SlideShare a Scribd company logo

Linking the CISO to the CFO

A
Axio

This document discusses cyber risk and cyber insurance. It provides information on: - Mapping different types of potential financial and tangible damages from cyber events to first and third party impacts. - Describing various costs and losses that can result from cyber events, such as response costs, legal expenses, revenue loss, and property damage. - Explaining key concepts in cybersecurity risk reduction and how insurance can help transfer risk. - Analyzing different types of cyber insurance policies and how they relate to first and third party damages as well as financial and tangible impacts. - Debunking common myths about cyber insurance requirements, coverage exclusions, and claims payment.

1 of 40
LINKING THE CISO to the CFO
what is your RISK TOLERANCE?
cyber as a PERIL cyber event SCENARIOS uses REAL WORLD Understanding the terms of art Tools to translate between silos Key categories of cyber risk Information theft Property damage Environmental damage Computer systems damage Understanding motivations Risk transfer challenges and optimization Effective controls to minimize the risk
how to measure ANYTHING and DO SOMETHING about it
RISK Sustain Capability Invest in TransferInvest in Capability CYBERSECURITY CAPABILITY 1. Early capability improvements have high payoff in risk reduction 2. Payoff flattens as capability increases 3. Insurance transfers impact and results in a quantum risk reduction 4. Insurers want insureds to be on the flatter part of the capability curve 5. Invest accordingly Risk Reduction Curve
CYBER RISK to FINANCIAL IMPACTS mapping
1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages LOSSES due to CYBER EVENTS
SPECTRUM cyber loss
1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages RESPONSE COSTS LEGAL EXPENSES REVENUE LOSS RESTORING LOST DATA CYBER EXTORTION STOLEN INTELLECTUAL PROPERTY
3rd Party Damages (to others) 1st Party Damages (to your organization) Financial Damages Tangible (Physical) Damages REVENUE LOSS RESTORATION EXPENSE LEGAL EXPENSES CREDIT MONITORING COSTS
Financial Damages Tangible (Physical) Damages 1st Party Damages (to your organization) 3rd Party Damages (to others) MECHANICAL BREAKDOWN PROPERTY DAMAGE ENVIRONMENTAL CLEANUP REVENUE LOSS BODILY INJURY
Financial Damages Tangible (Physical) Damages 1st Party Damages (to your organization) 3rd Party Damages (to others) MECHANICAL BREAKDOWN PROPERTY DAMAGE ENVIRONMENTAL CLEANUP BODILY INJURY
EMERGES a new metric
1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages $ $ $
RISK RESPONSE
ACCEPT 1 TRANSFER 4 MITIGATE 3 TOLERATE 2
1990 2000 2010 EVENTS COVERAGES Ingram Micro v. American Guarantee & Liability CA SB 1386 Breach Notification 45 Other Notification Laws STUXNET NotPetya More robust electronic data exclusions P&C carriers strengthen exclusions, e.g. CL380 P&C carriers rethinking coverage due to NotPetya Cyber coverages begin to appear. Network Business Interruption Information Asset Protection Privacy Breach Liability Coverage Breach Regulatory Event Expense • Introduction of Cyber DIC and P&C Options • Broadening of traditional cyber policies • Introduction of cyber cover into property policies
FRAMEWORK cyber impact
CYBER INSURANCE POLICIES 1st Party Damages 3rd Party Damages Financial Damages Non-Physical Cyber Forensics, Data Restoration, PR, Extortion, & Legal Expenses Excludes Property Damage & Bodily Injury Critical for Protecting Data & Exposure
Non-Physical Cyber Critical for Protecting Data & Exposure PROPERTY POLICIES? CASUALTY POLICIES? Tangible (Physical) Damages CYBER INSURANCE POLICIES 1st Party Damages 3rd Party Damages Financial Damages Emerging Issue in Established Market Market in Flux – Exclusions Being Added to Traditional Covers
Emerging Issue in Established Market Market in Flux – Exclusions Being Added to Traditional Covers PROPERTY POLICIES? CASUALTY POLICIES? Tangible (Physical) Damages CYBER INSURANCE POLICIES 1st Party Damages 3rd Party Damages Financial Damages
Expanding policies into tangible damages Newer Property PoliciesTangible (Physical) Damages 1st Party Damages 3rd Party Damages Financial Damages Property policies are increasingly providing coverage for data, even when there is no real property damage Some cyber insurers – who may not even write commercial Property or Casualty insurance – are extending their cover to tangible damage
BALANCE SHEET re-evaluate your
1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages $ $ $
CYBER INSURANCE examining
MYTH REALITY VS Cyber insurance policies contain stringent requirements relating to security posture. Cyber insurance policies don’t cover ransomware. Cyber insurance policies don’t cover employee actions or errors. If yours has such requirements, you may have purchased the wrong policy. There are multiple types of policies available to cover ransomware losses and payments. Employee sabotage and insider events are readily insurable. Cyber insurance policies only cover notification costs and credit monitoring. Cyber Insurance policies don’t pay. Buying insurance is an admission of failure. …what have we covered today? Stories about claim denials may have been misrepresentations or sensationalized. Would you rather have to beg your CFO for incident response money?
WE’VE COVERED applying what
1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages RESPONSE COSTS LEGAL EXPENSES RESTORING LOST DATA REVENUE LOSS REVENUE LOSS MECHANICAL BREAKDOWN PROPERTY DAMAGE
1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages RESPONSE COSTS LEGAL EXPENSES RESTORING LOST DATA REVENUE LOSS RESTORATION EXPENSE LEGAL EXPENSES CREDIT MONITORING COSTS
UNLOCKED!
DISCLAIMER Axio is a registered trademark of Axio Global, Inc. NO WARRANTY: THIS AXIO GLOBAL MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. AXIO GLOBAL MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. AXIO GLOBAL DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. Internal use: Permission to reproduce this material and to prepare derivative works from this material for use inside your organization is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works. External use: This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for such permission should be directed to info@axio.com. © Axio Global, Inc. All rights reserved. American International Group, Inc. (AIG) is a leading international insurance organization serving customers in more than 130 countries and jurisdictions. AIG companies serve commercial, institutional, and individual customers through one of the most extensive worldwide property-casualty networks of any insurer. In addition, AIG companies are leading providers of life insurance and retirement services in the United States. AIG common stock is listed on the New York Stock Exchange and the Tokyo Stock Exchange. Additional information about AIG can be found at www.aig.com | YouTube: www.youtube.com/aig | Twitter: @AIGInsurance | LinkedIn: http://www.linkedin.com/company/aig AIG is the marketing name for the worldwide property-casualty, life and retirement, and general insurance operations of American International Group, Inc. For additional information, please visit our website at www.aig.com. All products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Products or services may not be available in all countries, and coverage is subject to actual policy language. Non-insurance products and services may be provided by independent third parties. Certain property-casualty coverages may be provided by a surplus lines insurer. Surplus lines insurers do not generally participate in state guaranty funds, and insureds are therefore not protected by such funds. The data contained in this presentation are for general informational purposes only. The advice of a professional insurance broker and counsel should always be obtained before purchasing any insurance product or service. The information contained herein has been compiled from sources believed to be reliable. No warranty, guarantee, or representation, either expressed or implied, is made as to the correctness or sufficiency of any representation contained herein. © American International Group, Inc. All rights reserved.
THANK YOU

Recommended

Mini DHA Webinar
Mini DHA WebinarMini DHA Webinar
Mini DHA Webinar
immixGroup
 
Asset Protection: Coronavirus Recession Risks
Asset Protection: Coronavirus Recession Risks Asset Protection: Coronavirus Recession Risks
Asset Protection: Coronavirus Recession Risks
Ike Devji, J.D.
 
Thecavalryisus owasp eee-oct2015_v2
Thecavalryisus owasp eee-oct2015_v2Thecavalryisus owasp eee-oct2015_v2
Thecavalryisus owasp eee-oct2015_v2
Aurelijus Stanislovaitis
 
Cyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate Boards
Cheffley White
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
Claus Cramon Houmann
 
Cybersecurity Toolkit
Cybersecurity ToolkitCybersecurity Toolkit
Cybersecurity Toolkit
Claranet UK
 
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan
 

Recommended

Mini DHA Webinar
Mini DHA WebinarMini DHA Webinar
Mini DHA Webinar
immixGroup
 
Asset Protection: Coronavirus Recession Risks
Asset Protection: Coronavirus Recession Risks Asset Protection: Coronavirus Recession Risks
Asset Protection: Coronavirus Recession Risks
Ike Devji, J.D.
 
Thecavalryisus owasp eee-oct2015_v2
Thecavalryisus owasp eee-oct2015_v2Thecavalryisus owasp eee-oct2015_v2
Thecavalryisus owasp eee-oct2015_v2
Aurelijus Stanislovaitis
 
Cyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate Boards
Cheffley White
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
I am the Cavalry (The Cavalry Is Us) Sourceconf September 2015
Claus Cramon Houmann
 
Cybersecurity Toolkit
Cybersecurity ToolkitCybersecurity Toolkit
Cybersecurity Toolkit
Claranet UK
 
Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan Speaking at Cyber Security in Banking Conference - Dubai
Aftab Hasan Speaking at Cyber Security in Banking Conference - DubaiAftab Hasan
 
Identifing And Controlling Intellectual Property Loss Exposures
Identifing And Controlling Intellectual Property Loss ExposuresIdentifing And Controlling Intellectual Property Loss Exposures
Identifing And Controlling Intellectual Property Loss Exposures
MVeterano
 
Cybersecurity for Dummies
Cybersecurity for DummiesCybersecurity for Dummies
Cybersecurity for Dummies
Liberteks
 
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
EC-Council
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
Liberteks
 
Webcast - TRIA GAO Cyber Threats Report
Webcast - TRIA GAO Cyber Threats ReportWebcast - TRIA GAO Cyber Threats Report
Webcast - TRIA GAO Cyber Threats Report
JasonSchupp1
 
Advanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionAdvanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionMichael Klein
 
Advanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesAdvanced Physical Access Control for Dummies
Advanced Physical Access Control for Dummies
Liberteks
 
Debunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsuranceDebunking Myths for Cyber-Insurance
Debunking Myths for Cyber-Insurance
Priyanka Aash
 
Justifying Security Investment
Justifying Security InvestmentJustifying Security Investment
Justifying Security InvestmentJojo Colina
 
SVI Pitchbook
SVI PitchbookSVI Pitchbook
SVI PitchbookSVI2014
 
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Financial Poise
 
TechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinTechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinBrian D. Brown
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Financial Poise
 
Rcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalRcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_final
Patrick Florer
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate Perspective
Dawn Yankeelov
 
Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2
Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2
Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2Chris Moody
 
Intermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial RisksIntermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial Risks
David Chase
 
The 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyThe 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach Study
IBM Security
 
Rcs webinar 1 2011_06_23
Rcs webinar 1 2011_06_23Rcs webinar 1 2011_06_23
Rcs webinar 1 2011_06_23
Jeff Bodin
 
Draganfly Deck March 2022
Draganfly Deck March 2022Draganfly Deck March 2022
Draganfly Deck March 2022
RedChip Companies, Inc.
 
May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 

More Related Content

Similar to Linking the CISO to the CFO

Identifing And Controlling Intellectual Property Loss Exposures
Identifing And Controlling Intellectual Property Loss ExposuresIdentifing And Controlling Intellectual Property Loss Exposures
Identifing And Controlling Intellectual Property Loss Exposures
MVeterano
 
Cybersecurity for Dummies
Cybersecurity for DummiesCybersecurity for Dummies
Cybersecurity for Dummies
Liberteks
 
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
EC-Council
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
Liberteks
 
Webcast - TRIA GAO Cyber Threats Report
Webcast - TRIA GAO Cyber Threats ReportWebcast - TRIA GAO Cyber Threats Report
Webcast - TRIA GAO Cyber Threats Report
JasonSchupp1
 
Advanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionAdvanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionMichael Klein
 
Advanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesAdvanced Physical Access Control for Dummies
Advanced Physical Access Control for Dummies
Liberteks
 
Debunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsuranceDebunking Myths for Cyber-Insurance
Debunking Myths for Cyber-Insurance
Priyanka Aash
 
Justifying Security Investment
Justifying Security InvestmentJustifying Security Investment
Justifying Security InvestmentJojo Colina
 
SVI Pitchbook
SVI PitchbookSVI Pitchbook
SVI PitchbookSVI2014
 
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Financial Poise
 
TechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinTechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinBrian D. Brown
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Financial Poise
 
Rcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalRcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_final
Patrick Florer
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate Perspective
Dawn Yankeelov
 
Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2
Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2
Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2Chris Moody
 
Intermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial RisksIntermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial Risks
David Chase
 
The 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyThe 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach Study
IBM Security
 
Rcs webinar 1 2011_06_23
Rcs webinar 1 2011_06_23Rcs webinar 1 2011_06_23
Rcs webinar 1 2011_06_23
Jeff Bodin
 
Draganfly Deck March 2022
Draganfly Deck March 2022Draganfly Deck March 2022
Draganfly Deck March 2022
RedChip Companies, Inc.
 

Similar to Linking the CISO to the CFO (20)

Identifing And Controlling Intellectual Property Loss Exposures
Identifing And Controlling Intellectual Property Loss ExposuresIdentifing And Controlling Intellectual Property Loss Exposures
Identifing And Controlling Intellectual Property Loss Exposures
 
Cybersecurity for Dummies
Cybersecurity for DummiesCybersecurity for Dummies
Cybersecurity for Dummies
 
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
Global CCISO Forum 2018 | Sebastian Hess "Cyber Insurance and Cyber Risk Quan...
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
 
Webcast - TRIA GAO Cyber Threats Report
Webcast - TRIA GAO Cyber Threats ReportWebcast - TRIA GAO Cyber Threats Report
Webcast - TRIA GAO Cyber Threats Report
 
Advanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global EditionAdvanced Physical Access for Dummies HID Global Edition
Advanced Physical Access for Dummies HID Global Edition
 
Advanced Physical Access Control for Dummies
Advanced Physical Access Control for DummiesAdvanced Physical Access Control for Dummies
Advanced Physical Access Control for Dummies
 
Debunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsuranceDebunking Myths for Cyber-Insurance
Debunking Myths for Cyber-Insurance
 
Justifying Security Investment
Justifying Security InvestmentJustifying Security Investment
Justifying Security Investment
 
SVI Pitchbook
SVI PitchbookSVI Pitchbook
SVI Pitchbook
 
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
Data Breach Response: Before and After the Breach (Series: Cybersecurity & Da...
 
TechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedinTechAssure Presentation PDF linkedin
TechAssure Presentation PDF linkedin
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Bootcamp)
 
Rcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_finalRcs triumfant watchful_webinar_final
Rcs triumfant watchful_webinar_final
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate Perspective
 
Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2
Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2
Not-for-Profit Organizations - Insurance Portfolio Essentials - Moody - C2
 
Intermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial RisksIntermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial Risks
 
The 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach StudyThe 2016 Ponemon Cost of a Data Breach Study
The 2016 Ponemon Cost of a Data Breach Study
 
Rcs webinar 1 2011_06_23
Rcs webinar 1 2011_06_23Rcs webinar 1 2011_06_23
Rcs webinar 1 2011_06_23
 
Draganfly Deck March 2022
Draganfly Deck March 2022Draganfly Deck March 2022
Draganfly Deck March 2022
 

Recently uploaded

May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
Adele Miller
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
Ortus Solutions, Corp
 
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptxText-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
ShamsuddeenMuhammadA
 
Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)
abdulrafaychaudhry
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
AI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website CreatorAI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website Creator
Google
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Neo4j
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
Alina Yurenko
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
NYGGS Automation Suite
 
Nidhi Software Price. Fact , Costs, Tips
Nidhi Software Price. Fact , Costs, TipsNidhi Software Price. Fact , Costs, Tips
Nidhi Software Price. Fact , Costs, Tips
vrstrong314
 
Pro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp BookPro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp Book
abdulrafaychaudhry
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
Fermin Galan
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
Boni García
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
Google
 

Recently uploaded (20)

May Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdfMay Marketo Masterclass, London MUG May 22 2024.pdf
May Marketo Masterclass, London MUG May 22 2024.pdf
 
BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024BoxLang: Review our Visionary Licenses of 2024
BoxLang: Review our Visionary Licenses of 2024
 
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptxText-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
Text-Summarization-of-Breaking-News-Using-Fine-tuning-BART-Model.pptx
 
Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)Introduction to Pygame (Lecture 7 Python Game Development)
Introduction to Pygame (Lecture 7 Python Game Development)
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
AI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website CreatorAI Genie Review: World’s First Open AI WordPress Website Creator
AI Genie Review: World’s First Open AI WordPress Website Creator
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
GOING AOT WITH GRAALVM FOR SPRING BOOT (SPRING IO)
 
Enterprise Resource Planning System in Telangana
Enterprise Resource Planning System in TelanganaEnterprise Resource Planning System in Telangana
Enterprise Resource Planning System in Telangana
 
Nidhi Software Price. Fact , Costs, Tips
Nidhi Software Price. Fact , Costs, TipsNidhi Software Price. Fact , Costs, Tips
Nidhi Software Price. Fact , Costs, Tips
 
Pro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp BookPro Unity Game Development with C-sharp Book
Pro Unity Game Development with C-sharp Book
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604Orion Context Broker introduction 20240604
Orion Context Broker introduction 20240604
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
 

Linking the CISO to the CFO

  • 3. cyber as a PERIL cyber event SCENARIOS uses REAL WORLD Understanding the terms of art Tools to translate between silos Key categories of cyber risk Information theft Property damage Environmental damage Computer systems damage Understanding motivations Risk transfer challenges and optimization Effective controls to minimize the risk
  • 4. how to measure ANYTHING and DO SOMETHING about it
  • 5.
  • 6. RISK Sustain Capability Invest in TransferInvest in Capability CYBERSECURITY CAPABILITY 1. Early capability improvements have high payoff in risk reduction 2. Payoff flattens as capability increases 3. Insurance transfers impact and results in a quantum risk reduction 4. Insurers want insureds to be on the flatter part of the capability curve 5. Invest accordingly Risk Reduction Curve
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12. CYBER RISK to FINANCIAL IMPACTS mapping
  • 13. 1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages LOSSES due to CYBER EVENTS
  • 15. 1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages RESPONSE COSTS LEGAL EXPENSES REVENUE LOSS RESTORING LOST DATA CYBER EXTORTION STOLEN INTELLECTUAL PROPERTY
  • 16. 3rd Party Damages (to others) 1st Party Damages (to your organization) Financial Damages Tangible (Physical) Damages REVENUE LOSS RESTORATION EXPENSE LEGAL EXPENSES CREDIT MONITORING COSTS
  • 17. Financial Damages Tangible (Physical) Damages 1st Party Damages (to your organization) 3rd Party Damages (to others) MECHANICAL BREAKDOWN PROPERTY DAMAGE ENVIRONMENTAL CLEANUP REVENUE LOSS BODILY INJURY
  • 18. Financial Damages Tangible (Physical) Damages 1st Party Damages (to your organization) 3rd Party Damages (to others) MECHANICAL BREAKDOWN PROPERTY DAMAGE ENVIRONMENTAL CLEANUP BODILY INJURY
  • 20. 1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages $ $ $
  • 23. 1990 2000 2010 EVENTS COVERAGES Ingram Micro v. American Guarantee & Liability CA SB 1386 Breach Notification 45 Other Notification Laws STUXNET NotPetya More robust electronic data exclusions P&C carriers strengthen exclusions, e.g. CL380 P&C carriers rethinking coverage due to NotPetya Cyber coverages begin to appear. Network Business Interruption Information Asset Protection Privacy Breach Liability Coverage Breach Regulatory Event Expense • Introduction of Cyber DIC and P&C Options • Broadening of traditional cyber policies • Introduction of cyber cover into property policies
  • 25. CYBER INSURANCE POLICIES 1st Party Damages 3rd Party Damages Financial Damages Non-Physical Cyber Forensics, Data Restoration, PR, Extortion, & Legal Expenses Excludes Property Damage & Bodily Injury Critical for Protecting Data & Exposure
  • 26. Non-Physical Cyber Critical for Protecting Data & Exposure PROPERTY POLICIES? CASUALTY POLICIES? Tangible (Physical) Damages CYBER INSURANCE POLICIES 1st Party Damages 3rd Party Damages Financial Damages Emerging Issue in Established Market Market in Flux – Exclusions Being Added to Traditional Covers
  • 27. Emerging Issue in Established Market Market in Flux – Exclusions Being Added to Traditional Covers PROPERTY POLICIES? CASUALTY POLICIES? Tangible (Physical) Damages CYBER INSURANCE POLICIES 1st Party Damages 3rd Party Damages Financial Damages
  • 28. Expanding policies into tangible damages Newer Property PoliciesTangible (Physical) Damages 1st Party Damages 3rd Party Damages Financial Damages Property policies are increasingly providing coverage for data, even when there is no real property damage Some cyber insurers – who may not even write commercial Property or Casualty insurance – are extending their cover to tangible damage
  • 30. 1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages $ $ $
  • 32. MYTH REALITY VS Cyber insurance policies contain stringent requirements relating to security posture. Cyber insurance policies don’t cover ransomware. Cyber insurance policies don’t cover employee actions or errors. If yours has such requirements, you may have purchased the wrong policy. There are multiple types of policies available to cover ransomware losses and payments. Employee sabotage and insider events are readily insurable. Cyber insurance policies only cover notification costs and credit monitoring. Cyber Insurance policies don’t pay. Buying insurance is an admission of failure. …what have we covered today? Stories about claim denials may have been misrepresentations or sensationalized. Would you rather have to beg your CFO for incident response money?
  • 34.
  • 35. 1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages RESPONSE COSTS LEGAL EXPENSES RESTORING LOST DATA REVENUE LOSS REVENUE LOSS MECHANICAL BREAKDOWN PROPERTY DAMAGE
  • 36.
  • 37. 1st Party Damages (to your organization) 3rd Party Damages (to others) Financial Damages Tangible (Physical) Damages RESPONSE COSTS LEGAL EXPENSES RESTORING LOST DATA REVENUE LOSS RESTORATION EXPENSE LEGAL EXPENSES CREDIT MONITORING COSTS
  • 39. DISCLAIMER Axio is a registered trademark of Axio Global, Inc. NO WARRANTY: THIS AXIO GLOBAL MATERIAL IS FURNISHED ON AN “AS-IS” BASIS. AXIO GLOBAL MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. AXIO GLOBAL DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. Internal use: Permission to reproduce this material and to prepare derivative works from this material for use inside your organization is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works. External use: This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for such permission should be directed to info@axio.com. © Axio Global, Inc. All rights reserved. American International Group, Inc. (AIG) is a leading international insurance organization serving customers in more than 130 countries and jurisdictions. AIG companies serve commercial, institutional, and individual customers through one of the most extensive worldwide property-casualty networks of any insurer. In addition, AIG companies are leading providers of life insurance and retirement services in the United States. AIG common stock is listed on the New York Stock Exchange and the Tokyo Stock Exchange. Additional information about AIG can be found at www.aig.com | YouTube: www.youtube.com/aig | Twitter: @AIGInsurance | LinkedIn: http://www.linkedin.com/company/aig AIG is the marketing name for the worldwide property-casualty, life and retirement, and general insurance operations of American International Group, Inc. For additional information, please visit our website at www.aig.com. All products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Products or services may not be available in all countries, and coverage is subject to actual policy language. Non-insurance products and services may be provided by independent third parties. Certain property-casualty coverages may be provided by a surplus lines insurer. Surplus lines insurers do not generally participate in state guaranty funds, and insureds are therefore not protected by such funds. The data contained in this presentation are for general informational purposes only. The advice of a professional insurance broker and counsel should always be obtained before purchasing any insurance product or service. The information contained herein has been compiled from sources believed to be reliable. No warranty, guarantee, or representation, either expressed or implied, is made as to the correctness or sufficiency of any representation contained herein. © American International Group, Inc. All rights reserved.