Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Vaš partner za varovanje informacij
Kliknite, če želite urediti slog
Cybersecurity Risk Insurance
Luca Moroni – Via Virtuo...
ISACA VENICE research team coordinator
✔ Research n.1: Vulnerability and Penetration Test. User’s guidelines
about third p...
Cesare Burei and Debora Casalini –
Margas Srl
Ettore Guarnaccia - Banca Popolare di
Vicenza Spa
Marco Cozzi – Hypo Alpe Ba...
Cyber Incident = Loss of Money
Cyber Risk
Allianz Risk Barometer 2016
Cyber Risk Zone Level
The Global Risks Report 2016 11th Edition by the World Economic Forum
• Understand CIO awareness of cyber insurance
• Scenario analysis of cyber exposure
• For what is a Cyber Insurance useful...
Cyber insurance is a single policy or a group of insurance policies
that should cover residual Cyber & Cyber related risks...
I know about
new dangerous
problems!
I Have a full
portfolio of new
products!
MORE INTERESTED
IN CYBERSECURITY
MORE INTERE...
Yes No
Did you ever asked, if existing policies are
covering/excluding cyber risks?
White Paper 2016 Via Virtuosa Srls COP...
Who is asking you to provide Cybersecurity?
White Paper 2016 Via Virtuosa Srls COPYRIGHT protected
Cybersecurity Risk Insu...
Yes No
Have you registered cyber incidents involving
your organization in the last five years?
White Paper 2016 Via Virtuo...
Cause of Loss
Cyber Insurance: Recent Advances, Good Practices and Challenges ENISA November 2016
Adopting standards and measures
Check Controls 27002:2013
About 90% of vulnerabilities highlighted in a Gap Analysis 27001...
Cyber Risk Exposure in NE of Italy
Sample of 70 Companies ranked using “Determining Your Organization’s Information Risk
A...
Ask me only about
ICT please. I’m not
CISO or a RM
Start assessing
your situation
Paul Steven
What's the state of the art ...
I analyse and
know the
problems
together with
the cyber risk
owners
You know your
situation.
GREAT!
Paul Steven
What's the...
How is your situation.
Ask me your question.
Let me try to explain
Cesare
Andrea
Business Case
Ettore
Marco
18 Questions
a...
How and what you
can cover? The
Insurable risks
Damages
Business Interruption
Costs
Third Party requests
Paul Steven
Some ...
IT theft means any kind of intrusion from any third party into
the company IT system, which will bring to the fraudulent a...
Expertise
Cyber Insurance: Recent Advances, Good Practices and Challenges ENISA November 2016
Security is not an investment that
provides profit but loss prevention
• First step is understand the situation
• Define a...
Questions?
Thanks!
l.moroni@viavirtuosa.it
Upcoming SlideShare
Loading in …5
×

INFOSEK 2016 Slovenia - Cyber Risk Insurance - Scenario and Evaluation

285 views

Published on

Too many incidents related to "ransomware" in North East of Itally. Companies needs to understand how to protect themselves and ensure continued access to the digital data. The damage of a cyber incidents exceed the threshold of US $ 25mil. Safe rating of Intangible Assets of a company need enhancement of the cyber risks insurance market. But a weak competence require clarification on this topic. The research intent was to identify the real risks and digital vulnerabilities in companies. We have done an evaluation of typical insurance products on IT risk and we have made a CIO/CISO Survey. The final scope was a guideline for approacing the problem of outsourcing Cyber ​​Risk Protection.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

INFOSEK 2016 Slovenia - Cyber Risk Insurance - Scenario and Evaluation

  1. 1. Vaš partner za varovanje informacij Kliknite, če želite urediti slog Cybersecurity Risk Insurance Luca Moroni – Via Virtuosa INFOSEK 2016 - Nova Goriza – 1/12/2016
  2. 2. ISACA VENICE research team coordinator ✔ Research n.1: Vulnerability and Penetration Test. User’s guidelines about third party penetration test. 
 ✔ Research n.5: Cyber Security Awareness of N/E Italian Critical Infrastructures: Scenarios and Guidelines for self-assessment Member of ISACA VENICE Chapter Translation team ✔ Securing Mobile Devices – ITA Research team coordinator Cybersecurity Risk Insurance Geaduation in Computer Science (1989. Milan), CISA e ITIL V3 certified and other tech certifications Focused on Cybersecurity since 2000 and lecturer in some seminars about this topic Founder of the innovative company Via Virtuosa, which focuses on scouting and promotion of expertises in Cybersecurity and IT governance in NE of Italy. Luca Moroni Who am I
  3. 3. Cesare Burei and Debora Casalini – Margas Srl Ettore Guarnaccia - Banca Popolare di Vicenza Spa Marco Cozzi – Hypo Alpe Bank Spa Andrea Cobelli – Azienda Trasporti Verona Srl Luigi Gregori – Cogitoweb Srl Thanks to a great team in this Research
  4. 4. Cyber Incident = Loss of Money
  5. 5. Cyber Risk Allianz Risk Barometer 2016
  6. 6. Cyber Risk Zone Level The Global Risks Report 2016 11th Edition by the World Economic Forum
  7. 7. • Understand CIO awareness of cyber insurance • Scenario analysis of cyber exposure • For what is a Cyber Insurance useful • Italian market of cyber insurance • CIO testimonials with 3 business cases • Q&A between CIO and Cyber Insurer • Suggest rules for Cyber Insurance requests White Paper objectives … having a Risk Management Approach…
  8. 8. Cyber insurance is a single policy or a group of insurance policies that should cover residual Cyber & Cyber related risks What is a Cyber Risk Insurance Cyber Insurance: Recent Advances, Good Practices and Challenges ENISA November 2016
  9. 9. I know about new dangerous problems! I Have a full portfolio of new products! MORE INTERESTED IN CYBERSECURITY MORE INTERESTED IN COUNTER RESIDUAL RISK Paul Steven Comunication protocol: Insurer vs CIO PROBLEM!
  10. 10. Yes No Did you ever asked, if existing policies are covering/excluding cyber risks? White Paper 2016 Via Virtuosa Srls COPYRIGHT protected Cybersecurity Risk Insurance Survey on 63 companies
  11. 11. Who is asking you to provide Cybersecurity? White Paper 2016 Via Virtuosa Srls COPYRIGHT protected Cybersecurity Risk Insurance Survey on 63 companies
  12. 12. Yes No Have you registered cyber incidents involving your organization in the last five years? White Paper 2016 Via Virtuosa Srls COPYRIGHT protected Cybersecurity Risk Insurance Survey on 63 companies
  13. 13. Cause of Loss Cyber Insurance: Recent Advances, Good Practices and Challenges ENISA November 2016
  14. 14. Adopting standards and measures Check Controls 27002:2013 About 90% of vulnerabilities highlighted in a Gap Analysis 27001 are not residual risk
  15. 15. Cyber Risk Exposure in NE of Italy Sample of 70 Companies ranked using “Determining Your Organization’s Information Risk Assessment and Management” – ENISA Methodology Impact Probabilityof occurrence avoid the risk 30%
  16. 16. Ask me only about ICT please. I’m not CISO or a RM Start assessing your situation Paul Steven What's the state of the art ? 1. Dedicated Resources 2. Policies and Procedures 3. Employee Awareness 4. Incident Response 5. Security Measures 6. Vendor Management 7. Board Oversight Cyber Insurance: Recent Advances, Good Practices and Challenges ENISA November 2016
  17. 17. I analyse and know the problems together with the cyber risk owners You know your situation. GREAT! Paul Steven What's the state of the art 1. Dedicated Resources 2. Policies and Procedures 3. Employee Awareness 4. Incident Response 5. Security Measures 6. Vendor Management 7. Board Oversight Cyber Insurance: Recent Advances, Good Practices and Challenges ENISA November 2016
  18. 18. How is your situation. Ask me your question. Let me try to explain Cesare Andrea Business Case Ettore Marco 18 Questions answered
  19. 19. How and what you can cover? The Insurable risks Damages Business Interruption Costs Third Party requests Paul Steven Some questions
  20. 20. IT theft means any kind of intrusion from any third party into the company IT system, which will bring to the fraudulent and non authorized removal or alteration of data contained in the company IT system itself. Loss from IT theft means the founds illegitimately or erroneously paid by the insured as a direct consequence of an IT theft that are not retrievable or - even though they are juridically retrievable - cannot be retrieved because of an insolvency of the recipient, an impossibility of an effective operation or any other similar reason. Un example of real coverage
  21. 21. Expertise Cyber Insurance: Recent Advances, Good Practices and Challenges ENISA November 2016
  22. 22. Security is not an investment that provides profit but loss prevention • First step is understand the situation • Define a protocols for measure, mitigate and manage cyber risk • About 10% of vulnerabilities highlighted in a Cyber Security Gap Analysis are residual risk • Some critical sectors (eg. Banks) are mature for Cyber Insurance •Also SMB needs to have a financial parachute •Manage Cybersecurity Life cycle reduces residual risk Conclusions
  23. 23. Questions?
  24. 24. Thanks! l.moroni@viavirtuosa.it

×