SlideShare a Scribd company logo

Linking the CISO to the CFO

A
Axio

Our approach to mapping cyber risk to the business by understanding the financial impact

Software
1 of 40
LINKING THE CISO to the CFO
what is your RISK TOLERANCE?
cyber as a PERIL cyber event SCENARIOS uses REAL WORLD Understanding the terms of art Tools to translate between silos Key categories of cyber risk Information theft Property damage Environmental damage Computer systems damage Understanding motivations Risk transfer challenges and optimization Effective controls to minimize the risk
how to measure ANYTHING and DO SOMETHING about it
RISK Sustain Capability Invest in TransferInvest in Capability CYBERSECURITY CAPABILITY 1. Early capability improvements have high payoff in risk reduction 2. Payoff flattens as capability increases 3. Insurance transfers impact and results in a quantum risk reduction 4. Insurers want insureds to be on the flatter part of the capability curve 5. Invest accordingly Risk Reduction Curve
CYBER RISK to FINANCIAL IMPACTS mapping
1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages LOSSES due to CYBER EVENTS
SPECTRUM cyber loss
1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages RESPONSE COSTS LEGAL EXPENSES REVENUE LOSS RESTORING LOST DATA CYBER EXTORTION STOLEN INTELLECTUAL PROPERTY
3rd Party Damages (to others) 1st Party Damages (to your organization) Financial Damages Tangible (Physical) Damages REVENUE LOSS RESTORATION EXPENSE LEGAL EXPENSES CREDIT MONITORING COSTS
Financial Damages Tangible (Physical) Damages 1st Party Damages (to your organization) 3rd Party Damages (to others) MECHANICAL BREAKDOWN PROPERTY DAMAGE ENVIRONMENTAL CLEANUP REVENUE LOSS BODILY INJURY
Financial Damages Tangible (Physical) Damages 1st Party Damages (to your organization) 3rd Party Damages (to others) MECHANICAL BREAKDOWN PROPERTY DAMAGE ENVIRONMENTAL CLEANUP BODILY INJURY
EMERGES a new metric
1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages $ $ $
RISK RESPONSE
ACCEPT 1 TRANSFER 4 MITIGATE 3 TOLERATE 2
1990 2000 2010 EVENTS COVERAGES Ingram Micro v. American Guarantee & Liability CA SB 1386 Breach Notification 45 Other Notification Laws STUXNET NotPetya More robust electronic data exclusions P&C carriers strengthen exclusions, e.g. CL380 P&C carriers rethinking coverage due to NotPetya Cyber coverages begin to appear. Network Business Interruption Information Asset Protection Privacy Breach Liability Coverage Breach Regulatory Event Expense • Introduction of Cyber DIC and P&C Options • Broadening of traditional cyber policies • Introduction of cyber cover into property policies
FRAMEWORK cyber impact
CYBER INSURANCE POLICIES 1st Party Damages 3rd Party Damages Financial Damages Non-Physical Cyber Forensics, Data Restoration, PR, Extortion, & Legal Expenses Excludes Property Damage & Bodily Injury Critical for Protecting Data & Exposure
Non-Physical Cyber Critical for Protecting Data & Exposure PROPERTY POLICIES? CASUALTY POLICIES? Tangible (Physical) Damages CYBER INSURANCE POLICIES 1st Party Damages 3rd Party Damages Financial Damages Emerging Issue in Established Market Market in Flux – Exclusions Being Added to Traditional Covers
Emerging Issue in Established Market Market in Flux – Exclusions Being Added to Traditional Covers PROPERTY POLICIES? CASUALTY POLICIES? Tangible (Physical) Damages CYBER INSURANCE POLICIES 1st Party Damages 3rd Party Damages Financial Damages
Expanding policies into tangible damages Newer Property PoliciesTangible (Physical) Damages 1st Party Damages 3rd Party Damages Financial Damages Property policies are increasingly providing coverage for data, even when there is no real property damage Some cyber insurers – who may not even write commercial Property or Casualty insurance – are extending their cover to tangible damage
BALANCE SHEET re-evaluate your
1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages $ $ $
CYBER INSURANCE examining
MYTH REALITY VS Cyber insurance policies contain stringent requirements relating to security posture. Cyber insurance policies don’t cover ransomware. Cyber insurance policies don’t cover employee actions or errors. If yours has such requirements, you may have purchased the wrong policy. There are multiple types of policies available to cover ransomware losses and payments. Employee sabotage and insider events are readily insurable. Cyber insurance policies only cover notification costs and credit monitoring. Cyber Insurance policies don’t pay. Buying insurance is an admission of failure. …what have we covered today? Stories about claim denials may have been misrepresentations or sensationalized. Would you rather have to beg your CFO for incident response money?
WE’VE COVERED applying what
1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages RESPONSE COSTS LEGAL EXPENSES RESTORING LOST DATA REVENUE LOSS REVENUE LOSS MECHANICAL BREAKDOWN PROPERTY DAMAGE
1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages RESPONSE COSTS LEGAL EXPENSES RESTORING LOST DATA REVENUE LOSS RESTORATION EXPENSE LEGAL EXPENSES CREDIT MONITORING COSTS
UNLOCKED!
DISCLAIMER Axio is a registered trademark of Axio Global, Inc. NO WARRANTY: THIS AXIO GLOBAL MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. AXIO GLOBAL MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. AXIO GLOBAL DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. Internal use: Permission to reproduce this material and to prepare derivative works from this material for use inside your organization is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works. External use: This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for such permission should be directed to info@axio.com. © Axio Global, Inc. All rights reserved. American International Group, Inc. (AIG) is a leading international insurance organization serving customers in more than 130 countries and jurisdictions. AIG companies serve commercial, institutional, and individual customers through one of the most extensive worldwide property-casualty networks of any insurer. In addition, AIG companies are leading providers of life insurance and retirement services in the United States. AIG common stock is listed on the New York Stock Exchange and the Tokyo Stock Exchange. Additional information about AIG can be found at www.aig.com | YouTube: www.youtube.com/aig | Twitter: @AIGInsurance | LinkedIn: http://www.linkedin.com/company/aig AIG is the marketing name for the worldwide property-casualty, life and retirement, and general insurance operations of American International Group, Inc. For additional information, please visit our website at www.aig.com. All products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Products or services may not be available in all countries, and coverage is subject to actual policy language. Non-insurance products and services may be provided by independent third parties. Certain property-casualty coverages may be provided by a surplus lines insurer. Surplus lines insurers do not generally participate in state guaranty funds, and insureds are therefore not protected by such funds. The data contained in this presentation are for general informational purposes only. The advice of a professional insurance broker and counsel should always be obtained before purchasing any insurance product or service. The information contained herein has been compiled from sources believed to be reliable. No warranty, guarantee, or representation, either expressed or implied, is made as to the correctness or sufficiency of any representation contained herein. © American International Group, Inc. All rights reserved.
THANK YOU

Recommended

Mini DHA Webinar
Mini DHA WebinarMini DHA Webinar
Mini DHA WebinarimmixGroup
 
Asset Protection: Coronavirus Recession Risks
Asset Protection: Coronavirus Recession Risks Asset Protection: Coronavirus Recession Risks
Asset Protection: Coronavirus Recession Risks Ike Devji, J.D.
 
Thecavalryisus owasp eee-oct2015_v2
Thecavalryisus owasp eee-oct2015_v2Thecavalryisus owasp eee-oct2015_v2
Thecavalryisus owasp eee-oct2015_v2Aurelijus Stanislovaitis
 
Cyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCheffley White
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015Claus Cramon Houmann
 
Cybersecurity Toolkit
Cybersecurity ToolkitCybersecurity Toolkit
Cybersecurity ToolkitClaranet UK
 
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan
 

Recommended

Mini DHA Webinar
Mini DHA WebinarMini DHA Webinar
Mini DHA WebinarimmixGroup
 
Asset Protection: Coronavirus Recession Risks
Asset Protection: Coronavirus Recession Risks Asset Protection: Coronavirus Recession Risks
Asset Protection: Coronavirus Recession Risks Ike Devji, J.D.
 
Thecavalryisus owasp eee-oct2015_v2
Thecavalryisus owasp eee-oct2015_v2Thecavalryisus owasp eee-oct2015_v2
Thecavalryisus owasp eee-oct2015_v2Aurelijus Stanislovaitis
 
Cyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCheffley White
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015Claus Cramon Houmann
 
Cybersecurity Toolkit
Cybersecurity ToolkitCybersecurity Toolkit
Cybersecurity ToolkitClaranet UK
 
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan
 
Identifing And Controlling Intellectual Property Loss Exposures
Identifing And Controlling Intellectual Property Loss ExposuresIdentifing And Controlling Intellectual Property Loss Exposures
Identifing And Controlling Intellectual Property Loss ExposuresMVeterano
 
Cybersecurity for Dummies
Cybersecurity for DummiesCybersecurity for Dummies
Cybersecurity for DummiesLiberteks
 
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...EC-Council
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
Webcast - TRIA GAO Cyber Threats Report
Webcast - TRIA GAO Cyber Threats ReportWebcast - TRIA GAO Cyber Threats Report
Webcast - TRIA GAO Cyber Threats ReportJasonSchupp1
 
Advanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionAdvanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionMichael Klein
 
Advanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesAdvanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesLiberteks
 
Debunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsuranceDebunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsurancePriyanka Aash
 
Justifying Security Investment
Justifying Security InvestmentJustifying Security Investment
Justifying Security InvestmentJojo Colina
 
SVI Pitchbook
SVI PitchbookSVI Pitchbook
SVI PitchbookSVI2014
 
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Financial Poise
 
TechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinTechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinBrian D. Brown
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)Financial Poise
 
Rcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalRcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalPatrick Florer
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveDawn Yankeelov
 
Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2
Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2
Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2Chris Moody
 
Intermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial RisksIntermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial RisksDavid Chase
 
The 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyThe 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyIBM Security
 
Rcs webinar 1 2011_06_23
Rcs webinar 1 2011_06_23Rcs webinar 1 2011_06_23
Rcs webinar 1 2011_06_23Jeff Bodin
 
Draganfly Deck March 2022
Draganfly Deck March 2022Draganfly Deck March 2022
Draganfly Deck March 2022RedChip Companies, Inc.
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 

More Related Content

Similar to Linking the CISO to the CFO

Identifing And Controlling Intellectual Property Loss Exposures
Identifing And Controlling Intellectual Property Loss ExposuresIdentifing And Controlling Intellectual Property Loss Exposures
Identifing And Controlling Intellectual Property Loss ExposuresMVeterano
 
Cybersecurity for Dummies
Cybersecurity for DummiesCybersecurity for Dummies
Cybersecurity for DummiesLiberteks
 
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...EC-Council
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
Webcast - TRIA GAO Cyber Threats Report
Webcast - TRIA GAO Cyber Threats ReportWebcast - TRIA GAO Cyber Threats Report
Webcast - TRIA GAO Cyber Threats ReportJasonSchupp1
 
Advanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionAdvanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionMichael Klein
 
Advanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesAdvanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesLiberteks
 
Debunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsuranceDebunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsurancePriyanka Aash
 
Justifying Security Investment
Justifying Security InvestmentJustifying Security Investment
Justifying Security InvestmentJojo Colina
 
SVI Pitchbook
SVI PitchbookSVI Pitchbook
SVI PitchbookSVI2014
 
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Financial Poise
 
TechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinTechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinBrian D. Brown
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)Financial Poise
 
Rcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalRcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalPatrick Florer
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveDawn Yankeelov
 
Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2
Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2
Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2Chris Moody
 
Intermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial RisksIntermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial RisksDavid Chase
 
The 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyThe 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyIBM Security
 
Rcs webinar 1 2011_06_23
Rcs webinar 1 2011_06_23Rcs webinar 1 2011_06_23
Rcs webinar 1 2011_06_23Jeff Bodin
 

Similar to Linking the CISO to the CFO (20)

Identifing And Controlling Intellectual Property Loss Exposures
Identifing And Controlling Intellectual Property Loss ExposuresIdentifing And Controlling Intellectual Property Loss Exposures
Identifing And Controlling Intellectual Property Loss Exposures
 
Cybersecurity for Dummies
Cybersecurity for DummiesCybersecurity for Dummies
Cybersecurity for Dummies
 
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
 
Webcast - TRIA GAO Cyber Threats Report
Webcast - TRIA GAO Cyber Threats ReportWebcast - TRIA GAO Cyber Threats Report
Webcast - TRIA GAO Cyber Threats Report
 
Advanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionAdvanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global Edition
 
Advanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesAdvanced Physical Access Control for Dummies
Advanced Physical Access Control for Dummies
 
Debunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsuranceDebunking Myths for Cyber-Insurance
Debunking Myths for Cyber-Insurance
 
Justifying Security Investment
Justifying Security InvestmentJustifying Security Investment
Justifying Security Investment
 
SVI Pitchbook
SVI PitchbookSVI Pitchbook
SVI Pitchbook
 
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
 
TechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinTechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedin
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
 
Rcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalRcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_final
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate Perspective
 
Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2
Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2
Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2
 
Intermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial RisksIntermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial Risks
 
The 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyThe 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach Study
 
Rcs webinar 1 2011_06_23
Rcs webinar 1 2011_06_23Rcs webinar 1 2011_06_23
Rcs webinar 1 2011_06_23
 
Draganfly Deck March 2022
Draganfly Deck March 2022Draganfly Deck March 2022
Draganfly Deck March 2022
 

Recently uploaded

Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Intelisync
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 

Recently uploaded (20)

Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 

Linking the CISO to the CFO

  • 3. cyber as a PERIL cyber event SCENARIOS uses REAL WORLD Understanding the terms of art Tools to translate between silos Key categories of cyber risk Information theft Property damage Environmental damage Computer systems damage Understanding motivations Risk transfer challenges and optimization Effective controls to minimize the risk
  • 4. how to measure ANYTHING and DO SOMETHING about it
  • 5.
  • 6. RISK Sustain Capability Invest in TransferInvest in Capability CYBERSECURITY CAPABILITY 1. Early capability improvements have high payoff in risk reduction 2. Payoff flattens as capability increases 3. Insurance transfers impact and results in a quantum risk reduction 4. Insurers want insureds to be on the flatter part of the capability curve 5. Invest accordingly Risk Reduction Curve
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12. CYBER RISK to FINANCIAL IMPACTS mapping
  • 13. 1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages LOSSES due to CYBER EVENTS
  • 15. 1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages RESPONSE COSTS LEGAL EXPENSES REVENUE LOSS RESTORING LOST DATA CYBER EXTORTION STOLEN INTELLECTUAL PROPERTY
  • 16. 3rd Party Damages (to others) 1st Party Damages (to your organization) Financial Damages Tangible (Physical) Damages REVENUE LOSS RESTORATION EXPENSE LEGAL EXPENSES CREDIT MONITORING COSTS
  • 17. Financial Damages Tangible (Physical) Damages 1st Party Damages (to your organization) 3rd Party Damages (to others) MECHANICAL BREAKDOWN PROPERTY DAMAGE ENVIRONMENTAL CLEANUP REVENUE LOSS BODILY INJURY
  • 18. Financial Damages Tangible (Physical) Damages 1st Party Damages (to your organization) 3rd Party Damages (to others) MECHANICAL BREAKDOWN PROPERTY DAMAGE ENVIRONMENTAL CLEANUP BODILY INJURY
  • 20. 1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages $ $ $
  • 23. 1990 2000 2010 EVENTS COVERAGES Ingram Micro v. American Guarantee & Liability CA SB 1386 Breach Notification 45 Other Notification Laws STUXNET NotPetya More robust electronic data exclusions P&C carriers strengthen exclusions, e.g. CL380 P&C carriers rethinking coverage due to NotPetya Cyber coverages begin to appear. Network Business Interruption Information Asset Protection Privacy Breach Liability Coverage Breach Regulatory Event Expense • Introduction of Cyber DIC and P&C Options • Broadening of traditional cyber policies • Introduction of cyber cover into property policies
  • 25. CYBER INSURANCE POLICIES 1st Party Damages 3rd Party Damages Financial Damages Non-Physical Cyber Forensics, Data Restoration, PR, Extortion, & Legal Expenses Excludes Property Damage & Bodily Injury Critical for Protecting Data & Exposure
  • 26. Non-Physical Cyber Critical for Protecting Data & Exposure PROPERTY POLICIES? CASUALTY POLICIES? Tangible (Physical) Damages CYBER INSURANCE POLICIES 1st Party Damages 3rd Party Damages Financial Damages Emerging Issue in Established Market Market in Flux – Exclusions Being Added to Traditional Covers
  • 27. Emerging Issue in Established Market Market in Flux – Exclusions Being Added to Traditional Covers PROPERTY POLICIES? CASUALTY POLICIES? Tangible (Physical) Damages CYBER INSURANCE POLICIES 1st Party Damages 3rd Party Damages Financial Damages
  • 28. Expanding policies into tangible damages Newer Property PoliciesTangible (Physical) Damages 1st Party Damages 3rd Party Damages Financial Damages Property policies are increasingly providing coverage for data, even when there is no real property damage Some cyber insurers – who may not even write commercial Property or Casualty insurance – are extending their cover to tangible damage
  • 30. 1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages $ $ $
  • 32. MYTH REALITY VS Cyber insurance policies contain stringent requirements relating to security posture. Cyber insurance policies don’t cover ransomware. Cyber insurance policies don’t cover employee actions or errors. If yours has such requirements, you may have purchased the wrong policy. There are multiple types of policies available to cover ransomware losses and payments. Employee sabotage and insider events are readily insurable. Cyber insurance policies only cover notification costs and credit monitoring. Cyber Insurance policies don’t pay. Buying insurance is an admission of failure. …what have we covered today? Stories about claim denials may have been misrepresentations or sensationalized. Would you rather have to beg your CFO for incident response money?
  • 34.
  • 35. 1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages RESPONSE COSTS LEGAL EXPENSES RESTORING LOST DATA REVENUE LOSS REVENUE LOSS MECHANICAL BREAKDOWN PROPERTY DAMAGE
  • 36.
  • 37. 1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages RESPONSE COSTS LEGAL EXPENSES RESTORING LOST DATA REVENUE LOSS RESTORATION EXPENSE LEGAL EXPENSES CREDIT MONITORING COSTS
  • 39. DISCLAIMER Axio is a registered trademark of Axio Global, Inc. NO WARRANTY: THIS AXIO GLOBAL MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. AXIO GLOBAL MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. AXIO GLOBAL DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. Internal use: Permission to reproduce this material and to prepare derivative works from this material for use inside your organization is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works. External use: This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for such permission should be directed to info@axio.com. © Axio Global, Inc. All rights reserved. American International Group, Inc. (AIG) is a leading international insurance organization serving customers in more than 130 countries and jurisdictions. AIG companies serve commercial, institutional, and individual customers through one of the most extensive worldwide property-casualty networks of any insurer. In addition, AIG companies are leading providers of life insurance and retirement services in the United States. AIG common stock is listed on the New York Stock Exchange and the Tokyo Stock Exchange. Additional information about AIG can be found at www.aig.com | YouTube: www.youtube.com/aig | Twitter: @AIGInsurance | LinkedIn: http://www.linkedin.com/company/aig AIG is the marketing name for the worldwide property-casualty, life and retirement, and general insurance operations of American International Group, Inc. For additional information, please visit our website at www.aig.com. All products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Products or services may not be available in all countries, and coverage is subject to actual policy language. Non-insurance products and services may be provided by independent third parties. Certain property-casualty coverages may be provided by a surplus lines insurer. Surplus lines insurers do not generally participate in state guaranty funds, and insureds are therefore not protected by such funds. The data contained in this presentation are for general informational purposes only. The advice of a professional insurance broker and counsel should always be obtained before purchasing any insurance product or service. The information contained herein has been compiled from sources believed to be reliable. No warranty, guarantee, or representation, either expressed or implied, is made as to the correctness or sufficiency of any representation contained herein. © American International Group, Inc. All rights reserved.