Cyber Liability Insurance:

Reg Harnish, CISSP, CISM, CISA Chief Security Strategist

GreyCastle Security

Steve Lobel Vice President

Anchor Agency

October 17, 2013

1,200

Introduction

Cybercrime Today

PresenterPresentation Noteshttp://www.risksa.com/enterprise-risk-management/companies-are-complacent-about-cybercrime-%E2%80%93-report

Major Trends 1. Increasing business complexity 2. Increasing criminal motivation 3. Increasing availability of weaponized software

Whats your likelihood of compromise?

Case Studies

PresenterPresentation Noteshttp://www.courthousenews.com/2012/06/01/47017.htmhttp://poststar.com/news/local/secret-service-investigating-credit-breach-at-five-guys-restaurants/article_fdd6ef14-af5d-11e1-b21f-0019bb2963f4.htmlhttp://www.timesunion.com/business/article/Credit-breach-at-Five-Guys-hits-other-cards-3608732.phphttp://www.google.com/url?sa=i&rct=j&q=five+guys+logo&source=images&cd=&cad=rja&docid=FNi47jPuHWyDtM&tbnid=V3qv5FPaLuiErM:&ved=0CAUQjRw&url=http://www.mikesroadtrip.com/five-guys-vs-in-n-out/five-guys-logo/&ei=g7JEUY3ZMoW29QSc8IHoDw&bvm=bv.43828540,d.dmg&psig=AFQjCNGfurvjWPJ-MJUIotmfx3S-iulKyg&ust=1363543031742878

PresenterPresentation Noteshttp://www.youtube.com/watch?v=KaAyshtejmIhttp://wnyt.com/article/stories/S2581058.shtml?cat%3D300http://www.bizjournals.com/albany/news/2012/04/13/desmond-hotel-warns-guests-credit-card.htmlhttp://www.google.com/url?sa=i&rct=j&q=the+desmond+hotel+logo&source=images&cd=&cad=rja&docid=P5wJWYtfGnKm6M&tbnid=1YlIK1IFlSNbhM:&ved=0CAUQjRw&url=http://www.prweb.com/releases/2012/4/prweb9437365.htm&ei=jLNEUZqnOYjI9QTX-ID4CQ&bvm=bv.43828540,d.dmg&psig=AFQjCNGtX-NFM0w-PIG39deTjeQ0XsW-RQ&ust=1363543306554620

PresenterPresentation Noteshttp://www.bizjournals.com/albany/blog/2013/03/trial-on-tap-in-albany-phone-hacking.html?page=allhttp://www.timesunion.com/business/article/Tech-Valley-hacking-case-becomes-personal-4018019.phphttp://www.google.com/url?sa=i&rct=j&q=american+energy+care+logo&source=images&cd=&cad=rja&docid=pHiQFxuZ9Cfa0M&tbnid=SjdhC2Dk5FqugM:&ved=0CAUQjRw&url=http://www.cdbasketball.com/page/2012-playoff-scenarios-unveiled/&ei=m4mrUfnrH-jx0wG_zYH4Ag&bvm=bv.47244034,d.dmQ&psig=AFQjCNFl6J7-PTw2qwccHzLU1pj9CU07_Q&ust=1370282745108808

PresenterPresentation Noteshttp://www.timesunion.com/local/article/Lawsuit-filed-against-hospital-over-records-breach-4446259.phphttp://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=2AIj1ffoCRkEJM&tbnid=f3y3CEapIxWsyM:&ved=0CAUQjRw&url=http://creatinghealthyplaces.wordpress.com/about-the-glens-falls-hospital-program/&ei=e51VUvKlHdL_4AOvxoDIDg&bvm=bv.53760139,d.dmg&psig=AFQjCNFjutQujyxfkKRkwYbCthttzz-QrQ&ust=1381428971222071

What is Cyber Liability Insurance?

Network Security and Privacy Insurance

New Age Exposure

Presentation by RF Ougheltree & Associates, LLC

PresenterPresentation Notes

Network Security & Privacy Insurance Many forms and Labels

ClickStream Internet Liability-Hudson Convergence-Navigators TechVantage- C N A Cyber Choice -Hartford MicroTek-United States Liability NetAdvantage/CyberEdge -AIG CyberSecurity-Chubb DigitalRisk-ACE Technet-Axis AFB Media Tech-Beazley Information Security & Privacy-Beazley Technology Protection-Hiscox NetGuard-NAS- Lloyds NetProtect360-C N A

Network Security and Privacy Insurance

Product Differentiation-Scope of Coverage Cyber lite: protect employee (Identity Theft Expense) [ under $500 or undisclosed premium (throw in] protect company ( personal identity events only) [$450 to 3,500) Cyber extra: protect company (company and personal data for privacy and security perils) [$3,500-$12,000] Cyber special edition: protect company ( company and personal data for privacy and security perils) Full 1st and 3rd party coverage [$12,000 + ]

Network Security and Privacy Insurance

Product formats

Endorsements to other lines (D&O, E&O, EPL) Mono line (stand alone) [Coverage Modules] Multiple line Management Liability package (D&O +,

E&O +, EPL +)

Network Security and Privacy Insurance

Claims Handling

1. 24/7 access to a call center for claim reporting and guidance 2. An attorney contacts the insured to help with the selection of a lawyer with expertise on applicable

laws and regulations and, if needed, a forensic expert able to investigate and report on the scope of the breach. An action plan is drawn up.

3. The insured, with advice from legal counsel and continuing guidance from a breach coach decides whether and to what extent notification is required. If notification is required, a notification

service provider is chosen to mail out notifications in line with applicable regulations. 4. The insured and attorney approve notification letters for mailing and a call center service provider is selected. Q&A scripts for call center employees are prepared. 5. The notification service provider sends letters, which include an offer of either a credit monitoring or identity monitoring package to affected individuals. 6. Individuals who are potentially affected by the breach receive letters and may enroll in the monitoring

services. Credit monitoring enrollment is either online or offline through the call center. Those enrolled are also eligible for identity theft resolution or fraud support services should

they become a victim of identity theft or fraud caused by a covered breach. 7. The insured receives reports on the progress of the mailing and credit monitoring enrollment for

continuous monitoring of the event. The Breach Response Team maintains close contact with the insured and the service providers throughout the process to ensure the breach is handled as effectively as possible.

PresenterPresentation Notes

Understanding Cyber Liability Coverage

Final Thoughts 1. All businesses are vulnerable AND CAN BE

COMPROMISED 2. Cyber liability insurance is an absolute

must in todays risky environment 3. Cyber liability insurance does not replace

your cybersecurity program

Final Thoughts 4. Like cybersecurity, cyber liability insurance

requires experts that understand your business and risks

5. Crossing your fingers is not a strategy

Everybody has a plan until they get punched in the face. - Mike Tyson

GreyCastle Security (518) 274-SAFE www.greycastlesecurity.com Anchor Agency (518) 458-8908 www.anchoragency.com

Slide Number 1Slide Number 2Slide Number 3Slide Number 4Slide Number 5Slide Number 6Slide Number 7Slide Number 8Slide Number 9Slide Number 10Slide Number 11Slide Number 12Slide Number 13Slide Number 14Slide Number 15Slide Number 16Slide Number 17Slide Number 18Slide Number 19Network Security and Privacy InsuranceNetwork Security & Privacy InsuranceMany forms and LabelsNetwork Security and Privacy InsuranceNetwork Security and Privacy InsuranceNetwork Security and Privacy InsuranceSlide Number 25Slide Number 26Slide Number 27Slide Number 28Slide Number 29Slide Number 30