Presentation slides from Webinar 11th Dec 2020 by Elsa Xu, Financial Lines Manager. Chubb Singapore

1. Ignorance is Risk
CYBER INSURANCE

2. Common Misconceptions About Cyber Insurance
2
“ My company is not exposed to cyber attacks”
“We outsource so I have no risk”
“Cyber attacks are only a problem for big companies”
“Cyber Insurance is too expensive, I have no budget”

3. Chubb’s Global Cyber Practice
Years of
experience
writing cyber
insurance
Countries
with cyber
policies
Cyber
claims
handled
Chubb
employees in
the global
cyber practice
Million
individuals
notified
following
privacy breach
3

4. Too small to fail?
Types of
Cyber incidents
experienced by
Companies
4

5. Chubb’s Reported Incidents by Industry Over the Last Decade
5

6. Chubb’s Three Year Average Cost of First Party Expenses following a cyber event
6
$29,830
$191,544
$74,337
$56,879
$27,423
$0
$50,000
$100,000
$150,000
$200,000
$250,000
Legal Costs Forensics Notification/Call
Center
Credit Monitoring PR/Crisis Response
63% of Chubb’s reported
incidents are less than 100
compromised records

7. Chubb’s Exposure
Statistics by Triggers
Over the Last
Decade
7
Human Error, 24%
Hack, 19%
Privacy Violations, 19%
Lost/Stolen Devices, 15%
Phishing, 13%
Malware, 7%

8. “I’ve got nothing they want”
8
Source: Symantec 2019
Item Cost
▪ Fake ID, Drivers License Passport
▪ Hacked emails accounts
▪ Scans of Real Passports
▪ Custom Malware ( ex banking trojans)
▪ Cash redirector service
▪ Stolen Cloud Accounts
▪ Ransomware toolkit
▪ $25 to $5,000
▪ $1 to $15
▪ $1 to $35
▪ $5 to $200
▪ $5 to 1% of value
▪ $2 to $12
▪ $0 - $250

9. Cyber Claims Examples and
Incident Response Platform

10. Cyber Enterprise Risk Management
Case Study 1: Ransomware attack
With the servers down, the Insured
was unable to fulfil their clients’ orders.
Business interruption loss was estimated
to cost over $250,000 a day. The hacker
demanded a ransom to decrypt each
server, with the ransom amount
increasing if payment was not made
within 2 days.
The Insured is a
company operating
in the advertising
industry, with an
annual revenue of
$30 million.
Day of Incident
During the weekend,
a malicious file infected the
company's servers and all files
including artwork, historic and
current project data were affected.
The Insured reported
the incident, and
spoke to the Incident
Response Manager
on the same day.
An IT forensics firm
was deployed
immediately.

11. Chubb's Incident Response
Team assisted the Insured with
a mitigation strategy by
identifying less business-critical
servers that could be restored
from backups, and negotiating
the ransom amount to release
business-critical servers.
10 Days from Incident
100% of operations restored.
The IT Forensics provided an
incident report to the Insured,
with recommendations to
improve cyber security and
prevent future incidents.
Legal advisors assisted
the Insured with the
filing of a formal
criminal complaint as
well as other regulatory
documentations.
3 Days from Incident
The response team removed the
ransomware from the affected servers,
allowing the company to operate at
70% of typical capacity. The response
team also engaged a crisis management
firm to assist with client communications.

12. This cyber incident was reported through Chubb's 24/7/365 Cyber Alert mobile application,
and the following stakeholders were activated to provide a holistic response to the Insured's
cyber incident.
Legal and Regulatory
Advice
IT Forensics
Crisis Management
Firm
Forensic
Accounting
Report Incident
Cyber Alert
Incident Response Manager

13. 13
Case Study 2: Ransomware Attack, infected local drives
Description of Event
A construction company that outsourced its IT operations suffered a
ransomware attack because an employee clicked a malicious email
link, causing the company’s customer and project data to be encrypted.
The ransomware infected local hard drives and data that was backed
up online. Without access to the digital records, the company could not
operate its business as usual. Due to the failed attempts to negotiate
with the extortionist, additional costs were incurred to re-construct
and re-enter customer project records. This resulted in significant
downtime and major loss incurred to the business.
Coverage Triggers: Ransomware, Incident Response Expenses,
Data Asset Loss, Business Interruption
Client Profile
Location:
Singapore
Industry:
Construction
Revenue:
S$5 million

14. 14
Case Study 3: Laptop Stolen Results In Invasion of Privacy
Description of event:
An energy company executive’s laptop was stolen from a corporate vehicle. The laptop
contained significant private customer and employee information. Although the file was
encrypted, the overall password protection on the laptop was weak and the PIN for accessing
the encrypted information was compromised.
Resolution:
After assessing the nature of the information on the laptop with a forensic expert and outside
compliance counsel at a cost of $50,000, the energy company voluntarily notified relevant
customers and employees and afforded call centre, monitoring, and restoration services, as
appropriate. While the additional first-party cost was $100,000, the energy company also
incurred $75,000 in expenses responding to a multi-state regulatory investigation. Ultimately,
the company was fined $100,000 for deviating from its publicly stated privacy policy
Coverage triggers: Incident Response Expenses, Data Asset Loss, Privacy Liability,
Business Interruption, Recovery Costs, Regulatory investigation, Potential Payment Card Loss
Client Profile
Location:
Singapore
Industry:
Energy Firm
Revenue:
S$20 million
Number of
Employees:
100

15. Case Study 4: Unauthorised Access - Employee Accesses HR Site, Sells
Personal Information
December, 2020
Client Profile
Location:
Singapore
Industry:
Professional
Services Firm
Revenue:
S$7.5mil
15
Description of event:
A rogue employee accessed the human resource platform of a
professional service provider. The employee acquired and sold social
security information on the black market before being apprehended
by law enforcement. Thereafter, several cases of identity theft were
perpetrated against the professional service provider’s employees.
Resolution:
The professional service provider engaged a forensics investigator and
outside compliance counsel. It also notified employees of the breach,
established a call centre, and provided monitoring and restoration
services to impacted employees.

16. Client Profile
Location:
Hong Kong
Industry: Hospitality
Revenue:
US$150k - US$200k
Case Study 5: Human Error
November 25, 2020
16
• The Insured outsources its data hosting to a third party company.
• One evening, before heading home, an engineer at the hosting location
turned off the Insured’s firewall, by accident
• The firewall remained turned off for a little over 12 hours, causing a
number of servers to malfunction, which led to discovery of the error
Situation
• The Insured’s broker notified Chubb directly.
• The Insured provided a project brief outlining the work that had to be
done (including forced shutdown to isolate the potential areas of
damage, installation and migration to a new host and determining the
extent of any malware attack)
• They sought Chubb’s assistance with identifying a suitable vendor and
agreement to the brief/budget
Activation

17. November 25, 2020
17
Response & Coverage
Chubb acknowledged
notification from
broker immediately,
and advised next steps.
Following a sweep, it
was found that no
malware had been
introduced.
Focus was on restoring
the data lost due to the
malfunctioning servers,
which data was
restored mainly via the
Insured’s backup
server.
Insured chose to use
their own legal vendor
to assist with
regulatory compliance
requirements,
including notification
of the incident to the
authorities.
Policy responded to
cover:
• Incident Response
Expenses
• Data & System
Recovery costs

18. Chubb’s Cyber Incident Response Platform
18
Call our Hotline 24/7/365
Guaranteed response
Client report cyber event using any of the following methods

19. Insurance Coverage
There are first party and third party covers
Data and System Recovery **
Increased cost of work and other costs
to recover data, repair or restore software,
identify and remove malware, and to
recover business operations.
> Triggered by Business Interruption Incident.
FirstParty
ThirdParty
Business Interruption **
Covers loss of net profit and continuing
operating and payroll expenses.
> Triggered by Business Interruption Incident.
Cyber Extortion
Covers a cyber extortion payment and
the cost to hire a crisis negotiation
specialist.
> Triggered by Cyber Extortion.
Privacy & Network Security Liability **
Defence and damages for claims arising from:
• Duty to maintain confidentiality of personal
or corporate information
• Duty to maintain a secure network for
third parties
Media Liability **
Defence and damages for
claims arising from improper
online media activity.
Incident Response
Costs to mitigate any cyber incident:
• Incident Response Manager
• IT Forensics
• Legal Advice
• Notification
• Fraud Restoration
• Call Centre
• Public Relations

20. To be insured, or not?
59% do not
fully understand
the insurance
solutions available.
62% have never
purchased cyber
insurance before
or after an incident.
The role of Insurance
53%
would value
having a hands-on
response service.
54%
would value the
ability to identify and
minimise the impact
of a cyber incident.
20

21. Chubb. Insured.