Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Cyber Risk Intern Project Lockton

No description

Sean Dennehy

on 31 July 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Cyber Risk Intern Project Lockton

Cyber Risk/Insurance
Cyber Exposures and Insurance Solutions

By: Kevin Murphy
Sean Dennehy
Michael Higgins
Becca Kirn
Case Study - High Profile
110 million shoppers personal info stolen
HVAC Vendor source of breach
PCI-DSS certified, followed requirements
$10 million deductible, $100 million coverage
Likely over $1 billion cost
CEO ousted, 46% profit loss
68 class action lawsuits filed against
First Party Exposures
The Market Today
Leading Carriers
Case Study - No insurance
100 million user accounts info stolen
Lacked cyber insurance, only general liability
Zurich American Insurance Co. v. Sony Corp. of America et al
Estimated $2 billion cost
Recently settled class action suits, $15 mil
Case Study - Lockton Client
3 million customer info breach
Second breach in last 3 years
Same people as Target, Neiman Marcus suspected
Has likely negatively affected IPO
Safety National Corp v. Michael's Stores
Class action suit immediately filed
History of Cyber Insurance
Provides financial services to 14,500
clients worldwide
Exposure of Confidential Information
Privacy Liability Coverage
Transmission of a Malicious Code
Network Liability Coverage
Assists financial institutions' and health care administrators in managing their information systems
System could be breached to steal the clients' information
Traditional Insurance Coverage Shortfalls

Covers "All Risk" or "Named Peril"

Limited to direct physical loss or damages

Electronic data information, facts and computer programs are excluded

General Liability

2004 exclusion that eliminated coverage for 'data' related loss of use claims

Sony Vs. Zurich case was ruled that acts by a third party hacker are excluded under the CGL

May of 2014 Exclusion; 'Access or Disclosure of Confidential or Personal Information'

Intended to cover theft of "Money, Securities, and other property", (By employees & third parties)

Carriers found themselves paying for theft of data

Carriers have made adjustments to exclude coverage for data
Errors and Omissions
E&O Covers contract disputes, programming errors, and other professional liability issues

Has common overlap with cyber policies

Does not cover the first party direct cost that a cyber policy does
Third Party Liability Exposures
What was happening in...
The late 1990s
(expensive, limited, existing policy assumptions)

The early 2000s
(data breach law, cyber lawsuits unheard of)

The present
(private class actions, Federal and State regulatory requirements have increased)

• Nearly a $2 Billion Market

• Not a single carrier reported negative growth*

• Slowly rising premiums, "Buyer's Market"

• Privacy coverage drives the market

• The Technology, Financial Services and Health Care industries are the leading buyers

► Insurance is not the only product carriers offer

• Customized and specialized products are normal

► Looking to accommodate for smaller companies

► Lack of coverage standardization

*Source: Betterley Report 2014
Services Provided by Fiserv:
Electronic bill payment (EBill)
Card based transaction processing (SpotPay)
Account-to-account transfer production
Internet and mobile banking
Check processing and imaging
Directors & Officers

Coverage could apply if directors or officers are sued in the event of a breach

Does not generally cover claims by 3rd parties for privacy injuries related to a data network security breach
Regulatory Liability
Privacy Liability
Network Security Liability
Data Breach Event Management Costs
Media Liability
Business Interruption
Cyber Extortion
Optional Recommendations
Payment Card Industry Breach
Privacy regulatory proceedings and fines
Costs to close and reopen compromised credit card accounts
Reputation harmed from data breach
Crisis management or privacy event expense reimbursement
Cost of PR firm and investigation
Credit card and identity repair
Credit card monitoring
New York ATM Breach
Millions of dollars stolen
• Data/Electronic Information Loss
Reputational Harm
Cyber-Extortion Coverage
Loss of income from not providing services
Business Interruption or Data/Electronic Information Loss
Costs to recollect damaged data
• Direct or Extra Expenses of a Breach Response
o Data Breach Event Management

Business Interruption/Denial of Service
o Business Interruption Coverage

Damage to Systems
o Data/Electronic Information Loss
• Cyber Extortion
o Cyber Extortion Coverage

Reputational Harm
o Reputational Harm Coverage

• Third Party Claims
o Network Security Liability
• Defense Costs
o Network Security Liability
• Media Liability
o Media Liability Coverage
• Data and PII Loss
o Privacy Liability
• Fines and Penalties
o Regulatory Liability, PCI Liability
• Vendors (Vicarious Liability)
o Privacy Liability and Network Security Liability
Full transcript