Cyber Risk Market Overview - fsmcaptives.fm · cyber-attacks. The majority of perpetrators are still external actors, the primary motive remains financial gain and phishing and particularly

20 October 2016Tokyo, Japan

Cyber Risk Market Overview

Prepared by Aon Risk Solutions

Proprietary & Confidential

FSM CICCaptive

InsuranceSeminar

Risk. Reinsurance. Human Resources2

Table of Contents

� Cyber & Captive insights

� Cyber Risk in Asia

– Tangible Asset v Intangible Asset Valuation

– Market Trends

� Cyber Risk Transfer

� Director and Officer Exposure to Cyber Liability

– The high profile lawsuits – and wins – for boards

– Protecting yourself and the entity pre-breach and post-breach and through insurance


2016 Aon Captive Cyber Benchmarking Survey

Source: 2016 Aon Captive Cyber Benchmarking Survey by Industry Cyber—The Fast Moving Target: Benchmarking views and attitudes by industry: http://www.aon.com/risk-services/cyber.jsp

Topics Data Holders Product Risk

Critical

Infrastructure Transportation Heavy Industry

Top Cyber RiskConcern

Post BreachBusiness Interruption

BusinessInterruption




Lowest CyberRisk Concern

Bodily Injury/Property Damange

Bodily Injury/Prpoerty Damage

Data & SystemRestoratioin

Loss of IPBodily Injury/Property Damage

Use of Risk Assessment to informCoverage/limits

51% 75% 59% 70% 56%

Rationale forbuying cover

Board DueDiligence (80%)

Balance SheetProtection (58%)



Board DueDiligence (56%)

Who is buying 70% 17% 29% 33% 33%

Limits (m) USD 10-25 USD 10-25 >USD 100 USD 10-25 USD 10-25

Budgeted forCyber Cover 74% 31% 41% 9% 33%


Cyber Insurance For Balance Sheet Protection

Source: 2016 Aon Captive Cyber Benchmarking Survey by Industry Cyber—The Fast Moving Target: Benchmarking views and attitudes by industry:

http://www.aon.com/risk-services/cyber.jsp

“With the average estimated cost of a data breach reaching USD 3.8 million, and catastrophic

breaches resulting in cyber insurance limits losses in excess of USD 100 million, it is not surprising

that the majority of survey participants have listed balance sheet protection as the main reason

for purchasing or considering insurance to cover catastrophic exposures.”


Cyber Risk Impacts All Loss Quadrants

1st Party 3rd Party

Fin

an

cia

lTa

ng

ible

Cyber Loss SpectrumCyber Loss SpectrumCyber Loss SpectrumCyber Loss Spectrum

Any major cyber event will result inAny major cyber event will result inAny major cyber event will result inAny major cyber event will result in

� PR, response, and continuity costs

� Immediate and extended revenue loss

� Restoration expenses

� Defense costs

Third parties will seek to recoverThird parties will seek to recoverThird parties will seek to recoverThird parties will seek to recover

� Civil penalties and awards

� Consequential revenue loss

� Restoration expenses

Physical damage is possiblePhysical damage is possiblePhysical damage is possiblePhysical damage is possible

� 1st party property damage

� 1st party bodily injury

Physical damage may cascade to othersPhysical damage may cascade to othersPhysical damage may cascade to othersPhysical damage may cascade to others

� 3rd party property damage

� 3rd party bodily injury


Business Snapshot

Business Segment Brief Description

Contract Drilling

Company offers contract drilling to customers in Canada, USA, Venezuela, Argentina, Kurdistan, Libya, Oman, Gabon, Australia & New Zealand. The company offers rigs and drilling solutions to clients which are major oil & gas producers. Service offerings include: coring drilling services in support of oil sands development, well servicing and slant drilling solutions to oil sands producers’ steam-assisted gravity drainage applications etc. Click here to know more about Ensign’s ‘Contract Drilling operations’.

Directional Drilling

Drilling service offerings include: conventional directional & horizontal drilling , remote drilling, short-radius drilling, multi-well pad drilling and automated drilling rigs. Company uses state-of the –art electromagnetic and MWD technology with gamma modules while carrying out drilling operations. Click here to know more about Ensign’s directional drilling operations.

Underbalanced Drilling

Ensign offers comprehensive range of underbalanced drilling packages which include: self-contained systems with nitrogen generation, compression equipment and surface control systems. The company makes use of the technology: ‘Envision’ which through a state-of-the-art programmable logic control program controls the drilling operations. Click hereto learn more about, Ensign’s ‘Underbalanced drilling operations

Rental Equipment (Equipment Rentals)

Ensign offers rental services of equipment like: pumps, rig mats, light plants, flare tanks, Centrifuge bins, mud motors, drill collars, heavyweight drill pipe, mud cleaning equipment, gas busters etc. The rental of equipment is predominantly based out of Canada & USA. Please click here to know more about Ensign’s rental equipment segment.

Well Servicing

Service offerings include: Well completions and re-completions, Abandonment of redundant wells, Production workovers, Bottom hole pump changes, Servicing of downhole pumps / replacement of downhole components or tubulars, Sidetracking and deepening of wells, Fishing and swabbing operations, Drilling of shallow water, oil, gas or coal bed methane wells and Completion fluid filtration and conditioning. Click here to know more about Ensign’s ‘Well Servicing’ operations.

Production Services

Ensign, through ‘Production Services’ segment offers wireline services, production testing, technical and reporting, training and certifications to customers. Opsco Energy Industries Ltd, a wholly owned subsidiary of Ensign, offers slickline and braided line completion and production testing services, pressure pumping and wireline (slickline and braided line) services to customers in Western Canada Sedimentary Basin, USA & other international locations. Kindly click here to know more about Ensign’s ‘Production Services’.

Cyber Risk in Asia

Risk. Reinsurance. Human Resources

$617

$648

$0 $200 $400 $600 $800

The value of the largest loss(PML) that could result from the

theft and/or destruction ofinformation assets

The value of the largest loss(PML) that could result from

damage or the total destructionof PP&E

2015 Global Cyber Financial Impact Report

$848$815

$0

$100

$200

$300

$400

$500

$600

$700

$800

$900

Total value of PP&E Total value ofinformation assets

Extrapolated value ($millions)

Source: Aon/Ponemon 2015 Global Cyber Impact Study

7

Valuing Tangible and Intangible Assets Estimating Loss to Tangible and Intangible Assets

Risk. Reinsurance. Human Resources

9%

38%

16%

58%

0%

10%

20%

30%

40%

50%

60%

70%

Would not disclosea material

uninsured loss oftangible assets

Would not disclosea material

uninsured loss ofintangible assets

Fully aware of theconsequences of a

data breach

Assess cyber riskexposure based

on intuition,informal internal

assessment, or notat all

2015 Global Cyber Financial Impact Report

Source: Aon/Ponemon 2015 Global Cyber Impact Study

8

Insuring Tangible and Intangible Assets Cyber risk awareness among APAC businesses

51%

12%

0%

10%

20%

30%

40%

50%

60%

The percentage of potentialloss to PP&E assets covered

by insurance

The percentage of potentialloss to information assets

covered by insurance


Cyber Risk in Asia

Source: Mandiant M-Trends Asia Pacific

3.7GB

80%

520 days

Median time between breach and discovery in APAC – three times the global average.

Organisation in APAC are 80% more likely to be targeted than other parts of the world,

Average amount of data stolen in an attack in APAC.

V-Tech

Thailand Government

Vietnam Airlines

Japan Airlines

Philippines

COMELEC

Bangladesh

Bank


2015 (and early 2016) has seen, largely, a continuation of trends in relation to cyber-attacks.

The majority of perpetrators are still external actors, the primary motive remains financial gain and phishing and particularly spear phishing attacks remain dominant.

Spear phishing attacks targeting employees have increased by 55 percent in 2015.

Social engineering has increased in frequency and public recognition.

There has also been an increase in ransomware attacks – up 35 percent in 2015.

DD4BC (Distributed Denial of Service for Bitcoin) attacks have been common, with smaller scale attacks launched initially along with a modest demand for payment, with the threat of increased attacks if the demand is not met.

Source: Symantec’s Internet Security Threat Report 2016

Market Trends – Attack Trends


Business Snapshot


Contract Drilling








Well Servicing


Production Services


Cyber Risk Transfer


Cyber Risk Transfer – Attack Costs

Crisis

Expense

Lost

Income

Extra

Expense

LiabilityFines and

Penalties

Forensics

Notification and Monitoring

Public Relations

Legal guidance

Business Interruption

Dependent Interruption

Intangible Asset Damage

Cyber Extortion Payments

Breach of Privacy

Regulatory Fines

Defence Costs

Defence Costs

Increased Cost of Working

Network Security Failure

Media Liability


Aon Cyber Enterprise Solution™: an overview


Business Snapshot


Contract Drilling








Well Servicing


Production Services


Director & Officer

Exposure


Actions against Directors

May 2016 – Minnesota Federal Court dismisses consolidated action by Target shareholders arising from major data breach in 2013.

Shareholders alleged gross mismanagement and breach of fiduciary duty by directors in failing to implement controls to prevent the data breach.

A Special Litigation Committee conducted an extensive 21 month investigation and recommended that the claim be dismissed,

Home Depot

Heartland

2009 – Shareholders claimed that Heartland – which suffered a major data breach, compromising the personal data of millions of individuals - had previously concealed an attack and made fraudulent representations regarding cyber security.

Court dismissed the action, as the allegation that D&Os knew the security systems to be deficient was not particularised.

October 2014 – Derivative action against Directors dismissed. Action followed a series of data breaches in 2008 and 2009.

Plaintiffs argued that senior executives failed to take sufficient steps to protect sensitive information. Court found no “bad faith” on the part of the board.

WyndhamTarget

September 2015 – shareholder derivative lawsuit filed against 12 directors, alleging a breach of fiduciary duties of good faith and due care by failing to safeguard information.

The claim cites the Target and Neiman Marcus breaches as evidence of fair warning to the board that an attack was predictable.


Board Level Mitigation

Board / Senior

Executives

Risk Management

Team

IT Department

Broker / Insurer

Vendors and

Customers

Know and meet regularly with your Information Security / IT Team. Understand incidents or “near misses”.

Understand your contracts with your customers and vendors. What risks are you assuming? Who is required to maintain insurance?

Review your risks with your insurance broker and insurer continually. Insurance coverage is negotiable.

Ensure that there are up to date policies and plans in place for data protection, incident response and business continuity

Manage the dialogue between your IT and Risk teams.

Know your external experts and reporting obligations when a cyber event occurs

17Risk. Reinsurance. Human Resources

Aon Risk Solutions | 2 Shenton Way | #26-01 SGX Centre 1 | Singapore 068804Aon Singapore (Broking Centre) Pte Ltd | Co. Reg No. 199708153K

© Aon plc 2016. All rights reserved.

No part of this report may be reproduced, stored in a retrieval system, or transmitted in any way or by any means, including photocopying or recording, without the written permission of the copyright holder, application for which should be addressed to the copyright holder.

Documents

Cyber Risk Market Overview - fsmcaptives.fm · cyber-attacks. The majority of perpetrators are still external actors, the primary motive remains financial gain and phishing and particularly