Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx

ntxissacsc5

  • Login to see the comments

  • Be the first to like this

Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx

  1. 1. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 The Essentials of Cyber Insurance: A Panel of Industry Experts Patrick Florer Risk Centric Security, Inc. Co-Author: NetDiligence Cyber Claims Report & Ponemon Contributor Mark Knepshield Insurance Broker, Specializing in Cyber McGriff, Seibels & Williams John Southrey Director of Prod. Development, Specializing in Cyber Tex. Med. Liab. Trust Shawn Tuma (Moderator) Cybersecurity & Data Privacy Attorney Scheef & Stone, LLP
  2. 2. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Speakers 2 Patrick Florer CTO and Cofounder Risk Centric Security, Inc. • Information technologist for 38 years • Database designer/statistical analysis in evidence- based medicine for 17 years in parallel • Member, RIM Council (Responsible Information Council), Ponemon Institute, since 2009 • Distinguished Fellow, Ponemon Institute, since 2009 • Co-author and co-analyst of the 2016 & 2017 NetDiligence© Cost of Cyber Claims report (along with Heather Goodnight-Hoffmann)
  3. 3. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Speakers 3 Mark Knepshield Senior Vice President Financial Services Division McGriff, Seibels & Williams, Inc. • Mark specializes in cyber liability insurance placement and claim handling. • Mark assists clients on implementing strategic incident response and breach preparedness plans. • Mark’s experience includes cyber insurance claim workouts on a number of high profile breaches and as well as the expected financial impact to companies. • Mark is a frequent speaker at insurance industry and financial services related events around the country. • McGriff Seibels & Williams, Inc. is a subsidiary of BB&T Insurance Services, the 5th largest insurance brokerage house in the United States.
  4. 4. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Speakers 4 John Southrey, CIC, CRM Director, Product Development & Consulting Services Texas Medical Liability Trust • Over 37 years in insurance industry and is a Certified Insurance Counselor and Certified Risk Manager. • John leads the development and marketing of standalone cyber liability and technology errors & omissions liability insurance for medical-related firms and law firms at TMLT. • TMLT (Texas Medical Liability Trust) (www.tmlt.org) is the largest medical professional liability insurer in Texas. • In 2004, started with TMLT and worked in the Claims dept as claims supervisor, in the Sales department as a Sales Manager. • A prolific writer with many published works.
  5. 5. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Overview • Frequently used insurance terminology • Who are the key players? • Role of cyber insurance in risk mgt? • Why do companies need cyber risk insurance? • What kind of cyber risk coverage is available? • What are specific issues to look for in cyber risk insurance? • What is the process for obtaining cyber risk insurance? • How much coverage do you need? • What is the process for making a claim on your policy? • What are the most common mistakes insureds make? • What are the most common claims costs for items in a breach? • What are the most common things not covered? 5
  6. 6. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Frequently used insurance terminology • CGL – Commercial General Liability insurance • D&O – Directors’ and Officers’ insurance • E&O (PLI/PII) – Errors and Omissions (sometimes called Professional Liability or Professional Indemnity Insurance) • K&R – Kidnap and Ransom • ISO – the Insurance Services Office • Policy • Risk / Peril • Retention • Limits / Sub-limits • Exclusions • Re-insurance 6
  7. 7. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Who are the key players? • The Insured • The Broker / Agent • The Underwriter • The Actuary • The Insurer / Carrier • The ISO – the Insurance Services Office 7
  8. 8. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Role of cyber insurance in risk mgt. In March 2016, the Cybersecurity and Infrastructure Protection Subcommittee (part of the U.S. Department of Homeland Security) at a hearing titled “The Role of Cyber Insurance in Risk Management” noted the following: “The purpose of the hearing was to examine the potential opportunities to promote the adoption of cyber best practices and more effective management of cyber risks through cyber insurance.” https://homeland.house.gov/hearing/the-role-of-cyber-insurance-in-risk-management/ In March 2015, at a U.S. Senate hearing on “Cyber Insurance” it was also noted: “Simply engaging in the process of seeking cyber insurance coverage can assist businesses to develop the correct approach to mitigate risk. Insurance can bring all relevant stakeholders in an organization together, encouraging an enterprise-wide risk management approach.” http://www.propertycasualty360.com/2015/03/20/cyber-insurance-in-the-spotlight-senate-mulling-fe 8
  9. 9. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Why do companies need cyber risk insurance? • Do traditional CGL or other policies usually cover cyber risk or cyber-caused losses? • Are cyber risks usually excluded from non-cyber policies? • Do only big companies, small companies, or “tech” companies need cyber risk coverage? 9
  10. 10. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 What kind of cyber risk coverage is available? • What kind of cyber risk coverage is available? • How expensive is this coverage? 10
  11. 11. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 What kind of cyber risk coverage is available? First-Party Coverages: • Privacy Breach Response Costs • Network Asset Protection • Cyber Extortion & Cyber Terrorism • Cyber Crime • Reputational Harm • Corrective Action Plan Costs Third-Party Coverages: • Multimedia Liability • Security and Privacy Liability • Privacy Regulatory Defense and Fines & Penalties • PCI DSS Liability 11
  12. 12. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 What are specific issues to look for in cyber risk insurance? • Social engineering? • Computer fraud / crime language? • Contractual liability, such as indemnification agreements? • Pre-existing “issues”? 12
  13. 13. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 What is the process for obtaining cyber risk insurance? • What is the process for obtaining cyber risk insurance? • Application / underwriting process • Should IT / infosec be involved to ensure accuracy? • Risk assessments • What do they look like? • Do they impact premiums? • Prior incidents • Do they impact premiums? • Must they be disclosed? • Latest tech tools, services, gimmicks • Do they impact premiums? 13
  14. 14. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 How much coverage do you need? • How much coverage does your company need? • How do you calculate your company’s risk exposure? 14
  15. 15. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 What is the process for making a claim on your policy? • What is the process for making a claim on your policy? • Is this like the first, second, or third call you need to make after discovering an incident? • List of approved panel providers • Attorneys • Forensics • Credit product / notification logistics • Public Relations • Timeliness • Notice • Carrier may not pay for services provided without prior approval • Appoint legal counsel as breach guide • Process • Any input from the insured on who represents them? • Can this be addressed when obtaining coverage, if they have counsel they trust? 15
  16. 16. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 What are the most common mistakes insureds make? • What are the most common mistakes you see insureds make that jeopardizes their coverage? 16
  17. 17. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 What are the most common claims costs for items in a breach? • In an incident, what are the most common claims costs for things such as: • Forensics • Remediation • Public Relations • Notifications / Credit Product / Logistics • Legal 17
  18. 18. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 What are the most common things not covered? • What the most common things that insureds seem to expect would be covered but, in reality, are not covered? • Warranties or exclusions in relating to the Insured’s failure to maintain the security of its computer network in accordance with industry standards or “best practices,” internal policies, and/or regulations. (These exclusions can defeat the purpose of the cyber insurance.) • No coverage for unencrypted mobile devices. • What lessons should this teach them? 18
  19. 19. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 Questions? Patrick Florer CTO and Cofounder Risk Centric Security, Inc. 214.828.1172 (office) 214.850.8539 (cell) www.riskcentricsecurity.com Mark Knepshield Senior Vice President Financial Services Division McGriff Seibels & Williams Direct: 469-232-2126 Mobile: 303-885-5843 John Southrey Director, Product Development & Consulting Texas Medical Liability Trust P.O. Box 160140, Austin, TX 78716-0140 direct: 512-425-5976 | cell: 512-589-4543 www.tmlt.org Shawn Tuma Scheef & Stone, L.L.P. Cybersecurity & Data Privacy Attorney 2600 Network Blvd., #400, Frisco, TX 75034 Direct: 214.472.2135 | Mobile: 214.726.2808 Email: shawn.tuma@solidcounsel.com Blog: www.BusinessCyberRisk.com 19
  20. 20. NTXISSA Cyber Security Conference – November 10-11, 2017 @NTXISSA #NTXISSACSC5 20 Thank you

×