Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Presented by ABA Insurance Services
The PIA Partnership Presents: Cyber 101
Fraudulent Funds Transfer
Extortion/Ransomware
Social Engineering
Business Interruption
Data Breach/Privacy
Network Security
Media Liability
Essential Information You and Your Clients Need to Know About Cyber
✓
Presented by ABA Insurance Services
David Rupnow, CPCU, RPLU
Product Manager
D: 216-220-1293 | E: [email protected]
Dave has over 25 years of experience in
underwriting and managing professional liability
insurance programs to the small-medium
business niche. With a focus on improving the
efficiency and agent experience to rate/quote/bind
insurance, he was key in the development and
implementation of ProCision®, a new, next
generation, multi-product quoting platform
available through ForAgentsOnly.com.
Lisa Micciche, CPA
Product Manager
D: 216-220-1297 | E: [email protected]
With over 15 years of underwriting, financial
and management experience, Lisa is
responsible for product development and
modifications to existing products, as well as
sales, claims, and competitive analysis for both
the Bank and Small Business Insurance
Programs of ABA Insurance Services. She was
instrumental in the development of the Bank
Program’s cyber insurance product.
2
Presented by ABA Insurance Services
ABA Insurance Services is a managing general agency, program administrator and wholesale brokerage that
offers professional and management liability lines, financial institution bonds, surety bonds, property, and general
liability insurance to banks, small businesses and nonprofit organizations.
Presented by ABA Insurance Services
What we will cover in this webinar
▪ What is Cyber Business Interruption (CBI)?
▪ CBI Statistics
▪ Coverage Highlights
▪ Case Studies
▪ Tips for Remediation and Prevention
3
© 2018 ABA Insurance Services Inc. dba Cabins Insurance Services in CA, ABA Insurance Services of Kentucky Inc. in KY, and ABA Insurance Agency Inc. in MI. Notwithstanding any
language to the contrary, nothing contained herein constitutes nor is intended to constitute an offer, inducement, promise, or contract of any kind. All coverage descriptions and claims
examples are provided for informational and educational purposes only and are not a representation as to coverage for any particular claim and are not represented to be error free.
Coverage for any claim is determined upon the specific facts of the claim, the terms and conditions of the policy and applicable law. For details on the coverage provided by your specific
contract of insurance, please refer to your policy. Coverage is subject to underwriting guidelines and may not be available in all states. Limits may be capped for underwriting reasons. Any
links to any sites which are not originated by ABA Insurance Services Inc. (ABAIS) are provided only as a courtesy and are not intended to nor do they constitute an endorsement by
ABAIS of the linked materials. All rights reserved.
Presented by ABA Insurance Services
What is Cyber Business Interruption?
Cyber Business Interruption (CBI) is an operational business failure due to a cyber attack. This
differs from traditional business interruption because it is triggered by a non-physical event.
4
Presented by ABA Insurance Services
Traditional BI Coverage
▪ BI coverage is a time-element coverage
offered under property policies.
▪ For BI coverage to be implicated, there must
be direct physical damage by a covered
cause of loss (fire, flood, wind) that causes
an interruption of the insured’s operations.
▪ Once these conditions are met, then the
actual loss sustained is measured to
determine the loss of business income from
the interruption.
5
Traditional BI Coverage is not Sufficient
Presented by ABA Insurance Services 6
Business Interruption Stats to Consider
Presented by ABA Insurance Services 7
2012 – 2017 BI Incidents: A Look by Industry
Presented by ABA Insurance Services
▪ Covers loss of income and costs in excess of normal operating expenses required to maintain the business and restore operations.
▪ May cover dependent business interruption.
▪ Lawsuits
▪ Suppliers
▪ Incident usually triggers breach response coverage (forensics expenses, data restoration).
▪ System failure due to cover employee error is probably not covered.
8
Cyber BI Coverage Highlights
Presented by ABA Insurance Services
Additional Points to Consider
Limits and Retentions
▪ Regardless of the revenue loss, the BI sublimit caps the payout under the policy.
▪ Coverage will often include a separate BI deductible or BI waiting period, either in hours or days,
before liability will arise under the policy. If a BI loss is below the deductible or does not exceed the
waiting period, then the policy will not respond. An example of the waiting period not being met
would be if a denial-of-service lasts two hours and the waiting period is four hours.
Key Exclusions
▪ System upgrades are not covered.
▪ Utility failures are not covered.
9
Presented by ABA Insurance Services
Retailer hit by a Distributed Denial of
Services (DDoS) attack
▪ The third party service provider that hosts a
retailer’s website was hit by a DDoS attack.
The provider could not quickly resolve the
attack to its systems and the retailer’s
website was taken offline for four days while
the problem was fixed.
▪ The retailer incurred financial loss due to lost
income and reputational damage.
10
Cyber BI: Case Study 1
Presented by ABA Insurance Services
Oyster card glitch costs “Transport for
London” 250,000 pounds in one morning.
▪ The glitch was caused by software errors
relating to the implementation of a fare hike.
▪ Barriers at many underground stations were
left open allowing commuters a free ride.
▪ Around 100,000 free journeys took place in
the six hours the system was down.
11
Cyber BI: Case Study 2
Presented by ABA Insurance Services
The Internet of Things
▪ Cyber criminals used malicious code to
sabotage the automated building controls of
a meat packing plant. The code turned off the
cooling systems which, in turn, spoiled
hundreds of pounds of beef.
12
Cyber BI: Case Study 3
Presented by ABA Insurance Services
7 Tips for Prevention and Remediation
1. Maintain your security environment: use antivirus software,
ensure all firewalls and routers are secure and kept up to date.
2. Backup your data and systems.
3. Maintain your software upgrades and patches.
4. Adopt a strict password policy for your business.
5. Educate employees on good cyber hygiene.
6. Create an incident response plan.
7. Check your insurance coverage.
13
Presented by ABA Insurance Services
Questions
14
Presented by ABA Insurance Services 15
The PIA Partnership Presents: Cyber 101Available now at www.pianet.com/pia-partnership/cyber101
Join us for the next Cyber 101 webinar: Data
Breach/PrivacyTuesday, May 1, 2018 at 2:00 p.m. Eastern