SlideShare a Scribd company logo
1 of 16
Download to read offline
JAN-MAR 2014
www.riskandcompliancemagazine.com
RCrisk&
compliance&
Inside this issue:
FEATURE
The evolving role of
the chief risk officer
EXPERT FORUM
Managing your company’s
regulatory exposure
HOT TOPIC
Data privacy in Europe
REPRINTED FROM:
RISK & COMPLIANCE MAGAZINE
JAN-MAR 2014 ISSUE
DATA PRIVACY
IN EUROPE
www.riskandcompliancemagazine.com
Visit the website to request
a free copy of the full e-magazine
Published by Financier Worldwide Ltd
riskandcompliance@financierworldwide.com
© 2014 Financier Worldwide Ltd. All rights reserved.
R E P R I N T
RCrisk&
compliance&
NEW TECHNOLOGIES AND
CULTURAL TRENDS INCREASING
CYBER EXPOSURES FOR COMPANIES
���������������������������������
������������
risk&
complianceRC&
������������������
�������
�������������������������
�����������������������
������������
������������������������������
���������������������������
���������
������������������
��������������������
REPRINTED FROM:
RISK & COMPLIANCE MAGAZINE
OCT-DEC 2017 ISSUE
www.riskandcompliancemagazine.com
Visit the website to request
a free copy of the full e-magazine
Published by Financier Worldwide Ltd
riskandcompliance@financierworldwide.com
© 2017 Financier Worldwide Ltd. All rights reserved.
2 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2017
MINI-ROUNDTABLE
MINI-ROUNDTABLE
NEW TECHNOLOGIES
AND CULTURAL TRENDS
INCREASING CYBER
EXPOSURES FOR
COMPANIES
www.riskandcompliancemagazine.com 3RISK & COMPLIANCE Oct-Dec 2017
MINI-ROUNDTABLE
PANEL EXPERTS
Paul Lanois
Vice President, General Counsel
Credit Suisse AG
Paul Lanois is a global privacy, data protection and
information security law expert and is an attorney admitted to
the Bars of the District of Columbia, New York and the Supreme
Court of the US. He regularly publishes articles on technology
law and is frequently invited to speak on such topics. He has
spoken at numerous conferences across Europe, the US and
Asia.
Nassos Oikonomopoulos
Head of Technology Controls - Regional
Operating Model and Europe
HSBC
T: +44 (0)20 3268 3179
E: nassos.oikonomopoulos@hsbc.com
Nassos Oikonomopoulos has been in global risk and control
leadership roles covering 1st, 2nd and 3rd line of defence
including a CISO role for the last 18 years working for global
banks. He has managed global teams in the UK, North America
and Asia and delivered a wide range of high-profile security
projects and technology control reviews. Mr Oikonomopoulos
has expertise in global IT regulations, information security and
risk management in banking.
Jonathan C. Trull
Chief Cyber Security Adviser
Microsoft
T: +1 (720) 528 1838
E: jotrull@microsoft.com
Jonathan C. Trull leads Microsoft’s team of worldwide chief
security advisers in providing thought leadership, strategic
direction on the development of Microsoft security products
and services, and deep customer and partner engagement
around the globe. Mr Trull joined Microsoft in 2016 as an
experienced information security executive bringing more than
15 years of public and private sector experience.
Xavier Marguinaud
Underwriting Manager – Cyber
Tokio Marine HCC
T: +34 93 530 7439
E: xmarguinaud@tmhcc.com
Xavier Marguinaud is underwriting manager – cyber,
overseeing and coordinating Tokio Marine HCC’s cyber strategy
for EMEA, APAC and LATAM. Previously, he worked at Marsh
as New Zealand cyber risk specialty head and as financial
lines senior risk advisor as well as cyber product champion
in France. He launched his career in the Risk and Insurance
department of Publicis Groupe.
NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
4 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2017
MINI-ROUNDTABLE
R&C: In broad terms, could you explain
the extent to which technology and
associated cultural trends are increasing
companies’ exposure to cyber risk?
Do you believe many companies are
underestimating their vulnerabilities?
Lanois: The rise of social media, the growing
popularity of mobile devices, including smartphones,
smart watches, smart glasses, tablets and laptops,
and the increased use of outsourcing services,
such as cloud computing, have expanded the
traditional boundaries of a company. Data may now
be accessed by employees from anywhere, from
any device and through any access points. This
means that there are now new entry points for cyber
attacks. Companies may not even have full control
over their data if the data is stored in the cloud. This
has made it increasingly challenging for companies
to implement – and manage – consistent access
policies to the various corporate resources.
Trull: The widespread availability of the internet,
cloud technology and mobile devices continue to
change the way companies think about threats,
design their security programmes and architect their
defences. Several cultural trends are contributing
to the adoption of these technologies as well. One
cultural trend can be referred to as the ‘always on’
or ‘always connected’ culture. People expect to have
a personal smart phone or tablet with them at all
times and to have access to a wireless network or
cellular service so that they can work, play, socialise
and shop, among other things. Many people also
expect that they will conduct work and personal
business on the same device and intermix personal
and business data. These technologies and cultural
trends can definitely expose companies to new risks.
Marguinaud: We can explain the increase
of companies’ exposure to cyber risk by the
convergence of three recent factors. The first
factor is relatively new cultural trends. Behavioural
patterns have changed considerably in recent years
with Generation X, Millennials and Gen Z. Keeping
a public record of one’s life is one of the most
resounding consequences of this development. The
resulting exposure of personal data makes it easier
for hackers to run social engineering campaigns
and it can also increase the likelihood of sensitive
or confidential corporate data being made public.
The second factor is the increasing dependency on
digital technology and online communication. Since
the early 90s we have witnessed the digitalisation
and automation of economies worldwide. Processes
are made easier and faster, but are also more
exposed, as system centralisation can result in a
single point of failure (SPF), which makes attacks
simpler for hackers and more paralysing for
companies. The third factor is the broadening of
the potential attack surface. With the 4th industrial
NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
www.riskandcompliancemagazine.com 5RISK & COMPLIANCE Oct-Dec 2017
MINI-ROUNDTABLE
revolution at our doorstep, more and more devices
are interconnected and remotely controlled, which
makes it easier for hackers to attack. Although
this revolution is already a reality, businesses may
underestimate their vulnerabilities.
Oikonomopoulos: Emerging technologies, such
as distributed ledger technologies, as well as more
recent technological developments such
as mobile and cloud computing, are
revolutionising the corporate landscape
and will continue to do so in the future.
Further to the impact felt within the
organisational boundaries, our whole
society has been experiencing the
effect of digitisation, with all of us being
more interconnected than ever. Social
networking has also increased our digital
footprint; people are more inclined to
share personal information. Particularly for
younger generations, this has become the
norm, not only in their personal lives but also in the
corporate sphere.
R&C: What strategies can companies
deploy to help them anticipate how new
and existing technologies will impact
their cyber risk exposure?
Trull: It can be difficult for information technology
departments to keep abreast of new technologies
when they are consumed with day-to-day operations
and ‘putting out fires’. I think it is important to
designate a person or team that is focused on
reviewing new technologies and innovations. This
group should be removed from the day-to-day
security operations as much as possible. There are
several approaches to assessing new technologies
for risks, and one of the most effective is to perform
threat modelling. Threat modelling allows you to
apply a structured evaluation approach, from a
hypothetical attacker’s point of view, to identify risks
and prioritise remediation efforts.
Marguinaud: A good first step would be to set
up a comprehensive change management (CM)
process that encompasses both risk management
and IT security considerations. If evolution is crucial
for any company and the use of new technologies
Jonathan C. Trull,
Microsoft
“It can be difficult for information
technology departments to keep abreast
of new technologies when they are
consumed with day-to-day operations
and ‘putting out fires’.”
NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
6 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2017
MINI-ROUNDTABLE
an obvious ‘business accelerator’, assessment
of related risks and awareness of newly created
exposures is also very important. In terms of
specific IT solutions, an isolated test in a ‘sandbox’
environment should always be conducted before
deploying any new technologies or updating existing
systems, especially if these are critical to the
business. These processes are basic and companies
should deploy these strategies to limit their cyber
risk.
Oikonomopoulos: Finding and applying the
right strategy depends on the maturity of an
organisation’s cyber processes, its level of risk and
awareness and its business model. An information-
centric strategy would allow for layered defences
considering the value of what needs to be protected
and would generally fit most organisations. It is not
uncommon for organisations operating in a high
threat vector environment to strive for a uniform
protection approach against the highest security
standard. This tends to be the exception and
this trend will further reduce over time. Fighting
the cyber threat is resource driven and resource
intensive, and most organisations need to identify
their priorities as they do not have either unlimited
funds or the requisite capabilities at their disposal.
Lanois: It is, of course, difficult to anticipate the
threats of tomorrow. It is not possible to predict all
the attacks that may come but it is possible to build
in cyber resilience and learn from the past. Ongoing
vigilance and preparedness are the best defences
against all kinds of threats, and training programmes
are key to ensuring that all employees are able to
identify and avoid risks.
R&C: How important is it for companies
to keep a close eye on related social
changes, trends and cultural movements?
In what ways can the increasing use of
social media, for example, translate into
cyber risk for businesses?
Marguinaud: Technological, societal and cultural
monitoring is absolutely necessary for all companies.
It not only helps them spot new opportunities and
communication channels, but also helps them
proactively understand how technologies are being
used by customers, competitors, public institutions
and of course hackers. Threat analysis surveillance
could also be useful to better understand potential
threats that a company faces. Regarding social
media, sharing personal information in public spaces
facilitates social engineering and identity theft, which
could result in hackers getting access to company
systems and information as if they were employees.
This could have devastating consequences
ranging from business interruption (BI) and loss of
intellectual property (IP) to data breach and third-
party claims.
NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
www.riskandcompliancemagazine.com 7RISK & COMPLIANCE Oct-Dec 2017
MINI-ROUNDTABLE
Lanois: Companies should not underestimate
the value of social media. Social media platforms
have given rise to what has been called ‘stealth
marketing’, ‘buzz marketing’ or even ‘undercover
marketing’, otherwise known as the reputation
management industry. However, a company’s hard-
earned reputation or brand may also be tarnished
in less than 10 seconds due to an
inappropriate tweet or status update on a
social media website. Topics to consider
include privacy and data protection
requirements, intellectual property,
content and account ownership – the
use of the same social media account
for personal and professional use, for
example, potential theft of corporate
data, as well as human resources issues,
including harassment, discrimination
and defamation. One of the key ways
to reduce such risks is again by raising
awareness, at all levels in the company, about the
benefits and risks associated with social media.
Oikonomopoulos: Organisations are part of the
social fabric and understanding the environment
where organisations operate has been always
key to their prosperity. The challenge which many
organisations are facing is finding the right balance
between protecting the organisation and supporting
productivity. Information sharing, on a personal
level, keeps us in touch with our friends and in
corporations it promotes productivity and innovation.
However, the risks of data leakage and targeting
employees for impersonation are real. Cyber
espionage remains a key risk for most companies
and available information on social media can be
easily harvested for social engineering attacks.
Trull: It is definitely important for companies
to monitor social media and trends. Commonly,
attackers leverage information shared via social
media to launch their attacks. For example, prior to
sending a phishing email, the attacker can perform
research on social media sites and identify a
company’s leadership and learn significant details
about their business. They can also review the
bios of IT staff and online job postings to identify
the technologies used within the company. If the
company is hiring for a desktop administrator with
Paul Lanois,
Credit Suisse AG
“Ongoing vigilance and preparedness
are the best defences against all kinds
of threats, and training programmes are
key to ensuring that all employees are
able to identify and avoid risks.”
NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
8 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2017
MINI-ROUNDTABLE
significant experience managing a Windows 7
infrastructure then they can be fairly certain that the
malware used must be built to infect that operating
system.
R&C: In your opinion, to what extent
is the growing popularity of mobile
devices, like smart phones, watches and
glasses, affecting cyber risks for
companies? As more and more
devices link to the internet, as
well as corporate networks, what
security issues will arise in the
long term?
Oikonomopoulos: The concept of a
security perimeter becomes more diluted.
The widespread use of mobile devices and
mobile apps creates new conundrums,
making cyber defence on a corporate
and personal level more convoluted.
Most organisations offer apps to their customers.
However, organisations often realise they have very
little control over the mobile devices their customers
are using. Someone could argue, why should they?
The problem is OS vulnerabilities affecting a personal
mobile device could also impact the back-end
environment. There have been real scenarios where
major banks had to deploy code which killed the
apps if the latest Apple patch was not installed on
the customer’s device.
Trull: Many people now intermingle their personal
and corporate personas or lives and expect that to
be allowed by company IT staff. This introduces risk
to corporate data. For example, once data leaves the
corporate network or a managed device, how does
one protect it? Personal devices are also typically
less well managed and more vulnerable to attack. So
these devices can become a pivot point for attackers
if they are compromised and then connected to a
corporate network. And we have also seen Internet
of Things (IoT) and personal devices used in large
scale denial of service attacks aimed at companies.
The strength of these attacks is intensified by the
number of bots or compromised devices harnessed.
Lanois: There is certainly an increased demand
by employees to use their own devices and there
are certainly a number of benefits for employees,
Nassos Oikonomopoulos,
HSBC
“The widespread use of mobile
devices and mobile apps creates new
conundrums, making cyber defence
on a corporate and personal level more
convoluted.”
NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
www.riskandcompliancemagazine.com 9RISK & COMPLIANCE Oct-Dec 2017
MINI-ROUNDTABLE
including improved employee job satisfaction,
overall morale increase, increased job efficiency,
better collaboration with colleagues and increased
flexibility, not to mention potential costs reduction
that comes with bring your own device (BYOD)
policies. However, the proliferation of the number
of mobile devices which are beyond the control of
the company – for example, the devices may not
be patched with the latest security updates and
may be unsecure – and which can be connected
from virtually anywhere, for instance, an employee
connects to the first available public access point he
sees, without knowing anything about it – increase
the risks for companies. If companies do not pay
enough attention to the risks, it may soon become a
‘bring your own disaster’ scenario.
Marguinaud: All these new trendy, connected
mobile devices are part of the IoT. When connected
to corporate networks, they broaden the attack
surface and make it more complex and difficult
to monitor. As we saw with the Target cyber
incident, where the refrigeration system supplied
by a third-party vendor was infiltrated, all systems,
including any connected devices, are vulnerable
and targeted by hackers. Nowadays, a proactive
and comprehensive cyber strategy that includes
IoT and involves all third-party providers is a must.
Companies should keep in mind that their cyber
security is only as strong as their weakest link.
R&C: Does the use of outsourced
services, like cloud processing and
storage, also represent a significant area
of risk?
Trull: The use of cloud processing and storage
needs to be managed but I do not believe it creates
a significant risk to companies. In fact, in some
cases, the use of cloud processing can reduce the
amount of risk for companies. With that said, the
controls to manage cloud processing and storage
are shared between the cloud service provider and
the customer. That needs to be clearly understood
and appropriate controls implemented on both sides
to ensure that the risks are reduced and managed.
Lanois: There is, of course, the risk of
unauthorised access to customer and business data.
A disaster at a cloud provider, such as a malware
infection, could have repercussions on each of its
customers. An issue, such as how to control access
to the data or even who owns the data, may arise.
Companies in regulated industries, such as those
providing healthcare or financial services, have to
comply with specific data security requirements
which they have to consider before moving their
data to the cloud.
Marguinaud: All outsourced service providers
(OSP) are an integral part of a company’s cyber
NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
10 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2017
risk exposure, regardless of the service: payment
processor, cloud solution, cooling system or HR
payroll. If a third party is able to connect to the
company system, it is automatically part of the
equation. Access rights, internal processes, security
levels, monitoring solutions and employees’
awareness and training are some of the key
elements taken into consideration when assessing
cyber risk. We usually recommend parties review
their contractual agreements to see if liability,
rights to audit or duty to comply to security are
included as standard clauses. That said, cloud
processing and storage represent a significant risk
in as much as the data stored and processed could
be vital to the functioning of the
business, or contain sensitive and
confidential information.
Oikonomopoulos: The
argument that your security
is as good as the weakest link
also applies to a company’s
RISK & COMPLIANCE Oct-Dec 201710 www.riskandcompliancemagazine.com
NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING... MINI-ROUNDTABLE
www.riskandcompliancemagazine.com 11RISK & COMPLIANCE Oct-Dec 2017
MINI-ROUNDTABLE
vendors. Even if an organisation has the best cyber
programme in place, its vendors may not have
the resources to keep up with their expectations
or regulatory requirements. This can be a bigger
challenge for local vendors which do not have the
scale to cope. Another challenge is in
certain countries where it is not the norm
for vendors to share detailed information
on their security. The question becomes:
what happens when a vendor refuses
to upgrade its products and incorporate
stronger encryption, SHA-2 or SHA-3, for
example? How does an organisation deal
with such an issue? There is a need for
true corporate sponsorship and leadership
to decide whether to drop a vendor off the
list due to a security vulnerability.
R&C: What practical steps can
companies take to reduce their overall
exposure to technology, social and cyber
related risks?
Oikonomopoulos: Organisations are often
consumed by the reality imposed on them by
cyber risk. Most of the energy and resources go to
tackling the next major vulnerability and protecting
the organisation against a multitude of adversaries,
ranging from rogue states to criminals. If you do
not reserve intellectual capital to think ahead of
adversaries, then unavoidably you will find yourself
on the ‘back foot’, making this battle impossible to
win in the long run. Innovative thinking, and sharing
intel and capabilities with organisations with the
same objectives and threats, are all meaningful
steps to undertake. Define a clear capability model
and determine how much capability you can keep
in-house rather than outsource.
Marguinaud: Companies would do well to
understand their exposure, stay informed and insist
upon their own security standard. By mapping risks,
including threats, vulnerabilities and consequences,
one can get an accurate picture of the cyber
exposure. Security perimeters, data, systems and
interconnections are among the crucial items to
be assessed, quantified and classified on a regular
basis. With the constant evolution of technology
Xavier Marguinaud,
Tokio Marine HCC
“Companies would do well to
understand their exposure, stay
informed and insist upon their own
security standard.”
NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
12 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2017
MINI-ROUNDTABLE
comes the constant need to assess one’s cyber
exposure. Monitoring trends, usage and threats,
especially for any new technologies and processes
that the company may deploy, should be usual
practice. Once a ‘security philosophy’ has been
defined, the company must make sure that all OSPs
follow that standard. Then it is time to get ready and
plan for the worst.
Lanois: Companies need to assess their business
needs and IT infrastructures in order to develop their
own cyber security strategy and framework that fits
with the risk profile of their company. This must be
done before any cyber security strategy can be set
up. There is no such thing as a one-size-fits-all plan.
Instead, the company must identify the range of
threats and types of attack that may lie ahead and
how they could affect the company. Nevertheless,
people are often the weakest link in the security
chain. An organisation may have the most secure
system in the world, but if the employees at the
company have not been educated on best practices
regarding information security, the company would
be an easy target for hackers. It is therefore crucial
to ensure that employees are properly trained in
relation to risks and what they should do.
Trull: Companies need to implement an enterprise
risk management programme. The programme
should include the identification, evaluation and
management of all risks related to the company.
Risks should be documented in a risk register and
appropriate actions taken to keep the impact within
tolerable levels.
R&C: What specific insurance solutions
are available to help companies transfer
such risks? How is the market developing
in terms of coverage levels, policy
exclusions, pricing and so on?
Marguinaud: The insurance market offers a
broad range of solutions for companies interested
in transferring the financial consequences of a
cyber incident, such as notification costs, loss of
revenue, defence costs and damages following a
claim. Some insurers are also providing helpful and
flexible solutions for their clients to access a panel
of experienced experts that help guide the company
and coordinate all related actions during the tumult
of a cyber incident. Finally, some insurance carriers,
unfortunately very few so far, agree to invest in
training and awareness programmes for companies
and their employees, provide proactive and efficient
monitoring solutions and offer post event solutions
that help ensure a similar incident does not happen
again.
Oikonomopoulos: Cyber insurance has been a
fairly recent development as a risk transfer option.
As this area is still evolving, it is not yet clear how
effective those insurance policies are and whether
NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
www.riskandcompliancemagazine.com 13RISK & COMPLIANCE Oct-Dec 2017
MINI-ROUNDTABLE
the premiums can be justified. For example, there
have been recent cases where organisations
entered disputes with insurance providers regarding
whether their claims were legitimate or not.
Insurance policies are drawn by actuaries and in
order to underwrite an insurance policy there is a
heavy dependency on analysis and measuring data.
Organisational exposure to cyber risk has been
opaque as most organisations have not been sharing
information. This is now changing as a result of
government and industry efforts.
Trull: In most cases, commercial insurance
policies that provide general liability coverage
are insufficient to protect a business from many
common cyber risks. Insurance companies offer
special cyber liability policies to address the risk and
damages related to a cyber event. It is important to
understand the type of protection that a company
is buying with cyber insurance. Policies can vary
but will often include liability for security or privacy
breaches, costs associated with breach notification,
and costs associated with restoration from damage
or loss, among others. It is important to specifically
review the policy exceptions in relation to the types
of cyber events most likely to occur within your
business. The most recent trend we have noticed
is an increased focus by insurance companies
on providing coverage for small and medium
businesses. In many cases, insurance companies
are bundling insurance policies with value added
products and services to make them more attractive.
R&C: As technology becomes
increasingly important to businesses,
what advice can you offer on preparing
to deal with new cyber exposures, and
remaining vigilant and proactive in the
face of these threats?
Lanois: Cyber security is only as strong as its
weakest link and hackers are likely to go after the
employees of the company. If the company does not
allocate enough resources to train and increase the
security awareness of its employees, all the time and
money spent to enhance the cyber security system
of the company are useless.
Trull: The key is to ensure that someone within
the company is responsible for assessing risk and
putting controls in place to manage that risk. This
person should also have access to the executive
team and board of directors to provide updates on
the company’s risk posture.
Oikonomopoulos: Being part of the community
is a trend which impacts everybody, so companies
should be ready to share information and also
benefit from the experience of others. Companies
should also embrace technology while sponsoring
a culture of corporate responsibility for executives
NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
14 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2017
MINI-ROUNDTABLE
to make informed decisions. Organisations should
develop talent programmes with pool depth and
work on a retain strategy. Everybody is going after
the good cyber folks, including the bad guys. Last but
not least, do not underestimate the contribution of
the user community. Employees are more tech savvy
than ever before; not only there are more chances
for them to spot an issue, but they may also be part
of the solution.
Marguinaud: Common sense is key. Of course,
companies should integrate new technologies, go
along with new trends and outsource services,
if it makes sense from a business point of view.
However, the cyber exposure related to such
decisions must always be taken into consideration.
Everything comes at a price and companies need,
at least, to be aware of the involved exposures and
potential consequences implied in their choices. RC&
NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
Companies are increasingly vulnerable to a widening range of cyber threats, including
data breach, network interruptions, cyber extortion, as well as third party claims and
regulatory penalties. Our experienced experts have in-depth knowledge about cyber risk
insurance.This allows us to create tailored coverage that guarantees business continuity
and bridges potential gaps between policies effectively.Wherever you are based, our
dedicated team of internationally focused underwriters and claims specialists are ready to
provide an intelligent approach as well as a fast and efficient service worldwide.
The secret behind cyber resilient
businesses and the people who
insure them
Mind over risk:
Tokio Marine HCC is a trading name of HCC Global Financial Products, S.L. (HCC Global), which is a member of the Tokio Marine HCC Group of Companies.
HCC Global- Sole Shareholder Company, ES B-61956629, registered with the Mercantile Registry of Barcelona, volume 31,639, sheet 159, page B-196767 is an exclusive
insurance agency registered with the Spanish General Directorate of Insurance and Pension Funds (Dirección General de Seguros y Fondos de Pensiones) in their Special
Register for Insurance Intermediaries, Reinsurance Brokers and their Senior Posts under the code E0191B61956629. It provides insurance mediation services on behalf of
HCC International Insurance Company plc registered with Companies House of England and Wales No. 01575839 and with registered office at 1 Aldgate, London EC3N 1RE,
UK, operating through its Spanish branch domiciled at Torre Diagonal Mar, Josep Pla 2, planta 10, Barcelona, Spain.
Tokio Marine HCC
Torre Diagonal Mar, Josep Pla 2, Planta 10, 08019 Barcelona, Spain Tel: +34 93 530 7300
Fitzwilliam House, 10 St. Mary Axe, London EC3A 8BF, United Kingdom Tel: +44 (0)20 7648 1300
cyber@tmhcc.com
www.riskandcompliancemagazine.com
risk&
complianceRC&

More Related Content

What's hot

3SIXTY_client_and_prospect_publication
3SIXTY_client_and_prospect_publication3SIXTY_client_and_prospect_publication
3SIXTY_client_and_prospect_publicationGlenn Peake
 
Financier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewFinancier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewMorgan Jones
 
Bridging the cybersecurity culture gap
Bridging the cybersecurity culture gapBridging the cybersecurity culture gap
Bridging the cybersecurity culture gapSherry Jones
 
Siemens_connects_story
Siemens_connects_storySiemens_connects_story
Siemens_connects_storyNatasha Azar
 
Security essentials for CIOs - Navigating the risks and rewards of social media
Security essentials for CIOs - Navigating the risks and rewards of social mediaSecurity essentials for CIOs - Navigating the risks and rewards of social media
Security essentials for CIOs - Navigating the risks and rewards of social mediaJoao Perez
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
The impact of COVID-19 on Digital Transformation
The impact of COVID-19 on Digital TransformationThe impact of COVID-19 on Digital Transformation
The impact of COVID-19 on Digital TransformationGateway Digital UK
 
Microsoft Azure Security Overview - Microsoft - CSS Dallas Azure
Microsoft Azure Security Overview - Microsoft - CSS Dallas AzureMicrosoft Azure Security Overview - Microsoft - CSS Dallas Azure
Microsoft Azure Security Overview - Microsoft - CSS Dallas AzureAlert Logic
 
From Social Media Chaos to Social Business Security - Geneva 2014
From Social Media Chaos to Social Business Security - Geneva 2014From Social Media Chaos to Social Business Security - Geneva 2014
From Social Media Chaos to Social Business Security - Geneva 2014iDIALOGHI
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-SecurityTara Gravel
 
E 060 oil gas cyber security north america
E 060 oil gas cyber security north americaE 060 oil gas cyber security north america
E 060 oil gas cyber security north americaAlia Malick
 
First_and_Last_Line_of_Defense_Final-v2
First_and_Last_Line_of_Defense_Final-v2First_and_Last_Line_of_Defense_Final-v2
First_and_Last_Line_of_Defense_Final-v2Alessandro Gazzini
 
Latin america cyber security market,symantec market share internet security,m...
Latin america cyber security market,symantec market share internet security,m...Latin america cyber security market,symantec market share internet security,m...
Latin america cyber security market,symantec market share internet security,m...Ashish Chauhan
 
12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC SummitTripwire
 
McCourtBooklet_LR (1) (1)
McCourtBooklet_LR (1) (1)McCourtBooklet_LR (1) (1)
McCourtBooklet_LR (1) (1)Mark McCourt
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 

What's hot (17)

3SIXTY_client_and_prospect_publication
3SIXTY_client_and_prospect_publication3SIXTY_client_and_prospect_publication
3SIXTY_client_and_prospect_publication
 
Financier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewFinancier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual review
 
Bridging the cybersecurity culture gap
Bridging the cybersecurity culture gapBridging the cybersecurity culture gap
Bridging the cybersecurity culture gap
 
Siemens_connects_story
Siemens_connects_storySiemens_connects_story
Siemens_connects_story
 
Security essentials for CIOs - Navigating the risks and rewards of social media
Security essentials for CIOs - Navigating the risks and rewards of social mediaSecurity essentials for CIOs - Navigating the risks and rewards of social media
Security essentials for CIOs - Navigating the risks and rewards of social media
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
The impact of COVID-19 on Digital Transformation
The impact of COVID-19 on Digital TransformationThe impact of COVID-19 on Digital Transformation
The impact of COVID-19 on Digital Transformation
 
Microsoft Azure Security Overview - Microsoft - CSS Dallas Azure
Microsoft Azure Security Overview - Microsoft - CSS Dallas AzureMicrosoft Azure Security Overview - Microsoft - CSS Dallas Azure
Microsoft Azure Security Overview - Microsoft - CSS Dallas Azure
 
From Social Media Chaos to Social Business Security - Geneva 2014
From Social Media Chaos to Social Business Security - Geneva 2014From Social Media Chaos to Social Business Security - Geneva 2014
From Social Media Chaos to Social Business Security - Geneva 2014
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-Security
 
E 060 oil gas cyber security north america
E 060 oil gas cyber security north americaE 060 oil gas cyber security north america
E 060 oil gas cyber security north america
 
AGCS: Allianz Risk Barometer 2021
AGCS: Allianz Risk Barometer 2021AGCS: Allianz Risk Barometer 2021
AGCS: Allianz Risk Barometer 2021
 
First_and_Last_Line_of_Defense_Final-v2
First_and_Last_Line_of_Defense_Final-v2First_and_Last_Line_of_Defense_Final-v2
First_and_Last_Line_of_Defense_Final-v2
 
Latin america cyber security market,symantec market share internet security,m...
Latin america cyber security market,symantec market share internet security,m...Latin america cyber security market,symantec market share internet security,m...
Latin america cyber security market,symantec market share internet security,m...
 
12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit
 
McCourtBooklet_LR (1) (1)
McCourtBooklet_LR (1) (1)McCourtBooklet_LR (1) (1)
McCourtBooklet_LR (1) (1)
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LR
 

Similar to TMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-Roundtable

Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOsIBM Security
 
Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!Ludmila Morozova-Buss
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksConstantin Cocioaba
 
The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.Merry D'souza
 
AR - Applying Big Data to Risk Management
AR - Applying Big Data to Risk ManagementAR - Applying Big Data to Risk Management
AR - Applying Big Data to Risk ManagementValentine Seivert
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemBernard Marr
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessibleCharmaine Servado
 
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016rsouthal2003
 
Mobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeMobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeBlackBerry
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperCMR WORLD TECH
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazineBradford Sims
 
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINETopCyberNewsMAGAZINE
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Technology
 
Agenda PWC Cybersecurity Day - 18 octobre 2016
Agenda PWC Cybersecurity Day - 18 octobre 2016Agenda PWC Cybersecurity Day - 18 octobre 2016
Agenda PWC Cybersecurity Day - 18 octobre 2016ITnation Luxembourg
 

Similar to TMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-Roundtable (20)

Ten Security Essentials for CIOs
Ten Security Essentials for CIOsTen Security Essentials for CIOs
Ten Security Essentials for CIOs
 
FutureOfRiskAndInsurance
FutureOfRiskAndInsuranceFutureOfRiskAndInsurance
FutureOfRiskAndInsurance
 
Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!Raise The Cybersecurity Curtain! Be The Voice!
Raise The Cybersecurity Curtain! Be The Voice!
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security Risks
 
The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.The 5 most trusted cyber security companies to watch.
The 5 most trusted cyber security companies to watch.
 
OS17 Brochure
OS17 BrochureOS17 Brochure
OS17 Brochure
 
AR - Applying Big Data to Risk Management
AR - Applying Big Data to Risk ManagementAR - Applying Big Data to Risk Management
AR - Applying Big Data to Risk Management
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
 
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
Forrester-Wave-Digital_Risk_Monitoring-Q3-2016
 
Mobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat LandscapeMobile Security: Preparing for the 2017 Threat Landscape
Mobile Security: Preparing for the 2017 Threat Landscape
 
The Future of Cybersecurity
The Future of CybersecurityThe Future of Cybersecurity
The Future of Cybersecurity
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Trends_in_my_profession(revised)
Trends_in_my_profession(revised)Trends_in_my_profession(revised)
Trends_in_my_profession(revised)
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine
 
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
 
Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...Accenture Security Services: Defending and empowering the resilient digital b...
Accenture Security Services: Defending and empowering the resilient digital b...
 
16231
1623116231
16231
 
Agenda PWC Cybersecurity Day - 18 octobre 2016
Agenda PWC Cybersecurity Day - 18 octobre 2016Agenda PWC Cybersecurity Day - 18 octobre 2016
Agenda PWC Cybersecurity Day - 18 octobre 2016
 

Recently uploaded

trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdfMintel Group
 
Technical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamTechnical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamArik Fletcher
 
Can Same-Day Delivery Disrupt Crowded E-com Market.pdf
Can Same-Day Delivery Disrupt Crowded E-com Market.pdfCan Same-Day Delivery Disrupt Crowded E-com Market.pdf
Can Same-Day Delivery Disrupt Crowded E-com Market.pdfJasper Colin
 
Customizable Contents Restoration Training
Customizable Contents Restoration TrainingCustomizable Contents Restoration Training
Customizable Contents Restoration TrainingCalvinarnold843
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerAggregage
 
Kyryl Truskovskyi: Training and Serving Open-Sourced Foundational Models (UA)
Kyryl Truskovskyi: Training and Serving Open-Sourced Foundational Models (UA)Kyryl Truskovskyi: Training and Serving Open-Sourced Foundational Models (UA)
Kyryl Truskovskyi: Training and Serving Open-Sourced Foundational Models (UA)Lviv Startup Club
 
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...Hector Del Castillo, CPM, CPMM
 
Unveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesUnveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesDoe Paoro
 
digital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingdigital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingrajputmeenakshi733
 
Certificate of Good Standing Ferber Enterprises USA LLC
Certificate of Good Standing Ferber Enterprises USA LLCCertificate of Good Standing Ferber Enterprises USA LLC
Certificate of Good Standing Ferber Enterprises USA LLCFerber Enterprises
 
How to Conduct a Service Gap Analysis for Your Business
How to Conduct a Service Gap Analysis for Your BusinessHow to Conduct a Service Gap Analysis for Your Business
How to Conduct a Service Gap Analysis for Your BusinessHelp Desk Migration
 
Interoperability and ecosystems: Assembling the industrial metaverse
Interoperability and ecosystems:  Assembling the industrial metaverseInteroperability and ecosystems:  Assembling the industrial metaverse
Interoperability and ecosystems: Assembling the industrial metaverseSiemens
 
Neha Jhalani Hiranandani: A Guide to Her Life and Career
Neha Jhalani Hiranandani: A Guide to Her Life and CareerNeha Jhalani Hiranandani: A Guide to Her Life and Career
Neha Jhalani Hiranandani: A Guide to Her Life and Careerr98588472
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckHajeJanKamps
 
Rakhi sets symbolizing the bond of love.pptx
Rakhi sets symbolizing the bond of love.pptxRakhi sets symbolizing the bond of love.pptx
Rakhi sets symbolizing the bond of love.pptxRakhi Bazaar
 
WSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfWSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfJamesConcepcion7
 
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...SOFTTECHHUB
 
decentralized Launchpad providing a safe and transparent fundraising
decentralized Launchpad providing a safe and transparent fundraisingdecentralized Launchpad providing a safe and transparent fundraising
decentralized Launchpad providing a safe and transparent fundraisingrectinajh
 

Recently uploaded (20)

trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdftrending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
trending-flavors-and-ingredients-in-salty-snacks-us-2024_Redacted-V2.pdf
 
Technical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamTechnical Leaders - Working with the Management Team
Technical Leaders - Working with the Management Team
 
Can Same-Day Delivery Disrupt Crowded E-com Market.pdf
Can Same-Day Delivery Disrupt Crowded E-com Market.pdfCan Same-Day Delivery Disrupt Crowded E-com Market.pdf
Can Same-Day Delivery Disrupt Crowded E-com Market.pdf
 
Customizable Contents Restoration Training
Customizable Contents Restoration TrainingCustomizable Contents Restoration Training
Customizable Contents Restoration Training
 
Driving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon HarmerDriving Business Impact for PMs with Jon Harmer
Driving Business Impact for PMs with Jon Harmer
 
WAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdfWAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdf
 
Kyryl Truskovskyi: Training and Serving Open-Sourced Foundational Models (UA)
Kyryl Truskovskyi: Training and Serving Open-Sourced Foundational Models (UA)Kyryl Truskovskyi: Training and Serving Open-Sourced Foundational Models (UA)
Kyryl Truskovskyi: Training and Serving Open-Sourced Foundational Models (UA)
 
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
How Generative AI Is Transforming Your Business | Byond Growth Insights | Apr...
 
Authentically Social - presented by Corey Perlman
Authentically Social - presented by Corey PerlmanAuthentically Social - presented by Corey Perlman
Authentically Social - presented by Corey Perlman
 
Unveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesUnveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic Experiences
 
digital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingdigital marketing , introduction of digital marketing
digital marketing , introduction of digital marketing
 
Certificate of Good Standing Ferber Enterprises USA LLC
Certificate of Good Standing Ferber Enterprises USA LLCCertificate of Good Standing Ferber Enterprises USA LLC
Certificate of Good Standing Ferber Enterprises USA LLC
 
How to Conduct a Service Gap Analysis for Your Business
How to Conduct a Service Gap Analysis for Your BusinessHow to Conduct a Service Gap Analysis for Your Business
How to Conduct a Service Gap Analysis for Your Business
 
Interoperability and ecosystems: Assembling the industrial metaverse
Interoperability and ecosystems:  Assembling the industrial metaverseInteroperability and ecosystems:  Assembling the industrial metaverse
Interoperability and ecosystems: Assembling the industrial metaverse
 
Neha Jhalani Hiranandani: A Guide to Her Life and Career
Neha Jhalani Hiranandani: A Guide to Her Life and CareerNeha Jhalani Hiranandani: A Guide to Her Life and Career
Neha Jhalani Hiranandani: A Guide to Her Life and Career
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deck
 
Rakhi sets symbolizing the bond of love.pptx
Rakhi sets symbolizing the bond of love.pptxRakhi sets symbolizing the bond of love.pptx
Rakhi sets symbolizing the bond of love.pptx
 
WSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfWSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdf
 
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
 
decentralized Launchpad providing a safe and transparent fundraising
decentralized Launchpad providing a safe and transparent fundraisingdecentralized Launchpad providing a safe and transparent fundraising
decentralized Launchpad providing a safe and transparent fundraising
 

TMHCC in Risk & Compliance 2017 Q4 - Cyber Mini-Roundtable

  • 1. JAN-MAR 2014 www.riskandcompliancemagazine.com RCrisk& compliance& Inside this issue: FEATURE The evolving role of the chief risk officer EXPERT FORUM Managing your company’s regulatory exposure HOT TOPIC Data privacy in Europe REPRINTED FROM: RISK & COMPLIANCE MAGAZINE JAN-MAR 2014 ISSUE DATA PRIVACY IN EUROPE www.riskandcompliancemagazine.com Visit the website to request a free copy of the full e-magazine Published by Financier Worldwide Ltd riskandcompliance@financierworldwide.com © 2014 Financier Worldwide Ltd. All rights reserved. R E P R I N T RCrisk& compliance& NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING CYBER EXPOSURES FOR COMPANIES ��������������������������������� ������������ risk& complianceRC& ������������������ ������� ������������������������� ����������������������� ������������ ������������������������������ ��������������������������� ��������� ������������������ �������������������� REPRINTED FROM: RISK & COMPLIANCE MAGAZINE OCT-DEC 2017 ISSUE www.riskandcompliancemagazine.com Visit the website to request a free copy of the full e-magazine Published by Financier Worldwide Ltd riskandcompliance@financierworldwide.com © 2017 Financier Worldwide Ltd. All rights reserved.
  • 2. 2 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2017 MINI-ROUNDTABLE MINI-ROUNDTABLE NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING CYBER EXPOSURES FOR COMPANIES
  • 3. www.riskandcompliancemagazine.com 3RISK & COMPLIANCE Oct-Dec 2017 MINI-ROUNDTABLE PANEL EXPERTS Paul Lanois Vice President, General Counsel Credit Suisse AG Paul Lanois is a global privacy, data protection and information security law expert and is an attorney admitted to the Bars of the District of Columbia, New York and the Supreme Court of the US. He regularly publishes articles on technology law and is frequently invited to speak on such topics. He has spoken at numerous conferences across Europe, the US and Asia. Nassos Oikonomopoulos Head of Technology Controls - Regional Operating Model and Europe HSBC T: +44 (0)20 3268 3179 E: nassos.oikonomopoulos@hsbc.com Nassos Oikonomopoulos has been in global risk and control leadership roles covering 1st, 2nd and 3rd line of defence including a CISO role for the last 18 years working for global banks. He has managed global teams in the UK, North America and Asia and delivered a wide range of high-profile security projects and technology control reviews. Mr Oikonomopoulos has expertise in global IT regulations, information security and risk management in banking. Jonathan C. Trull Chief Cyber Security Adviser Microsoft T: +1 (720) 528 1838 E: jotrull@microsoft.com Jonathan C. Trull leads Microsoft’s team of worldwide chief security advisers in providing thought leadership, strategic direction on the development of Microsoft security products and services, and deep customer and partner engagement around the globe. Mr Trull joined Microsoft in 2016 as an experienced information security executive bringing more than 15 years of public and private sector experience. Xavier Marguinaud Underwriting Manager – Cyber Tokio Marine HCC T: +34 93 530 7439 E: xmarguinaud@tmhcc.com Xavier Marguinaud is underwriting manager – cyber, overseeing and coordinating Tokio Marine HCC’s cyber strategy for EMEA, APAC and LATAM. Previously, he worked at Marsh as New Zealand cyber risk specialty head and as financial lines senior risk advisor as well as cyber product champion in France. He launched his career in the Risk and Insurance department of Publicis Groupe. NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
  • 4. 4 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2017 MINI-ROUNDTABLE R&C: In broad terms, could you explain the extent to which technology and associated cultural trends are increasing companies’ exposure to cyber risk? Do you believe many companies are underestimating their vulnerabilities? Lanois: The rise of social media, the growing popularity of mobile devices, including smartphones, smart watches, smart glasses, tablets and laptops, and the increased use of outsourcing services, such as cloud computing, have expanded the traditional boundaries of a company. Data may now be accessed by employees from anywhere, from any device and through any access points. This means that there are now new entry points for cyber attacks. Companies may not even have full control over their data if the data is stored in the cloud. This has made it increasingly challenging for companies to implement – and manage – consistent access policies to the various corporate resources. Trull: The widespread availability of the internet, cloud technology and mobile devices continue to change the way companies think about threats, design their security programmes and architect their defences. Several cultural trends are contributing to the adoption of these technologies as well. One cultural trend can be referred to as the ‘always on’ or ‘always connected’ culture. People expect to have a personal smart phone or tablet with them at all times and to have access to a wireless network or cellular service so that they can work, play, socialise and shop, among other things. Many people also expect that they will conduct work and personal business on the same device and intermix personal and business data. These technologies and cultural trends can definitely expose companies to new risks. Marguinaud: We can explain the increase of companies’ exposure to cyber risk by the convergence of three recent factors. The first factor is relatively new cultural trends. Behavioural patterns have changed considerably in recent years with Generation X, Millennials and Gen Z. Keeping a public record of one’s life is one of the most resounding consequences of this development. The resulting exposure of personal data makes it easier for hackers to run social engineering campaigns and it can also increase the likelihood of sensitive or confidential corporate data being made public. The second factor is the increasing dependency on digital technology and online communication. Since the early 90s we have witnessed the digitalisation and automation of economies worldwide. Processes are made easier and faster, but are also more exposed, as system centralisation can result in a single point of failure (SPF), which makes attacks simpler for hackers and more paralysing for companies. The third factor is the broadening of the potential attack surface. With the 4th industrial NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
  • 5. www.riskandcompliancemagazine.com 5RISK & COMPLIANCE Oct-Dec 2017 MINI-ROUNDTABLE revolution at our doorstep, more and more devices are interconnected and remotely controlled, which makes it easier for hackers to attack. Although this revolution is already a reality, businesses may underestimate their vulnerabilities. Oikonomopoulos: Emerging technologies, such as distributed ledger technologies, as well as more recent technological developments such as mobile and cloud computing, are revolutionising the corporate landscape and will continue to do so in the future. Further to the impact felt within the organisational boundaries, our whole society has been experiencing the effect of digitisation, with all of us being more interconnected than ever. Social networking has also increased our digital footprint; people are more inclined to share personal information. Particularly for younger generations, this has become the norm, not only in their personal lives but also in the corporate sphere. R&C: What strategies can companies deploy to help them anticipate how new and existing technologies will impact their cyber risk exposure? Trull: It can be difficult for information technology departments to keep abreast of new technologies when they are consumed with day-to-day operations and ‘putting out fires’. I think it is important to designate a person or team that is focused on reviewing new technologies and innovations. This group should be removed from the day-to-day security operations as much as possible. There are several approaches to assessing new technologies for risks, and one of the most effective is to perform threat modelling. Threat modelling allows you to apply a structured evaluation approach, from a hypothetical attacker’s point of view, to identify risks and prioritise remediation efforts. Marguinaud: A good first step would be to set up a comprehensive change management (CM) process that encompasses both risk management and IT security considerations. If evolution is crucial for any company and the use of new technologies Jonathan C. Trull, Microsoft “It can be difficult for information technology departments to keep abreast of new technologies when they are consumed with day-to-day operations and ‘putting out fires’.” NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
  • 6. 6 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2017 MINI-ROUNDTABLE an obvious ‘business accelerator’, assessment of related risks and awareness of newly created exposures is also very important. In terms of specific IT solutions, an isolated test in a ‘sandbox’ environment should always be conducted before deploying any new technologies or updating existing systems, especially if these are critical to the business. These processes are basic and companies should deploy these strategies to limit their cyber risk. Oikonomopoulos: Finding and applying the right strategy depends on the maturity of an organisation’s cyber processes, its level of risk and awareness and its business model. An information- centric strategy would allow for layered defences considering the value of what needs to be protected and would generally fit most organisations. It is not uncommon for organisations operating in a high threat vector environment to strive for a uniform protection approach against the highest security standard. This tends to be the exception and this trend will further reduce over time. Fighting the cyber threat is resource driven and resource intensive, and most organisations need to identify their priorities as they do not have either unlimited funds or the requisite capabilities at their disposal. Lanois: It is, of course, difficult to anticipate the threats of tomorrow. It is not possible to predict all the attacks that may come but it is possible to build in cyber resilience and learn from the past. Ongoing vigilance and preparedness are the best defences against all kinds of threats, and training programmes are key to ensuring that all employees are able to identify and avoid risks. R&C: How important is it for companies to keep a close eye on related social changes, trends and cultural movements? In what ways can the increasing use of social media, for example, translate into cyber risk for businesses? Marguinaud: Technological, societal and cultural monitoring is absolutely necessary for all companies. It not only helps them spot new opportunities and communication channels, but also helps them proactively understand how technologies are being used by customers, competitors, public institutions and of course hackers. Threat analysis surveillance could also be useful to better understand potential threats that a company faces. Regarding social media, sharing personal information in public spaces facilitates social engineering and identity theft, which could result in hackers getting access to company systems and information as if they were employees. This could have devastating consequences ranging from business interruption (BI) and loss of intellectual property (IP) to data breach and third- party claims. NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
  • 7. www.riskandcompliancemagazine.com 7RISK & COMPLIANCE Oct-Dec 2017 MINI-ROUNDTABLE Lanois: Companies should not underestimate the value of social media. Social media platforms have given rise to what has been called ‘stealth marketing’, ‘buzz marketing’ or even ‘undercover marketing’, otherwise known as the reputation management industry. However, a company’s hard- earned reputation or brand may also be tarnished in less than 10 seconds due to an inappropriate tweet or status update on a social media website. Topics to consider include privacy and data protection requirements, intellectual property, content and account ownership – the use of the same social media account for personal and professional use, for example, potential theft of corporate data, as well as human resources issues, including harassment, discrimination and defamation. One of the key ways to reduce such risks is again by raising awareness, at all levels in the company, about the benefits and risks associated with social media. Oikonomopoulos: Organisations are part of the social fabric and understanding the environment where organisations operate has been always key to their prosperity. The challenge which many organisations are facing is finding the right balance between protecting the organisation and supporting productivity. Information sharing, on a personal level, keeps us in touch with our friends and in corporations it promotes productivity and innovation. However, the risks of data leakage and targeting employees for impersonation are real. Cyber espionage remains a key risk for most companies and available information on social media can be easily harvested for social engineering attacks. Trull: It is definitely important for companies to monitor social media and trends. Commonly, attackers leverage information shared via social media to launch their attacks. For example, prior to sending a phishing email, the attacker can perform research on social media sites and identify a company’s leadership and learn significant details about their business. They can also review the bios of IT staff and online job postings to identify the technologies used within the company. If the company is hiring for a desktop administrator with Paul Lanois, Credit Suisse AG “Ongoing vigilance and preparedness are the best defences against all kinds of threats, and training programmes are key to ensuring that all employees are able to identify and avoid risks.” NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
  • 8. 8 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2017 MINI-ROUNDTABLE significant experience managing a Windows 7 infrastructure then they can be fairly certain that the malware used must be built to infect that operating system. R&C: In your opinion, to what extent is the growing popularity of mobile devices, like smart phones, watches and glasses, affecting cyber risks for companies? As more and more devices link to the internet, as well as corporate networks, what security issues will arise in the long term? Oikonomopoulos: The concept of a security perimeter becomes more diluted. The widespread use of mobile devices and mobile apps creates new conundrums, making cyber defence on a corporate and personal level more convoluted. Most organisations offer apps to their customers. However, organisations often realise they have very little control over the mobile devices their customers are using. Someone could argue, why should they? The problem is OS vulnerabilities affecting a personal mobile device could also impact the back-end environment. There have been real scenarios where major banks had to deploy code which killed the apps if the latest Apple patch was not installed on the customer’s device. Trull: Many people now intermingle their personal and corporate personas or lives and expect that to be allowed by company IT staff. This introduces risk to corporate data. For example, once data leaves the corporate network or a managed device, how does one protect it? Personal devices are also typically less well managed and more vulnerable to attack. So these devices can become a pivot point for attackers if they are compromised and then connected to a corporate network. And we have also seen Internet of Things (IoT) and personal devices used in large scale denial of service attacks aimed at companies. The strength of these attacks is intensified by the number of bots or compromised devices harnessed. Lanois: There is certainly an increased demand by employees to use their own devices and there are certainly a number of benefits for employees, Nassos Oikonomopoulos, HSBC “The widespread use of mobile devices and mobile apps creates new conundrums, making cyber defence on a corporate and personal level more convoluted.” NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
  • 9. www.riskandcompliancemagazine.com 9RISK & COMPLIANCE Oct-Dec 2017 MINI-ROUNDTABLE including improved employee job satisfaction, overall morale increase, increased job efficiency, better collaboration with colleagues and increased flexibility, not to mention potential costs reduction that comes with bring your own device (BYOD) policies. However, the proliferation of the number of mobile devices which are beyond the control of the company – for example, the devices may not be patched with the latest security updates and may be unsecure – and which can be connected from virtually anywhere, for instance, an employee connects to the first available public access point he sees, without knowing anything about it – increase the risks for companies. If companies do not pay enough attention to the risks, it may soon become a ‘bring your own disaster’ scenario. Marguinaud: All these new trendy, connected mobile devices are part of the IoT. When connected to corporate networks, they broaden the attack surface and make it more complex and difficult to monitor. As we saw with the Target cyber incident, where the refrigeration system supplied by a third-party vendor was infiltrated, all systems, including any connected devices, are vulnerable and targeted by hackers. Nowadays, a proactive and comprehensive cyber strategy that includes IoT and involves all third-party providers is a must. Companies should keep in mind that their cyber security is only as strong as their weakest link. R&C: Does the use of outsourced services, like cloud processing and storage, also represent a significant area of risk? Trull: The use of cloud processing and storage needs to be managed but I do not believe it creates a significant risk to companies. In fact, in some cases, the use of cloud processing can reduce the amount of risk for companies. With that said, the controls to manage cloud processing and storage are shared between the cloud service provider and the customer. That needs to be clearly understood and appropriate controls implemented on both sides to ensure that the risks are reduced and managed. Lanois: There is, of course, the risk of unauthorised access to customer and business data. A disaster at a cloud provider, such as a malware infection, could have repercussions on each of its customers. An issue, such as how to control access to the data or even who owns the data, may arise. Companies in regulated industries, such as those providing healthcare or financial services, have to comply with specific data security requirements which they have to consider before moving their data to the cloud. Marguinaud: All outsourced service providers (OSP) are an integral part of a company’s cyber NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
  • 10. 10 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2017 risk exposure, regardless of the service: payment processor, cloud solution, cooling system or HR payroll. If a third party is able to connect to the company system, it is automatically part of the equation. Access rights, internal processes, security levels, monitoring solutions and employees’ awareness and training are some of the key elements taken into consideration when assessing cyber risk. We usually recommend parties review their contractual agreements to see if liability, rights to audit or duty to comply to security are included as standard clauses. That said, cloud processing and storage represent a significant risk in as much as the data stored and processed could be vital to the functioning of the business, or contain sensitive and confidential information. Oikonomopoulos: The argument that your security is as good as the weakest link also applies to a company’s RISK & COMPLIANCE Oct-Dec 201710 www.riskandcompliancemagazine.com NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING... MINI-ROUNDTABLE
  • 11. www.riskandcompliancemagazine.com 11RISK & COMPLIANCE Oct-Dec 2017 MINI-ROUNDTABLE vendors. Even if an organisation has the best cyber programme in place, its vendors may not have the resources to keep up with their expectations or regulatory requirements. This can be a bigger challenge for local vendors which do not have the scale to cope. Another challenge is in certain countries where it is not the norm for vendors to share detailed information on their security. The question becomes: what happens when a vendor refuses to upgrade its products and incorporate stronger encryption, SHA-2 or SHA-3, for example? How does an organisation deal with such an issue? There is a need for true corporate sponsorship and leadership to decide whether to drop a vendor off the list due to a security vulnerability. R&C: What practical steps can companies take to reduce their overall exposure to technology, social and cyber related risks? Oikonomopoulos: Organisations are often consumed by the reality imposed on them by cyber risk. Most of the energy and resources go to tackling the next major vulnerability and protecting the organisation against a multitude of adversaries, ranging from rogue states to criminals. If you do not reserve intellectual capital to think ahead of adversaries, then unavoidably you will find yourself on the ‘back foot’, making this battle impossible to win in the long run. Innovative thinking, and sharing intel and capabilities with organisations with the same objectives and threats, are all meaningful steps to undertake. Define a clear capability model and determine how much capability you can keep in-house rather than outsource. Marguinaud: Companies would do well to understand their exposure, stay informed and insist upon their own security standard. By mapping risks, including threats, vulnerabilities and consequences, one can get an accurate picture of the cyber exposure. Security perimeters, data, systems and interconnections are among the crucial items to be assessed, quantified and classified on a regular basis. With the constant evolution of technology Xavier Marguinaud, Tokio Marine HCC “Companies would do well to understand their exposure, stay informed and insist upon their own security standard.” NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
  • 12. 12 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2017 MINI-ROUNDTABLE comes the constant need to assess one’s cyber exposure. Monitoring trends, usage and threats, especially for any new technologies and processes that the company may deploy, should be usual practice. Once a ‘security philosophy’ has been defined, the company must make sure that all OSPs follow that standard. Then it is time to get ready and plan for the worst. Lanois: Companies need to assess their business needs and IT infrastructures in order to develop their own cyber security strategy and framework that fits with the risk profile of their company. This must be done before any cyber security strategy can be set up. There is no such thing as a one-size-fits-all plan. Instead, the company must identify the range of threats and types of attack that may lie ahead and how they could affect the company. Nevertheless, people are often the weakest link in the security chain. An organisation may have the most secure system in the world, but if the employees at the company have not been educated on best practices regarding information security, the company would be an easy target for hackers. It is therefore crucial to ensure that employees are properly trained in relation to risks and what they should do. Trull: Companies need to implement an enterprise risk management programme. The programme should include the identification, evaluation and management of all risks related to the company. Risks should be documented in a risk register and appropriate actions taken to keep the impact within tolerable levels. R&C: What specific insurance solutions are available to help companies transfer such risks? How is the market developing in terms of coverage levels, policy exclusions, pricing and so on? Marguinaud: The insurance market offers a broad range of solutions for companies interested in transferring the financial consequences of a cyber incident, such as notification costs, loss of revenue, defence costs and damages following a claim. Some insurers are also providing helpful and flexible solutions for their clients to access a panel of experienced experts that help guide the company and coordinate all related actions during the tumult of a cyber incident. Finally, some insurance carriers, unfortunately very few so far, agree to invest in training and awareness programmes for companies and their employees, provide proactive and efficient monitoring solutions and offer post event solutions that help ensure a similar incident does not happen again. Oikonomopoulos: Cyber insurance has been a fairly recent development as a risk transfer option. As this area is still evolving, it is not yet clear how effective those insurance policies are and whether NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
  • 13. www.riskandcompliancemagazine.com 13RISK & COMPLIANCE Oct-Dec 2017 MINI-ROUNDTABLE the premiums can be justified. For example, there have been recent cases where organisations entered disputes with insurance providers regarding whether their claims were legitimate or not. Insurance policies are drawn by actuaries and in order to underwrite an insurance policy there is a heavy dependency on analysis and measuring data. Organisational exposure to cyber risk has been opaque as most organisations have not been sharing information. This is now changing as a result of government and industry efforts. Trull: In most cases, commercial insurance policies that provide general liability coverage are insufficient to protect a business from many common cyber risks. Insurance companies offer special cyber liability policies to address the risk and damages related to a cyber event. It is important to understand the type of protection that a company is buying with cyber insurance. Policies can vary but will often include liability for security or privacy breaches, costs associated with breach notification, and costs associated with restoration from damage or loss, among others. It is important to specifically review the policy exceptions in relation to the types of cyber events most likely to occur within your business. The most recent trend we have noticed is an increased focus by insurance companies on providing coverage for small and medium businesses. In many cases, insurance companies are bundling insurance policies with value added products and services to make them more attractive. R&C: As technology becomes increasingly important to businesses, what advice can you offer on preparing to deal with new cyber exposures, and remaining vigilant and proactive in the face of these threats? Lanois: Cyber security is only as strong as its weakest link and hackers are likely to go after the employees of the company. If the company does not allocate enough resources to train and increase the security awareness of its employees, all the time and money spent to enhance the cyber security system of the company are useless. Trull: The key is to ensure that someone within the company is responsible for assessing risk and putting controls in place to manage that risk. This person should also have access to the executive team and board of directors to provide updates on the company’s risk posture. Oikonomopoulos: Being part of the community is a trend which impacts everybody, so companies should be ready to share information and also benefit from the experience of others. Companies should also embrace technology while sponsoring a culture of corporate responsibility for executives NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
  • 14. 14 www.riskandcompliancemagazine.comRISK & COMPLIANCE Oct-Dec 2017 MINI-ROUNDTABLE to make informed decisions. Organisations should develop talent programmes with pool depth and work on a retain strategy. Everybody is going after the good cyber folks, including the bad guys. Last but not least, do not underestimate the contribution of the user community. Employees are more tech savvy than ever before; not only there are more chances for them to spot an issue, but they may also be part of the solution. Marguinaud: Common sense is key. Of course, companies should integrate new technologies, go along with new trends and outsource services, if it makes sense from a business point of view. However, the cyber exposure related to such decisions must always be taken into consideration. Everything comes at a price and companies need, at least, to be aware of the involved exposures and potential consequences implied in their choices. RC& NEW TECHNOLOGIES AND CULTURAL TRENDS INCREASING...
  • 15. Companies are increasingly vulnerable to a widening range of cyber threats, including data breach, network interruptions, cyber extortion, as well as third party claims and regulatory penalties. Our experienced experts have in-depth knowledge about cyber risk insurance.This allows us to create tailored coverage that guarantees business continuity and bridges potential gaps between policies effectively.Wherever you are based, our dedicated team of internationally focused underwriters and claims specialists are ready to provide an intelligent approach as well as a fast and efficient service worldwide. The secret behind cyber resilient businesses and the people who insure them Mind over risk: Tokio Marine HCC is a trading name of HCC Global Financial Products, S.L. (HCC Global), which is a member of the Tokio Marine HCC Group of Companies. HCC Global- Sole Shareholder Company, ES B-61956629, registered with the Mercantile Registry of Barcelona, volume 31,639, sheet 159, page B-196767 is an exclusive insurance agency registered with the Spanish General Directorate of Insurance and Pension Funds (Dirección General de Seguros y Fondos de Pensiones) in their Special Register for Insurance Intermediaries, Reinsurance Brokers and their Senior Posts under the code E0191B61956629. It provides insurance mediation services on behalf of HCC International Insurance Company plc registered with Companies House of England and Wales No. 01575839 and with registered office at 1 Aldgate, London EC3N 1RE, UK, operating through its Spanish branch domiciled at Torre Diagonal Mar, Josep Pla 2, planta 10, Barcelona, Spain. Tokio Marine HCC Torre Diagonal Mar, Josep Pla 2, Planta 10, 08019 Barcelona, Spain Tel: +34 93 530 7300 Fitzwilliam House, 10 St. Mary Axe, London EC3A 8BF, United Kingdom Tel: +44 (0)20 7648 1300 cyber@tmhcc.com