Cyber coverage and the impact on your organization...• A Cyber attacker will spend an enormous...
Transcript of Cyber coverage and the impact on your organization...• A Cyber attacker will spend an enormous...
© 2017 HUB International Limited.1 © 2017 HUB International Limited.1
Dorothea P. Westin, RPLU, CRM, CIC, CPIW
CSRisks of Specialty Program Group and
With Bernard Thibeaux, Jr of HUB International
Cyber coverage and the impact on your organization
© 2017 HUB International Limited.2
Dorothea P. Westin, RPLU, CIC, CRM, CPIW
President, CSRisks a division of Specialty Program Group
Education/SkillsApproved Insurance Continuing Education Instructor in 12 states
Insurance Experience
President of CSRisks a Division of Specialty Program Groups, LLC - 10/2017
to Present• Responsible for production of $33 million in premium volume
• Lead Underwriter for an in-house MGA Lloyds Program
• Management of 15 person Insurance Brokerage/Underwriting office
• Certified Insurance Counselor authorized to provide Policy Analysis and Review
• Client Meetings and Underwriting Liaison
• Professional and Management Liability Product Development
• Panel Expert for HUB International Cannabis, Cyber, Hospitality and Financial
Institution Specialties
President of Capitol Special Risks, Inc. - 10/1992 to 10/2017• Overseeing accounting, legal and personnel (development of personnel manual)
• Producer of specialty coverages (handling Directors and Officers Liability, Employment
Practices Liability, Professional Liability, Products Liability, Fidelity and Surety Bonds)
National Speaker • Speaker for Podcast and Webinar National Creditors Bar Association 2019
• Podcast Panelist and Presenter for IoT in 2018 for Cyber Changes and Growth
• Speaker for the National CIO Association in North Carolina, Pennsylvania, & Georgia 2015-
2017
• Speaker at the National Collections Association on Cyber and Directors & Officers
Coverage 2012-2019
Most Recent Industry Recognition: 2018 Hot 100 in Insurance for Business
Insurance America
© 2017 HUB International Limited.3 © 2017 HUB International Limited.3
Agenda
What is Cyber Coverage?
How does a Cyber Attack impact my organization
What happens when there is a Cyber Claim
Cyber Risk Management
Questions & Answers
1
2
3
4
5
© 2017 HUB International Limited.4 © 2017 HUB International Limited.4
Cyber Coverage, What
is it?
How can it protect our organization?
1
© 2017 HUB International Limited.5 © 2017 HUB International Limited.5
A Modern World Problem, how to secure data?
Points at risk: • The Building & Physical Servers
• USB Drives
• Laptops
• Mobile Devices
• Hard Copy files
• Employees • Phishing Scams
• Accidental Downloads
• Rogue Employees
© 2017 HUB International Limited.6
Potential Parts of a Cyber Policy Form
PS
BR
T
M
PCIC
AP
R
BI
PCI
Coverage
Cyber Crime Regulatory
Coverage
Media
Coverage
Business
Interruption
Network or
Asset Protection
Breach
Response
Technology
Errors &
Omissions
Third Party E&OFirst Party Coverages
Privacy & Security Liability
© 2017 HUB International Limited.7
First Party Exposures
• Breach Response
• Computer Forensics
• Notification
• Credit Monitoring
• Potential Regulatory Issues
• Public Relations
• Cyber Crime
• Extortion
• Telephone Fraud / Hacking
• Fraudulent Instruction / email or postal
• Business Interruption
• Dependent Interruptions
• System Failures
• Network or Asset Protection
• Bricking
© 2017 HUB International Limited.8
Stolen, Misused or Lost Data Triggering Breach Response
HIPAA Records are kept by
Employers for Employee
Benefit Placements – they
can be at risk by your
company and by the people
your company entrusts to
handle Employee Benefits
Customers’ personal information is compromised, companies are often required to offer their customers the option to monitor their own credit for free for a certain period of time. Customers can then know if their information is about to be compromised.
The average cost of credit monitoring is $10 per affected customer. Since the average number of records compromised in a data breach is over 24,000, credit monitoring can be a significant expense.
Personal Identifiable
Information for Customers,
Employees and even vendors
© 2017 HUB International Limited.9
Recordless Event Costs are more expensive
NetDiligence 2018 Report
Ransomware
© 2017 HUB International Limited.10
The Trends Alarming Statistics:
• 77% of the Spear Phishing attacks are laser-focused –targeting only 10 e-mail inboxes, and only 33% of them focused upon just one e-mail inbox.
• At least 30% of the Spear Phishing campaigns are deemed to be successful.
• Compared to a general Phishing campaign, Spear Phishing campaigns cost 20x per victim, and the return is 40x greater.
• Another tactic that the Cyber attacker uses is what is known as the “Drip Campaign.” For example, 35% of the Spear Phishing attacks lasted at least 12 months or even longer. Meaning they were caught with no signs of an issue until everything went south or they lost their data or worse, bank account.
• A Cyber attacker will spend an enormous amount of time also trying to find a hidden “crack” or “hole” in the organization as a stepping stone to collect the relevant information/data on their victim.
Claims Examples: Cyber Crime - Phishing
© 2017 HUB International Limited.11
Cyber Crime
Telephone Hacking
Using a trusted system to
deceive a sender of funds
Social Engineering or
(Spear) Phishing
The art of targeting the right
people at the right time
Invoice Manipulation
A Hackers fast money
© 2017 HUB International Limited.12
Claims Examples: Cyber Crime
Telephone Hacking & Fraud
In November of 2016, an insurance agent in New Jersey came in to his office to find the FBI waiting for him. While he had clients large and small across the country he had no idea why the FBI would want to see him much less detain/arrest him.
It turns out for the past two months his phone system was being used to call Afghanistan and Pakistan, specifically to known terrorist locations. The calls were made between midnight and 2 am. The agent had to convince the FBI that he and his staff did not make the calls. The truth was their phone system had been hacked and terrorists were using it to communicate without cost to themselves. Not only did he have to deal with the FBI but he also had to handle the phone company who wanted payment for the calls. The cost of the calls was over $200,000. The time and energy to work with the FBI was considerable. At the time the agent had no coverage in place. He was a 4 person insurance agency and it almost put him and his company out of business.
Additionally, the agent ended up on the no fly list for one year..
© 2017 HUB International Limited.13
Cyber Crime Social Engineering
Bad Actor
Actual Relationship
with transaction Emails
The Bad Actor
pretending to be the
customer sends
instructions to redirect
funds to their bank.
Original Bank Redirected Bank
$ $
Gets
fundsSeller of
Building’s Bank
Bad Actor’s
Bank
Suffers
the Loss
© 2017 HUB International Limited.14
Cyber Crime Telephone Fraud
Bad Actor
Actual Relationship
with transaction Emails
The Bad Actor
pretending to be the
customer sends
instructions to redirect
funds to their bank.
Original Bank Redirected Bank
$ $
Gets
fundsSeller of
Building’s Bank
Bad Actor’s
Bank
© 2017 HUB International Limited.15
Cyber Crime Invoice Manipulation
Bad Actor
The Bad Actor is
actually in the
Manufacturer’s
system via a hack
or a phishing scam
Original Bank Redirected Bank
$ $
Gets
fundsManufacture’s
Bank
Bad Actor’s
Bank
An email coming from the
Manufacturer’s server
giving new payment change
Illusion of a
Vendor Standing order and
payment schedule
Suffers the Loss
© 2017 HUB International Limited.16
Network or Asset Protection Claims
Bricking
A DDoS Attack present a significant risk to organizations that
depend on their networks and websites as an integral part of
their business..
DDoS attack uses a dynamic combination of multiple vector
attack vectors consisting of:
1. Volumetric Large bandwidth consuming attacks
2. TCP State-Exhaustion Attacks
3. Application-Layer Low and slow application layer
attacks
According to NETSCOUT® Arbor 13th Annual Worldwide
Infrastructure Security Report, 59% of respondents have
experienced a multi-vector DDoS attack.
means a device has turned into a brick. ...
“Bricking” generally means that a device isn't
recoverable through normal means and can't be
fixed, but some people may say a device is
“bricked” even when it's recoverable.
Devices that get Bricked• Firewalls (servers for any business)
• POS Software Programs and the servers they run on
• Cell Phones
• Construction Equipment
• Medical Equipment
© 2017 HUB International Limited.17
First Party Full Claim Scenario
Network Asset Protection/Cyber Extortion
In Late July 2016, employees of a hospital discovered that their email accounts were not accessible. The hospital’s IT department investigated and discovered that a ransomware attack infected 70 servers and 600 workstations. The hospital had to close operations for 2 business days and suffered various losses in relation to the event.
Cyber Insurance covered:
• IT Forensic Consultants – Consultants were retained to immediately address the ransomware attack, secure data, investigate if any patient health information was compromised, and rebuild the hospital’s network.
• Business Interruption and Income Loss – Several surgeries had to be cancelled resulting in loss of income.
• Data Recovery – Several employees had to work overtime to recreate lost data from back-ups.
• Ransom Amount – The Hospital paid the ransom demand to restore system access.
Claim Provided by KAMMCO
• IT Expenses: $417,000
• Business Interruption and Income Loss Expenses: $65,000
• Data Recovery Expenses: $76,000
• Ransom Expenses: $9,350
• Total Expenses: $567,350
© 2017 HUB International Limited.18
Business Interruption Claims
System Failure
• IT systems are often the
heart of information systems
and operations at many
businesses. When the IT
system is down, a paperless
company is down.
• Unexpected System Failure
occurs when the hardware,
software or glitches cause a
company’s IT system to fail.
Claims Examples
• Delta Airlines in 2016 – two days of grounded flights and lost bookings (speculation that it was caused by a wrench placed on a magnetized IT cabinet)
• New York Stock Exchange 2014 – had to reset the system and redo any trades over a four hour period
• RBS Banking – customers had no access for more than a day
© 2017 HUB International Limited.19 © 2017 HUB International Limited.19
How does a Cyber
Attack or Breach impact
your organization?
The cost in time, labor, resources and lost
profits.
2
© 2017 HUB International Limited.20
NetDiligence 2018 Report
Overall Cost of Claims • Total Breach Cost:
• Average of $603,900
• Median of $61,300
• Crisis Service Costs:
• Average of $307,000
• Median of $40,000
• Large Company Breach:
• Average of $8.8 Million
• Median of $5 Million
• Business Interruption Cost
• Average of $2 Million
• Median of $50,000
Top 4 Sectors Affected by Cyber Claims
1. Retail – Average $1.2 Million
2. Financial Services – Avg $845,000
3. Healthcare – Average $555,000
4. Professional Services –
Average $168,000
Top 4 Causes of Loss
1. Hackers: Avg is $1 Million
2. Ransomware: Avg is $229,000
3. Malware/Virus:
Avg is $1.2 Million
4. Lost/Stolen Laptop/Device:
Avg is $195,000
© 2017 HUB International Limited.21 © 2017 HUB International Limited.21
What happens when
there is a Cyber Claim
The real costs of a Cyber Attack or Breach
3
© 2017 HUB International Limited.22 © 2017 HUB International Limited.22
Security and Breach Security Response Process
© 2017 HUB International Limited.23
It is Thursday the 14th and You just came back from lunch and everyone is looking around at all the computers – which say, “We owner your system pay the Dark Over Lord or we delete your data”
• What do you do?
• Who do you call?
• What happens to payroll?
It takes two days to get your system back? What is happening with your staff?
The company needs to notify everyone who has breached data, who do they turn to find out what information is breached and what information isn’t breach?
Who does the notifications? And when do you notify?
Breach Response
© 2017 HUB International Limited.24
Privacy Breach Response Sequence of Events
Cyber Incident
Call the Hotline
Turn Key Solution
carrier handles
Forensics, Notification, Call Center, Monitoring, Finalize Event, PR/ Legal
Response, Business Interruption, Regulatory
Finalize the Event
and Review
Preferred
Vendor Solution
& Choose Vendor(s)
Forensics
Notification
Call Center
Credit Monitoring
Regulatory Finalize the Event
and Review
Crisis Mngt
PR / Legal
Business
Interruption
Turnkey - the Insurers make the decisions and the Insured signs off OR Preferred
Vendor the Insured must choose and help administer the claim throughout the process
© 2017 HUB International Limited.25
Security Breach Response Time Line
Post InvestigationForensics to
Solutions
Discovery to
Containment
From Occurrence to
Discovery
This is after the problem has been detected
This is when your IT department no longer is watching or negotiating but has the breach stopped from further damage or theft
This is not always clear
This is the period when internal groups are figuring out what was breached, how it was breached, how to prevent it from being breached again, and what controls allowed the breach to occur
There are specific legal measures associated with breaches by state that must be met, they may include but are not limited to: Individual record notification, postings, notifying the Attorney General for that state, federal notification, paymentprocessor notifications and PCI notifications
61 days (average) 8 days 40 days 41 days (Notification)
Human Resources is integral in this entire process providing communication, working with investigators
and even potentially managing response
© 2017 HUB International Limited.26 © 2017 HUB International Limited.26
Cyber Risk Management
Taking Advantage of all your Insurer can do for
you
4
© 2017 HUB International Limited.27 © 2017 HUB International Limited.27
© 2017 HUB International Limited.28
Risk Management Services offered by Insurers
Most Insurers have online portals
for you to secure articles,
statistics, policies and
procedures. Additionally, they
offer advice on what to do during
a Cyber Incident and how to
notify the carrier.
They run blogs, newsletters and
period training.
Some Insurers also offer
penetration testing to see if your
employees will fall victim of a
cyber phishing or spear phishing
attack.
They can also test your back ups
and simulate shut down.
Latest attacks have been through
text.
For large accounts generating a
$100,000 or more in premium
many insurers will give you an
annual Table Top Exercise with
Expert Legal Counsel.
All other Insureds may be eligible
for reduced rates or coverage
discounts if a Table Top is done
by the Insured with Carrier
Preferred Counsel
Resources at your disposal Testing Table Top Exercises
© 2017 HUB International Limited.29
Privacy & Network Solutions
Personal Identifiable
Information
Control of the Data
Phone line Breaches
Mobile Apps
Lost time and
resources have a
longer lasting reach
than you may think
Ransomware
shutdowns for the
Franchisor and or
your own systems
PCI and Consumer
Fines & Penalties
© 2017 HUB International Limited.30 © 2017 HUB International Limited.30
Questions
© 2017 HUB International Limited.31
Thank you.
© 2017 HUB International Limited.31
For your attention and time.