathered all those unique skills and resources. Therefore their probabilities were more important. Given the defence systems in place, in order to be successful the attacker should gather so many different skills and resources that this was very unlikely to be plausible. As such the probabilities were therefore very low.
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Next Steps Provide a rationale for mitigation strategy 45 Insurance Premium cost is efficient Cost of implementing IT security % of Mitigation IT Investment make sense to mitigate the exposure Justify the interest of the transfer to insurance both for coverage and premium budget • IT investment and mitigation measures to reduce the probability and severity of occurrence • insurance then becomes complementary (and not competitive) to IT measures and can be an efficient financial tool Risk identification Risk Assessment Risk Response
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Challenges 46 The process needs to be performed regularly and be as exhaustive as possible • a strategy allowing to manage the roll out of this process across the entire organisation, products and countries • an efficient process manageable with the operational teams
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Challenges 47 The insurance market needs as well to face several challenges : Conditions of dialog with the insurers Problem of reputation in case of a claim Claim settlement
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Conclusion 48 • Our mission to support technological development and to develop the conditions of securing and mitigating the unavoidable risks that such opportunities generate. • Cybersecurity is one of the key priority for Airbus Group • A dedicated entity: Airbus DS Cybersecurity • Its products and services are also offered to external companies to fight against cyber threats.  Active Cyber risk management is a key message towards external stakeholders.  Standards for cyber risk assessment will be necessary
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Don’t forget! Your evaluation and comments are the only way for FERMA to obtain information in order to improve the quality of the sessions • Please fill in the documents given to you by our hostesses Or • Use the mobile application and earn points for the Leaderboard game! 49
BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Thank you ! 50

Recommended

Cyber liability insurance and your security program
Cyber liability insurance and your security programCyber liability insurance and your security program
Cyber liability insurance and your security programScott Takaoka
 
Managing and insuring cyber risk - a risk perspective
Managing and insuring cyber risk - a risk perspectiveManaging and insuring cyber risk - a risk perspective
Managing and insuring cyber risk - a risk perspectiveIISPEastMids
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Don Grauel
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Cyber liability insurance and risk management program
Cyber liability insurance and risk management programCyber liability insurance and risk management program
Cyber liability insurance and risk management programRebecca Carter
 
Managing and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesManaging and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesIISPEastMids
 

Recommended

Cyber liability insurance and your security program
Cyber liability insurance and your security programCyber liability insurance and your security program
Cyber liability insurance and your security programScott Takaoka
 
Managing and insuring cyber risk - a risk perspective
Managing and insuring cyber risk - a risk perspectiveManaging and insuring cyber risk - a risk perspective
Managing and insuring cyber risk - a risk perspectiveIISPEastMids
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Don Grauel
 
Can Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCCan Cyber Insurance Enforce Change in Enterprise GRC
Can Cyber Insurance Enforce Change in Enterprise GRCDinesh O Bareja
 
Cyber Security 2017 Challenges
Cyber Security 2017 ChallengesCyber Security 2017 Challenges
Cyber Security 2017 ChallengesLeandro Bennaton
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
 
Cyber liability insurance and risk management program
Cyber liability insurance and risk management programCyber liability insurance and risk management program
Cyber liability insurance and risk management programRebecca Carter
 
Managing and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesManaging and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesIISPEastMids
 
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan
 
LaCroix- D&O IRT Balto 10-2012
LaCroix- D&O IRT Balto 10-2012LaCroix- D&O IRT Balto 10-2012
LaCroix- D&O IRT Balto 10-2012Don Grauel
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesPaige Rasid
 
Data Breach Slide Show
Data Breach Slide ShowData Breach Slide Show
Data Breach Slide Showzeidan61
 
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...Browne Jacobson LLP
 
Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016Anthony Rapa
 
EU/US boards’ approach to cyber risk governance - webinar presentation
EU/US boards’ approach to cyber risk governance - webinar presentationEU/US boards’ approach to cyber risk governance - webinar presentation
EU/US boards’ approach to cyber risk governance - webinar presentationFERMA
 
Cyber risk challenge and the role of insurance
Cyber risk challenge and the role of insuranceCyber risk challenge and the role of insurance
Cyber risk challenge and the role of insuranceMunich Re
 
Cyber Liability Insurance
Cyber Liability InsuranceCyber Liability Insurance
Cyber Liability InsuranceGraeme Newman
 
Preparing to recover from a cyber attack
Preparing to recover from a cyber attackPreparing to recover from a cyber attack
Preparing to recover from a cyber attackAllan Cytryn
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareNationalUnderwriter
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challengeFERMA
 
One hour cyber july 2013
One hour cyber july 2013One hour cyber july 2013
One hour cyber july 2013Dan Michaluk
 
CACUSS 2013 - Case Law Review
CACUSS 2013 - Case Law ReviewCACUSS 2013 - Case Law Review
CACUSS 2013 - Case Law ReviewDan Michaluk
 
Cyber Insurance - Setting the scene - The Scene
Cyber Insurance - Setting the scene - The SceneCyber Insurance - Setting the scene - The Scene
Cyber Insurance - Setting the scene - The SceneKoen Van Loo
 
A CISO's Guide to Cyber Liability Insurance
A CISO's Guide to Cyber Liability InsuranceA CISO's Guide to Cyber Liability Insurance
A CISO's Guide to Cyber Liability InsuranceSecureAuth
 
Philippe Cotelle’s presentation on SPICE at AIRBUS, FERMA Forum 2015
Philippe Cotelle’s presentation on SPICE at AIRBUS, FERMA Forum 2015Philippe Cotelle’s presentation on SPICE at AIRBUS, FERMA Forum 2015
Philippe Cotelle’s presentation on SPICE at AIRBUS, FERMA Forum 2015FERMA
 
WISER @Ferma Forum, 4-7 October 2015, Venice, Italy
WISER @Ferma Forum, 4-7 October 2015, Venice, ItalyWISER @Ferma Forum, 4-7 October 2015, Venice, Italy
WISER @Ferma Forum, 4-7 October 2015, Venice, ItalyCYBERWISER .eu
 
2015.10.06 employee benefits
2015.10.06 employee benefits2015.10.06 employee benefits
2015.10.06 employee benefitsFERMA
 
2015.10.05 evolution of risk and audit
2015.10.05 evolution of risk and audit2015.10.05 evolution of risk and audit
2015.10.05 evolution of risk and auditFERMA
 
FERMA Newsletter #70
FERMA Newsletter #70FERMA Newsletter #70
FERMA Newsletter #70FERMA
 

More Related Content

Viewers also liked

Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan
 
LaCroix- D&O IRT Balto 10-2012
LaCroix- D&O IRT Balto 10-2012LaCroix- D&O IRT Balto 10-2012
LaCroix- D&O IRT Balto 10-2012Don Grauel
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesPaige Rasid
 
Data Breach Slide Show
Data Breach Slide ShowData Breach Slide Show
Data Breach Slide Showzeidan61
 
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...Browne Jacobson LLP
 
Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016Anthony Rapa
 
EU/US boards’ approach to cyber risk governance - webinar presentation
EU/US boards’ approach to cyber risk governance - webinar presentationEU/US boards’ approach to cyber risk governance - webinar presentation
EU/US boards’ approach to cyber risk governance - webinar presentationFERMA
 
Cyber risk challenge and the role of insurance
Cyber risk challenge and the role of insuranceCyber risk challenge and the role of insurance
Cyber risk challenge and the role of insuranceMunich Re
 
Cyber Liability Insurance
Cyber Liability InsuranceCyber Liability Insurance
Cyber Liability InsuranceGraeme Newman
 
Preparing to recover from a cyber attack
Preparing to recover from a cyber attackPreparing to recover from a cyber attack
Preparing to recover from a cyber attackAllan Cytryn
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareNationalUnderwriter
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challengeFERMA
 
One hour cyber july 2013
One hour cyber july 2013One hour cyber july 2013
One hour cyber july 2013Dan Michaluk
 
CACUSS 2013 - Case Law Review
CACUSS 2013 - Case Law ReviewCACUSS 2013 - Case Law Review
CACUSS 2013 - Case Law ReviewDan Michaluk
 
Cyber Insurance - Setting the scene - The Scene
Cyber Insurance - Setting the scene - The SceneCyber Insurance - Setting the scene - The Scene
Cyber Insurance - Setting the scene - The SceneKoen Van Loo
 
A CISO's Guide to Cyber Liability Insurance
A CISO's Guide to Cyber Liability InsuranceA CISO's Guide to Cyber Liability Insurance
A CISO's Guide to Cyber Liability InsuranceSecureAuth
 

Viewers also liked (17)

Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
 
LaCroix- D&O IRT Balto 10-2012
LaCroix- D&O IRT Balto 10-2012LaCroix- D&O IRT Balto 10-2012
LaCroix- D&O IRT Balto 10-2012
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
 
Data Breach Slide Show
Data Breach Slide ShowData Breach Slide Show
Data Breach Slide Show
 
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
Managing and insuring cyber risks - Chamber of Commerce seminar 21 May 2015, ...
 
Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016Cyber Claims Brief Summer 2016
Cyber Claims Brief Summer 2016
 
EU/US boards’ approach to cyber risk governance - webinar presentation
EU/US boards’ approach to cyber risk governance - webinar presentationEU/US boards’ approach to cyber risk governance - webinar presentation
EU/US boards’ approach to cyber risk governance - webinar presentation
 
Cyber risk challenge and the role of insurance
Cyber risk challenge and the role of insuranceCyber risk challenge and the role of insurance
Cyber risk challenge and the role of insurance
 
Cyber Liability Insurance
Cyber Liability InsuranceCyber Liability Insurance
Cyber Liability Insurance
 
Preparing to recover from a cyber attack
Preparing to recover from a cyber attackPreparing to recover from a cyber attack
Preparing to recover from a cyber attack
 
All's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber WarfareAll's Fair in Love and Cyber Warfare
All's Fair in Love and Cyber Warfare
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
 
One hour cyber july 2013
One hour cyber july 2013One hour cyber july 2013
One hour cyber july 2013
 
CACUSS 2013 - Case Law Review
CACUSS 2013 - Case Law ReviewCACUSS 2013 - Case Law Review
CACUSS 2013 - Case Law Review
 
Cyber Insurance - Setting the scene - The Scene
Cyber Insurance - Setting the scene - The SceneCyber Insurance - Setting the scene - The Scene
Cyber Insurance - Setting the scene - The Scene
 
A CISO's Guide to Cyber Liability Insurance
A CISO's Guide to Cyber Liability InsuranceA CISO's Guide to Cyber Liability Insurance
A CISO's Guide to Cyber Liability Insurance
 

Similar to 2015.10.06 Cyber Risks

Philippe Cotelle’s presentation on SPICE at AIRBUS, FERMA Forum 2015
Philippe Cotelle’s presentation on SPICE at AIRBUS, FERMA Forum 2015Philippe Cotelle’s presentation on SPICE at AIRBUS, FERMA Forum 2015
Philippe Cotelle’s presentation on SPICE at AIRBUS, FERMA Forum 2015FERMA
 
WISER @Ferma Forum, 4-7 October 2015, Venice, Italy
WISER @Ferma Forum, 4-7 October 2015, Venice, ItalyWISER @Ferma Forum, 4-7 October 2015, Venice, Italy
WISER @Ferma Forum, 4-7 October 2015, Venice, ItalyCYBERWISER .eu
 
2015.10.06 employee benefits
2015.10.06 employee benefits2015.10.06 employee benefits
2015.10.06 employee benefitsFERMA
 
2015.10.05 evolution of risk and audit
2015.10.05 evolution of risk and audit2015.10.05 evolution of risk and audit
2015.10.05 evolution of risk and auditFERMA
 
FERMA Newsletter #70
FERMA Newsletter #70FERMA Newsletter #70
FERMA Newsletter #70FERMA
 
Bitdefender-CSG-Report-creat7534-interactive
Bitdefender-CSG-Report-creat7534-interactiveBitdefender-CSG-Report-creat7534-interactive
Bitdefender-CSG-Report-creat7534-interactivestartupro
 
Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?FERMA
 
FERMA Seminar 2014 - 21 September Risk environment & perspectives
FERMA Seminar 2014 - 21 September Risk environment & perspectivesFERMA Seminar 2014 - 21 September Risk environment & perspectives
FERMA Seminar 2014 - 21 September Risk environment & perspectivesFERMA
 
2015.10.05 ANRA Session - Alberto Monti
2015.10.05 ANRA Session - Alberto Monti2015.10.05 ANRA Session - Alberto Monti
2015.10.05 ANRA Session - Alberto MontiFERMA
 
2015-ISBS-Technical-Report-blue-digital
2015-ISBS-Technical-Report-blue-digital2015-ISBS-Technical-Report-blue-digital
2015-ISBS-Technical-Report-blue-digitalJames Fisher
 
2015.10.06 international travel and safety
2015.10.06 international travel and safety2015.10.06 international travel and safety
2015.10.06 international travel and safetyFERMA
 
2015.10.06 Resilience and Large claims
2015.10.06 Resilience and Large claims2015.10.06 Resilience and Large claims
2015.10.06 Resilience and Large claimsFERMA
 
2015.10.07 risk culture
2015.10.07 risk culture2015.10.07 risk culture
2015.10.07 risk cultureFERMA
 
Meeting with the sponsors (Nov 25th, 2016) - status
Meeting with the sponsors (Nov 25th, 2016) - statusMeeting with the sponsors (Nov 25th, 2016) - status
Meeting with the sponsors (Nov 25th, 2016) - statusEuroPrivacy
 
Insurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEY
Insurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEYInsurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEY
Insurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEYInsurtechNews.com
 
Scot Secure 2019 Edinburgh (Day 1)
Scot Secure 2019 Edinburgh (Day 1)Scot Secure 2019 Edinburgh (Day 1)
Scot Secure 2019 Edinburgh (Day 1)Ray Bugg
 
Agenda PWC Cybersecurity Day - 18 octobre 2016
Agenda PWC Cybersecurity Day - 18 octobre 2016Agenda PWC Cybersecurity Day - 18 octobre 2016
Agenda PWC Cybersecurity Day - 18 octobre 2016ITnation Luxembourg
 
CyberScope - 2015 Market Review
CyberScope - 2015 Market ReviewCyberScope - 2015 Market Review
CyberScope - 2015 Market Reviewresultsig
 
Connected Insurance Observatory InsurTech
Connected Insurance Observatory InsurTechConnected Insurance Observatory InsurTech
Connected Insurance Observatory InsurTechMatteo Carbone
 

Similar to 2015.10.06 Cyber Risks (20)

Philippe Cotelle’s presentation on SPICE at AIRBUS, FERMA Forum 2015
Philippe Cotelle’s presentation on SPICE at AIRBUS, FERMA Forum 2015Philippe Cotelle’s presentation on SPICE at AIRBUS, FERMA Forum 2015
Philippe Cotelle’s presentation on SPICE at AIRBUS, FERMA Forum 2015
 
WISER @Ferma Forum, 4-7 October 2015, Venice, Italy
WISER @Ferma Forum, 4-7 October 2015, Venice, ItalyWISER @Ferma Forum, 4-7 October 2015, Venice, Italy
WISER @Ferma Forum, 4-7 October 2015, Venice, Italy
 
2015.10.06 employee benefits
2015.10.06 employee benefits2015.10.06 employee benefits
2015.10.06 employee benefits
 
2015.10.05 evolution of risk and audit
2015.10.05 evolution of risk and audit2015.10.05 evolution of risk and audit
2015.10.05 evolution of risk and audit
 
FERMA Newsletter #70
FERMA Newsletter #70FERMA Newsletter #70
FERMA Newsletter #70
 
Bitdefender-CSG-Report-creat7534-interactive
Bitdefender-CSG-Report-creat7534-interactiveBitdefender-CSG-Report-creat7534-interactive
Bitdefender-CSG-Report-creat7534-interactive
 
Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?
 
FERMA Seminar 2014 - 21 September Risk environment & perspectives
FERMA Seminar 2014 - 21 September Risk environment & perspectivesFERMA Seminar 2014 - 21 September Risk environment & perspectives
FERMA Seminar 2014 - 21 September Risk environment & perspectives
 
2015.10.05 ANRA Session - Alberto Monti
2015.10.05 ANRA Session - Alberto Monti2015.10.05 ANRA Session - Alberto Monti
2015.10.05 ANRA Session - Alberto Monti
 
2015-ISBS-Technical-Report-blue-digital
2015-ISBS-Technical-Report-blue-digital2015-ISBS-Technical-Report-blue-digital
2015-ISBS-Technical-Report-blue-digital
 
2015.10.06 international travel and safety
2015.10.06 international travel and safety2015.10.06 international travel and safety
2015.10.06 international travel and safety
 
2015.10.06 Resilience and Large claims
2015.10.06 Resilience and Large claims2015.10.06 Resilience and Large claims
2015.10.06 Resilience and Large claims
 
2015.10.07 risk culture
2015.10.07 risk culture2015.10.07 risk culture
2015.10.07 risk culture
 
Meeting with the sponsors (Nov 25th, 2016) - status
Meeting with the sponsors (Nov 25th, 2016) - statusMeeting with the sponsors (Nov 25th, 2016) - status
Meeting with the sponsors (Nov 25th, 2016) - status
 
Insurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEY
Insurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEYInsurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEY
Insurtech.news - INSIGHT: INSURANCE INTERNET OF THINGS INDUSTRY SURVEY
 
Scot Secure 2019 Edinburgh (Day 1)
Scot Secure 2019 Edinburgh (Day 1)Scot Secure 2019 Edinburgh (Day 1)
Scot Secure 2019 Edinburgh (Day 1)
 
4 P's of Insurtech - Matteo Carbone
4 P's of Insurtech - Matteo Carbone4 P's of Insurtech - Matteo Carbone
4 P's of Insurtech - Matteo Carbone
 
Agenda PWC Cybersecurity Day - 18 octobre 2016
Agenda PWC Cybersecurity Day - 18 octobre 2016Agenda PWC Cybersecurity Day - 18 octobre 2016
Agenda PWC Cybersecurity Day - 18 octobre 2016
 
CyberScope - 2015 Market Review
CyberScope - 2015 Market ReviewCyberScope - 2015 Market Review
CyberScope - 2015 Market Review
 
Connected Insurance Observatory InsurTech
Connected Insurance Observatory InsurTechConnected Insurance Observatory InsurTech
Connected Insurance Observatory InsurTech
 

More from FERMA

FERMA contribution to the French Presidency agenda
FERMA contribution to the French Presidency agendaFERMA contribution to the French Presidency agenda
FERMA contribution to the French Presidency agendaFERMA
 
The role of risk management in corporate resilience
The role of risk management in corporate resilienceThe role of risk management in corporate resilience
The role of risk management in corporate resilienceFERMA
 
Webinar: the role of risk management in corporate resilience
Webinar: the role of risk management in corporate resilience Webinar: the role of risk management in corporate resilience
Webinar: the role of risk management in corporate resilience FERMA
 
People, Planet & Performance: sustainability guide for risk and insurance man...
People, Planet & Performance: sustainability guide for risk and insurance man...People, Planet & Performance: sustainability guide for risk and insurance man...
People, Planet & Performance: sustainability guide for risk and insurance man...FERMA
 
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...FERMA
 
Argo Group: operationalizing emerging risk 2020
Argo Group: operationalizing emerging risk 2020Argo Group: operationalizing emerging risk 2020
Argo Group: operationalizing emerging risk 2020FERMA
 
Argo Group: entry for emerging risk initiative of the year Award 2020
Argo Group: entry for emerging risk initiative of the year Award 2020Argo Group: entry for emerging risk initiative of the year Award 2020
Argo Group: entry for emerging risk initiative of the year Award 2020FERMA
 
George Ong, Chief Risk Officer, Northern Ireland Water
George Ong, Chief Risk Officer, Northern Ireland WaterGeorge Ong, Chief Risk Officer, Northern Ireland Water
George Ong, Chief Risk Officer, Northern Ireland WaterFERMA
 
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...FERMA
 
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...FERMA
 
GDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementationGDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementationFERMA
 
The European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentationThe European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentationFERMA
 
FERMA European Risk Manager Report 2020: full set of results
FERMA European Risk Manager Report 2020: full set of results FERMA European Risk Manager Report 2020: full set of results
FERMA European Risk Manager Report 2020: full set of results FERMA
 
GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...FERMA
 
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...FERMA
 
Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management FERMA
 
Facts and figures about our risk management associations in Europe 2019
Facts and figures about our risk management associations in Europe 2019Facts and figures about our risk management associations in Europe 2019
Facts and figures about our risk management associations in Europe 2019FERMA
 
Risk Manager European Profile 2018
Risk Manager European Profile 2018Risk Manager European Profile 2018
Risk Manager European Profile 2018FERMA
 
Webinar: how risk management can contribute to sustainable growth?
Webinar: how risk management can contribute to sustainable growth?Webinar: how risk management can contribute to sustainable growth?
Webinar: how risk management can contribute to sustainable growth?FERMA
 
FERMA Webinar: At the Junction of Corporate Governance and Cyber Security
FERMA Webinar: At the Junction of Corporate Governance and Cyber SecurityFERMA Webinar: At the Junction of Corporate Governance and Cyber Security
FERMA Webinar: At the Junction of Corporate Governance and Cyber SecurityFERMA
 

More from FERMA (20)

FERMA contribution to the French Presidency agenda
FERMA contribution to the French Presidency agendaFERMA contribution to the French Presidency agenda
FERMA contribution to the French Presidency agenda
 
The role of risk management in corporate resilience
The role of risk management in corporate resilienceThe role of risk management in corporate resilience
The role of risk management in corporate resilience
 
Webinar: the role of risk management in corporate resilience
Webinar: the role of risk management in corporate resilience Webinar: the role of risk management in corporate resilience
Webinar: the role of risk management in corporate resilience
 
People, Planet & Performance: sustainability guide for risk and insurance man...
People, Planet & Performance: sustainability guide for risk and insurance man...People, Planet & Performance: sustainability guide for risk and insurance man...
People, Planet & Performance: sustainability guide for risk and insurance man...
 
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
 
Argo Group: operationalizing emerging risk 2020
Argo Group: operationalizing emerging risk 2020Argo Group: operationalizing emerging risk 2020
Argo Group: operationalizing emerging risk 2020
 
Argo Group: entry for emerging risk initiative of the year Award 2020
Argo Group: entry for emerging risk initiative of the year Award 2020Argo Group: entry for emerging risk initiative of the year Award 2020
Argo Group: entry for emerging risk initiative of the year Award 2020
 
George Ong, Chief Risk Officer, Northern Ireland Water
George Ong, Chief Risk Officer, Northern Ireland WaterGeorge Ong, Chief Risk Officer, Northern Ireland Water
George Ong, Chief Risk Officer, Northern Ireland Water
 
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
 
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
 
GDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementationGDPR & corporate Governance, Evaluation after 2 years implementation
GDPR & corporate Governance, Evaluation after 2 years implementation
 
The European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentationThe European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentation
 
FERMA European Risk Manager Report 2020: full set of results
FERMA European Risk Manager Report 2020: full set of results FERMA European Risk Manager Report 2020: full set of results
FERMA European Risk Manager Report 2020: full set of results
 
GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...
 
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
 
Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management
 
Facts and figures about our risk management associations in Europe 2019
Facts and figures about our risk management associations in Europe 2019Facts and figures about our risk management associations in Europe 2019
Facts and figures about our risk management associations in Europe 2019
 
Risk Manager European Profile 2018
Risk Manager European Profile 2018Risk Manager European Profile 2018
Risk Manager European Profile 2018
 
Webinar: how risk management can contribute to sustainable growth?
Webinar: how risk management can contribute to sustainable growth?Webinar: how risk management can contribute to sustainable growth?
Webinar: how risk management can contribute to sustainable growth?
 
FERMA Webinar: At the Junction of Corporate Governance and Cyber Security
FERMA Webinar: At the Junction of Corporate Governance and Cyber SecurityFERMA Webinar: At the Junction of Corporate Governance and Cyber Security
FERMA Webinar: At the Junction of Corporate Governance and Cyber Security
 

Recently uploaded

Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceSamikshaHamane
 

Recently uploaded (20)

Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
Roles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in PharmacovigilanceRoles & Responsibilities in Pharmacovigilance
Roles & Responsibilities in Pharmacovigilance
 

2015.10.06 Cyber Risks

  • 1. Navigating Cyber Risk Exposure and Insurance Stephen Wares EMEA Cyber Risk Practice Leader Marsh
  • 2. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Presentation Format Four Key Questions  How important is cyber risk and how should we view the cyber threat?  To what extent do European organisations have a clear and documented understanding of their cyber risk profile and how can this be improved?  Where are the gaps in knowledge and data that might impair an organisation’s ability to make informed risk transfer choices?  Are the insurance products available meeting client demand or is the insurance market developing a product that clients do not believe they need? 2
  • 3. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 3 How important is cyber risk and how should we view the cyber threat?
  • 4. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 4 Importance of cyber risk? Context – National Level UK •“Attacks in cyberspace can have a potentially devastating real-world effect. Government, military, industrial, and economic targets, including critical services, could feasibly be disrupted by a capable adversary.” National Security Strategy, October 2010.
  • 5. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 5 Importance of cyber risk? Context – National Level USA “Despite ever-improving network defenses, the diverse possibilities for remote hacking intrusions, supply chain operations to insert compromised hardware or software, and malevolent activities by human insiders will hold nearly all ICT systems at risk for years to come. In short, the cyber threat cannot be eliminated; rather, cyber risk must be managed.” Senate Armed Services Committee, February 2015.
  • 6. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 6 Importance of cyber risk Context – European Cyber Risk Survey 2015 17% 28% 30% 25% Top five risk. Top ten risk. Outside the top 10. Not on the corporate risk register Where does cyber risk feature in the corporate risk register? The fact that over half of all organisations surveyed do not have cyber risk within the top 10 items on the risk register would suggest a divergence from the government view.
  • 7. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 7 To what extent do European organisations have a clear and documented understanding of their cyber risk profile and how can this be improved?
  • 8. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 8 Understanding of Cyber Risk Context – European Cyber Risk Survey 2015 4% 26% 49% 21% No understanding. Limited understanding. Basic understanding. Complete understanding. To what extent do you believe your organisation has a clear understanding of its exposure to cyber risk? 79% of organisations reported that they have, at best, a basic understanding of their cyber risk profiles.
  • 9. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Understanding of Cyber Risk Context – European Cyber Risk Survey 2015 9 The fact that only slightly more than half (57%) of respondents have identified one or more cyber scenarios that could most affect their organisations would …suggest that the lack of a complete understanding and absence/low positioning of cyber on the risk register is, for many companies, filtering through to a lack of definition around specific scenarios that might impact their business. Have you identified one or more cyber scenarios that could most affect your organisation? No Yes
  • 10. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 10 Understanding Cyber Risk Context – European Cyber Risk Survey 2015 65% 71% 75% 86% 67% 11% 75% 58% 65% 70% 50% 93% 66% 44% 76% 62% 56% 68% 11% 6% 5% 39% 9% 8% 15% 17% 7% 9% 22% 3% 6% 19% 8% 11% 24% 5% 33% 11% 5% 8% 15% 3% 30% 10% 8% 12% 15% Total Europe Belgium Turkey Switzerland Denmark France Portugal Sweden Netherlands Germany Cyprus Russia Austria & CEE Spain Italy Poland UK Ireland IT function including security. Board. Risk management. IT departments continue to take primary responsibility for cyber risk in the majority (65%) of organisations.
  • 11. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Understanding Cyber Risk Marsh/HM Government, UK Cyber Security Report – Taxonomy 11
  • 12. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 12 Understanding Cyber Risk Marsh/HM Government, UK Cyber Security Report – Risk Profile for a Large Business – Insurer View
  • 13. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 13 Understanding Cyber Risk Scenario Gathering Process  Set parameters  Which group companies, business divisions are in scope?  Malicious events versus non-malicious events.  Map the IT value chain.  Gather exposure data  Single day workshop.  Structured interviews.  Questionnaire.  Select from a menu.  Refine to create risk scenarios for material exposures  Amalgamate common/similar items.  Write up as a scenario that can be considered for quantification.  Remove immaterial items, reallocate any that don’t fit parameters.
  • 14. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Understanding Cyber Risk Scenario Example 14 Actor Criminal Motivation Acquisition of payment card details Means of access Remote via internet Point of attack Point of sale devices Damage • Investigation/response costs • PCI fines and assessments • Regulatory (ICO) fines and costs • Civil compensation claims o Banks o Customers o Shareholders • Reputational income loss
  • 15. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 15 Where are the gaps in knowledge and data that might impair an organisation’s ability to make informed risk transfer choices?
  • 16. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Preparedness for Risk Transfer 16 1. An understanding of the event that is to trigger an insurance. 2. An appreciation of the likely quantum. 3. An appreciation as to the likely frequency of the triggering event.
  • 17. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 17  The majority of organisations (68%) have not yet made any attempt to estimate/calculate loss estimates making it difficult to direct mitigation efforts to areas of most potential harm. 17% 6% 10% 20% 13% 14% 10% 5% 22% 25% 9% 25% 12% 15% 6% 5% 4% 11% 10% 5% 25% 10% 4% 7% 15% 2% 5% 5% 4% 6% 6% 24% 10% 33% 10% 4% 8% 30% 16% 14% 25% 8% 14% 65% 56% 75% 67% 70% 77% 100% 62% 50% 75% 100% 78% 75% 73% 25% 66% 61% Austria & CEE Belgium Cyprus Denmark France Germany Ireland Italy Netherlands Portugal Russia Spain Sweden Switzerland Turkey Poland UK EUR1 million or below. EUR1 million to EUR2 million. EUR2 million to EUR5 million. EUR5 million and above. No loss estimates made. Preparedness for Risk Transfer Context – European Cyber Risk Survey 2015
  • 18. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Preparedness for Risk Transfer Expert Judgement 18 Scale Description Financial Reputation Service / Operations 1 Negligible <$1m (max of 1% EBITDA) Public concern restricted to local complaints Insignificant fall in service quality, limited interruption to partnerships, insignificant effect on service standards 2 Significant $1m-$4.9m (max of 4% EBITDA) Minor adverse local/public/ media attention and complaints Minor fall in service quality, interruption to partnerships, some minor service standards are not met 3 Major $5m-$8.9m (max of 8% EBITDA) Serious negative national or regional criticism Major fall in service quality, major partnerships deteriorating, ongoing serious disruption in service standards 4 Catastrophic >$9m (exceeds 8% EBITDA) Prolonged international, regional & national condemnation Catastrophic fall in service quality, failure of several major partnerships, complete failure in service standards
  • 19. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 19 Preparedness for Risk Transfer Expert Judgement
  • 20. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 20 Are the insurance products available meeting client demand or is the insurance market developing a product that clients do not believe they need?
  • 21. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Suitability of Insurance Products Context – European Cyber Risk Survey 2015 21 The insurance market continues to address the issues that represent organisations’ greatest concerns.
  • 22. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Suitability of Insurance Products Context – European Cyber Risk Survey 2015 22 The insurance market appears to be innovating in the right direction to address the primary concern of risk managers.
  • 23. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Suitability of Insurance Products Context – European Cyber Risk Survey 2015 23 Over half (57%) of respondents admit to having “insufficient knowledge” in order to assess the insurances available.
  • 24. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October  Is this a conscious decision not to purchase following a thorough evaluation of the available insurance products or are companies not yet in a position to approach the market due to a lack of risk profiling in their own organisations? 24 Suitability of Insurance Products The Insurance Communications Gap
  • 25. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Further Reading 25
  • 26. Navigating Cyber Risk Exposure and Insurance Thank you This PowerPoint™ presentation is based on sources we believe reliable and should be understood to be general risk management and insurance information only,. The information contained herein is based on sources we believe reliable and should be understood to be general risk management and insurance information only. The information is not intended to be taken as advice with respect to any individual situation and cannot be relied upon as such. In the United Kingdom, Marsh Ltd is authorised and regulated by the Financial Conduct Authority. Copyright © 2015 Marsh Ltd All rights reserved
  • 27. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Cyber Insurance Update: Policy Basics First Party Coverage • Business Interruption • Loss of First Party Data • Cyber Extortion • Customer Notification Expenses • Reputational Damages Third Party Coverage • Network Security Liability • Privacy Liability • Multimedia Liability • Loss of Third Party Data 27
  • 28. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Cyber Insurance Update: Coverage Trends  Contingent Business Interruption  Administrative Costs Coverage  Regulatory Fines and Penalties Coverage  Emergency Costs  Crime Coverage  Bodily Injury / Property Damage Extensions  Cyber Exclusions under “Traditional” Property & Casualty Policies 28
  • 29. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Cyber Insurance Trends: Evolving Cyber Proposition 29 Product Proposition
  • 30. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Cyber Insurance Update: Post-Breach Remediation 30
  • 31. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 5 - 24 hours 24 - 48 hours1 hour 2 - 5 hours Triage Call with all stakeholders Specialist/s investigations / discussions underway Stakeholder update conference call/s Notification to Incident Manager 24/7/365 Incident Manager appointed Incident Manager First call with Insured Incident Manager appoints specialists Next steps and actions agreed Stakeholder update conference call/s Specialists initial reports Clear Solution Plan emerges Immediate mitigations if appropriate Clear Discovery Plan emerges Cyber Insurance Update: Post-Breach Remediation
  • 32. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Cyber Insurance Update: Pre-Breach Services Risk Assessments Contractual and Regulatory / Legal Review Analysis of Security & Privacy Practices Systems Monitoring Incident Response Planning Business Continuity Enhancement 32
  • 33. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Cyber Insurance Update: Purchasing Trends 0% 10% 20% 30% 40% 50% 60% 70% 2011 2012 2013 2014 2015 U.S. Europe Asia 33 Source: Zurich / Advisen Information Security & Cyber Liability Risk Management Reports for U.S. and Europe; 2011-2015
  • 34. Cyber risks, a view from the industry Philippe COTELLE Head of Insurance Risk Management
  • 35. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October A new industrial revolution 35 Where the aeronautic industry had been so a century ago… … this is how we see this in the coming decade :
  • 36. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October 36
  • 37. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Cyber risks exposure Internet : a tool allowing the sharing of information between people in order to create an open world Difficulties to protect companies and their datas from the outside. 37
  • 38. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Reputation What are the obstacles to a good assessment of our cyber risks ? 38 Wrong perception Confidentiality
  • 39. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October SPICE initiative (Scenario Planning to Identify Cyber Exposure) 39 A program for Business impact analysis on disaster scenarios affecting our operational capabilities related to a cyber-event Gathering representatives of all the functions as well as IT and IM Security to overcome 3 hurdles : • Explain to the operational people that we need them • Address the security issue with extreme care, • Be prepared to openly discuss some potential scenarios of exposure. No company shall assume that it is impossible to be hacked.
  • 40. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Scenarios identification 40 Scenario identification • Focus on disaster scenarios • clear hypothesis
  • 41. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Assessing financial costs 41 Assessing financial cost of each scenario • Split scenarios in 4 different phases • Simplify the list of impacted functions • Compute over/under charge per scenario, per phase 10 46 88 22 Phase A Phase B Phase C Phase D 10 46 88 22 … Financial costs Scenario x Security Breach Crisis Remediation Investments Vigilance Security Breach Detection
  • 42. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Assessing financial costs Lessons learned 42  NUMBERS are related to our financial exposure  There is no final number  The objective is to reach a consensus:  acceptable by everyone  valid for our analysis
  • 43. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Evaluate probability of occurence 43 Quantify the technical probability of success of a scenario to occur • For each step of a given scenario, identify technical ways to proceed • Rate each step with a probability of occurrence (using internal probability scale) Assessment performed by the local Information Management Security APT Kill Chain description used in the technical threat scenario
  • 44. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Evaluate probability of occurrence Lessons learned 44 Same method but different numbers !? 2 different approaches: • Need an homogeneous approach • Associate to each scenario the type of hacker and their motives If an attacker was seriously considering hacking a major company, then this must be a very strong organisation which in itself should have gathered all those unique skills and resources. Therefore their probabilities were more important. Given the defence systems in place, in order to be successful the attacker should gather so many different skills and resources that this was very unlikely to be plausible. As such the probabilities were therefore very low.
  • 45. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Next Steps Provide a rationale for mitigation strategy 45 Insurance Premium cost is efficient Cost of implementing IT security % of Mitigation IT Investment make sense to mitigate the exposure Justify the interest of the transfer to insurance both for coverage and premium budget • IT investment and mitigation measures to reduce the probability and severity of occurrence • insurance then becomes complementary (and not competitive) to IT measures and can be an efficient financial tool Risk identification Risk Assessment Risk Response
  • 46. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Challenges 46 The process needs to be performed regularly and be as exhaustive as possible • a strategy allowing to manage the roll out of this process across the entire organisation, products and countries • an efficient process manageable with the operational teams
  • 47. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Challenges 47 The insurance market needs as well to face several challenges : Conditions of dialog with the insurers Problem of reputation in case of a claim Claim settlement
  • 48. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Conclusion 48 • Our mission to support technological development and to develop the conditions of securing and mitigating the unavoidable risks that such opportunities generate. • Cybersecurity is one of the key priority for Airbus Group • A dedicated entity: Airbus DS Cybersecurity • Its products and services are also offered to external companies to fight against cyber threats.  Active Cyber risk management is a key message towards external stakeholders.  Standards for cyber risk assessment will be necessary
  • 49. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Don’t forget! Your evaluation and comments are the only way for FERMA to obtain information in order to improve the quality of the sessions • Please fill in the documents given to you by our hostesses Or • Use the mobile application and earn points for the Leaderboard game! 49
  • 50. BRUSSELS, 20-21 October www.ferma.eu FORUM 2015 Venice, Italy 4-7 October Thank you ! 50

Editor's Notes

  1. 2 mins