26
Cybersecurity Risks: Insurance Solutions December 8, 2017 Naureen Rasul – Regional Financial Institutions Industry Leader, Asia

Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

  • Upload
    others

  • View
    2

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

Cybersecurity Risks: Insurance Solutions

December 8, 2017

Naureen Rasul – Regional Financial Institutions Industry Leader, Asia

Page 2: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH

Cyber Risk: Asia-Pacific In NumbersSource: MMC Cyber Handbook 2018

1

Page 3: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH 2

Cyber Risk: A Higher Threat Potential In Asia-PacificSource: MMC Cyber Handbook 2018

Page 4: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH

Cybersecurity is no longer just an IT

department issue�

3

Page 5: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH 4

Who Is Affected In A Cyber Breach?

Page 6: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH

Operational Disruption

Employee Exposures

Lawsuits and Reputational Harm

Regulatory and Legal Implications

How Do Cyber Risks Impact Your Organization?

5

Page 7: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH 6

What Are The Most Targeted Business Sectors?Source: 2017 NetDiligence Cyber Claims Study

Education4%

Financial Services13%

Healthcare18%

Hospitality4%

Nonprofit8%

Professional Services18%

Retail11%

Technology7%

All Others17%

Page 8: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH

• Personal information

• Credit or debit card information

• Funds

• Intellectual property

• Disruption to critical infrastructure

• Economic impact

• Loss of life

• Damage to property

TERRORIST OR STATEThe ability to create physical outcomes throughthe use of remote hacking of criticalinfrastructure represents an appealing optionfor terrorist groups.

CRIMINALHacking has become a mainstream activity fororganized crime, targeting digital assets of anorganization that can be acquired or sold on.

HACKTIVISTHacktivists represent a formidable foe due tothe technical capability of the individualsinvolved and can target organizations for avariety of reasons.

• Public support for a cause

• Direct impact of core activity

• Corporate or industry-wide scandal

• Top corporate brand target

MALICEWhere technical ability and motive combine,those who bear the organization ill are able toact maliciously by electronic means.

• Disgruntled employee or customer

• Proof of ability

• Untargeted malicious code

• Random selection

7

What Is The Threat Environment?

Page 9: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH

85%

The number of executives who said that their company experienced acyber attack, information theft, loss or attack in the last 12 months.

8

What Are The Cyber Statistics?Source: 2016/2017 Global Fraud & Risk Report - Kroll

Page 10: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH

16%

20%

22%

22%

26%

Employee malfeasance

Theft of device containing data

Attack against corporate website

Employee error/accident

Attack using software vulnerability

9

26%

22%

22%

20%

16%

How Do Cyber Incidents Happen?Source: 2016/2017 Global Fraud & Risk Report - Kroll

Page 11: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH

Joint venture partners

Competitors

Customers

Vendors/suppliers

Permanent employees

Agents and/or intermediaries

Freelance/temporary employees

Ex-employees 20%

13%

10%

7%

7%

14%

6%

6%

Who Are The Perpetrators?Source: 2016/2017 Global Fraud & Risk Report - Kroll

10

Page 12: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH 11

Who Has Data Privacy and Breach Disclosure Regulations?Source: MMC Cyber Handbook 2018

Page 13: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH

MEXICO

HONDURAS

COLOMBIA

VENEZUELA

CUBA

GUATEMALA

BRAZIL

BOLIVIA

PERU

ARGENTINA

CHILEPARAGUAY

URUGUAY

ECUADOR

CANADA

ALASKA(USA)

GREENLAND

RUSSIA

GERMANY

NORWAY

SWEDENFINLAND

UK

FRANCE

SPAINPORTUGALITALY

POLAND

GREECE TURKEY

CZECH REP.AUSTRIA

UKRAINE

BELARUS

ICELAND

IRELAND

MOROCCO

ALGERIA LIBYAEGYPT

BULGARIA

ROMANIA

MAURITANIAMALI

WESTERNSAHARA

NIGERCHAD SUDAN

ETHIOPIA

SOMALIA

ERITREA YEMEN

OMAN

SAUDIARABIA

IRAQSYRIA

JORDANISRAEL

SENEGAL

GUINEABURKINA FASO

NIGERIA

CAMEROON

CENTRAL AFRREPUBLIC

DEMOCRAT. REP. OF THE CONGO

ANGOLA

NAMIBIA

SOUTHAFRICA

BOTSWANA

ZIMBABWE

ZAMBIA

MOZAMBIQUE

MADAGASCAR

TANZANIA

KENYAGABONCONGO

TUNISIA

KAZAKHSTANMONGOLIA

CHINA

TURKMENISTAN

IRAN

UZBEKISTAN

AFGHANISTAN

INDIA

PAKISTAN

JAPAN

NEPAL

TAJIKISTAN

KYRGYSTAN

THAILAND

MALAYSIA

INDONESIA

AUSTRALIA

PHILIPPINES

PAPUANEW GUINEA

NEWZEALAND

SALOMONISLANDS

VANUTA

NEWCALEDONAI

FIJI

VIETNAM

SOUTHKOREA

NORTHKOREA

LAOS

PANAMA

DOMINICANREP.

GUYANA

SURINAMEFRENCH GUIANA

EL SALVADORNICARAGUA

BELIZE

COSTA RICA

GEORGIA

U.A.E.

CAPVERDE

FALKLANDISLANDS

BANGLADESH

CAMBODIA

MYANMAR

BHUTAN

SOUTHSUDAN

UNITED STATES OF AMERICA

LITH

SWI

CYP

SLOK

NETH

BELLUX

HUN

TAIWAN

TRINIDAD & TOBAGO

LATVIA

THE BAHAMAS

BARBADOS

MALTA

BAHRAIN

MOLDOVA

DENMARK

BEN

TOGOGHANA

IVORY COAST

SL

EG

DIB

PUERTO RICO

■ Notification Required

■ Notification Not Required but Certain Action Required or Recommended

■ Notification Not Required

What Are The Breach Notification Requirements?

12

Page 14: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH

Policies Terms and Conditions

Page 15: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH

Discovery can come about several ways:

• Self discovery

• Customer inquiry or vendor discovery

• Call from regulator or law enforcement

Forensic Investigation and Legal Review

• Forensic tells you what happened

• Legal sets out options / obligations

DISCOVERY

LONG-TERM CONSEQUENCES

EXTERNAL ISSUES

FIRST RESPONSES

Income LossDamage to

Brandor Reputation

Regulatory Fines, Penalties and

Consumer Redress

Civil Litigation

Public Relations Notification Remedial Service Offering

How Does A Simplified Data Breach Timeline Look Like?

14

Page 16: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH

Network Business Interruption• Loss of Revenue• Incurring of Operating Expenses / Extra

Expenses

Data Asset Restoration

Crisis Management• Forensic Investigations• Notification Costs• Account / Credit Monitoring Costs• Public Relations Costs

Cyber Extortion• Ransom Payments• Rewards Payments

Regulatory Investigation• Legal & Regulatory Advice Costs• Investigation Costs• Fines & Penalties (where insurable)

First Party Costs and Other Expenses

Third Party Liability and Defense Costs

Media Content Liability• Legal / Defense Costs• Damages

Third Party Liability• Privacy and Data Breach• Failure of Network Liability• Damages and Defence Costs

15

Policy Terms And ConditionsKey Insuring Clauses

Page 17: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

Case Studies

Page 18: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH 17

Recent Cyber Attacks in Asia-PacificSource: MMC Cyber Handbook 2018

Page 19: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH 18

THAILAND MOST PRONE TO ENCRYPTION-RELATED CYBER ATTACKS IN

THE REGIONNovember 2016 – BusinessInsider

KASPERKSKY REPORT NEARLY 62,000 CYBER ATTACKS IN THAILAND

IN Q2 2017August 2017 – Thaitech

HIGH ALERT OVER GLOBAL ATTACKS, INCLUDING THAILANDMay 2017 – The Nation

ANONYMOUS HACKS THAI NAVY, MINISTRY OF FOREIGN AFFAIRSDecember 2016 – HackRead

Other HeadlinersThailand In The News

THAI MOBILE OPERATOR SUFFERS DATA BREACHSeptember 2016 – QUANN

NEW RIPPER MALWARE FUEL THAI ATM ATTACKSAugust 2016 – BankInfoSecurity

DATA BREACH REVEALS EXPAT DETAILS IN THAILANDMarch 2016 – Channel NewsAsia

Page 20: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH

• February 2015 – Criminals hacked into its servers and stoleover 78M records containing personal information.

• Attack exposed addresses, birthdays, emails, employmentinformation, income data, names and Social Securitynumbers.

• Hacker “spear-phished” the employees, led them to fakewebsites, stole and then used their credentials to access thecompany’s systems.

• All business units were affected and the hack have gone onfor over 10 months.

• January 2017 – Law enforcement officials announced thathacker was acting on behalf of a foreign government.

• Settlement costs include $2.5M for expert consultants,$115M for implementation of security improvements, $31Mfor notification to affected individuals, and $112M for creditprotection to impacted customers.

19

Is there coverage under a cyber liability policy?

Case Study – Stolen Records (Insurance Company)

Page 21: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH

• Hackers held the company’s database, files, systems anddevices hostage via encryption.

• They then demanded that the company pay a $4Mransom in cryptocurrency in exchange for the decryptionkey.

• More than 150 Linus-based servers were infected andthe attack affected about 3,400 business websites andtheir hosted data.

• After 8 days of negotiations, the company finally agreedto pay the $1M ransom.

• Ransom amount had to be paid in three installmentsbecause the company had insufficient funds.

• The company is expected to make the final paymentonce all the servers from the first and second payoutshave been restored.

Case Study – Ransomware (Web Hosting Company)

Is there coverage under a cyber liability policy?

20

Page 22: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH

• Group of Eastern European criminalshacked into a bank’s ATM network.

• July 2016 – Malicious malware attackedthe cash machines run by a bank inBangkok and 5 other provinces.

• Malware instructed the ATMs to spewcash on demand in lots of 40,000 Baht.

• The bank immediately deactivated about3,000 ATMs across the country.

• According to the CEO’s public statement,all ATMs are expected to be back onlinewithin the month.

• During the infected period, the criminalsstole a total of 12.29M Thai Baht.

Crime Insurance Professional Indemnity

Cyber Insurance Directors and Officers Liability

21

Case Study – Malware (Bank)

Page 23: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH

Underwriting Cyber Risks

Page 24: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH

Basics • Number and type of records• Revenue• Industry

Culture • Management dedication to data management• Board approved data management policies

Records Management • Detect – Type and amount of information• Protect – How is data protected• Plan – Board approved information security program

Network Operations • Patch management, backup and testing• Review of network and security assessments• Volume and activity

Vendor Management • Due diligence of service providers• Contract management

Regulatory Compliance • Number and types of regulation• How long compliance has been achieved

Loss Experience • Number of losses suffered

What Do Underwriters Look For?

23

Page 25: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH 24

Questions?

Page 26: Cybersecurity Risks: Insurance Solutions · 2018-01-09 · HACKTIVIST Hacktivists represent a formidable foe due to ... MMC Cyber Handbook 2018. MARSH 18 THAILAND MOST PRONE TO ENCRYPTION-RELATED

MARSH