21st CENTURY SCHIZOID MAN - FAIA...Overview FVR and AR FGoogle’s Tango—guides you to your seat in a busy stadium or finds your friends in crowd FMicrosoft’s HoloLens—creates

5/17/18

1

21st CENTURY SCHIZOID MAN

(I’m Going Cyber-Crazy!)

JAY K. WILLIAMSCIC, CRM, CRIS, MLIS, AAI, AIP, ACSR

CEO – FHB INSURANCE

Presented By:

Overview

FGartner study:F2020: 20 BILLION connected things

worldwide up from 6.4 billion in 2016FAmazon Echo & Google HomeFArtificial intelligence (chatbots) –

currently used by Macy’s and Bank of America as customer service frontlines

5/17/18

2

Overview

FVR and ARFGoogle’s Tango—guides you to your seat in

a busy stadium or finds your friends in crowd

FMicrosoft’s HoloLens—creates holograms that help you interact or understand your environment in new ways

Overview

FToday’s TopicsFTypical business exposuresFCoverage in traditional policies (or lack

thereof)FCyber coveragesFImportant policy provisions

Overview

FTermsFBotFZombieFBotnet FBitcoinFDeep web / Dark web

5/17/18

3

Typical Exposures For BusinessesFEmail

FWrong personFWrong informationFDamaging contentFDreaded “P” word (Privacy)FSending or receiving virusesFSending o receiving malwareFHyperlinks

Typical Exposures For BusinessesFWebsite Content

FCopyright infringementFImages FMusicFDocuments

FTestimonialsFBlogsFComments

Typical Exposures For Businesses

FInternet UsageFBad sites!!! FPop-ups or pop-undersFFacebook FTwitterFLinkedInFOther social media

5/17/18

4


FE-CommerceFDenial of service (DoS, DDoS) attacksFWebsite issuesFOther cyber-breaches

FHackingFOutside attacksFInside attacks


FRansomwareFHold data hostageFThreaten to hold data hostageFThreat of DoS /DDoS attack

Patients diverted to other hospitals after ransomware locks down key software

Crypto-extortion increasingly targets bigger victims; most stay silent about it.

The amount being demanded by the attackers to provide the key to unlock the hospital's systems has not been made public, though it has been reported to be as much as 9,000 Bitcoin—the equivalent of $3.6 million.

5/17/18

5

Hackers Lock Romantik SeehotelJaegerwirt’s Guests out of Their Rooms, Demand Bitcoin Ransom

They managed to hack into the luxurious 4-star hotel’s electronic key system, rendering it useless. While the hotel guests were unable to move in and out of their hotel rooms, the hackers demanded a ransom of over EUR 1500 in Bitcoin from hotel authorities.


FData EncryptionFViruses and malware


FLost devices ($billion laptop study)F2010 study by IntelF329 public and private sector organizationsF86,455 laptops missingF$2.1 Billion in lost value F60,518 NOT encryptedF27,838 carrying confidential data

5/17/18

6

Agent & Customer Confusion

FConfusing Aspects of Cyber FReferred to by various namesFConfused with tech E&OFCyber and tech cover many of the same

risksFFirst & third party coverage FVaries considerably by carrier

Agent & Customer Confusion

FConfusing Aspects of Cyber FMenu-drivenFRapidly evolving exposureFRapidly evolving coverageFCoverage aspects overlap with othersFPolicy forms contain idiosyncrasies

Traditional Policies

FCGLFDefinition of BI—BI, sickness or disease,

including resulting deathFDefinition of PD—Physical injury to tangible

property; electronic data not tangible property

5/17/18

7

17."Property damage" means: a. Physical injury to tangible property, including all resulting loss of use of that

property. All such loss of use shall be deemed to occur at the time of the physical injury that caused it; or

b. Loss of use of tangible property that is not physically injured. All such loss of use shall be deemed to occur at the time of the "occurrence" that caused it.

For the purposes of this insurance, electronic data is not tangible property.

As used in this definition, electronic data means information, facts or programs stored as or on, created or used on, or transmitted to or from computer software, including systems and applications software, hard or floppy disks, CD-ROMs, tapes, drives, cells, data processing devices or any other media which are used with electronically controlled equipment.


FCGLFDefinition of P&AI—named offenses; libel,

slander; violation of right to privacy; copyright, trade dress or slogan in your “advertisement

FCG 21 06—excludes coverage for damages arising out of any access to or disclosure of confidential or personal information


FCGLF16 exclusions

FInfringement Of Copyright, Patent, Trademark Or Trade Secret

FInsureds in Media and Internet Type Businesses

FElectronic Chatrooms Or Bulletin Boards

5/17/18

8


FBOPFHardware limitation—must be a covered

perilFData limitation—$10,000 for restoration of

data from a covered perilFLiability limitations—same issues as CGL


FCommercial PropertyFHardware limitation—must be a covered

perilFData limitation—$2,500


FBusiness IncomeFBOP—suspension of operations; caused by

interruption of computer operatons; due to destruction or corruption of electronic dataFNo coverage for loss caused by

employeeF$10,000 unless higher limits selected

FTime element limitations—endorsed

5/17/18

9


FEDP Policies / CoverageFPerils can be limitedFViruses, hacking, programming errors are

typical exclusions or limitationsFOnly property-related

Cyber Coverages

FContent Liability (website publishing)FPersonal injury type losses – defamation,

libel, slander invasion of privacyFPlagiarism, piracy, copyright infringement,

infringement of domain name, trademark, trade name, trade dress, metatag

FSocial media exposures

Cyber CoveragesFSecurity Breach and Privacy Liability

(information security or network breach)FLoss, theft, or unauthorized disclosure of

personal informationFOutside or inside

FDamage to stored dataFTransmission of malicious codeFDoS/DDoS attacks to a third-party systemFLost or stolen devices

5/17/18

10

Cyber Coverages

FRegulatory defense and penalty coverageFIncludes fines and penalties associated

with State or Federal regulationsFPays fines and defense where allowed by

law

Cyber Coverages

FBusiness Income / Extra ExpenseFIncome lossFExtra expenseFDependent business interruptionFExtended business interruptionFBeware of time limitations & waiting

periods

Cyber Coverages

FExtortion CoverageFCovers extortion demands

FThreat to commit attackFThreat to shut down or damageFDisclose confidential informationFBlock accessFIntroduce a virus

5/17/18

11

Cyber Coverages

FExtortion CoverageFPays for computer security systems to

prevent future extortion attemptsFMay exclude cyberextortion by employees

Cyber Coverages

FPublic Relations Expense & Crisis Management ExpensesFHire a computer security expert to

determine the cause of the date breachFCall centerFNotify each affected individualFCredit monitoringFID theft coverage

Cyber Coverages

FPublic Relations ExpenseFCost to restore stolen identitiesFLosses resulting from stolen identitiesFForensic investigation costsFOvertime for employees

5/17/18

12

Cyber Coverages

FRestoration of DataFPays to restore and re-collect the lost dataFOnly applies to data loss involving software

programs licensed to the insuredFDoes not include upgrading software

Important Policy Provisions

FInsuring AgreementFTypically claims-made

FRetroactive dateFPrior acts coverage issues

FSingular or multiple agreementsFCoverage varies by company

Insuring Agreements, Aggregate Limits Of Insurance And Deductibles:

Insuring Agreement/Coverages Aggregate

Limit Of Insurance Deductible

Amount

1. Web Site Publishing Liability $ $ 2. Security Breach Liability $ $

Defense Expenses And Fines Or Penalties (if insurable by law) In Connection With A Regulatory Proceeding – Sublimit: $

3. Programming Errors And Omissions Liability $ $

4. Replacement Or Restoration Of Electronic Data $ $

5. Extortion Threats $ $ 6. Business Income And Extra Expense $ $

Waiting Period Hours: 7. Public Relations Expense $ $ 8. Security Breach Expense $ $

5/17/18

13


FWho Is An InsuredFNamed insured

FIncluding subsidiariesFEmployees

FPast, present, futureFLeased and temps?

FSpouse (domestic partners)FSome do and some don’t


FWho Is An InsuredFDirectors and officersFManager and membersFTrusteesFEstates, heirs, executors, administrators,

legal representativesFVolunteers FIndependent contractors

5/17/18

14


FClaimFWritten demandFMay be limited to Internet activities; orFMay be limited to “wrongful acts”

definition

5/17/18

15


FDamages / Covered LossesFAmounts paid as judgments or settlementsFExpense incurred in defending/settlingFInjunctive reliefFFines and penaltiesFPunitive damages

FIncluded unless prohibited by law

5/17/18

16


FE-Commerce IncidentFVirus or malicious codeFDoS included?FExpanded to include others?


FInternet ActivitiesFSome can be broad, others can be limitedFContent, including audio / visualFElectronic transactionsFDistributed by other technology


FWrongful ActFCritical to determining coverage

5/17/18

17


FSecurity BreachFCan be limited to only outside

unauthorized usersFMay exclude unauthorized access by

employees

5/17/18

18


FSecurity Breach ExpensesFInvestigative costsFNotification costsFOvertimeFOutside call serviceFCredit monitoring costs

5/17/18

19


FCoverage TerritoryFWorldwideFLimited worldwideFUniversal


FDefense ExpenseFWithin policy limitsFReduce limits available for damagesFDoes retention apply to defense

5/17/18

20


FDefense and settlementFDuty to defendFAll allegations defenseFConsent to settle (hammer clause)FSoft hammer clause (percentage split)


FLimits of LiabilityFPer claim limit

FEach type of coverage affordedFAnnual aggregate

FApplies across all of the insuring agreements

5/17/18

21


FRetention or DeductibleFApply to the entire policyFApply to each insuring agreementFApply on a per claim basisFApply only on retention or deductible when

multiple insuring agreements are involved

5/17/18

22


FExclusionsFBI and PD

FCover financial loss rather than physical loss

FCovered under CGLFException – mental anguish, emotional

distress, pain & suffering, shock, resulting from a Privacy Event


FExclusionsFFraud

FInnocent insured exceptionFDefense until accused either admits or is

convicted


FExclusionsFMechanical & electrical failureFContractual liabilityFERISAFBreach of contract

5/17/18

23


FExclusionsFEPL

FException for privacy claimsFProduct liabilityFWar

How many insureds in your book of business have a need for this

coverage?

5/17/18

24