Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
5/17/18
1
21st CENTURY SCHIZOID MAN
(I’m Going Cyber-Crazy!)
JAY K. WILLIAMSCIC, CRM, CRIS, MLIS, AAI, AIP, ACSR
CEO – FHB INSURANCE
Presented By:
Overview
FGartner study:F2020: 20 BILLION connected things
worldwide up from 6.4 billion in 2016FAmazon Echo & Google HomeFArtificial intelligence (chatbots) –
currently used by Macy’s and Bank of America as customer service frontlines
5/17/18
2
Overview
FVR and ARFGoogle’s Tango—guides you to your seat in
a busy stadium or finds your friends in crowd
FMicrosoft’s HoloLens—creates holograms that help you interact or understand your environment in new ways
Overview
FToday’s TopicsFTypical business exposuresFCoverage in traditional policies (or lack
thereof)FCyber coveragesFImportant policy provisions
Overview
FTermsFBotFZombieFBotnet FBitcoinFDeep web / Dark web
5/17/18
3
Typical Exposures For BusinessesFEmail
FWrong personFWrong informationFDamaging contentFDreaded “P” word (Privacy)FSending or receiving virusesFSending o receiving malwareFHyperlinks
Typical Exposures For BusinessesFWebsite Content
FCopyright infringementFImages FMusicFDocuments
FTestimonialsFBlogsFComments
Typical Exposures For Businesses
FInternet UsageFBad sites!!! FPop-ups or pop-undersFFacebook FTwitterFLinkedInFOther social media
5/17/18
4
Typical Exposures For Businesses
FE-CommerceFDenial of service (DoS, DDoS) attacksFWebsite issuesFOther cyber-breaches
FHackingFOutside attacksFInside attacks
Typical Exposures For Businesses
FRansomwareFHold data hostageFThreaten to hold data hostageFThreat of DoS /DDoS attack
Patients diverted to other hospitals after ransomware locks down key software
Crypto-extortion increasingly targets bigger victims; most stay silent about it.
The amount being demanded by the attackers to provide the key to unlock the hospital's systems has not been made public, though it has been reported to be as much as 9,000 Bitcoin—the equivalent of $3.6 million.
5/17/18
5
Hackers Lock Romantik SeehotelJaegerwirt’s Guests out of Their Rooms, Demand Bitcoin Ransom
They managed to hack into the luxurious 4-star hotel’s electronic key system, rendering it useless. While the hotel guests were unable to move in and out of their hotel rooms, the hackers demanded a ransom of over EUR 1500 in Bitcoin from hotel authorities.
Typical Exposures For Businesses
FData EncryptionFViruses and malware
Typical Exposures For Businesses
FLost devices ($billion laptop study)F2010 study by IntelF329 public and private sector organizationsF86,455 laptops missingF$2.1 Billion in lost value F60,518 NOT encryptedF27,838 carrying confidential data
5/17/18
6
Agent & Customer Confusion
FConfusing Aspects of Cyber FReferred to by various namesFConfused with tech E&OFCyber and tech cover many of the same
risksFFirst & third party coverage FVaries considerably by carrier
Agent & Customer Confusion
FConfusing Aspects of Cyber FMenu-drivenFRapidly evolving exposureFRapidly evolving coverageFCoverage aspects overlap with othersFPolicy forms contain idiosyncrasies
Traditional Policies
FCGLFDefinition of BI—BI, sickness or disease,
including resulting deathFDefinition of PD—Physical injury to tangible
property; electronic data not tangible property
5/17/18
7
17."Property damage" means: a. Physical injury to tangible property, including all resulting loss of use of that
property. All such loss of use shall be deemed to occur at the time of the physical injury that caused it; or
b. Loss of use of tangible property that is not physically injured. All such loss of use shall be deemed to occur at the time of the "occurrence" that caused it.
For the purposes of this insurance, electronic data is not tangible property.
As used in this definition, electronic data means information, facts or programs stored as or on, created or used on, or transmitted to or from computer software, including systems and applications software, hard or floppy disks, CD-ROMs, tapes, drives, cells, data processing devices or any other media which are used with electronically controlled equipment.
Traditional Policies
FCGLFDefinition of P&AI—named offenses; libel,
slander; violation of right to privacy; copyright, trade dress or slogan in your “advertisement
FCG 21 06—excludes coverage for damages arising out of any access to or disclosure of confidential or personal information
Traditional Policies
FCGLF16 exclusions
FInfringement Of Copyright, Patent, Trademark Or Trade Secret
FInsureds in Media and Internet Type Businesses
FElectronic Chatrooms Or Bulletin Boards
5/17/18
8
Traditional Policies
FBOPFHardware limitation—must be a covered
perilFData limitation—$10,000 for restoration of
data from a covered perilFLiability limitations—same issues as CGL
Traditional Policies
FCommercial PropertyFHardware limitation—must be a covered
perilFData limitation—$2,500
Traditional Policies
FBusiness IncomeFBOP—suspension of operations; caused by
interruption of computer operatons; due to destruction or corruption of electronic dataFNo coverage for loss caused by
employeeF$10,000 unless higher limits selected
FTime element limitations—endorsed
5/17/18
9
Traditional Policies
FEDP Policies / CoverageFPerils can be limitedFViruses, hacking, programming errors are
typical exclusions or limitationsFOnly property-related
Cyber Coverages
FContent Liability (website publishing)FPersonal injury type losses – defamation,
libel, slander invasion of privacyFPlagiarism, piracy, copyright infringement,
infringement of domain name, trademark, trade name, trade dress, metatag
FSocial media exposures
Cyber CoveragesFSecurity Breach and Privacy Liability
(information security or network breach)FLoss, theft, or unauthorized disclosure of
personal informationFOutside or inside
FDamage to stored dataFTransmission of malicious codeFDoS/DDoS attacks to a third-party systemFLost or stolen devices
5/17/18
10
Cyber Coverages
FRegulatory defense and penalty coverageFIncludes fines and penalties associated
with State or Federal regulationsFPays fines and defense where allowed by
law
Cyber Coverages
FBusiness Income / Extra ExpenseFIncome lossFExtra expenseFDependent business interruptionFExtended business interruptionFBeware of time limitations & waiting
periods
Cyber Coverages
FExtortion CoverageFCovers extortion demands
FThreat to commit attackFThreat to shut down or damageFDisclose confidential informationFBlock accessFIntroduce a virus
5/17/18
11
Cyber Coverages
FExtortion CoverageFPays for computer security systems to
prevent future extortion attemptsFMay exclude cyberextortion by employees
Cyber Coverages
FPublic Relations Expense & Crisis Management ExpensesFHire a computer security expert to
determine the cause of the date breachFCall centerFNotify each affected individualFCredit monitoringFID theft coverage
Cyber Coverages
FPublic Relations ExpenseFCost to restore stolen identitiesFLosses resulting from stolen identitiesFForensic investigation costsFOvertime for employees
5/17/18
12
Cyber Coverages
FRestoration of DataFPays to restore and re-collect the lost dataFOnly applies to data loss involving software
programs licensed to the insuredFDoes not include upgrading software
Important Policy Provisions
FInsuring AgreementFTypically claims-made
FRetroactive dateFPrior acts coverage issues
FSingular or multiple agreementsFCoverage varies by company
Insuring Agreements, Aggregate Limits Of Insurance And Deductibles:
Insuring Agreement/Coverages Aggregate
Limit Of Insurance Deductible
Amount
1. Web Site Publishing Liability $ $ 2. Security Breach Liability $ $
Defense Expenses And Fines Or Penalties (if insurable by law) In Connection With A Regulatory Proceeding – Sublimit: $
3. Programming Errors And Omissions Liability $ $
4. Replacement Or Restoration Of Electronic Data $ $
5. Extortion Threats $ $ 6. Business Income And Extra Expense $ $
Waiting Period Hours: 7. Public Relations Expense $ $ 8. Security Breach Expense $ $
5/17/18
13
Important Policy Provisions
FWho Is An InsuredFNamed insured
FIncluding subsidiariesFEmployees
FPast, present, futureFLeased and temps?
FSpouse (domestic partners)FSome do and some don’t
Important Policy Provisions
FWho Is An InsuredFDirectors and officersFManager and membersFTrusteesFEstates, heirs, executors, administrators,
legal representativesFVolunteers FIndependent contractors
5/17/18
14
Important Policy Provisions
FClaimFWritten demandFMay be limited to Internet activities; orFMay be limited to “wrongful acts”
definition
5/17/18
15
Important Policy Provisions
FDamages / Covered LossesFAmounts paid as judgments or settlementsFExpense incurred in defending/settlingFInjunctive reliefFFines and penaltiesFPunitive damages
FIncluded unless prohibited by law
5/17/18
16
Important Policy Provisions
FE-Commerce IncidentFVirus or malicious codeFDoS included?FExpanded to include others?
Important Policy Provisions
FInternet ActivitiesFSome can be broad, others can be limitedFContent, including audio / visualFElectronic transactionsFDistributed by other technology
Important Policy Provisions
FWrongful ActFCritical to determining coverage
5/17/18
17
Important Policy Provisions
FSecurity BreachFCan be limited to only outside
unauthorized usersFMay exclude unauthorized access by
employees
5/17/18
18
Important Policy Provisions
FSecurity Breach ExpensesFInvestigative costsFNotification costsFOvertimeFOutside call serviceFCredit monitoring costs
5/17/18
19
Important Policy Provisions
FCoverage TerritoryFWorldwideFLimited worldwideFUniversal
Important Policy Provisions
FDefense ExpenseFWithin policy limitsFReduce limits available for damagesFDoes retention apply to defense
5/17/18
20
Important Policy Provisions
FDefense and settlementFDuty to defendFAll allegations defenseFConsent to settle (hammer clause)FSoft hammer clause (percentage split)
Important Policy Provisions
FLimits of LiabilityFPer claim limit
FEach type of coverage affordedFAnnual aggregate
FApplies across all of the insuring agreements
5/17/18
21
Important Policy Provisions
FRetention or DeductibleFApply to the entire policyFApply to each insuring agreementFApply on a per claim basisFApply only on retention or deductible when
multiple insuring agreements are involved
5/17/18
22
Important Policy Provisions
FExclusionsFBI and PD
FCover financial loss rather than physical loss
FCovered under CGLFException – mental anguish, emotional
distress, pain & suffering, shock, resulting from a Privacy Event
Important Policy Provisions
FExclusionsFFraud
FInnocent insured exceptionFDefense until accused either admits or is
convicted
Important Policy Provisions
FExclusionsFMechanical & electrical failureFContractual liabilityFERISAFBreach of contract
5/17/18
23
Important Policy Provisions
FExclusionsFEPL
FException for privacy claimsFProduct liabilityFWar
How many insureds in your book of business have a need for this
coverage?
5/17/18
24