Cyber insurance: Growing pains
9 February 2017 Transforming healthcare Michael Schmitt
• Target Corporation (2013) – 110 Million records compromised
– $240 million cost of reissuing cards and refunding fraudulent charges
• Anthem (2015)– 69 million to 80 million records compromised
– $140 million estimated cost to manage breach
• FriendFinder (2016) – 412 million accounts compromised
• Yahoo! (2013)– 2016 public disclosure
– 1 Billion accounts compromised
– Names, dates of birth, email addresses, security questions and answers and weakly protected passwords
Cyber Incidents Headlines
4
7
Residual Cyber Cover
• Travelers Indemnity vs Portal Healthcare Solutions (2015) – Coverage: Data leaked = Publication
• Zurich American Insurance Co. vs Sony Corporation of America (2014)– No Coverage: Data Leak ≠ Publication
• State Auto P&C Insurance Co. vs Midwest Computers (2001)– No Coverage: Data ≠ Tangible Property
• Eyeblaster, Inc. vs Federal Insurance Co. (2010)– Coverage for Tangible Property (computer)– No Coverage for Intangible Property (data)
• NMS Services, Inc. vs The Hartford (2003)– Coverage: Data = Tangible Property. Business Interruption Cover provided.
Cyber Cover in GL Policies
8
•Guidance suggested for carriers:
1)Investing in cyber expertise
2)Setting clear appetites and strategies
3)Continuous oversight or management of “silent” cyber risk
Prudential Regulation Authority
9
Swiss Re Corporate Solutions Cyber Offering
10
•Business Model vs High-End Security
•Consolidations & Mergers
•Budgeting & Staffing
•Medical Devices
•The Value of PHI
Cyber Underwriter Areas of Concern
12
14
• Target Corporation (2013)
– 110 Million records compromised
– $240 million cost of reissuing cards and refunding fraudulent charges
• Anthem (2015)
– 69 million to 80 million records compromised
– $140 million estimated cost to manage breach
• FriendFinder (2016)
– 412 million accounts compromised
• Yahoo! (2013)
– 2016 public disclosure
– 1 Billion accounts compromised
– Names, dates of birth, email addresses, security questions and answers and weakly protected passwords
Cyber Incidents Headlines
4
7
Residual Cyber Cover
• Travelers Indemnity vs Portal Healthcare Solutions (2015) – Coverage: Data leaked = Publication
• Zurich American Insurance Co. vs Sony Corporation of America (2014)
– No Coverage: Data Leak ≠ Publication
• State Auto P&C Insurance Co. vs Midwest Computers (2001)
– No Coverage: Data ≠ Tangible Property
• Eyeblaster, Inc. vs Federal Insurance Co. (2010)– Coverage for Tangible Property (computer)– No Coverage for Intangible Property (data)
• NMS Services, Inc. vs The Hartford (2003)
– Coverage: Data = Tangible Property. Business Interruption Cover provided.
Cyber Cover in GL Policies
8
•Guidance suggested for carriers:
1)Investing in cyber expertise
2)Setting clear appetites and strategies
3)Continuous oversight or management of “silent” cyber risk
Prudential Regulation Authority
9
Swiss Re Corporate Solutions Cyber Offering
10
•Business Model vs High-End Security
•Consolidations & Mergers
•Budgeting & Staffing
•Medical Devices
•The Value of PHI
Cyber Underwriter Areas of Concern
12
14
Legal notice
©2017 Swiss Re. All rights reserved. You are not permitted to create any modifications or derivative works of this presentation or to use it for commercial or other public purposes without the prior written permission of Swiss Re.
The information and opinions contained in the presentation are provided as at the date of the presentation and are subject to change without notice. Although the information used was taken from reliable sources, Swiss Re does not accept any responsibility for the accuracy or comprehensiveness of the details given. All liability for the accuracy and completeness thereof or for any damage or loss resulting from the use of the information contained in this presentation is expressly excluded. Under no circumstances shall Swiss Re or its Group companies be liable for any financial or consequential loss relating to this presentation.