SlideShare a Scribd company logo

Richmond reprint 20151106

T
Ted Richmond
1 of 2
Download to read offline
KYTan/shutterstock.com The Demotech Difference Fall 2015 T he global cyber insurance market is currently generating about $2 billion in premium, and has a projected growth to $10 billion in premium by 2020 according to ABI Research. However, less than 6% of small to medium sized enterprises (less than 500 employees) are purchasing cyber insurance. Recently conducted benchmark researchsponsoredbyIBMconcluded that it is more likely a company will have a breach involving 10,000 or fewer records, rather than a mega breach involving more than 100,000 records. With the risk increasing for small to medium sized enterprises, and the small amount purchasing cyber insurance, it is becoming more important for insurers to add some coverage for this risk to their small business package policies. If an insurer is going to add coverage to the commercial policies it is important that they choose a program that will keep their insured in business. According to Sheryl Christenson of Global Institutional Solutions, 60% of businesses never recover from a breach. An insurer needs to look at three main things when developing or choosing a reinsured cyber endorsement for their insured. The first is the coverage, second is Information or “PII”. PII is any information that can be used to determine the identity of a person. Common forms of PII are name, address, phone number, social security number, driver license number, or credit card information. Any of this information can be used to commit identity theft. When a business accepts or stores this information, they are now liable if that information is stolen during a breach. The first cost associated with a data breach is the breach response, and notificationof theaffectedindividuals. This consists of preparing a letter and mailing it to all affected individuals. It also includes setting up a call center, which is usually outsourced, to handle questions related to the breach. The size and scope of the breach is determined by a forensic audit, which is often the first thing required by the state or a regulatory body. The legal requirements differ by state, depending on the size of the breach, and can include the requirement of a press release, a notification in local media, and credit monitoring services for the affected individuals. If a breach of payment card information has occurred, there are potential fines and penalties from the card brands such as VISA and MasterCard, and in some cases mandatory processing equipment upgrades. Regulatory bodies such as Health and Human Services (HHS) or state attorneys general also have the ability to impose fines for HIPAA related breaches of protected health information. These are all forms of first party coverage; however there is also a need for third party coverage. Is Your Cyber Endorsement Enough? By Ted Richmond the limit, and third is the services included through third party vendors. All businesses at some level have sensitive information either on their customers, vendors, employees or all of the above. This information is referred to as Personally Identifiable ...60% of businesses never recover from a data breach. This article first appeared in the Fall 2015 issue of The Demotech Difference, a publication of Demotech, Inc., www.demotech.com
The Demotech Difference Fall 2015 Third party coverage, also referred to as defense coverage, is typically a component of most cyber endorsements and will provide legal defense for claims that arise from affected individuals. A class action lawsuit against the insured is a reality, and should be a component of coverage. New and emerging threats include such actions as funds transfer fraud where a cyber criminal gains access to a business’s online commercial bank account and fraudulently wires funds from the account. A common misconception is that the bank will make the business whole, but under current regulations the bank is not liable for these losses if they provided reasonable security controls. Very few cyber policies, or even endorsements for that matter, are providing coverage here. It may not be a highly publicized risk like a data breach, but it can wipe a business out if they become victim to such an attack. Anothercrucialcomponentofcoverage is employee theft, which should not be excluded.Themajorityofdatabreaches are the result of employee theft due to the ease of access to this data and the possibility of coercion by criminals to steal this information. According to Sheryl Christenson, 85% of breaches are internal. Criminal gangs either implant people into a business or approach existing employees with an opportunity to make easy cash. The costs of a data breach can range dramatically depending on the type of information breached and the size of the breach. The average cost of a breach, according to the Ponemon Institute, is $86.84 per record for breaches between 10,000 and 100,000 records. Notification per affected individual averages $2.50, which includes the call center and credit monitoring for one year according to Sheryl Christenson. A forensic audit according to RGS Limited claims data for a payment card breach averages about $10,000 and the average total cost of a payment card breach is $37,000. Taking a look further into new and emerging risks, the average loss for funds transfer fraud according to Greenway Solutions is $17,000. Having an endorsement for $25,000 may be adequate in some scenarios, but because of these costs it is easy to comprehend the need for a higher limit. Increasing the limit to $50,000 or $100,000 may be worth the modest increase in rates, as the difference may not be significant since the majority of breaches cost less than $50,000. The The average cost of a breach...is $86.84 per record for breaches between 10,000 and 100,000 records. wk1003mike/shutterstock.com cost of a higher limit seems necessary when looking at the exposure it is preventing. In addition to having adequate limits and the correct coverage, an insurer needs to make certain that a business takes the necessary steps to prevent a breach, and respond appropriately in the event of a breach. These steps can greatly reduce the amount of a claim and prevent further damages. Risk mitigation tools that should be in place include a risk assessment that allows a business to evaluate their risk and take the necessary steps to reduce their exposure. Along with evaluating the risk, the business should have specific policies in place for business practices and a response plan in the event of a breach. These services can be added to an endorsement through a third party provider. They will also provide breach response services at a reduced rate to the insurer and be the first line of defense in assisting the prevention of a breach and mitigating risk post breach. If an insured does not have these services it creates additional confusion when a breach does occurs and can leave a business wondering what to do. Commercial insurers have the ability to provide this coverage at a low cost across their small business portfolios, which creates both value for their policies and good will with their customers. However, if they choose to do so, they need to be educated that the risks are covered and the limits are there to support breaches at all of their insured’s business segments. Ted Richmond is Vice President of RGS Limited LLC., developing new products in the area of cyber for insurance companies and financial institutions. He works with both domestic and international insurance markets to provide these programs. He may be reached at ted@royalgroupservices. com. RGS Limited LLC is an insurance program manager specializing in data breach and cyber programs. RGS has launched and managed programs for insurance companies, payment processors, and banks both in the U.S. and internationally.

Recommended

Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
SecurityScorecard_2016_Financial_Report
SecurityScorecard_2016_Financial_ReportSecurityScorecard_2016_Financial_Report
SecurityScorecard_2016_Financial_ReportAlex Himmelberg
 
2016 Finance industry cybersecurity report
2016 Finance industry cybersecurity report2016 Finance industry cybersecurity report
2016 Finance industry cybersecurity reportOwen Bartolome
 
Using Advanced Analytics to Combat P&C Claims Fraud
Using Advanced Analytics to Combat P&C Claims FraudUsing Advanced Analytics to Combat P&C Claims Fraud
Using Advanced Analytics to Combat P&C Claims FraudCognizant
 
Verizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgVerizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgCMR WORLD TECH
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
Data Breach Response Guide (Whitepaper))
Data Breach Response Guide (Whitepaper))Data Breach Response Guide (Whitepaper))
Data Breach Response Guide (Whitepaper))NAFCU Services Corporation
 
CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!topseowebmaster
 

Recommended

Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
SecurityScorecard_2016_Financial_Report
SecurityScorecard_2016_Financial_ReportSecurityScorecard_2016_Financial_Report
SecurityScorecard_2016_Financial_ReportAlex Himmelberg
 
2016 Finance industry cybersecurity report
2016 Finance industry cybersecurity report2016 Finance industry cybersecurity report
2016 Finance industry cybersecurity reportOwen Bartolome
 
Using Advanced Analytics to Combat P&C Claims Fraud
Using Advanced Analytics to Combat P&C Claims FraudUsing Advanced Analytics to Combat P&C Claims Fraud
Using Advanced Analytics to Combat P&C Claims FraudCognizant
 
Verizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgVerizon rp pci report-2015-en_xg
Verizon rp pci report-2015-en_xgCMR WORLD TECH
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousEthan S. Burger
 
Data Breach Response Guide (Whitepaper))
Data Breach Response Guide (Whitepaper))Data Breach Response Guide (Whitepaper))
Data Breach Response Guide (Whitepaper))NAFCU Services Corporation
 
CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!topseowebmaster
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Half the Picture
Half the PictureHalf the Picture
Half the PictureThomas Lee
 
JPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportJPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportDivya Kothari
 
Proactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsProactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsClear Technologies
 
How to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail BankHow to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail BankThomas Lee
 
FRISS_Insurance fraud report 2020
FRISS_Insurance fraud report 2020 FRISS_Insurance fraud report 2020
FRISS_Insurance fraud report 2020 FinTech Belgium
 
Briefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionBriefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionThe Economist Media Businesses
 
The 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party RiskThe 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party RiskElizabeth Dimit
 
The Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk ManagementThe Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk ManagementNeira Jones
 
Cyber Loss Model for the cost of a data breach.
Cyber Loss Model for the cost of a data breach.Cyber Loss Model for the cost of a data breach.
Cyber Loss Model for the cost of a data breach.Thomas Lee
 
IBM Counter Financial Crimes Management
IBM Counter Financial Crimes ManagementIBM Counter Financial Crimes Management
IBM Counter Financial Crimes ManagementVirginia Fernandez
 
Data Security: A field guide for franchisors
Data Security: A field guide for franchisorsData Security: A field guide for franchisors
Data Security: A field guide for franchisorsGrant Thornton LLP
 
Review on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring ToolsReview on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring ToolsNormShield
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityJoan Weber
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability RiskChristopher Rieser
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira Jones
 
Calculating the Real ROI of Implementing a Biometridc Authentic Solution
Calculating the Real ROI of Implementing a Biometridc Authentic SolutionCalculating the Real ROI of Implementing a Biometridc Authentic Solution
Calculating the Real ROI of Implementing a Biometridc Authentic SolutionSamsung SDS America
 
המוסיקה בעידן החדש
המוסיקה בעידן החדשהמוסיקה בעידן החדש
המוסיקה בעידן החדשEyal Daniel
 
Поэзия периода великой отечественной войны
Поэзия периода великой отечественной войныПоэзия периода великой отечественной войны
Поэзия периода великой отечественной войныЕлена Павлова
 
Educación Sexual
Educación Sexual Educación Sexual
Educación Sexual Toto Amadeus Virguez Sanchez
 
Act5 segunda parte
Act5 segunda parteAct5 segunda parte
Act5 segunda parteGustavoAZamarM
 

More Related Content

What's hot

White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
Half the Picture
Half the PictureHalf the Picture
Half the PictureThomas Lee
 
JPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportJPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportDivya Kothari
 
Proactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsProactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsClear Technologies
 
How to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail BankHow to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail BankThomas Lee
 
FRISS_Insurance fraud report 2020
FRISS_Insurance fraud report 2020 FRISS_Insurance fraud report 2020
FRISS_Insurance fraud report 2020 FinTech Belgium
 
Briefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionBriefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionThe Economist Media Businesses
 
The 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party RiskThe 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party RiskElizabeth Dimit
 
The Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk ManagementThe Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk ManagementNeira Jones
 
Cyber Loss Model for the cost of a data breach.
Cyber Loss Model for the cost of a data breach.Cyber Loss Model for the cost of a data breach.
Cyber Loss Model for the cost of a data breach.Thomas Lee
 
IBM Counter Financial Crimes Management
IBM Counter Financial Crimes ManagementIBM Counter Financial Crimes Management
IBM Counter Financial Crimes ManagementVirginia Fernandez
 
Data Security: A field guide for franchisors
Data Security: A field guide for franchisorsData Security: A field guide for franchisors
Data Security: A field guide for franchisorsGrant Thornton LLP
 
Review on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring ToolsReview on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring ToolsNormShield
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityJoan Weber
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira Jones
 
Calculating the Real ROI of Implementing a Biometridc Authentic Solution
Calculating the Real ROI of Implementing a Biometridc Authentic SolutionCalculating the Real ROI of Implementing a Biometridc Authentic Solution
Calculating the Real ROI of Implementing a Biometridc Authentic SolutionSamsung SDS America
 

What's hot (18)

White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
Half the Picture
Half the PictureHalf the Picture
Half the Picture
 
JPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment ReportJPMorgan Chase & Co. -Risk Assessment Report
JPMorgan Chase & Co. -Risk Assessment Report
 
Proactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van SymonsProactive Log Management in Insurance by Van Symons
Proactive Log Management in Insurance by Van Symons
 
How to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail BankHow to Use a Cyber Loss Model within a Retail Bank
How to Use a Cyber Loss Model within a Retail Bank
 
FRISS_Insurance fraud report 2020
FRISS_Insurance fraud report 2020 FRISS_Insurance fraud report 2020
FRISS_Insurance fraud report 2020
 
Briefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimensionBriefing paper: Third-Party Risks: The cyber dimension
Briefing paper: Third-Party Risks: The cyber dimension
 
The 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party RiskThe 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party Risk
 
The Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk ManagementThe Big Picture: Beyond Compliance To Risk Management
The Big Picture: Beyond Compliance To Risk Management
 
Cyber Loss Model for the cost of a data breach.
Cyber Loss Model for the cost of a data breach.Cyber Loss Model for the cost of a data breach.
Cyber Loss Model for the cost of a data breach.
 
IBM Counter Financial Crimes Management
IBM Counter Financial Crimes ManagementIBM Counter Financial Crimes Management
IBM Counter Financial Crimes Management
 
Data Security: A field guide for franchisors
Data Security: A field guide for franchisorsData Security: A field guide for franchisors
Data Security: A field guide for franchisors
 
Review on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring ToolsReview on 3rd-party Cyber Risk Assessment and Scoring Tools
Review on 3rd-party Cyber Risk Assessment and Scoring Tools
 
Corporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber SecurityCorporate Treasurers Focus on Cyber Security
Corporate Treasurers Focus on Cyber Security
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firm
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf ready
 
Calculating the Real ROI of Implementing a Biometridc Authentic Solution
Calculating the Real ROI of Implementing a Biometridc Authentic SolutionCalculating the Real ROI of Implementing a Biometridc Authentic Solution
Calculating the Real ROI of Implementing a Biometridc Authentic Solution
 

Viewers also liked

המוסיקה בעידן החדש
המוסיקה בעידן החדשהמוסיקה בעידן החדש
המוסיקה בעידן החדשEyal Daniel
 
Поэзия периода великой отечественной войны
Поэзия периода великой отечественной войныПоэзия периода великой отечественной войны
Поэзия периода великой отечественной войныЕлена Павлова
 
Building proficiency 365
Building proficiency 365Building proficiency 365
Building proficiency 365eaj67
 
Why do genres change over time
Why do genres change over timeWhy do genres change over time
Why do genres change over timeamyawhittingham
 
LECTIO DIVINA DOMINICAL ILUSTRADO NINOS SEMANA XXXII
LECTIO DIVINA DOMINICAL ILUSTRADO NINOS SEMANA XXXIILECTIO DIVINA DOMINICAL ILUSTRADO NINOS SEMANA XXXII
LECTIO DIVINA DOMINICAL ILUSTRADO NINOS SEMANA XXXIIGladysmorayma Creamer Berrios
 
Szoftverfejlesztés a repülőgépiparban
Szoftverfejlesztés a repülőgépiparbanSzoftverfejlesztés a repülőgépiparban
Szoftverfejlesztés a repülőgépiparbanÁkos Horváth
 
Prezenty dla pracowników i klientów - Kolekcja Lifestyle Premium
Prezenty dla pracowników i klientów - Kolekcja Lifestyle PremiumPrezenty dla pracowników i klientów - Kolekcja Lifestyle Premium
Prezenty dla pracowników i klientów - Kolekcja Lifestyle PremiumExperiago
 
Gestao financeira-para-modelo-de-negocios
Gestao financeira-para-modelo-de-negociosGestao financeira-para-modelo-de-negocios
Gestao financeira-para-modelo-de-negociosRafael Almeida
 
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...Ákos Horváth
 
Compliance specialist compliance analyst resume
Compliance specialist compliance analyst resumeCompliance specialist compliance analyst resume
Compliance specialist compliance analyst resumeJohnnie Mister
 
dmail_07EVERYEVER_12x10'5_fin
dmail_07EVERYEVER_12x10'5_findmail_07EVERYEVER_12x10'5_fin
dmail_07EVERYEVER_12x10'5_finNancy Rogier
 
Bases de datos -exportar a excel
Bases de datos -exportar a excelBases de datos -exportar a excel
Bases de datos -exportar a excelandyparodi
 
Feira de Conhecimento - Plásticos
Feira de Conhecimento - Plásticos Feira de Conhecimento - Plásticos
Feira de Conhecimento - Plásticos karinecosf
 

Viewers also liked (20)

המוסיקה בעידן החדש
המוסיקה בעידן החדשהמוסיקה בעידן החדש
המוסיקה בעידן החדש
 
Поэзия периода великой отечественной войны
Поэзия периода великой отечественной войныПоэзия периода великой отечественной войны
Поэзия периода великой отечественной войны
 
Educación Sexual
Educación Sexual Educación Sexual
Educación Sexual
 
Act5 segunda parte
Act5 segunda parteAct5 segunda parte
Act5 segunda parte
 
Building proficiency 365
Building proficiency 365Building proficiency 365
Building proficiency 365
 
Why do genres change over time
Why do genres change over timeWhy do genres change over time
Why do genres change over time
 
LECTIO DIVINA DOMINICAL ILUSTRADO NINOS SEMANA XXXII
LECTIO DIVINA DOMINICAL ILUSTRADO NINOS SEMANA XXXIILECTIO DIVINA DOMINICAL ILUSTRADO NINOS SEMANA XXXII
LECTIO DIVINA DOMINICAL ILUSTRADO NINOS SEMANA XXXII
 
Szoftverfejlesztés a repülőgépiparban
Szoftverfejlesztés a repülőgépiparbanSzoftverfejlesztés a repülőgépiparban
Szoftverfejlesztés a repülőgépiparban
 
Prezenty dla pracowników i klientów - Kolekcja Lifestyle Premium
Prezenty dla pracowników i klientów - Kolekcja Lifestyle PremiumPrezenty dla pracowników i klientów - Kolekcja Lifestyle Premium
Prezenty dla pracowników i klientów - Kolekcja Lifestyle Premium
 
Gestao financeira-para-modelo-de-negocios
Gestao financeira-para-modelo-de-negociosGestao financeira-para-modelo-de-negocios
Gestao financeira-para-modelo-de-negocios
 
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient H...
 
Fuel economy with new legislation
Fuel economy with new legislationFuel economy with new legislation
Fuel economy with new legislation
 
Compliance specialist compliance analyst resume
Compliance specialist compliance analyst resumeCompliance specialist compliance analyst resume
Compliance specialist compliance analyst resume
 
dmail_07EVERYEVER_12x10'5_fin
dmail_07EVERYEVER_12x10'5_findmail_07EVERYEVER_12x10'5_fin
dmail_07EVERYEVER_12x10'5_fin
 
Bases de datos -exportar a excel
Bases de datos -exportar a excelBases de datos -exportar a excel
Bases de datos -exportar a excel
 
Redes sociales
Redes socialesRedes sociales
Redes sociales
 
Feira de Conhecimento - Plásticos
Feira de Conhecimento - Plásticos Feira de Conhecimento - Plásticos
Feira de Conhecimento - Plásticos
 
Arturo
ArturoArturo
Arturo
 
CV_Connor_Temple
CV_Connor_TempleCV_Connor_Temple
CV_Connor_Temple
 
PtoLinPla
PtoLinPlaPtoLinPla
PtoLinPla
 

Similar to Richmond reprint 20151106

Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Michael C. Keeling, Esq.
 
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditCyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditNationalUnderwriter
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Richard Brzakala
 
Study: Identifying Fraud and Credit Risk in the Smallest of Small Businesses
Study: Identifying Fraud and Credit Risk in the Smallest of Small BusinessesStudy: Identifying Fraud and Credit Risk in the Smallest of Small Businesses
Study: Identifying Fraud and Credit Risk in the Smallest of Small Businessesclaytonroot
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarDon Grauel
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White PaperTodd Ruback
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paperspencerharry
 
Cyber Insurance - What you need to know
Cyber Insurance - What you need to knowCyber Insurance - What you need to know
Cyber Insurance - What you need to knowFitCEO, Inc. (FCI)
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991Jim Romeo
 
Debunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsuranceDebunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsurancePriyanka Aash
 
A Guide To Cyber Insurance
A Guide To Cyber InsuranceA Guide To Cyber Insurance
A Guide To Cyber InsuranceJohn Ryan
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
 
dac-beachcroft-thought-leadership-beating-insurance-fraud
dac-beachcroft-thought-leadership-beating-insurance-frauddac-beachcroft-thought-leadership-beating-insurance-fraud
dac-beachcroft-thought-leadership-beating-insurance-fraudClaire Wright
 
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan
 
Employer 0409
Employer 0409Employer 0409
Employer 0409dgade
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants- Mark - Fullbright
 
Provide a MEMO.docx
Provide a MEMO.docxProvide a MEMO.docx
Provide a MEMO.docxwrite30
 

Similar to Richmond reprint 20151106 (20)

Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditCyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
 
databreach whitepaper
databreach whitepaperdatabreach whitepaper
databreach whitepaper
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
 
Study: Identifying Fraud and Credit Risk in the Smallest of Small Businesses
Study: Identifying Fraud and Credit Risk in the Smallest of Small BusinessesStudy: Identifying Fraud and Credit Risk in the Smallest of Small Businesses
Study: Identifying Fraud and Credit Risk in the Smallest of Small Businesses
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
 
Insurance Fraud Whitepaper
Insurance Fraud WhitepaperInsurance Fraud Whitepaper
Insurance Fraud Whitepaper
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
Cyber Insurance - What you need to know
Cyber Insurance - What you need to knowCyber Insurance - What you need to know
Cyber Insurance - What you need to know
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
 
Debunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsuranceDebunking Myths for Cyber-Insurance
Debunking Myths for Cyber-Insurance
 
A Guide To Cyber Insurance
A Guide To Cyber InsuranceA Guide To Cyber Insurance
A Guide To Cyber Insurance
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
 
dac-beachcroft-thought-leadership-beating-insurance-fraud
dac-beachcroft-thought-leadership-beating-insurance-frauddac-beachcroft-thought-leadership-beating-insurance-fraud
dac-beachcroft-thought-leadership-beating-insurance-fraud
 
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
 
Employer 0409
Employer 0409Employer 0409
Employer 0409
 
Responding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for MerchantsResponding to a Data Breach, Communications Guidelines for Merchants
Responding to a Data Breach, Communications Guidelines for Merchants
 
84017
8401784017
84017
 
Provide a MEMO.docx
Provide a MEMO.docxProvide a MEMO.docx
Provide a MEMO.docx
 

Richmond reprint 20151106

  • 1. KYTan/shutterstock.com The Demotech Difference Fall 2015 T he global cyber insurance market is currently generating about $2 billion in premium, and has a projected growth to $10 billion in premium by 2020 according to ABI Research. However, less than 6% of small to medium sized enterprises (less than 500 employees) are purchasing cyber insurance. Recently conducted benchmark researchsponsoredbyIBMconcluded that it is more likely a company will have a breach involving 10,000 or fewer records, rather than a mega breach involving more than 100,000 records. With the risk increasing for small to medium sized enterprises, and the small amount purchasing cyber insurance, it is becoming more important for insurers to add some coverage for this risk to their small business package policies. If an insurer is going to add coverage to the commercial policies it is important that they choose a program that will keep their insured in business. According to Sheryl Christenson of Global Institutional Solutions, 60% of businesses never recover from a breach. An insurer needs to look at three main things when developing or choosing a reinsured cyber endorsement for their insured. The first is the coverage, second is Information or “PII”. PII is any information that can be used to determine the identity of a person. Common forms of PII are name, address, phone number, social security number, driver license number, or credit card information. Any of this information can be used to commit identity theft. When a business accepts or stores this information, they are now liable if that information is stolen during a breach. The first cost associated with a data breach is the breach response, and notificationof theaffectedindividuals. This consists of preparing a letter and mailing it to all affected individuals. It also includes setting up a call center, which is usually outsourced, to handle questions related to the breach. The size and scope of the breach is determined by a forensic audit, which is often the first thing required by the state or a regulatory body. The legal requirements differ by state, depending on the size of the breach, and can include the requirement of a press release, a notification in local media, and credit monitoring services for the affected individuals. If a breach of payment card information has occurred, there are potential fines and penalties from the card brands such as VISA and MasterCard, and in some cases mandatory processing equipment upgrades. Regulatory bodies such as Health and Human Services (HHS) or state attorneys general also have the ability to impose fines for HIPAA related breaches of protected health information. These are all forms of first party coverage; however there is also a need for third party coverage. Is Your Cyber Endorsement Enough? By Ted Richmond the limit, and third is the services included through third party vendors. All businesses at some level have sensitive information either on their customers, vendors, employees or all of the above. This information is referred to as Personally Identifiable ...60% of businesses never recover from a data breach. This article first appeared in the Fall 2015 issue of The Demotech Difference, a publication of Demotech, Inc., www.demotech.com
  • 2. The Demotech Difference Fall 2015 Third party coverage, also referred to as defense coverage, is typically a component of most cyber endorsements and will provide legal defense for claims that arise from affected individuals. A class action lawsuit against the insured is a reality, and should be a component of coverage. New and emerging threats include such actions as funds transfer fraud where a cyber criminal gains access to a business’s online commercial bank account and fraudulently wires funds from the account. A common misconception is that the bank will make the business whole, but under current regulations the bank is not liable for these losses if they provided reasonable security controls. Very few cyber policies, or even endorsements for that matter, are providing coverage here. It may not be a highly publicized risk like a data breach, but it can wipe a business out if they become victim to such an attack. Anothercrucialcomponentofcoverage is employee theft, which should not be excluded.Themajorityofdatabreaches are the result of employee theft due to the ease of access to this data and the possibility of coercion by criminals to steal this information. According to Sheryl Christenson, 85% of breaches are internal. Criminal gangs either implant people into a business or approach existing employees with an opportunity to make easy cash. The costs of a data breach can range dramatically depending on the type of information breached and the size of the breach. The average cost of a breach, according to the Ponemon Institute, is $86.84 per record for breaches between 10,000 and 100,000 records. Notification per affected individual averages $2.50, which includes the call center and credit monitoring for one year according to Sheryl Christenson. A forensic audit according to RGS Limited claims data for a payment card breach averages about $10,000 and the average total cost of a payment card breach is $37,000. Taking a look further into new and emerging risks, the average loss for funds transfer fraud according to Greenway Solutions is $17,000. Having an endorsement for $25,000 may be adequate in some scenarios, but because of these costs it is easy to comprehend the need for a higher limit. Increasing the limit to $50,000 or $100,000 may be worth the modest increase in rates, as the difference may not be significant since the majority of breaches cost less than $50,000. The The average cost of a breach...is $86.84 per record for breaches between 10,000 and 100,000 records. wk1003mike/shutterstock.com cost of a higher limit seems necessary when looking at the exposure it is preventing. In addition to having adequate limits and the correct coverage, an insurer needs to make certain that a business takes the necessary steps to prevent a breach, and respond appropriately in the event of a breach. These steps can greatly reduce the amount of a claim and prevent further damages. Risk mitigation tools that should be in place include a risk assessment that allows a business to evaluate their risk and take the necessary steps to reduce their exposure. Along with evaluating the risk, the business should have specific policies in place for business practices and a response plan in the event of a breach. These services can be added to an endorsement through a third party provider. They will also provide breach response services at a reduced rate to the insurer and be the first line of defense in assisting the prevention of a breach and mitigating risk post breach. If an insured does not have these services it creates additional confusion when a breach does occurs and can leave a business wondering what to do. Commercial insurers have the ability to provide this coverage at a low cost across their small business portfolios, which creates both value for their policies and good will with their customers. However, if they choose to do so, they need to be educated that the risks are covered and the limits are there to support breaches at all of their insured’s business segments. Ted Richmond is Vice President of RGS Limited LLC., developing new products in the area of cyber for insurance companies and financial institutions. He works with both domestic and international insurance markets to provide these programs. He may be reached at ted@royalgroupservices. com. RGS Limited LLC is an insurance program manager specializing in data breach and cyber programs. RGS has launched and managed programs for insurance companies, payment processors, and banks both in the U.S. and internationally.