Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS!...
Transcript of Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS!...
![Page 1: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/1.jpg)
![Page 2: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/2.jpg)
Be trendy and get Twee-ng!
#Insurancebootcamp
![Page 3: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/3.jpg)
DIAMOND SPONSOR
![Page 4: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/4.jpg)
SILVER SPONSOR
![Page 5: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/5.jpg)
![Page 6: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/6.jpg)
Points of discussion
1. Cyber Risks – Professional Liability and Third Party Computer Crime Presented by Chris@aan Erasmus, specialist liability regional manager, Hollard Broker Markets
2. Cyber Crime – A South African perspec-ve Presented Candice Sutherland, business development consultant: corporate solu@ons, Stalker Hutchison Admiral
3. Cyber Insurance – Taking the s-ng out of an informa-on security breach Natalie van de Coolwijk, managing director, CyGeist
![Page 7: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/7.jpg)
CYBER RISKS Professional Liability and Third Party Computer Crime
Chris@aan Erasmus
Specialist liability regional manager, Hollard Broker Markets
![Page 8: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/8.jpg)
Agenda Cyber Risks – Professional Liability and Third Party Computer Crime
• Introduc@on to Digital Marke@ng & Adver@sing Agencies • Professional Liability and Digital Marke@ng • Introduc@on to Internet Service and Consul@ng Firms • Professional Liability and IT Service and Consul@ng Firms • Commercial Crime and Third Party Computer Crime
![Page 9: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/9.jpg)
Digital Marke-ng Back to Basics – How did tradi>onal Ad agencies evolve?
What is Digital Marke-ng?
• Marke@ng that makes use of electronic devices such as computers, smartphones and tablets to engage with stakeholders
• Products and services promoted through electronic devices to us (consumers) • Advantages to companies include segmenta@on (specific target markets) • Online behavioural adver@sing (web browser behaviour) • Social media marke@ng
Source: Wikipedia
![Page 10: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/10.jpg)
Digital Marke-ng Back to Basics – Pro’s and Cons
Why & Why not?
• Type of direct marke@ng, percep@on that it is personal • Mo@vate poten@al customer to ac@on (immediate results) • Wider audience and measurable • Crea@ng touch points with customers and con@nuous interac@on • Campaign can be copied • Reputa@on damage by nega@ve feedback • Not yet embraced by everyone • Drowned by too much cluTer
Source: Smart Insights (Dave Chaffey)
![Page 11: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/11.jpg)
Digital Marke-ng Agencies and Liability Back to Basics – What is Professional Liability?
Professional Liability
• Professional liability – protects organisa@ons against claims from others • Breach of Duty against an actual or alleged negligent act, error, omission or
breach of confiden-ality and defama@on • Defence costs • Damages – legally liable to pay a THIRD Party iro judgements against Insured • Extend to include infringement (unintended) • Extend to include Loss of Documents – documents include computer records • Computer records = electronically stored, digital or digi@sed informa@on or
media • Financial loss vs physical injury or damage to tangible property
![Page 12: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/12.jpg)
Digital Marke-ng Agencies and Liability Back to Basics – Professional Liability & Data Protec>on Coverage
Professional Liability – Did Insurers move with the -mes?
• Insurers adapted to clients’ changing needs (slowly as usual but we did) • We can include digital marke@ng in the scope of coverage • We can include Breach of Data Extension in the scope of coverage
![Page 13: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/13.jpg)
Digital Marke-ng Agencies and Liability Back to Basics – Professional Liability & Data Protec>on Coverage
Professional Liability – Defini-on of Digital Media
1. Web and mobile pla\orm design and development; 2. Design, development and management of social media pla\orms, and
related applica@ons 3. All online media and communica@on including ar@cles, designs, copywri@ng,
content publishing and page/community management across digital assets; 4. Digital adver@sing campaigns including Google Ad Words; 5. Database management; and 6. Development and execu@on of web and social media designed brand
compe@@ons.
![Page 14: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/14.jpg)
Digital Marke-ng and Liability Back to Basics – Professional Liability & Data Protec>on Coverage
Professional Liability – Data Protec-on
• The Insurer will pay on behalf of any Insured, who is not the actual or contribu@ng perpetrator, all damages resul@ng from any claim brought under any data protec-on legisla-on and amendments thereto.
![Page 15: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/15.jpg)
Digital Marke-ng and Liability Back to Basics – Professional Liability & Data Protec>on Coverage
Professional Liability – Some concerns
• Signing off on prin@ng and printers prin@ng incorrect material • Poten@al libel/slander/defama@on • Strategic planning, sedng of budgets, providing general marke@ng advice and
incorrect bookings • Copyright infringements (print media and digital media) • Intellectual property – the use of another person’s ideas or work without
permission including plagiarism, copyright infringement, misappropria@on.
![Page 16: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/16.jpg)
Digital Marke-ng Agencies and Liability Back to Basics – Professional Liability & Data Protec>on Coverage
Professional Liability – The Exclusions
• Misdeeds and inten@onal acts • An@ compe@@ve • Contractual disputes • Fines and penal@es (Cyber Liabs) • Loss of profits/fees (Cyber Liabs) • Trade secrets • Data security breach (Cyber Liabs) • Insured vs Insured • Trade debts • Investment performance
![Page 17: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/17.jpg)
IT Service and Consul-ng Firms Back to Basics – Macro Environment
Overview
• South Africa boasts the largest Internet economy in Africa • Internet Economy to contribute 2.6% to GDP in 2016 (that’s ± USD9.1Billion) • Government spend on IT infrastructure at R59billion • 2009 B2B E-‐commerce was at R9billion • Biggest share – airlines • E-‐commerce growing at 30% year on year • 410 000 SME’s have a website • Opportunity for IT Service and Consul-ng Firms
Source: WorldwideWorx 2012
![Page 18: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/18.jpg)
IT Service and Consul-ng Firms Back to Basics – Computer SoJware Firms & Professional Liability
Professional Liability (recap) • Professional liability – protects organisa@ons against claims from others • Breach of duty against an actual or alleged negligent act, error, omission or
breach of confiden-ality and defama@on • Defence costs • Damages – legally liable to pay a THIRD Party iro judgements against Insured • Extend to include infringement (unintended) • Extend to include Loss of Documents – documents include computer records • Computer records = electronically stored, digital or digi@sed informa@on or
media • Financial loss vs physical injury or damage to tangible property
![Page 19: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/19.jpg)
IT Service and Consul-ng Firms Back to Basics – Computer SoJware Firms & Professional Liability
Professional Liability – Did Insurers move with the -mes?
• Insurers adapted to clients’ changing needs (slowly as usual but we did) • We included technology products in the scope of coverage (hardware and
firmware) • We included computer records in the scope of coverage • We included breach of data extension in the scope of coverage
![Page 20: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/20.jpg)
IT Service and Consul-ng Firms Back to Basics – Computer SoJware Firms & Professional Liability
Professional Liability – Coverage for Technology Products & Failure
• The Insurer will pay on behalf of any Insured all damages resul@ng from any claim for any Technology Product Failure.
• Any computer hardware or firmware: sold, leased or otherwise supplied; licensed; or installed, modified or serviced.
• Technology Product Failure = any actual or alleged negligent breach of duty, act, error, misstatements, misleading statements or omission in connec@on with any Technology Product
• NB – Damages extended to include costs of replacing computer records
![Page 21: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/21.jpg)
IT Service and Consul-ng Firms Back to Basics – Computer SoJware Firms & Professional Liability
Professional Liability – What is Computer Records & Data
• Computer records = any data stored within any: computer, data processing equipment, or any of their respec@ve components; or computer solware but does not include any currency, nego-able instruments or records thereof.
• Data = electronically stored, digital or digi@sed informa@on or media. • Wrongful act = Breach of duty, infringement, libel, slander, technology product
failure or fraud/dishonesty.
Data Protec-on Endorsement – ask for it!
![Page 22: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/22.jpg)
IT Service and Consul-ng Firms Back to Basics – Computer SoJware Firms & Professional Liability
Professional Liability – Some concerns
• Professional Liability exposure is substan@al • Do NOT confuse Professional Liability with Gratuitous Negligent Advice • Breach of confiden@ality • Faulty design that require complete or par@al re installa@on • Proper tes@ng and sign off from clients • Systemic risks especially financial ins@tu@ons/pension funds • High risk industries = military, finance houses, architectural, engineering,
construc@on, aerospace and medical where the solware involved controls produc@on, real @me accoun@ng func@ons, design or guidance systems.
![Page 23: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/23.jpg)
IT Service and Consul-ng Firms Back to Basics – Computer SoJware Firms & Professional Liability
Professional Liability – The Exclusions
• Misdeeds, inten@onal acts & trade secrets • An@ compe@@ve • Contractual disputes • Fines and penal@es (Cyber Liabs) • Loss of profits/fees (Cyber Liabs) • Data security breach (Cyber Liabs) • Insured vs Insured • Trade debts • Investment performance • Internet material, public key infrastructure & cer@fica@on
![Page 24: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/24.jpg)
Third Party Computer Crime & Commercial Crime
Back to Basics – what is Computer Crime
TP Computer Crime – Phishing and Claims
• Confusion amongst risk professionals and clients • Phishing Scams – aTempt to acquire info by masquerading as a trustworthy site • Loss sustained by the Insured, arising directly from computer fraud commiTed
by a Third Party, with the intent to cause the Insured a Loss. • Loss means actual and direct financial loss of money… • Loss is NOT a breach, cancella@on or other termina@on of a contract, the non-‐
payment or other non-‐performance by a debtor
![Page 25: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/25.jpg)
Third Party Computer Crime & Commercial Crime
Back to Basics – what is Computer Crime Third Party Computer Crime
• Computer fraud means the fraudulent access to, or the use of, or the disclosure, processing, dele@on, inser@on, amendment, intercep@on or manipula@on of, informa@on data or solware or systems of the Insured, or of any banking ins@tu@on holding or controlling or otherwise dealing with money or property of the Insured, or for which the Insured is responsible, which is ini@ated or implemented or completed electronically by the use of a computer.
![Page 26: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/26.jpg)
Third Party Computer Crime & Commercial Crime
Back to Basics – what is Computer Crime Third Party Computer Crime – Some concerns
• Difficult claims, heavy burden of proof on the Insured, costly iro Auditors • Sta@onery Fraud – realis@c and convincing leTers, faxes or e-‐mails are received,
purportedly from legi@mate creditors, reques@ng that the details of their bank accounts be changed for all future payments
• TP send fraudulent instruc@ons to bank, purpor@ng to be the Insured, reques@ng payment to X and Y (obviously crooks) Loss R600k
• Realis@c and convincing orders are received, purportedly from regular customers, reques@ng delivery of goods
![Page 27: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/27.jpg)
Third Party Computer Crime & Commercial Crime
Back to Basics – what is Computer Crime Third Party Computer Crime – Basic Risk Management
• EFT payment procedures need to be reviewed to ensure that they are as secure • Staff who are authorised to load and/or release transac@ons -‐ Staff training • Banking details of payees need to be pre-‐approved and carefully checked • Solware updates, an@ virus updates, review of IT system, stress tes@ng • Changes to banking details should be verified with the customer • Staff -‐ check criminal records, credit history and previous employer references
![Page 29: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/29.jpg)
QUESTIONS?
![Page 30: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/30.jpg)
THANK YOU
![Page 31: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/31.jpg)
Be trendy and get Twee-ng!
#Insurancebootcamp
![Page 32: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/32.jpg)
DIAMOND SPONSOR
![Page 33: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/33.jpg)
SILVER SPONSOR
![Page 34: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/34.jpg)
CYBER CRIME: A South African perspec-ve
Candice Sutherland
Business development consultant: corporate solu@ons, Stalker Hutchison Admiral
![Page 35: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/35.jpg)
• black market in marijuana, cocaine and heroin COMBINED ($288bn) and fast approaching the value of global drug trafficking market ($411bn)
• …the price tag Americans spend annually on fast food ($110bn)
• At $388bn, cyber crime is more than 100 -mes the annual expenditure of UNICEF ($3.65bn)
• If cyber crime were a na@on, it would be the 27th biggest in terms of GDP
• South African loss figures es@mated at R5.8bn
CYBER CRIME IS BIGGER THAN …
![Page 36: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/36.jpg)
Cyber crime is any criminal ac>vity involving computers and networks
It is the unauthorised access to, interference with, fraud and forgery of data
BUT WHAT IS CYBER CRIME?
![Page 37: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/37.jpg)
RECENT UNINSURED INCIDENTS
![Page 38: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/38.jpg)
STATS
![Page 39: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/39.jpg)
![Page 40: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/40.jpg)
![Page 41: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/41.jpg)
7000 users leg devices at airports over 12
months
37% of users don’t ac-vate their
auto-‐lock feature
48% have logged onto an unsecured
network
60% of users who find a random USB s-ck will plug it
into their computers
90% is the number that increases to if you add a company
logo
USER ERROR: HIGH
![Page 42: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/42.jpg)
DDoS as a service: Commonly offered in the gaming community to temporarily freeze compe@ng players during cri@cal gaming sessions. Can be purchased ($5 to $1 000) depending on the length and magnitude of the aTack 4 most common causes of breaches: • Disgruntled employees • Negligence • Compe@tors • Hackers
How many records do YOU store? # of records x R200
10 000 x R200 = R2 000 000
This does NOT include: regulatory fines/penal@es, lost revenue, reputa@onal damage, legal fees, forensic auditors, loss adjusters and public rela@ons consultants (between R1 000 and R6 000 per hour PER provider).
IT IS MORE LUCRATIVE TO STEAL ONLINE THAN ON THE STREET
![Page 43: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/43.jpg)
![Page 44: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/44.jpg)
• Ensure all devices on company networks have adequate security protec@on • Be aggressive in upda@ng and patching • Enforce an effec@ve password policy (8-‐10 characters)
• Ensure regular backups • Restrict e-‐mail aTachments • Update An@virus regularly • Think before you click • Guard your personal data • Wi-‐Fi hotspots • Safeguard yourself with a Cyber Insurance policy
BEST PRACTICE
![Page 45: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/45.jpg)
Gives effect to a cons@tu@onal right to privacy
• Informa@on rela@ng to the race, gender, sex, pregnancy, marital status, na@onal, ethnic or social origin, colour, sexual orienta@on, age, physical or mental health, well-‐being, disability, religion, conscience, belief, culture, language and birth of the person.
• Educa@on, medical, financial, criminal or employment history
• ID number, physical address, telephone number
• Personal views, opinions and preferences, and private or confiden@al correspondence
Fine: R10 million or 10 years in prison
PoPI – WHAT IS INFORMATION
![Page 46: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/46.jpg)
Subject to the Intercep@on and Monitoring Prohibi@on Act, 1992 (Act No. 127 of 1992), a person who inten-onally and without authority or permission to do so: 1. accesses or intercepts any data 2. interferes with data in a way which causes such data to be modified, destroyed or otherwise rendered ineffec@ve 3. produces, sells, offers to sell, procures for use, designs, adapts for use, distributes or possesses any device, including
a computer program or a component, which is designed primarily to overcome security measures for the protec@on of data, or performs any of those acts with regard to a password, access code or any other similar kind of data with the intent to unlawfully u@lise such item
4. u@lises any device or computer program in order to unlawfully overcome security measures designed to protect such data or access thereto
5. commits any act described in this sec@on with the intent to interfere with access to an informa@on system so as to cons@tute a denial, including a par@al denial, of service to legi@mate users is guilty of an offence.
A person convicted of an offence is liable to a fine or imprisonment for a
period not exceeding five years
ELECTRONIC COMMUNICATIONS AND TRANSACTIONS ACT
![Page 47: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/47.jpg)
• First Party Expenses (actual costs to restore, re-‐collect or replace data, costs and expenses of specialists, inves@gators, forensic auditors or loss adjusters, costs and expenses for the use of rented, leased or hired external equipment, services, labour, premises or addi@onal opera@ng costs including staff over@me) • Loss of Business Income (net income which would have been earned had the breach not occurred) • No-fica-on Expenses (expenses incurred to comply with privacy legisla@on such as legal expenses and communica@on expenses through mail, call centres, website and customer support expenses) • Crisis Management Expenses (services of a public rela@ons consultant, related adver@sing or communica@on expenses) • Associated regulatory fines and penal-es to the extent insurable by law
WHAT DOES COVER ENTAIL?
![Page 48: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/48.jpg)
• PI policy: limited cover for loss of third party data, but only if it relates to provision of professional
services
• PI Tech policy: covers third party loss only
• GL policy: data is deemed to be an intangible form of property so no cover would be provided
• BI policy: material damage only and this would be considered non-‐material damage
• Computer All Risks: costs for repairing damaged hardware (tangible property) and would not
respond to claims for lost data (only as a result of physical damage) • FG: covers financial loss commiTed through dishonest or fraudulent acts by any employee
TRADITIONAL INSURANCE IS INADEQUATE, DUE TO THE INTANGIBLE NATURE OF DATA ASSETS
CYBER STANDALONE vs. OTHER POLICIES
![Page 49: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/49.jpg)
QUESTIONS?
![Page 50: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/50.jpg)
THANK YOU
![Page 51: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/51.jpg)
Be trendy and get Twee-ng!
#Insurancebootcamp
![Page 52: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/52.jpg)
DIAMOND SPONSOR
![Page 53: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/53.jpg)
SILVER SPONSOR
![Page 54: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/54.jpg)
CYBER INSURANCE Taking the s-ng out of an informa-on security breach
Natalie van de Coolwijk
CyGeist
![Page 55: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/55.jpg)
Not so long ago in a land not so far away…
(Please note all characters are purely fic-onal)
![Page 56: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/56.jpg)
Friday, 16h30 – MD’s office, NBD Retailers
Customer no-fies MD of poten-al privacy breach.
![Page 57: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/57.jpg)
Friday, 16h45 – MD’s office, NBD Retailers
MD receives another very important phone call…
![Page 58: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/58.jpg)
Monday, 9h00 – customer’s office
Customer contacts MD again to tell him there are fraudulent transac-ons on her account and to demand feedback.
![Page 59: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/59.jpg)
Monday, 9h15 – MD’s office, NBD Retailers
MD contacts the IT department and asks them to inves-gate the allega-ons.
![Page 60: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/60.jpg)
Monday, 16h30 – IT Dept, NBD Retailers
Privacy breach involving 100 000 customer records is confirmed…
![Page 61: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/61.jpg)
Tuesday, 9h45 – MD’s office, NBD Retailers
The MD contacts the customer in an a[empt to smooth things over.
![Page 62: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/62.jpg)
The agermath…
NBD Retailers makes front page news, and not for good reasons…
![Page 63: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/63.jpg)
The agermath…
Meanwhile the call centre at NBD Retailers is dealing with excep-onally high call volumes…
![Page 64: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/64.jpg)
The agermath…
An a[orney sees the ar-cle in the newspaper and decides to ini-ate a class ac-on suit against NBD Retailers.
![Page 65: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/65.jpg)
The agermath…
Further consequences of the breach include shortcomings of the original breach inves-ga-on, escala-ng legal bills and loss of market share.
![Page 66: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/66.jpg)
The agermath…
Some customers are more crea-ve than others…
![Page 67: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/67.jpg)
Luckily…
The informa-on regulator has not been established yet, otherwise the company could also have been forced to pay fines and penal-es…
![Page 68: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/68.jpg)
Recap: Risks posed by an informa-on security breach
• Reputa@onal damage, loss of compe@@ve advantage, lost revenue
• Costs incurred to reduce the impact of a breach
• Li@ga@on arising from compromised data
• Industry / regulatory fines and penal@es
• Systems unavailability and loss of data
![Page 69: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/69.jpg)
How the situa-on would have unfolded, if NBD Retailers had a cyber insurance
policy…
![Page 70: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/70.jpg)
Breach response with cyber insurance
BREACH OCCURS
1. No-fica-on to Insurer.
2. Service providers no-fied/deployed, e.g.: Technology/forensic specialists – contain the incident and restore services. Legal specialists -‐ guide and assist with legal and regulatory ac-ons to be taken. PR specialists -‐ assist with developing and implemen-ng a PR strategy.
3. Legal specialists – assist in making decision regarding no-fica-on of
par-es affected by a breach. Guidance will be given to ensure that all
methods of no-fica-ons and communica-on comply with regulatory
requirements and PR strategy.
4. No-fica-ons distributed to affected individuals, may include an offer to register for credit monitoring services. If required, call centre and dark website will be provided.
5. Affected individuals who elect to take up credit monitoring services are registered with the relevant service provider, provided with regular reports and alerts should there be any ac-vity on their credit record.
6. Legal specialists -‐ provide assistance in dealing with regulatory bodies and third party liability claims.
7. Throughout the claims process policyholder will be kept informed, insurer and best of breed service providers will remain in close contact to ensure that the breach response is managed as effec-vely and painlessly as possible.
![Page 71: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/71.jpg)
So what is cyber insurance?
![Page 72: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/72.jpg)
What is cyber insurance?
• Provides cover for informa@on and network security breaches
• Effec@vely transfers breach response func@on to insurer
• Specifically tailored to address intangible property and non-‐physical perils
• First party and third party cover
![Page 73: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/73.jpg)
What does it cover?
Coverage is provided for the poten@al costs rela@ng to breach response, including:
• Crisis management, no@fica@ons and public rela@ons
• Forensic inves@ga@ons
• Ensuing li@ga@on
• Data and services recovery
• Poten@al fines and penal@es
![Page 74: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/74.jpg)
Benefits of a cyber insurance policy
• Ini@al underwri@ng and risk assessment
• Ongoing training, awareness and assessment tools
• Breach response planning
• Access to highly skilled service providers
• Incident management and response
![Page 75: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/75.jpg)
What to consider when buying a policy
• Gaps in exis@ng insurance cover
• Involve all relevant stakeholders
• Involve a knowledgeable broker
• Ask insurer about value-‐added services
• Integrate claims process with internal breach response
![Page 76: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/76.jpg)
Overview of the US cyber insurance market
![Page 77: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/77.jpg)
US cyber insurance market
• One of the fastest growing lines of insurance
• 20% of US businesses buy coverage
• Number of companies buying cover increased by 33% in 2012
• Services industry – 76% increase in number of policyholders
• Educa@on sector – 72% increase in number of policyholders
![Page 78: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/78.jpg)
80 120 175
250 300 400
475 600
800 900
1 000
1 250
-‐
350
700
1 050
1 400
2002 2004 2006 2008 2010 2012
Prem
iums $
'm
US Market Growth
Cyber Premium US ($'m)
US cyber insurance premiums
![Page 79: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/79.jpg)
Claims
![Page 80: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/80.jpg)
Examples of claims
• Insurance consultancy -‐ breach of primarily unencrypted data
• Forensic analysis to determine the extent of the breach and type of informa@on
compromised
• Legal counsel and IT security experts determined that no@fica@on was required
• Call centre for escalated inquiries, credit monitoring offered to poten@ally
affected par@es
• Total breach response costs (6000 records): $250,000
![Page 81: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/81.jpg)
Examples of claims
• Physician’s work laptop stolen, 37 000 records compromised
• Legal counsel – no@fica@on requirements, the response process
• Department of Health and Human Services inves@ga@on
• Counsel – provide proof of strong privacy controls and training procedures
• Es@mated cost to respond to the breach (at $10 per record): $370,000
![Page 82: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/82.jpg)
Examples of claims
• Plas@c surgeon posted unauthorised ‘before and aler’ photos of several
pa@ents on her website
• Issue was discovered when a pa@ent performed a Google search on herself, and
the explicit pictures showed up in the search
• 15 invasion of privacy ac@ons against the plas@c surgeon to date, with several
seTling in the range of $150 000 per plain@ff
• Addi@onal legal expenses incurred: $50 000
![Page 83: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/83.jpg)
NetDiligence® 2014 claims study – key findings
• Claims submiTed for the study ranged from $1 000 to $13.7 million
• Hackers most frequent cause of loss, followed by staff mistakes
• Healthcare and financial services most frequently breached sectors
• Smaller companies experienced the most incidents
• Third par@es accounted for 20% of claims submiTed
• Insider involvement in 32% of claims submiTed
![Page 84: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/84.jpg)
NetDiligence® 2014 claims study – graphs
![Page 85: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/85.jpg)
NetDiligence® 2014 claims study – graphs
![Page 86: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/86.jpg)
NetDiligence® 2014 claims study – graphs
![Page 87: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/87.jpg)
NetDiligence® 2014 claims study – graphs
![Page 88: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/88.jpg)
NetDiligence® 2014 claims study – graphs
![Page 89: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/89.jpg)
Who are we?
CyGeist
• 1st South African UMA specialising solely in cyber insurance
• In-‐depth knowledge of insurance, underwri@ng and IT
• Holis@c risk management package encompassing an informa@on centre, IT
security risk assessments, incident response coaching and planning
Partners
• Natsure (recognised specialist UMA business)
• Guardrisk (AA+ rated insurance paper)
![Page 90: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/90.jpg)
QUESTIONS?
![Page 91: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/91.jpg)
THANK YOU
![Page 92: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/92.jpg)
DIAMOND SPONSOR
![Page 93: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/93.jpg)
SILVER SPONSOR
![Page 94: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/94.jpg)
Be trendy and get Twee-ng!
#Insurancebootcamp
![Page 95: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/95.jpg)
POPI and actual case studies
Tim Timmerman Group training officer, Garrun Group
![Page 96: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/96.jpg)
SUMMARY • In RSA each company must have an Informa@on Officer. • The IO must be registered with the Informa@on Regulator.
![Page 97: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/97.jpg)
Implementa-on • Looks good on paper • In line with EU
But
• How well will the regulator be equipped to deal with complaints?
• Will his office be adequately staffed?
![Page 98: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/98.jpg)
• City of Johannesburg (pre POPI) – Security flaw: customers could read customer billing informa@on including: Name, Account Number, Contact details.
• Zurich Insurance (RSA): – Lost an unencrypted back up disc. – The fine: £2 300 000
Case Studies
![Page 99: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/99.jpg)
Let’s look at actual case studies to see the impact of this legisla@on overseas. Consider: • Cases that we can relate to • Rulings • Fines or penal@es
![Page 100: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/100.jpg)
Consumer rights in EU protected by the Data Protec@on Act of 1988. The Data Protec@on Amendment Act, 2003, updated the legisla@on, implemen@ng the provisions of EU Direc@ve 95/46. The Acts set out the general principle that individuals should be in a posi@on to control how data rela@ng to them is used. This lead to the forma@on of the Data Protec-on Commissioner.
![Page 101: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/101.jpg)
• The Data Protec@on Commissioner is responsible for upholding the rights of individuals as set out in the Acts, and enforcing the obliga@ons upon data controllers.
• The Commissioner is appointed by Government and is independent in the exercise of his or her func@ons.
• Individuals who feel their rights are being infringed can complain to the Commissioner, who will inves@gate the maTer, and take whatever steps may be necessary to resolve it.
![Page 102: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/102.jpg)
Case Studies
![Page 103: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/103.jpg)
Case Study 8: Excessive data sought by Direct Insurers: • Quinn Insurance in comple@ng proposal telephonically-‐sought informa@on da@ng back 5 years – driving demerit points.
• Road Traffic Act s@pulates records only kept for 3 years. • Policy wording required 5 years. • Reported to ICO • Insurers revised their wording. • ICO comments:
– Data controllers should exercise restraint when seeking personal data and they should ensure that only the minimal amount of personal data necessary is processed.
![Page 104: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/104.jpg)
Case Study 17: Files / documents sent to incorrect e-‐mail address: • GP sent pa@ent details to incorrect e-‐mail address • No@ced only when the intended recipient did not receive e-‐mail and called. • Fortunately only recipients with specific solware could open the file. • Because the informa@on was protected it was recorded as non-‐breach but the data controller wanted the poten@al disaster noted in public forum.
• Comment from ICO: – This issue highlights the necessity for sending sensi@ve data via secure means. It shows how easy it is for e-‐mails to be issued to an incorrect recipient and without some means of securing the data contained in the e-‐mail.
![Page 105: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/105.jpg)
Case Study 15: Client list taken by ex-‐employee to new employer • Person lel one company with client list and joined a new similar company. • New company began wri@ng to the clients. • Complaint by a person who was aggrieved because her details were in the hands of a company of which she had no knowledge.
• Act requires personal data to be fairly obtained and not be further processed without prior knowledge of the individual.
• Reported to the ICO who contacted the new company and the maTer was resolved. • Later it transpired the ex-‐employee con@nued sending leTers and they were subsequently subjected to an audit during which the new MD cooperated fully.
![Page 106: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/106.jpg)
Case Study 13 of 2012: Phone companies prosecuted for loss of personal data • Eircom and Meteor appeared in the Dublin District Court in September 2012 to face charges rela@ng to the loss of customer personal data which was stored on two unencrypted laptops, which had been stolen several months prior
• Data breach only reported 2 February 2012 whilst date of loss was between 28/12 and 02/01/12
• Approximately 7 000 clients’ personal data breached • Clients only no@fied of breach in late February and March • Regula@ons put the onus of protec@on on the company • Further audit showed about 160 more computers that were not protected
![Page 107: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/107.jpg)
Case Study 13 of 2012: Phone companies prosecuted for loss of personal data…(con-nued)
• “….data breaches of this nature should normally be reported to us within two working days of the data controller becoming aware of the incident,”
• No@fica@on of a data breach to affected individuals quickly is also cri@cal and essen@al as it allows them to take remedial ac@on to protect themselves and their iden@@es – par@cularly in cases where financial and iden@fica@on documenta@on is stolen.
• In the ruling the two defendants were ordered to make a charitable dona@on of €15 000 to chari@es nominated by the Court.
![Page 108: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/108.jpg)
What can I do in the interim? • Familiarise yourself with the Act. • Ensure that laptops / smartphones are secured by passwords to prevent unauthorised access.
• Try to implement systems that lost laptops / smartphones can be remotely ‘wiped clean’. Eg. Samsung Remote
• Limit access to informa@on to a ‘need to know’ basis. • Check physical security at premises where informa@on is stored. Eg. Alarm, security gates etc.
![Page 109: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/109.jpg)
QUESTIONS?
![Page 110: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/110.jpg)
THANK YOU
![Page 111: Be#trendyandgetTwee-ng! - Insurance Bootcamp · CYBERRISKS! ProfessionalLiabilityandThirdPartyComputerCrime! Chris@aan!Erasmus! Specialistliability!regional!manager,!Hollard!Broker!Markets!](https://reader034.fdocuments.us/reader034/viewer/2022042212/5eb4cf27756358293a62e270/html5/thumbnails/111.jpg)
DIAMOND SPONSOR
SILVER SPONSOR