Embed Size (px)
Citation preview
Welcome!
@Advisen
Table of Contents
This slide deck contains a subset of the slides shown at Advisen’s Cyber Risk Insights Conference. We have removed
duplicative slides for the purposes of brevity.
• Morning General Session: Pages 3-36
• Cyber Insurance Track: Pages 37- 69
• Cyber Threat Landscape Track: Pages 70- 107
• Afternoon General Session: Pages 108- 116
Welcoming Remarks
Tom Ruggieri
CEO
Advisen
@Advisen
Today’s Event Metrics
650 Registrations
41 Speakers
19 Sponsors
10 Presentations
7 Panel Discussions
1 Keynote
@Advisen
Thank you to our 19 sponsors!
Opening Remarks
Bob Parisi Managing Director & National Practice Leader for Technology Network Risk & Telecommunications
Marsh
2013 Conference Chairman
@Advisen
Keynote Address
Adam Sedgewick Senior Information Technology Policy Advisor
@Advisen
• The National Institute of Standards and Technology’s mission is to stimulate innovation, foster industrial competitiveness, and improve the quality of life.
• A non-regulatory agency within the U.S. Department of Commerce.
• Accelerates the development and deployment of systems that are reliable, usable, interoperable, and secure; advances measurement science through innovations in mathematics, statistics, and computer science; and conducts research to develop the measurements and standards infrastructure for emerging information technologies and applications.
Role of the National Institute of Standards and Technology
Executive Order 13636—Improving Critical Infrastructure Cybersecurity •“It is the policy of the United States to enhance the security and
resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality,
privacy, and civil liberties”
• NIST is directed to work with stakeholders to develop a voluntary framework for reducing cyber risks to critical infrastructure
• This Cybersecurity Framework is being developed in an open manner with input from stakeholders in industry, academia, and government, including a public review and comment process, workshops, and other means of engagement.
The Cybersecurity Framework
•For the Cybersecurity Framework to meet the requirements of the Executive Order, it must:
• include a set of standards, methodologies, procedures, and processes that align policy, business, and technological approaches to address cyber risks.
• provide a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk.
• identify areas for improvement that should be addressed through future collaboration with particular sectors and standards-developing organizations able technical innovation and account for organizational differences include guidance for measuring the performance of an entity in implementing the Cybersecurity Framework.
Development of the Preliminary Framework Engage the Framework
Stakeholders
Collect, Categorize,
and Post RFI Responses
Analyze RFI Responses
Identify Framework Elements
Prepare and Publish
Preliminary Framework
EO 13636 Issued – February 12, 2013 NIST Issues RFI – February 26, 2013 1st Framework Workshop – April 03, 2013
Completed – April 08, 2013
Identify Common Practices/Themes – May 15, 2013 2nd Framework Workshop at CMU – May 29-31, 2013
Draft Outline of Preliminary Framework – June 2013 3rd Framework Workshop at UCSD – July 10-12, 2013
4th Framework Workshop at UT Dallas – September 11-13, 2013 Publish Preliminary Framework – October 22, 2013
Ongoing
Engagement:
Open public comment and review
encouraged and promoted throughout
the process
NIST issued a Request for Information
• The purpose of the RFI was to: • Gather relevant input from industry and other stakeholders on the many interrelated considerations
in developing the Framework
• Encourage stakeholder participation in the Cybersecurity Framework development process
• Over 240 responses received from industry, associations, academics, and individuals
• NIST presented an initial analysis to describe the methodology used to perform the analysis, and to identify and describe the Cybersecurity Framework themes that emerged as part of the initial analysis.
Collect, Categorize,
and Post RFI Responses
Draft Outline - Preliminary Framework • In June, NIST presented the following for community
feedback: • Draft outline that defines the overall Framework structure
• Executive Overview and Summary
• How to Use the Framework
• Role of Risk Management Processes
• Framework Core Elements
• A high-level view of key functions, categories, and subcategories of an organization’s approach to managing cybersecurity risk
• Framework Implementation Levels
• Compendium of Informative References
• Non-exhaustive listing of submitted informative references (e.g., standards, guidelines, and best practices) to assist with specific implementation
• Illustrative resource; not intended as an endorsement of any reference
Identify Framework Elements
Framework Core Prepare and Publish
Preliminary Framework
Risk Management and the Cybersecurity Framework
• While not a risk management process itself, the Framework enables the integration of cybersecurity risk management into the organization’s overall risk management process.
• The Framework fosters:
• Cybersecurity risk management approaches that take into account the interaction of multiple risks;
• Cybersecurity risk management approaches that address both traditional information technology and operational technology (industrial control systems);
• Cybersecurity risk management practices that encompass the entire organization, exposing dependencies that often exist within large, mature, and/or diverse entities, and with the interaction between the entities and their partners, vendors, suppliers, and others;
• Cybersecurity risk management practices that are internalized by the organization to ensure that decision making is conducted by a risk-informed process of continuous improvement; and
• Cybersecurity standards that can be used to support risk management activities
Framework Core: Functions • The five Framework Core Functions provide the highest level of structure:
• Identify – Develop the institutional understanding of which organizational systems,
assets, data, and capabilities need to be protected, determine priority in light of organizational mission, and establish processes to achieve risk management goals.
• Protect – Develop and implement the appropriate safeguards, prioritized through the organization’s risk management process, to ensure delivery of critical infrastructure services.
• Detect – Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
• Respond – Develop and implement the appropriate activities, prioritized through the organization’s risk management process (including effective planning), to take action regarding a detected cybersecurity event.
• Recover - Develop and implement the appropriate activities, prioritized through the organization’s risk management process, to restore the appropriate capabilities that were impaired through a cybersecurity event.
Framework Core: Categories • Categories are the subdivisions of a Function into groups of
cybersecurity activities, more closely tied to programmatic needs
The Framework Core
Getting from the Preliminary Framework to the Final Framework and Beyond
Framework Governance
Additional Ongoing Public
Engagement
Public Comment
Period
Final Cybersecurity Framework
Prepare and Publish
Preliminary Framework
Publish Preliminary Framework – October 22, 2013 Begin 45 day Public Comment Period
Stakeholder outreach discussion continue
Public comment period closes
Complete comment resolution and disposition Publish Final Cybersecurity Framework – February
2014
Framework maintenance and updates
Ongoing
Engagement:
Open public comment and review
encouraged and promoted throughout
the process
Q & A
•The Preliminary Cybersecurity Framework and other material is available at http://www.nist.gov/itl/cyberframework.cfm
•Please send us your observations and further suggestions at [email protected]
Advisen’s Statistical View of the Cyber Insurance Market
Jim Blinn
Executive Vice President
Advisen
@Advisen
Mark Hoffmann Insurance & Actuarial
Advisor Ernst & Young
Revenue Range ($) % Purchasing Cyber
<2.5M 3.4%
2.5M<5M 4.1%
5M<10M 5.4%
10M<25M 6.9%
25M<100M 9.0%
100M<300M 16.1%
300M<1B 19.2%
1B<5B 19.3%
5B+ 21.9%
U.S. Companies (excl. sole proprietorships)
Source: IRS
--
1,000,000
2,000,000
3,000,000
4,000,000
5,000,000
6,000,000
7,000,000
8,000,000
9,000,000
10,000,000
2005 2006 2007 2008
C-Corps
S-Corps
LLCs
Limited Partnerships
Gen Partnerships
$0
$1,000
$2,000
$3,000
$4,000
$5,000
$6,000
2011 2012 Today Potential
Potential Assumptions:
• Today’s rates
• 5% of companies under $5M revenue buy coverage
• 90% of companies over $50M revenue buy coverage
• $5 billion GWP
Market Potential ($ thousands)
Cyber Data Analytics
Data considerations
Jim Blinn, Advisen
Source of Data • Automatic Teller Machine (ATM) • CD-ROM • Cloud derived data • Desktop • Email • Hard Drive (portable) • Laptop • Point of Sale (POS) • Printed Records • Server • Social Media • Software • Tape • Thumb Drive • Website
• Type of Data Lost • Personal Financial Identity • Personal Privacy • Corporate Loss of Business Income • Corporate Loss of Digital Assets
Catherine Mulligan
Senior Vice President, Specialty E&O Underwriting Manager
Zurich
“And the survey says…” Sponsored by
@Advisen
Perceptions of risk
0
50
100
150
200
250
300
350
Board of Directors C-Suite Executives Suppliers/Customers
In your experience, are cyber risks viewed as a significant threat to your organization by:
Yes
No
Don't Know
N/A
Data Breach Response
0% 1%
34%
25%
5%
13%
11%
6%
1%
4%
In the event of a data breach, which department in your organization is PRIMARILY responsible for assuring compliance with all applicable federal, state, or local privacy laws including state breach notification laws?
Sales
Customer Service
Information Technology (IT)
General Counsel
Risk Management/Insurance
Compliance
Chief Privacy Officer
Don’t Know
Risk Management
75%
2%
2%
0% 9%
1% 6%
3% 2%
Which department is PRIMARILY responsible for spearheading the information security risk management
effort?
Information Technology (IT)
General Counsel’s Office
Treasury or CFO’s Office
Internal Audit
Risk Management/Insurance
Human Resources (HR)
Chief Privacy Officer
Don't Know
Emerging Risks
• Social media
• Mobile devices
• Cloud Computing
Insurance
2011 2012 2013
Yes 35% 44% 52%
No 60% 50% 38%
0%
10%
20%
30%
40%
50%
60%
70%
Does your organization purchase cyber liability insurance?
The Risk Manager’s Perspective
@Advisen
The Risk Manager’s Perspective
Bob Parisi
Managing Director & National Practice Leader for Technology
Network Risk & Telecommunications
Marsh
Moderator @Advisen
• Bob Parisi, Managing Director & National Technology Practice Leader, Marsh
• Emily Cummins, Director of Tax and Risk Management, NRA
• Jimmy Kirtland, VP, Corporate Risk Management, ING U.S.
• Nicholas Parillo, Vice President, Global Insurance, Royal Ahold N.V.
The Risk Manager’s Perspective
@Advisen
CYBER INSURANCE TRACK
Moderated by David Bradford, Advisen
@Advisen
Why the Board of Directors should be Concerned About
Cyber Liability Insurance
@Advisen
Why the Board of Directors should be Concerned About Cyber Liability Insurance
Ty Sagalow
President
Innovation Insurance Group
@Advisen
• Ty Sagalow, President, Innovation Insurance Group
• Ben Beeson, Partner, Head of Global Technology and Privacy Practice, Lockton
• Gerald Ferguson, Partner, BakerHostetler
• Kirstin Simonson, Second Vice President, Travelers Global Technology, Travelers
• Jody Westby, CEO, Global Cyber Risk
Why the Board of Directors should be Concerned About Cyber Liability Insurance
Cost, Capacity and Coverage: The Broker’s Perspective
@Advisen
Cost, Capacity and Coverage: The Broker’s Perspective
Jeff Cohen Executive Vice President
Advisen
@Advisen
Cost, Capacity and Coverage: The Broker’s Perspective
• Jeff Cohen, Executive Vice President, Advisen
• John Doernberg, VP, William Gallagher Associates
• Dave Perkins, Executive Vice President, U.S. Risk
• Steve Robinson, National Practice Leader, Risk Placement Services, RPS Technology & Cyber
• Peter Taffae, Managing Director, ExecutivePerils
Is cyber risk the future?
@Advisen
Beyond Data Breaches: What Coverages are Provided by
Cyber Liability Policies?
@Advisen
Beyond Data Breaches: What Coverages are Provided by
Cyber Liability Policies?
Tom Srail Senior Vice President, Cyber and E&O Team, FINEX
Willis
@Advisen
Cyber Insurance Policy “Buckets”
Privacy Expenses Privacy Liability Other Liability 1st Party
Forensics Defense Costs Network Security Data Restoration
Notice/Monitoring Regulatory Fines Media Business Interruption
Call Centers PCI Fines E&O/Professional System/Admin Failure
Crisis Expenses Extortion
Privacy Expenses Liability 1st Party
What’s in a name? Costs to notify a breached individual
Privacy Breach Response Services Data Breach Fund Expenses Tier 1 (via endorsement) Event Management Coverage Section (sublimit shared with other coverages) Breach Event Insuring Agreement Privacy Notification Expenses Notification and Credit Monitoring Expense Coverage Enterprise Security Event Crisis Management Expense Breach Costs Module Public Relations Event Expenses Crisis Management Expenses
Liability • Network Security Liability
– Hacker/Sabotage – Virus Transmission
• Media Liability – Copyright, Trademark – Libel, Slander, Defamation – Violations of Publicity
• E&O/Professional – Tech/Telecom – Media/Broadcasting – Miscellaneous
First Party Cyber Coverage • Data Restoration
– Hacker/Virus/Employee Sabotage
• Business Interruption (due to security breach)
– Lost Income – Extra Expense
• System Failure/Admin Failure – Unplanned outage of Computer System
• Cyber Extortion – Ransom Demand – Investigative Expenses
• “Your Computer System” definition is key – IT Vendor/Cloud
A Global Perspective
@Advisen
Tracie Grella
Global Head of Professional Liability, Financial Lines AIG
A Global Perspective
@Advisen
State of the International Market
State of the International Market Data and Privacy Regulation
State of the International Market Data and Privacy Regulation
Coverage Beyond Data Breach Response
State of the International Market Data and Privacy Regulation
Coverage Beyond Data Breach Response Global Service Offerings and Claims
The Cyber Claim Process: What to Expect from your Insurer
@Advisen
The Cyber Claim Process: What to Expect from your Insurer
Beth Diamond
Claims Team Leader, Technology, Media and
Business Services
Beazley
@Advisen
Every Insured Should . . . .
• Benefit from the experience, knowledge and resources the carrier can provide
• Understand how coverage will work in the circumstances presented
• Maximize coverage by complying with the relevant policy requirements
You Think You Might Be Experiencing A Breach Incident
• Report it – early and often!
• No penalty for reporting an incident that turns out not to be a legal breach, but there might be an impact to coverage if you take action before notifying your insurer
Once Your Insurer Knows . . .
• Benefit – experience – avoid being a first timer (for example, knowing which AG reads “30 days” into the statute or deciding to pre-notify a particular state regulator)
• Benefit – knowledge – even an experienced insured needs to know the latest and greatest
• Benefit – resources – only work with experts in the field and do so at market competitive prices
Once Your Insurer Knows . . .
• Ensure you understand how your coverage works in the specific situation, including sub-limits, response requirements and options
• Comply with the policy requirements, obtain the consents and establish a relationship with your breach and/or claim manager
Establish the Relationship
• A good carrier knows when to muster resources and when to get out of the way
• A good carrier will help you navigate the breach response, think ahead to understand what to expect next, and ensure a strategic and compliant response helps mitigate third-party liability
• Avoid just “showing up with the receipts” to first haggle over reimbursement
The Regulators and Plaintiff Firms Have Arrived
• Identifying and vetting defense counsel
• Learning insights as to what other similarly situated companies have done
• Keeping abreast of trends and legal developments
Understand Your Coverage • Ask for a call early on to understand how your
third-party cyber coverage works
• Identify when consent is required
• Know whether there are defense counsel guidelines
• Be transparent if/when you are considering the possibility of settlement; the earlier you start the dialogue with your carrier, the better for obtaining the authority level you are seeking
A Few Additional Thoughts
• Many cyber carriers offer education and risk management/risk mitigation tools – take advantage!
A Few Additional Thoughts
• Many cyber carriers offer crisis management coverage – if there is a legal obligation to notify, you do not
have the right to remain silent -- what you say can and will be used against you
– effective external crisis communications can help mitigate loss of good will
– conversely, failure to approach communications strategically can be damaging
A Few Additional Thoughts
• Report early and often -- make use of the expertise available at your cyber carrier.
CYBER THREAT LANDSCAPE TRACK
Moderated by Alan Brill, Kroll
@Advisen
Outspent, Outmanned and Outgunned by the Bad Guys:
Implications for U.S. Businesses
@Advisen
Alan Brill
Senior Managing Director
Kroll
Outspent, Outmanned and Outgunned by the Bad Guys: Implications for U.S. Businesses
@Advisen
Outspent, Outmanned and Outgunned by the Bad Guys: Implications for U.S. Businesses
• Alan Brill, Senior Managing Director, Kroll
• Stephen Boyer, Founder & Chief Technology Officer, Bitsight
• Michael Bruemmer, Vice President, Data Breach Resolution Group, Experian
• Carol Rizzo, Consultant, Rizzo Advisory Services
@Advisen
Scanning Behavior at the Entity Level
Spam Behavior at the Entity Level
IP Port Scanning Behavior
Spam IP Behavior
Industry Indices B
itS
igh
t R
ati
ng
BYOE (Beware of Your Own Employees): The Shifting Risk Landscape of BYOD and
Social Media
@Advisen
BYOE (Beware of Your Own Employees): The Shifting Risk Landscape of BYOD and
Social Media
Brad Gow
Vice President
Endurance Pro
@Advisen
• Brad Gow, Vice President, Endurance Pro
• John Coletti, Vice President, Underwriting Manager, XL
• Eduard Goodman, Chief Privacy Officer, IDT911
• Laurie Kamaiko, Partner, Edwards Wildman & Palmer
BYOE (Beware of Your Own Employees): The Shifting Risk Landscape of BYOD and
Social Media
The FTC’s Role in Consumer Privacy & Data Security
@Advisen
The FTC’s Role in Consumer Privacy & Data Security
Jonathan Zimmerman
Senior Attorney, Division of Privacy & Identity Protection
FTC
@Advisen
The Federal Trade Commission’s Role in Consumer Privacy & Data Security
Jonathan Zimmerman Senior Attorney
Division of Privacy & Identity Protection Federal Trade Commission
The views expressed are those of the speaker and not necessarily those of the FTC
Overview • Federal Trade Commission Background
– Section 5 of the FTC Act
– Approach to Data Security
• Enforcement
– Overview
– Recent Case Highlights
• What’s on the Horizon
FTC Background Information • FTC is an independent law enforcement agency
– Five Commissioners appointed by President and confirmed by Senate
• Consumer protection and competition mandate
• Section 5 of the FTC Act
– Broad authority to prohibit deceptive or unfair acts or practices
• Deceptive practices are representations, omissions, or practices that:
– Are likely to mislead consumers acting reasonably under the circumstances
– Representation, omission, or practice must be material
• Unfair practices are those that:
– Cause or are likely to cause substantial injury
– Are not outweighed by the benefits to consumers and/or competition, and
– Are not reasonably avoidable by the consumer
• In addition to Section 5, the FTC enforces several sector-specific privacy laws (e.g., Fair Credit Reporting Act, Children’s Online Privacy Protection Act)
FTC’s Approach to Data Security • In Data Security Cases The FTC Recognizes:
– Information security is an ongoing process
– A company’s security procedures must be reasonable and appropriate in light of the circumstances
• Did the company have effective security measures in place to protect personal information?
• If not, could the information have been protected at a reasonable cost?
• Were the security vulnerabilities at issue well-known within the information technology industry?
• Are there simple, readily-available low cost measures to protect against those vulnerabilities?
– There is no such thing as perfect security:
• A breach does not necessarily show that a company failed to have reasonable security measures
• But a company’s practices may be unreasonable and subject to FTC enforcement even without a known security breach
FTC Enforcement: Privacy and Data Security
Recent Enforcement Highlights
• HTC, America (2013)
– First software security case
– Focused on HTC’s lack of a software security program as evidenced by security flaws HTC introduced into its Android and Windows Phone and Windows Mobile devices that could have allowed malware to access sensitive device functionality and user information
– Order Provisions: HTC required to provide security patches for millions of devices, set up a software security program, and is subject to security audits for the next 20 years
Recent Enforcement Highlights
• Twitter (June 2010)
– Failure to secure administrative access
• Weak passwords permitted
• Administrative login page publicly accessible
• Account not disabled after multiple failed login attempts
– Consumers’ tweets were not private, as promised
– Order provisions: Honor the privacy choices made by consumers and establish a comprehensive information security program, with biennial independent audit
Current Litigation
• FTC v. Wyndham et al., (D.N.J.) – Complaint alleges Wyndham violated Section 5 by failing to implement
reasonable network security, which led to multiple hacking attacks in which hundreds of thousands of consumers’ payment cards were compromised
• FTC v. LabMD (Administrative Proceeding) – Complaint alleges systemic security failures including failing to detect the
installation or use of an unauthorized file sharing application on its networks
– A LabMD file with personal information about approx. 9,300 consumers including social security numbers, birth dates, and medical information, was found on a P2P file sharing network
What’s on the Horizon • More and more data:
– As companies collect more and more data on consumers their data security will have to keep pace
– We encourage companies to follow data minimization practices, to only collect what they need, and to think hard about how long they need to keep it
– And we encourage companies to be upfront and transparent with consumers concerning the uses to which they will put the information they collect
• More and more devices: – It’s not just desktops and databases anymore
– Between mobile devices and the increasing interconnectedness of everything from cars to refrigerators, companies need to think strategically about security across a broader spectrum of devices with which consumers interact
Questions?
• More information available at: www.ftc.gov
Jonathan E. Zimmerman Federal Trade Commission [email protected]
The Privacy Risks of Big Data Balancing Innovation and Risk
@Advisen
The Privacy Risks of Big Data
Paul Miskovich
Senior Vice President, Cyber/Tech Product Manager
AXIS Pro
Balancing Innovation and Risk
@Advisen
The Privacy Risks of Big Data
• Big Data
• Economic Theories
• Obscurity, Correlation and Cognitive Dissonance
• Anonymized Data
• Monetization (Gathering, Use and Control)
– Security & Privacy
– Financial Loss
National Policy
• Omnibus Crime Control and Safe Streets Act (Wiretap Statute)
• Electronic Communications Privacy Act (ECPA)
• Stored Communications Act (SCA)
• Video Privacy Protection Act (VPPA)
• Gramm Leach Bliley (GLB) Financial Services Modernization Act
• Children’s Online Protection Privacy Act (COPPA)
• Health Insurance Portability and Accountability Act (HIPAA)
• Federal Trade Commission (FTC) - Enforcement Actions
• Consumer Privacy Bill of Rights
Privacy & Security • Notification Laws
• California
– Song Beverly Credit Card Act
– Medical Privacy A.B. 211 and S.B. 541
– Shine The Light
– Browsing History
– California Online Privacy Protection Act (CalOPPA) - Do Not Track
– In re Apple Inc. – Consumer Privacy Litigation
• Michigan
– Video Rental Protection Act (VPRA)
– Consumer Protection Act (CPA)
• Massachusetts
– Tyler v. Michaels Stores - Zip codes constitute personal identifiable information
– Compliance obligation to prevent data breaches
• Common Law
– Public Disclosure of Embarrassing Private Facts (Invasion of Privacy)
– Intrusion Upon Seclusion or Solitude or into Private Affairs
The Privacy Risks of Big Data
• Evolving Insurance Products – General Liability, Media, E&O and Cyber
• Personal Injury
• Information Gathering
• Emerging Market Behavior
Operational Cyber Risk
@Advisen
Operational Cyber Risk
Lori Bailey
Global Head of Professional Liability
Zurich
@Advisen
Entities which suffered a Supply Chain Disruption in
2012
Supply Chain Disruptions that occur from IT Outages
Approximate Shareholder Impact from Supplier
Disruptions
73%
10-30%
52%
Financial Risks People Risks Market Risks
Strategic Risks Operational Risks
Risk Management
Compliance
Legal / Dispute Resolution
Contract Management
Crisis Management
Portfolio Management
Human Resources
Executive Management
General Session
Cloud Computing and the Risks of IT Outsourcing
@Advisen
Cloud Computing and the Risks of IT Outsourcing
John Mullen
Partner, Chair of Complex Liability Practice Group
Nelson Levine de Luca & Hamilton
@Advisen
• John Mullen, Partner, Chair of Complex Liability Practice Group, Nelson Levine de Luca & Hamilton
• Alan Brill, Senior Managing Director, Kroll
• Anthony Dagostino, Vice President, Professional Risk, ACE
• John Merchant, Lead Cyber Specialist, US & Canada, AIG
• Michael Palotay, Senior Vice President, Underwriting, NAS
Cloud Computing and the Risks of IT Outsourcing
@Advisen
TYPES OF CLOUD DEPLOYMENT
• PUBLIC
• HYBRID
• PRIVATE
PROBLEM AREAS
• SECURITY/PRIVACY
• BACKUP/RECOVERY
• CLOUDBURSTING
• PHYSICAL VENUES/JURISDICTION
• E-DISCOVERY ISSUES
• COMPLIANCE
The View from the Top
@Advisen
The View from the Top
Tom Ruggieri
CEO
Advisen
@Advisen
The View from the Top
• Tom Ruggieri, CEO, Advisen
• Mark Wood, Managing Director, Financial Risks Division, JLT
• Mike Smith, President, Global Financial Lines, AIG
• Mike Karmilowicz, Executive Vice President, Zurich North America
• Eric Joost, Chief Operating Officer, Willis NA
@Advisen
