demystifying cyber insurance
play

Demystifying Cyber Insurance European Legal Security Forum 2016 12 - PowerPoint PPT Presentation

Demystifying Cyber Insurance European Legal Security Forum 2016 12 th July 2016 Agenda The Evolution of Cyber Insurance Is Cyber Risk Already Insured? Cyber And Data Protection Is Not Just An IT Issue Case Study Cyber Risk Stakeholders The


  1. Demystifying Cyber Insurance European Legal Security Forum 2016 12 th July 2016

  2. Agenda The Evolution of Cyber Insurance Is Cyber Risk Already Insured? Cyber And Data Protection Is Not Just An IT Issue Case Study – Cyber Risk Stakeholders

  3. The Evolution of Cyber Insurance

  4. Is Cyber Risk Already Insured? Traditional Insurance v. Cyber Insurance Product Main Type of Losses Covered Potential Cyber Peril Gaps • Property Physical asset damage Damage to software and data excluded (intangibles) • Exclusions removing cyber attacks and triggers for non- physical asset damage • Business Interruption Lost revenues and additional cost incurred due to physical Lost revenues and additional cost incurred due to non-physical asset damage asset damage • General Liability Third party liabilities for physical property damage, bodily injury Exclusions of unauthorised disclosure of personal information No 1 st party costs • and advertising injury (liability claims arising from published content, including privacy violations) • Professional indemnity Third party liability arising from performance of services Liability to Regulators and employees • Other exclusions (eg virus transmission, first party costs, employee dishonesty) Liability to 3 rd parties, not including shareholders, for direct loss • Directors and Officers Liabilities arising from duties owed to your shareholders arising out of a privacy or security failure by • Crime First party costs as a result of theft of monies, securities and First party costs as a result of theft of data • physical assets Third party liabilities as a result of data theft

  5. Cyber And Data Protection Is Not Just An IT Issue

  6. Cyber And Data Protection Is Not Just An IT Issue Cyber Risk Stakeholders Cyber Role Cyber Risk Responsibility IT Department Manage and maintain a secure IT network. Implement strong perimeter defences. Legal PCI, IT outsourcer and NDA contract reviews. Ensure contractual liabilities, warranties and terms are acceptable. Chief Privacy Officer Understand what confidential data is held within the Ensure that sensitive data is adequately collected, stored organisation and which Privacy Regulations apply. and destroyed. Risk & Compliance Identify cyber risks and ensure the risks are either mitigated Ensure controls and checks are in place to monitor or managed effectively throughout the organisation. protection performance. Report cyber risks to the board. HR Implementing training, controls and procedures to minimise Raise awareness and train organisation on mitigation of cyber risks. cyber risks. Implement internal controls limiting the potential for human error. Drive cultural change. Finance Managing budgets and investment in cyber risk prevention BI analysis. Ensure cash is available in the event of a cyber and risk transfer. breach. Liaise with Risk & Compliance concerning purchase of insurance. Security Effectively control all physical perimeters. Ensure zero unauthorised physical access to premise, IT networks and sensitive information. Managing Partner/Management Board To mitigate cyber risks negatively affecting the organisation. Creation of Incident Response Plan. Ultimately responsible for all cyber risks within the organisation.

  7. Cyber Risk Stakeholders The Pendulum Shift

  8. Contact Us Erica Constance Ed Lewis Partner – Specialty Insurance & Co. Senior Vice President T: 020 7280 8285 T: 020 7882 1992 E: econstance@paragonbrokers.com E: ed.lewis@weightmans.com

Recommend


More recommend