Cyber LiabilityGraeme Newman, CFC Underwriting

“The Internet? We’re not interested.”

Bill Gates, Microsoft Founder, 1993

Percentage of Americanswho are online

Average number of hoursspent online each day

Number of years it took theInternet to reach 50 million users.It took radio 38 and television 13.

78%

4+4

Percentage of the world’spopulation now using Facebook16%

Number of US married couples who met online1 in 8

10 Things the Internet Has Killed or Ruined…

7. Nigeria’s Reputation

PCWorld.com

1,000,000,000,000,000,000

Bytes

1 Exabyte =

File storage through time…

The 1950s…

=1GB of information

The 1970s…

=2GB of information

Today…

=64GB of information(or 5,000 filing cabinets)

Ronnie BiggsThe Great Train Robbery, 1963

Albert GonzalesHeartland Hack, 2007

2011

1995

2000

2002 2007

2012

2009

2010

• Pure play internet business models• Privacy related regulations• High fraud / crime risk• Large customer bases• Storage of very sensitive data• High profile targets

• Blended online / offline• Storage of sensitive data• Highly connected• Heavy reliance upon systems

• Incidental exposure• Brochure websites• Office-based• Sensitive data

Social Networks

Banks

Hospitals Gambling

Travel Agents

Universities / CollegesRetailers

Movie Theaters

Charities

Accountants Recruitment Consultants

Logisitics

ManufacturingLawyers

Insurance Agents

High Risk

Medium Risk

Low Risk

Payment Processors

Energy / Utility Companies Hotels

Restaurants Medical Clinics

Public Entities

Financial Advisors

Airlines MSP / ASP / ISP

IT Consultants

DistributionArchitects Engineers

Quiz

Cyber & Privacy

CommercialGeneralLiability

ProfessionalLiability Crime

Property

ManagementLiability

“All animals are equal,but some are more equalthan others.”

George Orwell, Animal Farm

cyber policies

• Privacy liability

• Virus / hacking liability (cyber liability)

• IP infringement / defamation (media liability)

• Content liability / Errors & Omissions

• Privacy breach notification

• System damage

• Business interruption

• Cyber crime

• Brand protection / crisis management

Third party

liability

First party

loss

Virus / hacking (cyber) liability

Extends to cover contractors, vendors and hosting

providers

Covers a computer virus “in the wild”, not just specific

Avoid “other insurance” provisions

Privacy Liability

Avoid sub-limits for regulatory actions

Full worldwide jurisdictional cover

No contractual liability exclusion

Avoid hard-coded definitions of PII or sensitive data

Include cover for fines and penalties (where insurable)

Privacy breach notification

Full voluntary breach notification

Separate limit available for breach notification

24/7 expert claims response

Coverage for credit monitoring, forensic consultants, call center

Type of breach covered: paper / electronic, fault / no-fault

Multimedia liability

Ensure not restricted to just the insured’s website and

email

Cover for social media liability and “corporate” blogging

Cover for digital content, regardless of distribution

channel

Seek cover on an “all risks” basis (except patent)

System damage

“All risks basis” not just named perils

Avoid “security breach” trigger

Include staff overtime and additional cost of working

No exclusion for lack of risk management

Extends to cover perils at an outsourced or cloud

provider

Business interruption

Financial retention v time retention

Scope of perils covered

Extends to cover perils at an outsourced or cloud provider

At least a three month indemnity period

Coverage for contingent loss of future sales

Business interruption

Time

Revenue

Security Breach

Indemnity Period (max 3 months)

Contingent Period (max 12 months)

Direct Loss

Reputational Loss

Wait period

Cyber crime

Employee crime or third party crime

Cover for cyber threats and extortion

Third party theft of electronic funds

Cover for telephone hacking

Cover for phishing scams

Other key considerations

Retroactive date and cover for prior acts

“Pay on behalf of” v “Reimbursement” language

War and terrorism exclusions

Extent of encryption warranties

Risk management conditions

Future trends

Underwriting cyber

Underwriting cyber

Quiz

Security Breach: Hospital

Denial of Service: Hotel

“Spear-phishing”: Charity

Quiz

CFC Underwriting Ltd.

85 Gracechurch St

London EC3V 0AA

+44 (0) 207 220 8500

enquiries@cfcunderwriting.com

www.cfcunderwriting.com

www.technologyinsuranceblog.com

www.mediainsuranceblog.com

www.twitter.com/cfcunderwriting

www.linkedin.com/company/cfc-underwriting-ltd.

Contact us