Cyber coverage and the impact on your organization...• A Cyber attacker will spend an enormous...

© 2017 HUB International Limited.1 © 2017 HUB International Limited.1

Dorothea P. Westin, RPLU, CRM, CIC, CPIW

CSRisks of Specialty Program Group and

With Bernard Thibeaux, Jr of HUB International

Cyber coverage and the impact on your organization

© 2017 HUB International Limited.2

Dorothea P. Westin, RPLU, CIC, CRM, CPIW

President, CSRisks a division of Specialty Program Group

Education/SkillsApproved Insurance Continuing Education Instructor in 12 states

Insurance Experience

President of CSRisks a Division of Specialty Program Groups, LLC - 10/2017

to Present• Responsible for production of $33 million in premium volume

• Lead Underwriter for an in-house MGA Lloyds Program

• Management of 15 person Insurance Brokerage/Underwriting office

• Certified Insurance Counselor authorized to provide Policy Analysis and Review

• Client Meetings and Underwriting Liaison

• Professional and Management Liability Product Development

• Panel Expert for HUB International Cannabis, Cyber, Hospitality and Financial

Institution Specialties

President of Capitol Special Risks, Inc. - 10/1992 to 10/2017• Overseeing accounting, legal and personnel (development of personnel manual)

• Producer of specialty coverages (handling Directors and Officers Liability, Employment

Practices Liability, Professional Liability, Products Liability, Fidelity and Surety Bonds)

National Speaker • Speaker for Podcast and Webinar National Creditors Bar Association 2019

• Podcast Panelist and Presenter for IoT in 2018 for Cyber Changes and Growth

• Speaker for the National CIO Association in North Carolina, Pennsylvania, & Georgia 2015-

2017

• Speaker at the National Collections Association on Cyber and Directors & Officers

Coverage 2012-2019

Most Recent Industry Recognition: 2018 Hot 100 in Insurance for Business

Insurance America


Agenda

What is Cyber Coverage?

How does a Cyber Attack impact my organization

What happens when there is a Cyber Claim

Cyber Risk Management

Questions & Answers

1

2

3

4

5


Cyber Coverage, What

is it?

How can it protect our organization?

1


A Modern World Problem, how to secure data?

Points at risk: • The Building & Physical Servers

• USB Drives

• Laptops

• Mobile Devices

• Hard Copy files

• Employees • Phishing Scams

• Accidental Downloads

• Rogue Employees


Potential Parts of a Cyber Policy Form

PS

BR

T

M

PCIC

AP

R

BI

PCI

Coverage

Cyber Crime Regulatory

Coverage

Media

Coverage

Business

Interruption

Network or

Asset Protection

Breach

Response

Technology

Errors &

Omissions

Third Party E&OFirst Party Coverages

Privacy & Security Liability


First Party Exposures

• Breach Response

• Computer Forensics

• Notification

• Credit Monitoring

• Potential Regulatory Issues

• Public Relations

• Cyber Crime

• Extortion

• Telephone Fraud / Hacking

• Fraudulent Instruction / email or postal

• Business Interruption

• Dependent Interruptions

• System Failures

• Network or Asset Protection

• Bricking


Stolen, Misused or Lost Data Triggering Breach Response

HIPAA Records are kept by

Employers for Employee

Benefit Placements – they

can be at risk by your

company and by the people

your company entrusts to

handle Employee Benefits

Customers’ personal information is compromised, companies are often required to offer their customers the option to monitor their own credit for free for a certain period of time. Customers can then know if their information is about to be compromised.

The average cost of credit monitoring is $10 per affected customer. Since the average number of records compromised in a data breach is over 24,000, credit monitoring can be a significant expense.

Personal Identifiable

Information for Customers,

Employees and even vendors


Recordless Event Costs are more expensive

NetDiligence 2018 Report

Ransomware


The Trends Alarming Statistics:

• 77% of the Spear Phishing attacks are laser-focused –targeting only 10 e-mail inboxes, and only 33% of them focused upon just one e-mail inbox.

• At least 30% of the Spear Phishing campaigns are deemed to be successful.

• Compared to a general Phishing campaign, Spear Phishing campaigns cost 20x per victim, and the return is 40x greater.

• Another tactic that the Cyber attacker uses is what is known as the “Drip Campaign.” For example, 35% of the Spear Phishing attacks lasted at least 12 months or even longer. Meaning they were caught with no signs of an issue until everything went south or they lost their data or worse, bank account.

• A Cyber attacker will spend an enormous amount of time also trying to find a hidden “crack” or “hole” in the organization as a stepping stone to collect the relevant information/data on their victim.

Claims Examples: Cyber Crime - Phishing


Cyber Crime

Telephone Hacking

Using a trusted system to

deceive a sender of funds

Social Engineering or

(Spear) Phishing

The art of targeting the right

people at the right time

Invoice Manipulation

A Hackers fast money


Claims Examples: Cyber Crime

Telephone Hacking & Fraud

In November of 2016, an insurance agent in New Jersey came in to his office to find the FBI waiting for him. While he had clients large and small across the country he had no idea why the FBI would want to see him much less detain/arrest him.

It turns out for the past two months his phone system was being used to call Afghanistan and Pakistan, specifically to known terrorist locations. The calls were made between midnight and 2 am. The agent had to convince the FBI that he and his staff did not make the calls. The truth was their phone system had been hacked and terrorists were using it to communicate without cost to themselves. Not only did he have to deal with the FBI but he also had to handle the phone company who wanted payment for the calls. The cost of the calls was over $200,000. The time and energy to work with the FBI was considerable. At the time the agent had no coverage in place. He was a 4 person insurance agency and it almost put him and his company out of business.

Additionally, the agent ended up on the no fly list for one year..


Cyber Crime Social Engineering

Bad Actor

Actual Relationship

with transaction Emails

The Bad Actor

pretending to be the

customer sends

instructions to redirect

funds to their bank.

Original Bank Redirected Bank

$ $

Gets

fundsSeller of

Building’s Bank

Bad Actor’s

Bank

Suffers

the Loss


Cyber Crime Telephone Fraud

Bad Actor

Actual Relationship

with transaction Emails

The Bad Actor

pretending to be the

customer sends

instructions to redirect

funds to their bank.


$ $

Gets

fundsSeller of

Building’s Bank

Bad Actor’s

Bank


Cyber Crime Invoice Manipulation

Bad Actor

The Bad Actor is

actually in the

Manufacturer’s

system via a hack

or a phishing scam


$ $

Gets

fundsManufacture’s

Bank

Bad Actor’s

Bank

An email coming from the

Manufacturer’s server

giving new payment change

Illusion of a

Vendor Standing order and

payment schedule

Suffers the Loss


Network or Asset Protection Claims

Bricking

A DDoS Attack present a significant risk to organizations that

depend on their networks and websites as an integral part of

their business..

DDoS attack uses a dynamic combination of multiple vector

attack vectors consisting of:

1. Volumetric Large bandwidth consuming attacks

2. TCP State-Exhaustion Attacks

3. Application-Layer Low and slow application layer

attacks

According to NETSCOUT® Arbor 13th Annual Worldwide

Infrastructure Security Report, 59% of respondents have

experienced a multi-vector DDoS attack.

means a device has turned into a brick. ...

“Bricking” generally means that a device isn't

recoverable through normal means and can't be

fixed, but some people may say a device is

“bricked” even when it's recoverable.

Devices that get Bricked• Firewalls (servers for any business)

• POS Software Programs and the servers they run on

• Cell Phones

• Construction Equipment

• Medical Equipment


First Party Full Claim Scenario

Network Asset Protection/Cyber Extortion

In Late July 2016, employees of a hospital discovered that their email accounts were not accessible. The hospital’s IT department investigated and discovered that a ransomware attack infected 70 servers and 600 workstations. The hospital had to close operations for 2 business days and suffered various losses in relation to the event.

Cyber Insurance covered:

• IT Forensic Consultants – Consultants were retained to immediately address the ransomware attack, secure data, investigate if any patient health information was compromised, and rebuild the hospital’s network.

• Business Interruption and Income Loss – Several surgeries had to be cancelled resulting in loss of income.

• Data Recovery – Several employees had to work overtime to recreate lost data from back-ups.

• Ransom Amount – The Hospital paid the ransom demand to restore system access.

Claim Provided by KAMMCO

• IT Expenses: $417,000

• Business Interruption and Income Loss Expenses: $65,000

• Data Recovery Expenses: $76,000

• Ransom Expenses: $9,350

• Total Expenses: $567,350


Business Interruption Claims

System Failure

• IT systems are often the

heart of information systems

and operations at many

businesses. When the IT

system is down, a paperless

company is down.

• Unexpected System Failure

occurs when the hardware,

software or glitches cause a

company’s IT system to fail.

Claims Examples

• Delta Airlines in 2016 – two days of grounded flights and lost bookings (speculation that it was caused by a wrench placed on a magnetized IT cabinet)

• New York Stock Exchange 2014 – had to reset the system and redo any trades over a four hour period

• RBS Banking – customers had no access for more than a day


How does a Cyber

Attack or Breach impact

your organization?

The cost in time, labor, resources and lost

profits.

2


NetDiligence 2018 Report

Overall Cost of Claims • Total Breach Cost:

• Average of $603,900

• Median of $61,300

• Crisis Service Costs:

• Average of $307,000


• Large Company Breach:

• Average of $8.8 Million

• Median of $5 Million

• Business Interruption Cost

• Average of $2 Million


Top 4 Sectors Affected by Cyber Claims

1. Retail – Average $1.2 Million

2. Financial Services – Avg $845,000

3. Healthcare – Average $555,000

4. Professional Services –

Average $168,000

Top 4 Causes of Loss

1. Hackers: Avg is $1 Million

2. Ransomware: Avg is $229,000

3. Malware/Virus:

Avg is $1.2 Million

4. Lost/Stolen Laptop/Device:

Avg is $195,000


What happens when

there is a Cyber Claim

The real costs of a Cyber Attack or Breach

3


Security and Breach Security Response Process


It is Thursday the 14th and You just came back from lunch and everyone is looking around at all the computers – which say, “We owner your system pay the Dark Over Lord or we delete your data”

• What do you do?

• Who do you call?

• What happens to payroll?

It takes two days to get your system back? What is happening with your staff?

The company needs to notify everyone who has breached data, who do they turn to find out what information is breached and what information isn’t breach?

Who does the notifications? And when do you notify?

Breach Response


Privacy Breach Response Sequence of Events

Cyber Incident

Call the Hotline

Turn Key Solution

carrier handles

Forensics, Notification, Call Center, Monitoring, Finalize Event, PR/ Legal

Response, Business Interruption, Regulatory

Finalize the Event

and Review

Preferred

Vendor Solution

& Choose Vendor(s)

Forensics

Notification

Call Center

Credit Monitoring

Regulatory Finalize the Event

and Review

Crisis Mngt

PR / Legal

Business

Interruption

Turnkey - the Insurers make the decisions and the Insured signs off OR Preferred

Vendor the Insured must choose and help administer the claim throughout the process


Security Breach Response Time Line

Post InvestigationForensics to

Solutions

Discovery to

Containment

From Occurrence to

Discovery

This is after the problem has been detected

This is when your IT department no longer is watching or negotiating but has the breach stopped from further damage or theft

This is not always clear

This is the period when internal groups are figuring out what was breached, how it was breached, how to prevent it from being breached again, and what controls allowed the breach to occur

There are specific legal measures associated with breaches by state that must be met, they may include but are not limited to: Individual record notification, postings, notifying the Attorney General for that state, federal notification, paymentprocessor notifications and PCI notifications

61 days (average) 8 days 40 days 41 days (Notification)

Human Resources is integral in this entire process providing communication, working with investigators

and even potentially managing response


Cyber Risk Management

Taking Advantage of all your Insurer can do for

you

4


Risk Management Services offered by Insurers

Most Insurers have online portals

for you to secure articles,

statistics, policies and

procedures. Additionally, they

offer advice on what to do during

a Cyber Incident and how to

notify the carrier.

They run blogs, newsletters and

period training.

Some Insurers also offer

penetration testing to see if your

employees will fall victim of a

cyber phishing or spear phishing

attack.

They can also test your back ups

and simulate shut down.

Latest attacks have been through

text.

For large accounts generating a

$100,000 or more in premium

many insurers will give you an

annual Table Top Exercise with

Expert Legal Counsel.

All other Insureds may be eligible

for reduced rates or coverage

discounts if a Table Top is done

by the Insured with Carrier

Preferred Counsel

Resources at your disposal Testing Table Top Exercises


Privacy & Network Solutions

Personal Identifiable

Information

Control of the Data

Phone line Breaches

Mobile Apps

Lost time and

resources have a

longer lasting reach

than you may think

Ransomware

shutdowns for the

Franchisor and or

your own systems

PCI and Consumer

Fines & Penalties


Questions


Thank you.


For your attention and time.

Cyber coverage and the impact on your organization...• A Cyber attacker will spend an enormous...

Documents

Transcript of Cyber coverage and the impact on your organization...• A Cyber attacker will spend an enormous...