Is Cyber Accurately Priced?

Transcription

Welcome to the
World’s Largest
Cyber Risk Insights
Conference!
#CyberNYC
Welcoming Remarks
Bill Keogh
CEO
Advisen
Cyber Risk Insight #1
• There are no funny cyber jokes.
Reflecting on the year
• This event continues to grow – an important
signal
• Our cyber-event database has grown 65% yearon-year
• Cyber Risk - One of the key topics at CIAB last
month
THE emerging risk
• So far, has not manifested itself on a Katrina or Tohoku
scale
• …yet
• Increasing and persistent “internet of things” is
increasing the “exposure base”.
• As if we’re erecting all of our buildings along the
southeast coast and on earthquake fault lines.
• Demand for coverage will likely increase
foreseeable future
for the
Thank you to our 44 Sponsors
Thank you to our Advisory Board!
Ben Beeson, Lockton Companies
Alan Brill, Kroll
Andrew Cushman, Skype
Richard DePiero, Swiss Re Corporate Solutions
Beth Diamond, Beazley
Peter Foster, Willis (2015 Conference Chair)
Brad Gow, Endurance
Chris Keegan, Beecher Carlson
Shane McGee, FireEye
John Mullen, Lewis Brisbois
Catherine Mulligan, Zurich
Graeme Newman, CFC
Bob Parisi, Jr., Marsh
Greg Vernaci, AIG
Opening Remarks
Peter Foster
Executive Vice President
Willis
2015 Conference Chair
Keynote Address
Michael Chertoff
Co-Founder & Executive Chairman
The Chertoff Group
What the Numbers Say:
The Indicators of Cyber Risk
#CyberNYC
What the Numbers Say: The
Indicators of Cyber Risk
David Bradford
President
Research & Editorial division
Advisen
Ira Scharf
GM Worldwide Cyber Insurance
BitSight Technologies
Types of Cyber Events
Privacy
Viola ons, 7.4%
Loss or The of
Printed Records,
10.9%
Network
Security
Viola on, 20.8%
Source: Advisen Loss Insights™
Other, 8.7%
Digital Data
Breach, 52.2%
Digital Data Breaches by Industry
Digital Data Breaches by Type of Data
Study Data Highlights
27,458 companies
22 industries
Over a two year period
2,671 digital data breaches
1,389,429,313
Botnet
A network of computers that have been
compromised and infected with malicious
software and controlled by an outside
adversary without the owner’s knowledge.
Breach Probability Increases with
Botnet Volume
Security Ratings as Aggregate Risk
Indicator
•
•
•
A botnet is one risk factor: also
have malware, diligence and user
behavior
Measure security performance
continuously, all from the outside
Higher rating indicates stronger
security performance and lower
risk
Higher Rated Companies Experience
Fewer Breaches
Implications for Assessing Cyber Risk
• Security Ratings are clear indicators of cyber
security risk
• Security Ratings can help inform risk decisions
about your insureds and your insureds’
vendors
• Poor security ratings correlate to increased
data breaches and therefore increased insured
loss
Actions to Take to Reduce Risk
• Use Security Ratings to understand insureds’ and
vendors’ specific cyber security vulnerabilities
• Continuously monitor trends and security events
over time
• Remediate high priority items quickly
For More Information
• On Security Ratings
- Visit BitSight’s Website
www.bitsighttech.com
- Download BitSight’s Technical Note on Data
- Download How Ratings are Calculated
- E-mail info@bitsighttech.com
• Presentation Slides Available at:
info.bitsighttech.com/advisen2015
Contact Us
Advisen Ltd.
1430 Broadway
8th Floor
New York, NY 10018
www.advisenltd.com
Phone: +1.212.897.4800
advisenevents@advisen.com
#CyberNYC
“…and the Survey Says”
#CyberNYC
“…and the Survey Says”
Erica Davis
Vice President & Assistant
National Manager, Specialty E&O
Zurich
Catherine Mulligan
Senior Vice President, National
Underwriting Manager, Specialty E&O
Zurich
Survey says…!
• Results of the 2015 survey
• Presented by
• Catherine Mulligan, Zurich North
America
• Erica Davis, Zurich North America
Market Overviewⁱ
• A market in flux
• Steep learning curve
• Scarce actuarial data
• Challenges in information gathering
• Increasing demand
i. “Looking Before They Leap: U.S. Insurers Dip Their Toes In the Cyber-Risk Pool,” RatingsDirect
by Standard & Poors Ratings Services, June 9, 2015
About The Survey
• 5 consecutive year of data
• Experienced risk managers
• 13 macro industries
• 52% greater than $1B revenues
th
Cyber Risks are Viewed as a
Significant Threat by:
Does your organization have a data
breach response plan in place?
Emerging Risks
• Social Media
• Cloud Services
• Mobile Devices
• Internet of Things
Businesses with Cyber Risk
Management
Compliance
Role of Insurance
•
•
•
•
Conclusions
Significant and evolving threat
More data breach response plans
Organizational challenge rather than just
an IT one
Greater role of insurance with more
businesses purchasing coverage
Thank you!
www.zurichna.com/en/kh/cyber
The information in this publication was compiled from sources believed to be reliable for informational purposes only. All sample policies and procedures herein
should serve as a guideline, which you can use to create your own policies and procedures. We trust that you will customize these samples to reflect your own
operations and believe that these samples may serve as a helpful platform for this endeavor. Any and all information contained herein is not intended to constitute
legal advice and accordingly, you should consult with your own attorneys when developing programs and policies. We do not guarantee the accuracy of this
information or any results and further assume no liability in connection with this publication and sample policies and procedures, including any information, methods
or safety suggestions contained herein. Moreover, Zurich reminds you that this cannot be assumed to contain every acceptable safety and compliance procedure or
that additional procedures might not be appropriate under the circumstances The subject matter of this publication is not tied to any specific insurance product nor
will adopting these policies and procedures ensure coverage under any insurance policy.
©2015 Zurich American Insurance Company
Morning Break
Coming up next in Salon II
TRACK 1 – “The Risk Manager’s Perspective”
Coming up next in Salon III
TRACK 2 – “Harnessing the Numbers”
Coming up next in Salon IV
Track 3 – “Who goes there?!”
WORKSHOPS: One Flight Down
#CyberNYC
Track 1
Cyber Risk Management
& Insurance
#CyberNYC
Track Chair
David Bradford
President
Advisen
The Risk Manager’s
Perspective
#CyberNYC
The Risk Manager’s Perspective
Chris Keegan
Senior Managing Director and Cyber & Technology
National Practice Leader
Beecher Carlson
Moderator
• Chris Keegan, Senior Managing Director and Cyber
& Technology National Practice Leader, Beecher
Carlson (Moderator)
• Marian Cope, Vice President of Corporate Insurance
Management, New York Life Insurance Company
• Alan Kurth, Risk Manager, Property & Casualty
Lines, Marsh & McLennan Companies, Inc.
The Real Cyber
Claims Trends
#CyberNYC
The Real Cyber Claims Trends
John Mullen
Managing Partner and Chair of the US Data Privacy
and Network Security Group
Lewis Brisbois
Moderator
• John Mullen, Managing Partner and Chair of the US Data
Privacy and Network Security Group, Lewis Brisbois
(Moderator)
• A. Marcello Antonucci, Technology, Media and Business Claims
Manager, Beazley Breach Response
• Tim Francis, VP, Business Insurance, Management and
Professional Liability and Enterprise Lead, Cyber Insurance,
Travelers
• Jim McQuaid, U.S. Head of Cyber Media and Technology, AIG
• Lisa Ryder, Claims Supervisor, Senior Claims Officer,
Chubb Specialty
Conference Luncheon
The sessions
reconvene at 1:30pm
#CyberNYC
Track 1
Cyber Risk Management
& Insurance
#CyberNYC
Track Chair
David Bradford
President
Advisen
The Underwriter’s
Response to a Shifting
Risk Landscape
#CyberNYC
The Underwriter’s Response to
a Shifting Risk Landscape
Brad Gow
Senior Vice
President
Endurance
Moderator
The Underwriter’s Response to a
Shifting Risk Landscape
• Brad Gow, Senior Vice President, Endurance
(Moderator)
• Richard DePiero, Head of Cyber and Technology
NA, Senior VP, Swiss Re Corporate Solutions
• Tom Kang, Cyber Product Manager, The Hartford
• Michael Palotay, SVP of Underwriting, NAS
• Catherine Rudow, Head of Cyber, PartnerRe
The Underwriter’s Response to a
Shifting Risk Landscape
The Federal Government,
Cyber Security
and Insurance
#CyberNYC
The Federal Government, Cyber
Security and Insurance
Rebecca Bole
SVP
Advisen
Moderator
• Rebecca Bole, SVP, Research & Editorial division,
Advisen (Moderator)
• Ben Beeson, Senior Vice President and Leader of
Cyber Security and Privacy, Lockton Companies
• Catherine Mulligan, Senior Vice President,
National Underwriting Manager, Specialty E&O,
Zurich
What the Board
Needs to Know
#CyberNYC
What the Board Needs to Know
David Bradford
President
Advisen
Moderator
• David Bradford, President, Research &
Editorial division, Advisen (Moderator)
• Michael Bruemmer, Vice President, Data
Breach Resolution Group, Experian
• Dr. George Little, Partner, Brunswick Group
Bing Pulse Poll for Cyber War Game
https://app.bingpulse.com/AdvisenEvents/cyberwargame
Click here to access poll questions!
Afternoon Break
Please clear the room now so we can reset
it.
Come back at 3:30pm for our
Cyber War Game Panel
#CyberNYC
Track 2
Developing Issues in
Cyber Risk
#CyberNYC
Harnessing the
Numbers
#CyberNYC
Harnessing the Numbers
Bob Parisi, Jr.
Cyber Product Leader
Marsh
Moderator
• Bob Parisi, Jr., Cyber Product Leader, Marsh
(Moderator)
• Neil Arklie, Senior Product Manager for Cyber and
Technology, Swiss Re
• Paul Miskovich, SVP, Global Practice Leader, AXIS
Insurance
• Scott Stransky, Manager and Principal Scientist, AIR
• Julian Waits, Sr., President & CEO, PivotPoint Risk
Analytics
Crypto-currencies
#CyberNYC
Crypto-currencies
Dana Syracuse
Managing Director
K2 Intelligence
Amy Davine Kim
Counsel
BuckleySandler LLP
Crypto-currencies
October 20, 2015
The Basics: Digital Currency 101
●
●
●
●
●
●
What is Virtual Currency?
What is it Crypto Currency?
How does it function?
Who is behind it?
Why does it have value?
How is it different than traditional currencies?
82
Who are the players?
●
●
●
●
●
●
Wallets
Transmitters and Processors
Exchangers
Software providers
Miners
The Distributed Ledger
83
Potential Applications
● As a Currency
– Who is using it and why?
● As a Payment Rail
– Potential improvements over our current systems?
● As a Technology
–
–
–
–
–
–
–
–
–
Applications in FinTech
Ledger Systems
Tokenization
Smart Contracts
Proof of Copyright
Cloud Storage
Mobile Gaming
Anti-counterfeiting
Voting
84
Criminal Activity
●
●
●
●
●
Silk Road
Mt. Gox
Dark Web
Malware Attacks
Thefts
85
The Regulatory Landscape
● United States
–
–
–
–
–
–
FinCEN
The IRS and New York State Department of Taxation and Finance
The Bitlicense and Limited Purpose Trusts
The Conference of State Banking Supervisors
The Uniform Law Commission
Proposed Regulations and Legislation
• California, Connecticut, New Hampshire, New Jersey, North
Carolina, Pennsylvania
● Internationally
86
Enforcement Matters
● FinCEN
– Ripple:
• Failure to have proper policies and procedures.
• Failure to file SARs.
● SEC
– Satoshi Dice:
• Unregistered Sale of Securities.
● CFTC
– Coinflip:
• Order states that Bitcoin and other virtual currencies are
“commodities” under the CEA.
87
Hallmarks of Regulation
●
●
●
●
●
●
●
●
●
●
●
●
How is crypto currency / virtual currency defined?
What types of activities are regulated?
What activities are expressly carved out?
Capital Requirements?
AML Requirements?
Custody and Protection of Consumer Assets?
Material Change to Business / Change of Control?
Examinations?
AML Programs?
Cyber Security?
Business Continuity?
Consumer Protection?
88
89
Dana Syracuse is a Managing Director at K2 Intelligence. Dana brings deep experience on complex legal and policy
issues involving banking regulation, money transmission, emerging payment systems, virtual currency regulation, and
cybersecurity practices of regulated industries to K2 Intelligence.
Managing Director
dsyracuse@k2intelligence.com
+1 917-281-3240
Before joining K2 Intelligence, Dana served as Associate General Counsel of the New York State Department of
Financial Services (DFS) where he advised senior officials on issues related to New York State insurance and banking
law, cybersecurity and virtual currency, and other matters involving the capital markets. He helped develop the DFS
strategy for the review of cybersecurity standards of its regulated institutions, overseeing the revamp of the DFS
cybersecurity examination process, helping implement targeted risk assessments of its regulated institutions’ cyber
security preparedness, and taking steps to assess the cybersecurity risks presented by third-party vendors. While with
the DFS Dana also helped oversee the development of the DFS strategy related to emerging payment systems, the
drafting of New York State’s BitLicense virtual currency regulation, and the chartering of New York based virtual currency
exchanges. As a part of these duties Dana regularly consulted with fellow State and Federal Regulators as well as a
number of International Regulators.
Dana has investigative experience in anti-money laundering, Bank Secrecy Act, and KYC programs and has brought
actions against regulated banks for violations of New York banking law in connection with transactions with nations
subject to international sanctions.
Prior to the DFS, Dana was Assistant Attorney General (AAG) of the Taxpayer Protection Bureau in the Office of the New
York State Attorney General where he served as the lead AAG in the investigation and litigation of cases involving civil
and criminal enforcement of the New York State False Claims Act.
Dana is a frequent speaker on banking regulation, cybersecurity, emerging payment systems, virtual currency regulation,
the New York State False Claims Act and commercial litigation practice.
90
K2intelligence.com
New York
845 Third Avenue
New York, NY 10022
1 212 694 7000
London
Albemarle House
1 Albemarle Street
London W1S 4HA
44 207 016 4250
Madrid
Calle Almagro 15
28010 Madrid
Spain
34 917 021 364
Tel Aviv
89 Medinat Hayehudim Street
Tower E
Herzliya Pituah, Israel
4676672
972 9832 6126
Geneva
rue de Jargonnant 2
c/o N.A.T. Services SA
1207 Geneve
41 799 020 921
Crypto-currencies
“The Risk Perspective”
Roberta Andreson
Partner
K&L Gates
Conference Luncheon
The sessions
reconvene at 1:30pm
#CyberNYC
Track 2
Developing Issues in
Cyber Risk
#CyberNYC
Track Chair
Chris Keegan
Senior Managing Director and
Cyber & Technology National
Practice Leader
Beecher Carlson
“Is Cyber Accurately
Priced?”
#CyberNYC
“Is Cyber Accurately Priced?”
William Wright
SVP
Paragon Brokers
Moderator
• William Wright, SVP, Paragon Brokers
(Moderator)
• Jessica Lindo, Vice President, Professional
Lines, Allied World
• Toby Merrill, Division Senior Vice President,
Global Cyber Risk Practice, ACE
• Greg Vernaci, Head of Cyber, US & Canada,
Financial Lines, AIG
“Should the Property
Market be Covering
Physical Damage from
Cyber Attacks?”
#CyberNYC
“Should the Property Market be Covering
Physical Damage from Cyber Attacks?”
Shannon Groeber
Senior Vice President
JLT Specialty USA
Moderator
• Shannon Groeber, Senior Vice President,
JLT Specialty USA (Moderator)
• Graeme Newman, Director, CFC
• Bill Reed, Operations Vice President,
FM Global
Afternoon Break
it.
#CyberNYC
Track 3
The Dark Side of the Web
#CyberNYC
Track Chair
Alan Brill
Senior Managing Director
Kroll
Who goes there?!
#CyberNYC
Who goes there?!
Shane Hammett
Senior Cybersecurity Threat Analyst
Dynetics
Moderator
Who goes there?!
• Shane Hammett, Senior Cybersecurity Threat
Analysit, Dynetics (Moderator)
• Nick Economidis, Underwriter, Beazley
• Robert Shaker, Global Leader, Incident Response
Services, Operations, Cyber Security Group,
Symantec Corporation
• David Wong, Director- Incident Response
Services, Mandiant, a FireEye company
Who goes there?!
Understanding the
Dark Web
#CyberNYC
Understanding the Dark Web
Zach Scheublein
Vice President
Aon
Moderator
• Zach Scheublein, Vice President, Aon (Moderator)
• Austin Berglas, Senior Managing Director, Head of U.S.
Cyber Investigations and Incident Response,
K2 Intelligence
• Joel Lang, Sales Director, CSID
• N. David Neeman, Assistant District Attorney,
Cybercrime and Identity Theft Bureau, New York
County District Attorney’s Office
• Andy Obuchowski, Jr., National Practice Leader,
Digital Forensics and Incident Response Services,
Director, Security and Privacy Consulting, McGladrey
Conference Luncheon
The sessions
reconvene at 1:30pm
#CyberNYC
Track 3
The Dark Side of the Web
#CyberNYC
Track Chair
Alan Brill
Senior Managing Director
Kroll
Hack and Response
#CyberNYC
Hack and Response
Neeraj Sahni
Vice President
Willis
Moderator
Hack and Response
• Neeraj Sahni, Vice President, Willis (Moderator)
• Alan Brill, Senior Managing Director, Kroll
• Chris DeMunbrun, Secret Agent, United States Secret
Service
• Adam Golodner, Partner and Leader Global
Cybersecurity and Privacy Group, Kaye Scholer LLP
• Winston Krone, Managing Director, Kivu Consulting
• Shane McGee, Chief Privacy Officer, FireEye
• Chris Pogue, Secret Vice President, Cyber Threat
Analysis, Nuix
Hack and Response
Afternoon Break
it.
#CyberNYC
Cyber War Game
#CyberNYC
Cyber War Game
Rebecca Bole
SVP, Research & Editorial division
Advisen
Moderator
Cyber War Game
• Rebecca Bole, SVP, Research & Editorial division,
Advisen (Moderator)
• Jeremy Henley, Directory of Breach Services,
ID Experts
• Chris Pogue, Senior Vice President, Cyber Threat
Analysis, Nuix
• Scott Sarafian, Supervisor, Electronic Crimes Task Force,
United States Secret Service
• Melissa Ventrone, Partner, Wilson Elser
• Wendi Whitmore, Vice President of Services,
CrowdStrike
•
•
•
•
Succeeding against the odds…
What did the Blue Team do well?
CEO set the company priority and drove
the response accordingly
Internal legal counsel involved quickly –
at centre of response
Retained outside advisors immediately
Divided tasks among the group – not all
following the same ball
•
•
•
•
Breach planning and
response: 4 key lessons
Have a plan
Communicate clearly and quickly
Interact with law enforcement
Think ahead post-crisis
Make a plan
•
•
•
•
Agree a crisis plan
Get vendor relationships in place
Test the plan
Refine the plan
Communicate
•
•
Identify all stakeholders - internally and
externally
Law enforcement
•
•
Cooperate – they can help!
However, their priorities may not align
with yours
Post-crisis plan
•
•
•
•
Think ahead
Crisis remediation
Secure those third party relationships
Focus on your core business - keep the
lights on
Breach planning and
response: 4 key lessons
•
•
•
•
Have a plan
Interact with law enforcement
Think ahead post-crisis
Cyber War Game
The View from the Top
#CyberNYC
Bill Keogh
CEO
Advisen
• Bill Keogh, CEO, Advisen (Moderator)
• Peter Beshar, EVP and General Counsel,
Marsh & McLennan Companies, Inc.
• Eric Joost, COO, Willis North America
• Jack Kuhn, CEO, Endurance
• Mike Smith, Chief Operating Officer, Global
Commercial Insurance, AIG
Closing Remarks &
Reception

Is Cyber Accurately Priced?

Transcription

Similar documents

ENCORE: Studio: When State Actors and Cybercriminals Join Hands

Register Now!

Web Safety

VOITTAVA KYBERSTRATEGIA Jarno Limnéll

KennethGeers

It is a wonderful initiative to spread the message of

Matt Luallen

Supertel

Cyber liability DL October 2012.indd

West Midlands Regional Cyber Crime Unit