Cyber Terrorism:Protecting Critical

Infrastructure

CRM009

Date: Tuesday 12th April, 2016

Time: 10:15 AM-11:15 AM

LEARNING OBJECTIVES

• Assemble indicators that help you detect the threats to which your operation could be vulnerable.

• Adopt a system to test assumptions.

• Compare solutions for first-party cyber risk management and risk transfer.

SPEAKERS

• Steve Mikhlin, ARM, CRIS Insurance Manager/Risk Financing - Treasury The Port Authority of New York and New Jersey

• David K.A. Mordecai, Ph.D.President Risk Economics, Inc.,

• Russell Kennedy, BA (Hons.), ACIIDivisional Director - Property, Political Violence and Political RisksBRIT Global Specialty

CONCERNS OF A RISK MANAGER • Steve Mikhlin - The Port Authority of New York and New Jersey

• IDENTIFY:

• NATURE OF THE THREAT?

• ANALYSE & EVALUATE:

• PRE-LOSS MITIGATION: IDENTIFICATION

• C-SUITE PARTICIPATION

• RESPOND

• INVESTMENT IN PROTECTION AGAINST THE THREAT

• THE INSURANCE BACKSTOP

• MONITORING

• POST LOSS MITIGATION

• STAYING AHEAD OF THE THREAT

CONCERNS OF A RISK MANAGER

WHAT IS THE RISK?

• Is physical damage from a cyber event an actual risk to all of the different occupancies in the room today?

• What sort of operational technology systems should we focus on protecting?

PRE-LOSS MITIGATION: HOW DO WE IDENTIFY IT, AND WHO SHOULD BE INVOLVED?

• We all invest considerable time and effort in identifying and evaluating cyber risk to our companies.

• How would the panel recommend that we do things differently, who should be involved in this process and/or is there a gold standard approach that we should be considering?

IS OUR CURRENT PHYSICAL RESPONSE TO THE THREAT ADEQUATE?

• We also make considerable investment in the protection of our systems through Information and Operational technology defences, but are we putting all our eggs in one basket by relying on these defence systems to mitigate the risk?

CONCERNS OF A RISK MANAGER

HOW DO WE BEST EDUCATE OUR C-SUITE AND WHAT IS THE RISK TO THEM?

• How exposed are our shareholders/stakeholders to a catastrophic loss, and how do we best educate them on the potential risks and solutions available to mitigate the risk?

WHAT INSURANCE OPTIONS ARE THERE & WHAT DO UNDERWRITERS TAKE INTO CONSIDERATION WHEN ANALYSING THE RISK?

• What insurance solutions are available and how do we know that we have covered ourselves adequately – should we be relying on write-backs under our property programmes or is there a better way to provide an insurance back-stop?

POST-LOSS MITIGATION?

• In the event of an attack what support can we get to help us deal with post-loss mitigation?

7

•

8

9

12

13

SEEING THE DIFFERENCE MAKES THE DIFFERENCE

CYBER ATTACK

RIMS 2016

B R I T

Evolution of the Cyber Market

• Third Party Cyber Cover

• Focus on Personal Data

• Financial Institutions, Healthcare Record etc

• All other types of Cyber Risk?

• Property Damage / Business Interruption

• Bodily Injury

• Non Physical Damage Business Interruption

• Environmental Liability

• Products Liability

• Threat / Extortion / Crisis Management

ICS

Existing Cyber Solutions

• Stand Alone Cyber Policies

• Specific Coverage

• DIC / DIL coverage

• Silent Coverage

• Exclusions / Write-Back

• CL380 / NMA 2914/5

• Advantages & Disadvantages

Underwriting Considerations

• Bespoke Coverage

• Certain, Appropriate, Clear

•Event Definition

•War & Terrorism / TRIPRA

• Underwriting Information

• Critical Digital Assets: IT / OT / ICS

• Security, Processes and Protocols

• Straightforward Pre-bind Process

Underwriting Considerations

•Risk Assessment

• 3rd Party Cyber Security Specialism

•Structure, Terms and Conditions

•Pricing

•Risk Aggregation

•Ultimate Systemic Catastrophe

SEEING THE DIFFERENCE MAKES THE DIFFERENCE

QUESTIONS PLEASE

B R I T

SPEAKER BIOGRAPHIES AND ADDITIONAL INFORMATION

Russell Kennedy BA (Hons.), ACIIDivisional Director - Property, Political Violence and Political RisksBRIT

After graduating in 2003 from the University of Manchester with an honours degree in History and Economics, Russell joined Brit on the Graduate Scheme. After rotations in the International Property Direct and Treaty divisions Russell finally settled in the War & Terrorism team in July 2006. Russell has was promoted to Class Underwriter in 2008 and was responsible for both underwriting the book on a daily basis in Lloyd’s and its’ overall strategic development. In 2014 Russell took over as Divisional Director for the Open Market Property, Political Violence and Political Risks Division. Russell has been at the forefront of cyber risk within the insurance industry over the last 3 years with his involvement in extensive research and product development.