SlideShare a Scribd company logo

Ci2 cyber insurance presentation

Download as PPTX, PDF
E
Ethan S. Burger

This presentation examines to what extent that cyber-insurance can be a useful tool to manage the risks and harms caused by massive cyber-attacks from the national as opposed to enterprise standpoint,

1 of 24
5/19/2018 Institute of World Politics © Proprietary 2017 Santa Clara University May 3, 2018 Cyber Intelligence initiative (Ci2) Ethan S. Burger Institute of World Politics, Washington, D.C.
Institute of World Politics © Proprietary 2017 Can We Avert A Cyber-Insurance Market Crisis? May 3, 2018
Institute of World Politics © Proprietary 2017 . . . . PROBABLY NOT  The “immature” cyber insurance market fails to supply products that a majority of private organizations deem to be worth buying. This situation is unlikely to change in the foreseeable future.  Even those organizations that procure cyber-insurance are likely to ‘discover’ that their policies provide insufficient (e.g., face-values are too low) or inadequate cover (e.g., too many exclusions and reasons for denying claims), forcing these ‘insureds’ to absorb the costs of cyber-attacks on their own.  Many cyber insurance providers and their reinsurers seem to lack sufficient financial assets to cover multiple extreme cyber events, the consequences of which will be felt throughout the insurance industry and the national economy. .˙. As a result, extreme harm from cyber-attack campaigns against the national infrastructure and particular sectors (e.g., financial, energy), locales (e.g., city clusters), relationships (e.g., users of one cloud provider) will have a cascading effect likely to damage supply chains and consumer confidence, ultimately the magnitude of harm will create crises triggering governmental intervention.
Institute of World Politics © Proprietary 2017 Although Officially Agnostic, the Department of Homeland Seems To Promote Cyber-Insurance Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage. A robust cyber-insurance market could reduce the number of successful cyber attacks by: (i) promoting the adoption of preventative measures (good cyberhygiene in return for more coverage; and (ii) encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection.
Institute of World Politics © Proprietary 2017 Can Organizations Achieve Meaningful Cybersecurity’? What metrics to use? Individual organizations? Systemic approach? Cyber Maginot Line?
Institute of World Politics © Proprietary 2017 Threat Maps Highlight the Constancy of Cyber Attacks http://map.norsecorp.com/# https://cybermap.kaspersky.com https://community.blueliv.com/map http://en.blitzortung.org/live_lightning_maps.php https://www.fireeye.com/cuber-map.html http://www.csoonline.com/article/2366962/microsoft-subnet/spellbound-by- maps-tracking-hack-attacks-and-cyber-threats-in-real-time.html
Institute of World Politics © Proprietary 2017 One Cannot Control Collateral Damage (Systemic Risk) Due to Cyber Attacks The Government seeks to protect '.gov' and '.mil' addresses, not 'com.’ (i.e. the rest of us). Former FBI Special Agent Clint Watts paraphrasing former National Security Advisor Tom Bossert; note that White House Cybersecurity Coordinator Robert Joyce also “stepped down last month. What are the implications for proponents of the Active Cyber Defense Certainty Act?
Institute of World Politics © Proprietary 2017 Blackhat USA 2017 Survey: Portrait of an Imminent Cyberthreat  60% of respondents believe that a successful cyber attack on US critical infrastructure will occur in the next 24 months.  69% are very concerned about state-sponsored hacking from countries such as China, Iran, North Korea, and Russia.  31% think it is likely that their organization will have to respond to a major security breach in the next 12 months.  59% fear they don’t have enough staff to meet the threat.  58% believe they don’t have adequate budgets. N = 580 Information Security Professionals
Institute of World Politics © Proprietary 2017 Are Cybersecurity Efforts Ultimately Futile? Exhibit 1: Not Necessarily: Consider the [Not]Petya Wiper Attack: “ “Cyberattack Hits Ukraine Then Spreads Internationally,” New York Times, June 27, 2017.
Institute of World Politics © Proprietary 2017 The Recent Wanna Cry & [Not]Petya Cyber-Attacks  These viruses were propagated without human intervention, but they are not regarded as very sophisticated. Estimated to have caused harm in the low billions of dollars, almost all of which will not be covered by insurance.  Whereas Wanna Cry ransomware was designed for financial gain, NotPetya seems to have been politically driven (attributed by UK and US to Russia( – seeking to maximize harm. Initial attacks against Ukrainian state bodies, it spread to DLA Piper (a U.S. firm), FedEx (U.S. delivery service company), MAERSK (Danish-based shipping company), Merck (U.S, pharmaceutical company), Rosneft (Russian oil company), and many others.  Good cyber-hygiene practices could have prevented infection. Only a minority of the victims carried stand-alone cyber insurance. But the common exclusions for failing to install patches, nation-state attackers, or otherwise failing to follow good cybersecurity practices are likely to prevent recoveries from insurers.
Institute of World Politics © Proprietary 2017 I People Will Always be Susceptible to Social Engineering The Insider Threat Cannot be Controlled Through Vetting & Monitoring “Hacks Raise Fear Over N.S.A.’s Hold on Cyberweapons,” New York Times, June 27, 2017.
Institute of World Politics © Proprietary 2017 I Social Engineering Will Defeat the Best Cybersecurity Systems http://www.cnn.com/2017/07/31/politics/white-house-officials-tricked-by-email-prankster/index.html
Institute of World Politics © Proprietary 2017 Full Disclosure: My Views Have Been Strongly Influenced by: Lloyd’s/Cyence, Counting the cost: Cyber exposure decoded,” Emerging Risks Report 2017 Technology, July 2017 (the Lloyd’s Study); Martin Ering & Jan Hendrick Wirfs, Cyber Insurance: Too Big to Insure, Institute of Insurance Economics, University St. Gallen, 2016, (the ‘IIE Study’); and Sasha Romanosky, et al., Content Analysis of Cyber Insurance Policies: How do carriers write policies and price cyber risk, Rand White Paper (Draft), 2017 (the ‘Rand Study’).
Institute of World Politics © Proprietary 2017 Lloyd’s Study on Insurance Industry’s Cyber Risk  Lloyd’s of London issued a study suggesting that a global cyber-attack could cause harm greater than $53 billion (on average), and possibly as high as $121 billion.  The larger of these sums exceeds the damage caused by any natural disaster in the U.S. since 1980 – excluding Harvey ($125 Billion), Katrina ($105 billion), Maria ($90 Billion), California Fires, and Sandy ($70 billion).  According to Munich Re, in 2017, total insured losses from natural disasters $135 Billion with total losses of $330 Billion (the highest ever was $354 Billion in 2011).
Institute of World Politics © Proprietary 2017 IIE Study’s Key Findings ‘Cyber risks of daily life’ are usually insurable (e.g. data privacy risks). Nonetheless, organizations generally under-insure in cybersecurity. ‘Questionnaire only’ applications are unlikely to result in suitable cyber-insurance policies. Both organizations and the public benefit if the organizations go through the underwriting process. Completing an insurance application is an educational exercise, forcing one to think about cybersecurity, develop written cybersecurity policies, practices, and procedures), discuss cyber issues, inventory assets, preparing plans, etc. Sometimes insureds are afraid of the consequences of making an insurance claim. ‘Extreme Scenarios’ (e.g., a breakdown of the critical infrastructure) are difficult to insure, given the lack of good actuarial data, cumulative risk, and other problems of insurability. These scenarios are extremely likely to materialize in the next ten years. Hence, a two-tier approach might be appropriate: (i) improve insurability for ‘cyber risks of daily life’’ and engage in industry-wide cooperation; and (ii) address ‘extreme scenarios’ to the extent possible (e.g. look towards government programs and sector initiatives).
Institute of World Politics © Proprietary 2017 CYBER INSURANCE MARKET WATCH SURVEY (May 2017) Market Trends 32% of respondents’ clients purchased at least some form of cyber coverage. 27% of respondents’ clients purchased cyber insurance for the first time in the past six months. 44% of respondents’ clients increased their coverage in the past six months. 76% of those with cyber insurance have standalone policies. Pricing Trends $6 MILLION IS THE TYPICAL INSURANCE POLICY LIMIT, BUT POLICIES FOR $300-500 MILLION ARE AVAILABLE. ! ! ! 31% of respondents said premium prices generally decreased over the last six months (SURPRISING Outcome). Underwriting 42% of respondents have seen some tightening of carrier underwriting practices in the last six months. 75% of respondents believe there is adequate clarity as to what is included and excluded under a cyber policy (SURPRISING VIEW ! ! !). 98% of respondents noted that capacity in the market is either plentiful or increasing. Cybersecurity/Cyber Risk 72% of respondents have a strategic approach to marketing and educating clients about cyber risks. 31% of respondents’ clients have an information security program in place, focused on prevention, detection, containment, and response.
Institute of World Politics © Proprietary 2017 Principal Properties of Cyber Risks  Cyber-losses results in both short-tail and long-tail losses.  There are 1st and 3rd Party (i.e., property and liability) losses.  4Pas  Cyber losses are not independent events (correlations between cyber risk).  Cyber insurance market has a small number of providers (≈ 60) and as a percentage of portfolio value .  Human beings are the weakest link (victims of social engineering & negligence)  Uncertainty about data (modeling approaches untested actuarial standards).  Risk of change (historical data is not necessarily a good indicator of the future).  Extreme events are difficult to estimate (low frequency, high severity occurrence).  Insurance coverage limited (high deductibles are common).
Institute of World Politics © Proprietary 2017 Cyber-Insurance Market Place Reality Report for 2018 (Willis Towers Watson, December 2017) 1. “Total annual premiums collected will climb as more companies seek coverage.” 2. It is not clear that “capacity will keep up with rising demand, helping keep rates in check” in light of NY Cybersecurity Requirements for Financial Services Companies & EU General Data Protection Regulations (GDPA) – both will serve as models. 3. “Carriers will scrutinize risks, rewarding those with the most robust cybersecurity programs” allowing them to be more particular about whom them will insure. 4. “Demand for coverage will shift” to Europe and East Asia. 5. Coverage will expand as carriers address gaps in property, general liability and special crime coverage as cyber policies themselves (ransomware, social engineering, terrorism).
Institute of World Politics © Proprietary 2017 1ST PARTY INSURANCE COVERAGE  Loss or Damage to Electronic Data -- cover losses caused by damage, theft, disruption or corruption of data due to covered peril (e.g., hack, virus, or denial of service, but seldom employee error including social engineering such as costs to restore, recover. and reconstruct data).  Loss of Income and/or Extra Expenses -- covers income lost and extra expenses incurred to avoid or minimize a shutdown of business due to a covered peril.  Loss of Property -- covers physical damage to buildings, fixtures, land (e.g., clean-up), or personal property loss.  Cyber Extortion Losses – covers expenses incurred (with the insurers’ consent) due to extortion demand, (e.g., ransomware).  Notification Costs – covers costs of notifying parties mandated by government statutes or regulations (breaches and identity theft), as well as for legal counsel, credit protection services, and call centers).  Other Insurance – damage to reputation (marketing and public relations); crime (various); Fidelity Bonds, terrorism (Terrorism Risk Insurance Act (TRIA)). 3RD PARTY INSURANCE COVERAGE  Network Security Liability -- covers harm due to data breaches or to the inability of others to access data on insureds’ computer systems. There is also cover where the insured’s personnel or IT systems (e.g. as a result of botnets causing harm to another).  Network Privacy Liability -- covers harm based on allegations that insureds failed to properly protect sensitive data stored on their computer systems. The data may belong to customers, clients, employees, and other parties (is “privity” a problem?).  Electronic Media Liability -- covers harm for acts like libel, slander, defamation, copyright infringement, invasion of privacy or domain name infringement (is “publication” an issue?).  Costs Connected to Regulatory Proceedings -- covers damages, defense costs, fines, etc.
Institute of World Politics © Proprietary 2017 Some Common Cyber-Insurance Policy Exclusions  Data taken from paper and similar records.  Employee privacy claims for released data.  Fraud, intentional, and illegal misconduct committed by insured.  Lack of cyber-hygiene (failure to encrypt data or install software updates and security patches).  Mechanical/electronic failure and other acts of God.  Mobile electronic devices (computers, cell phones, etc.).  Nation-states, organized criminal groups, and terrorists (and persons acting on their behalf). Attribution issues will arise, but how is the final coverage decision reached? It will be a costly, inexact process.  Patent, software, copyright infringement.  Prior notice (knowledge, suspicions).  Secondary liability for personal injury & property damage.  Vicarious liability for data breaches by third-party vendors.
Institute of World Politics © Proprietary 2017 Why is the Cyber-Insurance Market Not ‘Mature’?  Insufficient actuarial data to support meaningful underwriting (unlike automobile, home-owner, and maritime insurance). Lack of trust between insurance companies and potential insureds. Are the applications complete and candid? If they are not, insureds will have difficulty collected on claims.  Insurance companies are eager to write cyber-insurance policies to cash in on a new market, albeit with an insufficient understanding of their potential financial exposure due to cumulative risk. As a consequence, there are incentives for insurance companies to find reasons for denying coverage.  Cyber-insurance policies lack standard (and tested) language. Cyber-insurance is not a commodity since it is crafted for the insureds, whose profiles vary considerably. Litigation outcomes are unpredictable.  Key development: Allianz will provide discounted cyber security insurance coverage to customers that use certain Apple devices and Cisco security products. Aon will perform security consulting.
Institute of World Politics © Proprietary 2017 Disquieting Questions About Cyber-Insurance  If the global value of cyber-insurance premiums written is estimated at $3.5bn, but the global cost of cyber-crime exceeds $450bn annually (see Aon chief warns that insurance industry is losing its relevance, FT, 4/25/2018) can the ‘cyber-insurance market’ be viable?  When the cyber-insurance policy is in force, how can insurers be confident that the insureds’ cybersecurity ‘baseline’ are being observed?  Rather than a cyber 9/11 or Pearl Harbor, is the interconnected of the economy and the Internet of Things likely to cause a collapse in consumer and business confidence.
Institute of World Politics © Proprietary 2017 What’s a Government to Do? Federal Government (alone or with National Association Insurance Commissioners) can: 1. Promote through incentives the use of standardized insurance policy provisions and language to promote underwriting standards to strengthen the cyber-insurance market; 2. Create cyber-insurance policy pools; and 3. Establish either federal flood or terrorism-like programs (but Flood Insurance Program is insolvent). Two Obstacles: 1. Lack of political consensus of relevant roles and responsibilities of government (note Flood Insurance Program has a huge deficit). 2. Given problems with the Affordable Care Act, is it realistic to expect the government to take on role of national cyber hygienist?
Institute of World Politics © Proprietary 2017 QUESTIONS CONTACT OUR SPEAKER ETHAN S BURGER AT ethansb@post.harvard.edu

Recommended

The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
HB Litigation Conferences
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance Temp
Rohan Sehgal
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance
Hubbard Insurance Group
 
Managing and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesManaging and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policies
IISPEastMids
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Paige Rasid
 
Cyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and PreparationCyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and Preparation
Eric Reehl
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
Sean Graham
 

Recommended

The Basics of Cyber Insurance
The Basics of Cyber InsuranceThe Basics of Cyber Insurance
The Basics of Cyber Insurance
HB Litigation Conferences
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance Temp
Rohan Sehgal
 
10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance 10 Reasons to buy Cyber Liability Insurance
10 Reasons to buy Cyber Liability Insurance
Hubbard Insurance Group
 
Managing and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policiesManaging and insuring cyber risk - coverage of insurance policies
Managing and insuring cyber risk - coverage of insurance policies
IISPEastMids
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Paige Rasid
 
Cyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and PreparationCyber Liability - Insurance Risk Management and Preparation
Cyber Liability - Insurance Risk Management and Preparation
Eric Reehl
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers
 
CMW Cyber Liability Presentation
CMW Cyber Liability PresentationCMW Cyber Liability Presentation
CMW Cyber Liability Presentation
Sean Graham
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
Christopher Rieser
 
Cyber liaility insurance the basics
Cyber liaility insurance the basicsCyber liaility insurance the basics
Cyber liaility insurance the basics
Chandrasekar Koushik ACII®
 
Cyber Insurance - The Basics
Cyber Insurance - The Basics Cyber Insurance - The Basics
Cyber Insurance - The Basics
Chris Stallard
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Don Grauel
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
This account is closed
 
CS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & FraudCS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & Fraud
Paige Rasid
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
Semir Ibrahimovic
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
HB Litigation Conferences
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
Paul Melson
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of Directors
Abdul-Hakeem Ajijola
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
padler01
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Statewide Insurance Brokers
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity
Dawn Yankeelov
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Government Technology and Services Coalition
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE
Sarah Stogner
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Law
guest8b10a3
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity Regulations
Shawn Tuma
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
Glenn E. Davis
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
SafeNet
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
Shawn Tuma
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Booz Allen Hamilton
 
Contents lists available at ScienceDirectJournal of Accoun
Contents lists available at ScienceDirectJournal of AccounContents lists available at ScienceDirectJournal of Accoun
Contents lists available at ScienceDirectJournal of Accoun
AlleneMcclendon878
 

More Related Content

What's hot

Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
Christopher Rieser
 
Cyber liaility insurance the basics
Cyber liaility insurance the basicsCyber liaility insurance the basics
Cyber liaility insurance the basics
Chandrasekar Koushik ACII®
 
Cyber Insurance - The Basics
Cyber Insurance - The Basics Cyber Insurance - The Basics
Cyber Insurance - The Basics
Chris Stallard
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Don Grauel
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
This account is closed
 
CS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & FraudCS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & Fraud
Paige Rasid
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
Semir Ibrahimovic
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
HB Litigation Conferences
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
Paul Melson
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of Directors
Abdul-Hakeem Ajijola
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
padler01
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Statewide Insurance Brokers
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity
Dawn Yankeelov
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Government Technology and Services Coalition
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE
Sarah Stogner
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Law
guest8b10a3
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity Regulations
Shawn Tuma
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
Glenn E. Davis
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
SafeNet
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
Shawn Tuma
 

What's hot (20)

Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
 
Cyber liaility insurance the basics
Cyber liaility insurance the basicsCyber liaility insurance the basics
Cyber liaility insurance the basics
 
Cyber Insurance - The Basics
Cyber Insurance - The Basics Cyber Insurance - The Basics
Cyber Insurance - The Basics
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
 
CS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & FraudCS3: Cybersecurity Extortion & Fraud
CS3: Cybersecurity Extortion & Fraud
 
Banks and cybersecurity v2
Banks and cybersecurity v2Banks and cybersecurity v2
Banks and cybersecurity v2
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of Directors
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide InsuranceCyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
Cyber Insurance, A Novel of 2017, Q1. By Statewide Insurance
 
Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity Shaping Your Future in Banking Cybersecurity
Shaping Your Future in Banking Cybersecurity
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
 
Cyber Insurance CLE
Cyber Insurance CLE Cyber Insurance CLE
Cyber Insurance CLE
 
Mass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy LawMass 201 CMR 17 Data Privacy Law
Mass 201 CMR 17 Data Privacy Law
 
New York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity RegulationsNew York Department of Financial Services Cybersecurity Regulations
New York Department of Financial Services Cybersecurity Regulations
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 

Similar to Ci2 cyber insurance presentation

Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Booz Allen Hamilton
 
Contents lists available at ScienceDirectJournal of Accoun
Contents lists available at ScienceDirectJournal of AccounContents lists available at ScienceDirectJournal of Accoun
Contents lists available at ScienceDirectJournal of Accoun
AlleneMcclendon878
 
Get Prepared
Get PreparedGet Prepared
Get Prepared
Hewlett Packard Enterprise Business Value Exchange
 
What Building Owners Need to Know About Cyber Security Insurance!
What Building Owners Need to Know About Cyber Security Insurance!What Building Owners Need to Know About Cyber Security Insurance!
What Building Owners Need to Know About Cyber Security Insurance!
Memoori
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Ernst & Young
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
NishantSisodiya
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
CMR WORLD TECH
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
galagirishp
 
Aon Cyber Newsletter v10
Aon Cyber Newsletter v10Aon Cyber Newsletter v10
Aon Cyber Newsletter v10
Graeme Cross
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
Invincea, Inc.
 
RAND_RR573
RAND_RR573RAND_RR573
RAND_RR573
Omar Al-Shahery
 
2017 Data Breach Investigations Report
2017 Data Breach Investigations Report2017 Data Breach Investigations Report
2017 Data Breach Investigations Report
- Mark - Fullbright
 
Cost of Cybercrime Study in Financial Services: 2019 Report
Cost of Cybercrime Study in Financial Services: 2019 ReportCost of Cybercrime Study in Financial Services: 2019 Report
Cost of Cybercrime Study in Financial Services: 2019 Report
accenture
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LR
Bill Besse
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2
Adela Cocic
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
Accenture Insurance
 
2019 Hiscox Cyber Readiness Report
2019 Hiscox Cyber Readiness Report2019 Hiscox Cyber Readiness Report
2019 Hiscox Cyber Readiness Report
Δρ. Γιώργος K. Κασάπης
 
We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020
Matthew Doyle
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
Daren Dunkel
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
Michael Solomon
 

Similar to Ci2 cyber insurance presentation (20)

Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
 
Contents lists available at ScienceDirectJournal of Accoun
Contents lists available at ScienceDirectJournal of AccounContents lists available at ScienceDirectJournal of Accoun
Contents lists available at ScienceDirectJournal of Accoun
 
Get Prepared
Get PreparedGet Prepared
Get Prepared
 
What Building Owners Need to Know About Cyber Security Insurance!
What Building Owners Need to Know About Cyber Security Insurance!What Building Owners Need to Know About Cyber Security Insurance!
What Building Owners Need to Know About Cyber Security Insurance!
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
 
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of CybercrimeCyber Threat Intelligence − How to Get Ahead of Cybercrime
Cyber Threat Intelligence − How to Get Ahead of Cybercrime
 
Security - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaperSecurity - intelligence - maturity-model-ciso-whitepaper
Security - intelligence - maturity-model-ciso-whitepaper
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
 
Aon Cyber Newsletter v10
Aon Cyber Newsletter v10Aon Cyber Newsletter v10
Aon Cyber Newsletter v10
 
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...
 
RAND_RR573
RAND_RR573RAND_RR573
RAND_RR573
 
2017 Data Breach Investigations Report
2017 Data Breach Investigations Report2017 Data Breach Investigations Report
2017 Data Breach Investigations Report
 
Cost of Cybercrime Study in Financial Services: 2019 Report
Cost of Cybercrime Study in Financial Services: 2019 ReportCost of Cybercrime Study in Financial Services: 2019 Report
Cost of Cybercrime Study in Financial Services: 2019 Report
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LR
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
 
2019 Hiscox Cyber Readiness Report
2019 Hiscox Cyber Readiness Report2019 Hiscox Cyber Readiness Report
2019 Hiscox Cyber Readiness Report
 
We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
 

More from Ethan S. Burger

Can We Avert A Cyber-Insurance Market Crisis?
Can We Avert A Cyber-Insurance Market Crisis?Can We Avert A Cyber-Insurance Market Crisis?
Can We Avert A Cyber-Insurance Market Crisis?
Ethan S. Burger
 
2018 april - aba legal construct for understanding adversarial cyber activit...
2018 april - aba legal construct for understanding adversarial cyber activit...2018 april - aba legal construct for understanding adversarial cyber activit...
2018 april - aba legal construct for understanding adversarial cyber activit...
Ethan S. Burger
 
2018 february - gulc symposium -- roc
2018 february - gulc symposium -- roc2018 february - gulc symposium -- roc
2018 february - gulc symposium -- roc
Ethan S. Burger
 
2016 December -- Lithuanian Hybrid War Presentation
2016 December -- Lithuanian Hybrid War Presentation2016 December -- Lithuanian Hybrid War Presentation
2016 December -- Lithuanian Hybrid War Presentation
Ethan S. Burger
 
2016 December -- US, NATO, & The Baltics -- International Security and Cyber[...
2016 December -- US, NATO, & The Baltics -- International Security and Cyber[...2016 December -- US, NATO, & The Baltics -- International Security and Cyber[...
2016 December -- US, NATO, & The Baltics -- International Security and Cyber[...
Ethan S. Burger
 
2016 October 4 -- EHU US Presidential Election
2016 October 4 -- EHU US Presidential Election2016 October 4 -- EHU US Presidential Election
2016 October 4 -- EHU US Presidential ElectionEthan S. Burger
 
2011 -- AUSTRAC Presentation on Russian OCGs
2011 -- AUSTRAC Presentation on Russian OCGs2011 -- AUSTRAC Presentation on Russian OCGs
2011 -- AUSTRAC Presentation on Russian OCGs
Ethan S. Burger
 
2016 -- Ukrainian Presentation -- Final
2016 -- Ukrainian Presentation -- Final2016 -- Ukrainian Presentation -- Final
2016 -- Ukrainian Presentation -- Final
Ethan S. Burger
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Ethan S. Burger
 

More from Ethan S. Burger (9)

Can We Avert A Cyber-Insurance Market Crisis?
Can We Avert A Cyber-Insurance Market Crisis?Can We Avert A Cyber-Insurance Market Crisis?
Can We Avert A Cyber-Insurance Market Crisis?
 
2018 april - aba legal construct for understanding adversarial cyber activit...
2018 april - aba legal construct for understanding adversarial cyber activit...2018 april - aba legal construct for understanding adversarial cyber activit...
2018 april - aba legal construct for understanding adversarial cyber activit...
 
2018 february - gulc symposium -- roc
2018 february - gulc symposium -- roc2018 february - gulc symposium -- roc
2018 february - gulc symposium -- roc
 
2016 December -- Lithuanian Hybrid War Presentation
2016 December -- Lithuanian Hybrid War Presentation2016 December -- Lithuanian Hybrid War Presentation
2016 December -- Lithuanian Hybrid War Presentation
 
2016 December -- US, NATO, & The Baltics -- International Security and Cyber[...
2016 December -- US, NATO, & The Baltics -- International Security and Cyber[...2016 December -- US, NATO, & The Baltics -- International Security and Cyber[...
2016 December -- US, NATO, & The Baltics -- International Security and Cyber[...
 
2016 October 4 -- EHU US Presidential Election
2016 October 4 -- EHU US Presidential Election2016 October 4 -- EHU US Presidential Election
2016 October 4 -- EHU US Presidential Election
 
2011 -- AUSTRAC Presentation on Russian OCGs
2011 -- AUSTRAC Presentation on Russian OCGs2011 -- AUSTRAC Presentation on Russian OCGs
2011 -- AUSTRAC Presentation on Russian OCGs
 
2016 -- Ukrainian Presentation -- Final
2016 -- Ukrainian Presentation -- Final2016 -- Ukrainian Presentation -- Final
2016 -- Ukrainian Presentation -- Final
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
 

Recently uploaded

Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptxPatenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
ssuser559494
 
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
osenwakm
 
The Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdfThe Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdf
veteranlegal
 
fnaf lore.pptx ...................................
fnaf lore.pptx ...................................fnaf lore.pptx ...................................
fnaf lore.pptx ...................................
20jcoello
 
The Work Permit for Self-Employed Persons in Italy
The Work Permit for Self-Employed Persons in ItalyThe Work Permit for Self-Employed Persons in Italy
The Work Permit for Self-Employed Persons in Italy
BridgeWest.eu
 
San Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at SeaSan Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at Sea
Justin Ordoyo
 
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
osenwakm
 
Search Warrants for NH Law Enforcement Officers
Search Warrants for NH Law Enforcement OfficersSearch Warrants for NH Law Enforcement Officers
Search Warrants for NH Law Enforcement Officers
RichardTheberge
 
From Promise to Practice. Implementing AI in Legal Environments
From Promise to Practice. Implementing AI in Legal EnvironmentsFrom Promise to Practice. Implementing AI in Legal Environments
From Promise to Practice. Implementing AI in Legal Environments
ssusera97a2f
 
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Syed Muhammad Humza Hussain
 
The Art and Science of Cryptoforensic Investigation: Best Practices and Tools
The Art and Science of Cryptoforensic Investigation: Best Practices and ToolsThe Art and Science of Cryptoforensic Investigation: Best Practices and Tools
The Art and Science of Cryptoforensic Investigation: Best Practices and Tools
Milind Agarwal
 
Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976
PelayoGilbert
 
Energizing Communities, Fostering Growth, Sustaining Futures
Energizing Communities, Fostering Growth, Sustaining FuturesEnergizing Communities, Fostering Growth, Sustaining Futures
Energizing Communities, Fostering Growth, Sustaining Futures
USDAReapgrants.com
 
Lifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point PresentationLifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point Presentation
seri bangash
 
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
CIkumparan
 
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee
 
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Massimo Talia
 
What are the common challenges faced by women lawyers working in the legal pr...
What are the common challenges faced by women lawyers working in the legal pr...What are the common challenges faced by women lawyers working in the legal pr...
What are the common challenges faced by women lawyers working in the legal pr...
lawyersonia
 
Incometax Compliance_PF_ ESI- June 2024
Incometax Compliance_PF_ ESI- June 2024Incometax Compliance_PF_ ESI- June 2024
Incometax Compliance_PF_ ESI- June 2024
EbizfilingIndia
 
Business Laws Sunita saha
Business Laws Sunita sahaBusiness Laws Sunita saha
Business Laws Sunita saha
sunitasaha5
 

Recently uploaded (20)

Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptxPatenting_Innovations_in_3D_Printing_Prosthetics.pptx
Patenting_Innovations_in_3D_Printing_Prosthetics.pptx
 
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
在线办理(SU毕业证书)美国雪城大学毕业证成绩单一模一样
 
The Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdfThe Future of Criminal Defense Lawyer in India.pdf
The Future of Criminal Defense Lawyer in India.pdf
 
fnaf lore.pptx ...................................
fnaf lore.pptx ...................................fnaf lore.pptx ...................................
fnaf lore.pptx ...................................
 
The Work Permit for Self-Employed Persons in Italy
The Work Permit for Self-Employed Persons in ItalyThe Work Permit for Self-Employed Persons in Italy
The Work Permit for Self-Employed Persons in Italy
 
San Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at SeaSan Remo Manual on International Law Applicable to Armed Conflict at Sea
San Remo Manual on International Law Applicable to Armed Conflict at Sea
 
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
原版制作(PSU毕业证书)宾州州立大学公园分校毕业证学历证书一模一样
 
Search Warrants for NH Law Enforcement Officers
Search Warrants for NH Law Enforcement OfficersSearch Warrants for NH Law Enforcement Officers
Search Warrants for NH Law Enforcement Officers
 
From Promise to Practice. Implementing AI in Legal Environments
From Promise to Practice. Implementing AI in Legal EnvironmentsFrom Promise to Practice. Implementing AI in Legal Environments
From Promise to Practice. Implementing AI in Legal Environments
 
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordina...
 
The Art and Science of Cryptoforensic Investigation: Best Practices and Tools
The Art and Science of Cryptoforensic Investigation: Best Practices and ToolsThe Art and Science of Cryptoforensic Investigation: Best Practices and Tools
The Art and Science of Cryptoforensic Investigation: Best Practices and Tools
 
Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976Ease of Paying Tax Law Republic Act 11976
Ease of Paying Tax Law Republic Act 11976
 
Energizing Communities, Fostering Growth, Sustaining Futures
Energizing Communities, Fostering Growth, Sustaining FuturesEnergizing Communities, Fostering Growth, Sustaining Futures
Energizing Communities, Fostering Growth, Sustaining Futures
 
Lifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point PresentationLifting the Corporate Veil. Power Point Presentation
Lifting the Corporate Veil. Power Point Presentation
 
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
2015pmkemenhub163.pdf. 2015pmkemenhub163.pdf
 
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...
 
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...
 
What are the common challenges faced by women lawyers working in the legal pr...
What are the common challenges faced by women lawyers working in the legal pr...What are the common challenges faced by women lawyers working in the legal pr...
What are the common challenges faced by women lawyers working in the legal pr...
 
Incometax Compliance_PF_ ESI- June 2024
Incometax Compliance_PF_ ESI- June 2024Incometax Compliance_PF_ ESI- June 2024
Incometax Compliance_PF_ ESI- June 2024
 
Business Laws Sunita saha
Business Laws Sunita sahaBusiness Laws Sunita saha
Business Laws Sunita saha
 

Ci2 cyber insurance presentation

  • 1. 5/19/2018 Institute of World Politics © Proprietary 2017 Santa Clara University May 3, 2018 Cyber Intelligence initiative (Ci2) Ethan S. Burger Institute of World Politics, Washington, D.C.
  • 2. Institute of World Politics © Proprietary 2017 Can We Avert A Cyber-Insurance Market Crisis? May 3, 2018
  • 3. Institute of World Politics © Proprietary 2017 . . . . PROBABLY NOT  The “immature” cyber insurance market fails to supply products that a majority of private organizations deem to be worth buying. This situation is unlikely to change in the foreseeable future.  Even those organizations that procure cyber-insurance are likely to ‘discover’ that their policies provide insufficient (e.g., face-values are too low) or inadequate cover (e.g., too many exclusions and reasons for denying claims), forcing these ‘insureds’ to absorb the costs of cyber-attacks on their own.  Many cyber insurance providers and their reinsurers seem to lack sufficient financial assets to cover multiple extreme cyber events, the consequences of which will be felt throughout the insurance industry and the national economy. .˙. As a result, extreme harm from cyber-attack campaigns against the national infrastructure and particular sectors (e.g., financial, energy), locales (e.g., city clusters), relationships (e.g., users of one cloud provider) will have a cascading effect likely to damage supply chains and consumer confidence, ultimately the magnitude of harm will create crises triggering governmental intervention.
  • 4. Institute of World Politics © Proprietary 2017 Although Officially Agnostic, the Department of Homeland Seems To Promote Cyber-Insurance Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage. A robust cyber-insurance market could reduce the number of successful cyber attacks by: (i) promoting the adoption of preventative measures (good cyberhygiene in return for more coverage; and (ii) encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection.
  • 5. Institute of World Politics © Proprietary 2017 Can Organizations Achieve Meaningful Cybersecurity’? What metrics to use? Individual organizations? Systemic approach? Cyber Maginot Line?
  • 6. Institute of World Politics © Proprietary 2017 Threat Maps Highlight the Constancy of Cyber Attacks http://map.norsecorp.com/# https://cybermap.kaspersky.com https://community.blueliv.com/map http://en.blitzortung.org/live_lightning_maps.php https://www.fireeye.com/cuber-map.html http://www.csoonline.com/article/2366962/microsoft-subnet/spellbound-by- maps-tracking-hack-attacks-and-cyber-threats-in-real-time.html
  • 7. Institute of World Politics © Proprietary 2017 One Cannot Control Collateral Damage (Systemic Risk) Due to Cyber Attacks The Government seeks to protect '.gov' and '.mil' addresses, not 'com.’ (i.e. the rest of us). Former FBI Special Agent Clint Watts paraphrasing former National Security Advisor Tom Bossert; note that White House Cybersecurity Coordinator Robert Joyce also “stepped down last month. What are the implications for proponents of the Active Cyber Defense Certainty Act?
  • 8. Institute of World Politics © Proprietary 2017 Blackhat USA 2017 Survey: Portrait of an Imminent Cyberthreat  60% of respondents believe that a successful cyber attack on US critical infrastructure will occur in the next 24 months.  69% are very concerned about state-sponsored hacking from countries such as China, Iran, North Korea, and Russia.  31% think it is likely that their organization will have to respond to a major security breach in the next 12 months.  59% fear they don’t have enough staff to meet the threat.  58% believe they don’t have adequate budgets. N = 580 Information Security Professionals
  • 9. Institute of World Politics © Proprietary 2017 Are Cybersecurity Efforts Ultimately Futile? Exhibit 1: Not Necessarily: Consider the [Not]Petya Wiper Attack: “ “Cyberattack Hits Ukraine Then Spreads Internationally,” New York Times, June 27, 2017.
  • 10. Institute of World Politics © Proprietary 2017 The Recent Wanna Cry & [Not]Petya Cyber-Attacks  These viruses were propagated without human intervention, but they are not regarded as very sophisticated. Estimated to have caused harm in the low billions of dollars, almost all of which will not be covered by insurance.  Whereas Wanna Cry ransomware was designed for financial gain, NotPetya seems to have been politically driven (attributed by UK and US to Russia( – seeking to maximize harm. Initial attacks against Ukrainian state bodies, it spread to DLA Piper (a U.S. firm), FedEx (U.S. delivery service company), MAERSK (Danish-based shipping company), Merck (U.S, pharmaceutical company), Rosneft (Russian oil company), and many others.  Good cyber-hygiene practices could have prevented infection. Only a minority of the victims carried stand-alone cyber insurance. But the common exclusions for failing to install patches, nation-state attackers, or otherwise failing to follow good cybersecurity practices are likely to prevent recoveries from insurers.
  • 11. Institute of World Politics © Proprietary 2017 I People Will Always be Susceptible to Social Engineering The Insider Threat Cannot be Controlled Through Vetting & Monitoring “Hacks Raise Fear Over N.S.A.’s Hold on Cyberweapons,” New York Times, June 27, 2017.
  • 12. Institute of World Politics © Proprietary 2017 I Social Engineering Will Defeat the Best Cybersecurity Systems http://www.cnn.com/2017/07/31/politics/white-house-officials-tricked-by-email-prankster/index.html
  • 13. Institute of World Politics © Proprietary 2017 Full Disclosure: My Views Have Been Strongly Influenced by: Lloyd’s/Cyence, Counting the cost: Cyber exposure decoded,” Emerging Risks Report 2017 Technology, July 2017 (the Lloyd’s Study); Martin Ering & Jan Hendrick Wirfs, Cyber Insurance: Too Big to Insure, Institute of Insurance Economics, University St. Gallen, 2016, (the ‘IIE Study’); and Sasha Romanosky, et al., Content Analysis of Cyber Insurance Policies: How do carriers write policies and price cyber risk, Rand White Paper (Draft), 2017 (the ‘Rand Study’).
  • 14. Institute of World Politics © Proprietary 2017 Lloyd’s Study on Insurance Industry’s Cyber Risk  Lloyd’s of London issued a study suggesting that a global cyber-attack could cause harm greater than $53 billion (on average), and possibly as high as $121 billion.  The larger of these sums exceeds the damage caused by any natural disaster in the U.S. since 1980 – excluding Harvey ($125 Billion), Katrina ($105 billion), Maria ($90 Billion), California Fires, and Sandy ($70 billion).  According to Munich Re, in 2017, total insured losses from natural disasters $135 Billion with total losses of $330 Billion (the highest ever was $354 Billion in 2011).
  • 15. Institute of World Politics © Proprietary 2017 IIE Study’s Key Findings ‘Cyber risks of daily life’ are usually insurable (e.g. data privacy risks). Nonetheless, organizations generally under-insure in cybersecurity. ‘Questionnaire only’ applications are unlikely to result in suitable cyber-insurance policies. Both organizations and the public benefit if the organizations go through the underwriting process. Completing an insurance application is an educational exercise, forcing one to think about cybersecurity, develop written cybersecurity policies, practices, and procedures), discuss cyber issues, inventory assets, preparing plans, etc. Sometimes insureds are afraid of the consequences of making an insurance claim. ‘Extreme Scenarios’ (e.g., a breakdown of the critical infrastructure) are difficult to insure, given the lack of good actuarial data, cumulative risk, and other problems of insurability. These scenarios are extremely likely to materialize in the next ten years. Hence, a two-tier approach might be appropriate: (i) improve insurability for ‘cyber risks of daily life’’ and engage in industry-wide cooperation; and (ii) address ‘extreme scenarios’ to the extent possible (e.g. look towards government programs and sector initiatives).
  • 16. Institute of World Politics © Proprietary 2017 CYBER INSURANCE MARKET WATCH SURVEY (May 2017) Market Trends 32% of respondents’ clients purchased at least some form of cyber coverage. 27% of respondents’ clients purchased cyber insurance for the first time in the past six months. 44% of respondents’ clients increased their coverage in the past six months. 76% of those with cyber insurance have standalone policies. Pricing Trends $6 MILLION IS THE TYPICAL INSURANCE POLICY LIMIT, BUT POLICIES FOR $300-500 MILLION ARE AVAILABLE. ! ! ! 31% of respondents said premium prices generally decreased over the last six months (SURPRISING Outcome). Underwriting 42% of respondents have seen some tightening of carrier underwriting practices in the last six months. 75% of respondents believe there is adequate clarity as to what is included and excluded under a cyber policy (SURPRISING VIEW ! ! !). 98% of respondents noted that capacity in the market is either plentiful or increasing. Cybersecurity/Cyber Risk 72% of respondents have a strategic approach to marketing and educating clients about cyber risks. 31% of respondents’ clients have an information security program in place, focused on prevention, detection, containment, and response.
  • 17. Institute of World Politics © Proprietary 2017 Principal Properties of Cyber Risks  Cyber-losses results in both short-tail and long-tail losses.  There are 1st and 3rd Party (i.e., property and liability) losses.  4Pas  Cyber losses are not independent events (correlations between cyber risk).  Cyber insurance market has a small number of providers (≈ 60) and as a percentage of portfolio value .  Human beings are the weakest link (victims of social engineering & negligence)  Uncertainty about data (modeling approaches untested actuarial standards).  Risk of change (historical data is not necessarily a good indicator of the future).  Extreme events are difficult to estimate (low frequency, high severity occurrence).  Insurance coverage limited (high deductibles are common).
  • 18. Institute of World Politics © Proprietary 2017 Cyber-Insurance Market Place Reality Report for 2018 (Willis Towers Watson, December 2017) 1. “Total annual premiums collected will climb as more companies seek coverage.” 2. It is not clear that “capacity will keep up with rising demand, helping keep rates in check” in light of NY Cybersecurity Requirements for Financial Services Companies & EU General Data Protection Regulations (GDPA) – both will serve as models. 3. “Carriers will scrutinize risks, rewarding those with the most robust cybersecurity programs” allowing them to be more particular about whom them will insure. 4. “Demand for coverage will shift” to Europe and East Asia. 5. Coverage will expand as carriers address gaps in property, general liability and special crime coverage as cyber policies themselves (ransomware, social engineering, terrorism).
  • 19. Institute of World Politics © Proprietary 2017 1ST PARTY INSURANCE COVERAGE  Loss or Damage to Electronic Data -- cover losses caused by damage, theft, disruption or corruption of data due to covered peril (e.g., hack, virus, or denial of service, but seldom employee error including social engineering such as costs to restore, recover. and reconstruct data).  Loss of Income and/or Extra Expenses -- covers income lost and extra expenses incurred to avoid or minimize a shutdown of business due to a covered peril.  Loss of Property -- covers physical damage to buildings, fixtures, land (e.g., clean-up), or personal property loss.  Cyber Extortion Losses – covers expenses incurred (with the insurers’ consent) due to extortion demand, (e.g., ransomware).  Notification Costs – covers costs of notifying parties mandated by government statutes or regulations (breaches and identity theft), as well as for legal counsel, credit protection services, and call centers).  Other Insurance – damage to reputation (marketing and public relations); crime (various); Fidelity Bonds, terrorism (Terrorism Risk Insurance Act (TRIA)). 3RD PARTY INSURANCE COVERAGE  Network Security Liability -- covers harm due to data breaches or to the inability of others to access data on insureds’ computer systems. There is also cover where the insured’s personnel or IT systems (e.g. as a result of botnets causing harm to another).  Network Privacy Liability -- covers harm based on allegations that insureds failed to properly protect sensitive data stored on their computer systems. The data may belong to customers, clients, employees, and other parties (is “privity” a problem?).  Electronic Media Liability -- covers harm for acts like libel, slander, defamation, copyright infringement, invasion of privacy or domain name infringement (is “publication” an issue?).  Costs Connected to Regulatory Proceedings -- covers damages, defense costs, fines, etc.
  • 20. Institute of World Politics © Proprietary 2017 Some Common Cyber-Insurance Policy Exclusions  Data taken from paper and similar records.  Employee privacy claims for released data.  Fraud, intentional, and illegal misconduct committed by insured.  Lack of cyber-hygiene (failure to encrypt data or install software updates and security patches).  Mechanical/electronic failure and other acts of God.  Mobile electronic devices (computers, cell phones, etc.).  Nation-states, organized criminal groups, and terrorists (and persons acting on their behalf). Attribution issues will arise, but how is the final coverage decision reached? It will be a costly, inexact process.  Patent, software, copyright infringement.  Prior notice (knowledge, suspicions).  Secondary liability for personal injury & property damage.  Vicarious liability for data breaches by third-party vendors.
  • 21. Institute of World Politics © Proprietary 2017 Why is the Cyber-Insurance Market Not ‘Mature’?  Insufficient actuarial data to support meaningful underwriting (unlike automobile, home-owner, and maritime insurance). Lack of trust between insurance companies and potential insureds. Are the applications complete and candid? If they are not, insureds will have difficulty collected on claims.  Insurance companies are eager to write cyber-insurance policies to cash in on a new market, albeit with an insufficient understanding of their potential financial exposure due to cumulative risk. As a consequence, there are incentives for insurance companies to find reasons for denying coverage.  Cyber-insurance policies lack standard (and tested) language. Cyber-insurance is not a commodity since it is crafted for the insureds, whose profiles vary considerably. Litigation outcomes are unpredictable.  Key development: Allianz will provide discounted cyber security insurance coverage to customers that use certain Apple devices and Cisco security products. Aon will perform security consulting.
  • 22. Institute of World Politics © Proprietary 2017 Disquieting Questions About Cyber-Insurance  If the global value of cyber-insurance premiums written is estimated at $3.5bn, but the global cost of cyber-crime exceeds $450bn annually (see Aon chief warns that insurance industry is losing its relevance, FT, 4/25/2018) can the ‘cyber-insurance market’ be viable?  When the cyber-insurance policy is in force, how can insurers be confident that the insureds’ cybersecurity ‘baseline’ are being observed?  Rather than a cyber 9/11 or Pearl Harbor, is the interconnected of the economy and the Internet of Things likely to cause a collapse in consumer and business confidence.
  • 23. Institute of World Politics © Proprietary 2017 What’s a Government to Do? Federal Government (alone or with National Association Insurance Commissioners) can: 1. Promote through incentives the use of standardized insurance policy provisions and language to promote underwriting standards to strengthen the cyber-insurance market; 2. Create cyber-insurance policy pools; and 3. Establish either federal flood or terrorism-like programs (but Flood Insurance Program is insolvent). Two Obstacles: 1. Lack of political consensus of relevant roles and responsibilities of government (note Flood Insurance Program has a huge deficit). 2. Given problems with the Affordable Care Act, is it realistic to expect the government to take on role of national cyber hygienist?
  • 24. Institute of World Politics © Proprietary 2017 QUESTIONS CONTACT OUR SPEAKER ETHAN S BURGER AT ethansb@post.harvard.edu