CYBER LIABILITY INSURANCE
Koushik ACII
What is Cyber Risk ??
Types of Damages
How are industries exposed to this risk ?
Common Misconceptions in Cyber Risk
Cyber Liability Exposures
Cyber Risk Impact ( Energy Sector )
Insurable Cyber Risks
Pricing & UW Considerations
Managing Cyber Risks
OUR DISCUSSION TODAY
Cyber Risk• any risk of financial loss, disruption
or damage to the reputation of an organisation from some sort of failure of its information technology systems (includes networks & the internet).
Non-Physical Damage
• Data Corruption
• Theft of Intellectual property
• Financial Data Theft
• Extortion
Physical Damage
• Infection of software
• Manipulation / overriding system controls
• Operations disruption
Types of Damages
2 Types of companies
• Companies who have had a security breach
• Companies who don’t Know that they have had a breach
ALL COMPANIES HAVE CYBER RISK
“ We have a 3rd Party Payment process , so we have transferred our exposure “
Even if a breach happens with payment processor, Primary company will be still held liable under privacy laws
We have upgraded our security by transferring our data to a cloud provider “
Cloud Service providers are the best opportunity for hackers , And guess what the data handled by them is YOUR CUSTOMER DATA AND THEFT OF THAT DATA IS GOIN TO PUT YOU IN TROUBLE
Common Misconceptions
Cyber Liability Exposures
Market Disruption
• Hacking into company data on reserves – cause industry wide impact
• Commodity pricing
Physical Damage
• Attack on dams – Massive PD & compromise water supply
• Gaining control of wind turbine – damage of equipment
IMPLICATIONS ON ENERGY SECTOR
Human Harm
• Hacking a Nuclear plant – Core meltdown – radioactive catastrophe – Another Chernobyl !!!!
• Infiltration of Electric grid – Result in mass black-out
Financial Loss
• Business interruption / CBI
• Data Theft
• Liability of power producers towards manufactures
• Regulatory Fines
WHY ENERGY ??
Economic & physical consequences of cyber attack on
energy could be
SEVERE !!
2015, Ukraine , Power Grid
• Hack on 3 distribution companies
• Affected 80,000 Energy Customers
2012, SAUDI ARABIA , ARAMCO
• 30,000 Computers affected because of virus ( SHAMOON)
• Systems offline for 10 Days, 85 % of company's hardware destroyed
2003, Ohio Nuclear Plant
• Slammer fastest worm in history disabled safety monitoring systems for 5 Hrs
List of Past Cyber Attacks
Theft:
• Identity theft
• Theft of digital assets
Business interruption
• Lost Income
• Recovery of damaged data records
• Reputational damage
• Cost of Credit Monitoring of impacted clients
Key Insurable Cyber Risks
Pricing Cyber Risk
Strength of Security SystemLikelihood of intrusion
Risk Management CultureControl in place & role of compliance & audit
Frequency Severity
Disaster RecoveryAbility to recover from attack
Rating of Service ProvidersReliability of cloud providers, backup providers, website, etc
Legal Fees & Fines
IT Staff Costs
Data restoration
PR & Marketing Costs
Extortion
Customer Support
Lost Income
Policy Terms
Legal LiabilityNot complying with privacy laws
Crisis Management CostsInforming customers, public relations & adverts
Data ExtortionRansom Payment
First Party Risks Third Party Risks
Loss of IncomeAs a result of network failure & downtime
Data RecoveryIT Staff overtime, data retrieval & verification
Security LiabilityLiability arising from breach of security
Multimedia LiabilityLiability arising from insured’s internet, advertising & marketing activities
Professional LiabilityLiability arising out of negligence in providing IT Services
Business
• Type of business
• Size of business
• Scope of the business
Number of customers
Multimedia
• Presence on the Web
• Data collected and stored
Enterprise Risk Management (ERM) techniques applied by the business to protect its computer network and its assets.
• Risk management procedure & culture
UW Considerations
Cyber Crime – Global Costs -
Sources: 1 World Bank (2013) 2Net Losses: Estimating the Global Cost of Cyber-Crime, CSIS/McAfee 3Allianz Global Corporate & Specialty
Respondents by region
Reasons for buying cyber insurance
Greatest concern for cyber risk purchase ( Rated in scale of 1-5)
Coverage requirement for new cyber insurance buyers
Top Factors for influencing Cyber insurance
Policies in which Cyber Extension is given through endorsement
Challenges in Selling Cyber
Risk Identification / proposal Form
Potential Risk Event LikelihoodPotential Impact
Website copyright/trademark infringement claims
Legal liability to others for computer security breaches(non-privacy)
Legal liability to others for privacy breaches
Privacy breach notification costs & credit monitoring
Privacy regulatory action defense and fines
Costs to repair damage to your information assets
Loss of revenue due to a failure of security or computer attack
Loss of revenue due to a failure of security at a dependent technology provider
Cyber Extortion Threat
• Cyber risk is an emerging risk in the world
• Cyber risk is no-longer an IT issue, it is a Board Level issue
• Increasing Interconnection & Digitization
• Technology vendors play a critical role
• Cyber insurance is one mechanism of risk transfer
Conclusions
In the end everything is
D&O liability !!
Key Statistics & sources of information
• Key Statistics- Source Advisen Ltd – Partner re Publication Oct 2016
• Aon Cyber Survey 2016
• Marsh Global economic Forum – Energy Risk Cyber Article
• Allianz Cyber risk Articles
• Liberty Specialty Presentation on Cyber
?QUESTIONS