Post on 30-Jul-2015
transcript
Adapting a Cyber-Security Framework
Elissa K. Doroff, Esq. Underwriting and Product Manager
Cyber & Technology Liability
June 17, 2015
1
Data Security and Privacy: A Multi-Threat Environment
3
Technology
Internal
Regulatory
External
Old School
A single exposure can result in: • Legal Liability • Vicarious liability for acts of vendors/service providers • Compliance with breach notification laws • Loss of revenue/extra expense due to a system outage • Loss or damage to reputation • Regulatory actions and scrutiny • Loss or damage to data/information
4
Legal and Regulatory Data Protection Measures • Individual State Notification Laws
• California’s Song Beverly Act • Massachusetts Written Information Security Program
(“WISP”) • Delaware recently enacted legislation similar to Cyber
Information Sharing Act (CISA) • National Cybersecurity and Critical Infrastructure
Protection Act • Regulatory Oversight (FTC, HIPAA/HITECH, and GLBA)
10
The Changing Legal Landscape
• Krottner v. Starbucks Corp.
• Clapper v. Amnesty International
• In re Adobe Sys., Inc. Privacy Litig.,
• Spokeo, Inc. v. Robins
• What does the future look like?
11
Types of Coverage Implicated
• Traditional insurance does not respond to all cyber liability. • Errors and Omissions (E&O); • Commercial General Liability (CGL); • Property; • Crime; • Kidnap and Ransom (K and R); • Directors and Officers (D and O);
12
Specific Cyber Coverages
• Cyber & Technology Liability Policy Coverages
• First Party Coverages • Third Party Coverage • Additional Coverage available
by endorsement: • PCI Fines and Penalties • Dependent Business Interruption
13
Emerging Risks….Are we keeping pace?
• The risks and exposures are constantly increasing • Past data breaches do not necessarily predict future
exposures • Bodily injury / property damage to a third party as
the result of a cyber incident? • Cyber War–
How is the Insurance Industry Responding?
14
What does a Cyber Security Framework look like within your organization?
• How important is cybersecurity within the organization?
• How is it viewed from c-suite? • How are your cybersecurity practices responding to
emerging risks?
15
THANK YOU QUESTIONS?
Elissa K. Doroff, Esq. Underwriting and Product Manager Cyber & Technology Liability 212.915.6542 Elissa.doroff@xlgroup.com
17
About XL Catlin
• XL Catlin is the global brand used by XL Group plc’s insurance and reinsurance companies which provide property, casualty, professional and specialty products to industrial, commercial and professional firms, insurance companies and other enterprises throughout the world. To learn more, visit xlcatlin.com.
• The XL Catlin insurance companies offer property, casualty, professional, financial lines and specialty insurance products globally. Businesses that are moving the world forward choose XL Catlin as their partner. To learn more, visit xlcatlin.com.
• The XL Catlin reinsurance companies are among the world’s leading reinsurers. They offer products that include aerospace, property, casualty, marine and specialty. The world’s top insurers choose XL Catlin to help move their businesses forward. To learn more, visit xlcatlin.com.
• We are the organization clients look to for answers to their most complex risks and to help move their world forward. To learn more, visit xlcatlin.com.
© 2015, XL Catlin companies. All rights reserved. I MAKE YOUR WORLD GO
18
Legal Disclaimer US • In the US, the insurance companies of XL Group plc are: Greenwich Insurance Company, Indian Harbor Insurance Company, XL
Insurance America, Inc., XL Insurance Company of New York, Inc., XL Select Insurance Company, and XL Specialty Insurance Company. Not all of the insurers do business in all jurisdictions nor is coverage available in all jurisdictions.
• The information contained herein is intended for informational purposes only. Insurance coverage in any particular case will depend upon the type of policy in effect, the terms, conditions and exclusions in any such policy, and the facts of each unique situation. No representation is made that any specific insurance coverage would apply in the circumstances outlined herein. Please refer to the individual policy forms for specific coverage details.
19