matt foushee university of tulsa tulsa, oklahoma cyber insurance matt foushee university of tulsa...
Post on 17-Jan-2016
230 Views
Preview:
TRANSCRIPT
Cyber Insurance
Matt FousheeMatt FousheeUniversity of TulsaUniversity of TulsaTulsa, OklahomaTulsa, Oklahoma
• Newer protection for businesses to consider.
• Vocabulary• Peril – Threat• Claim –is paid for covered loss• Actuarial – relating to using
mathematics and statistics to calculate financial risk.
• Indemnity – protection against loss.
Introduction
• Small businesses use brokerages or commercial insurance agents.
• Commercial Liability Policywith Endorsements
• Professional Liability Policywith Endorsements
Who Provides Cyber Insurance?
• Larger businesses use specialized brokerages or commercial insurance agents.
• Professional Liability Policywith Endorsements
• Stand-alone cyber risk policies• Growing segment. 28 markets.
Who Provides Cyber Insurance?
What Do Cyber Policies What Do Cyber Policies Cover?Cover?
Most policies are different but most include:
• First Party Protection:• Loss of Digital Assets• Non-Physical Business Interruption• Extra expenses – any additional costs
(travel, postage, etc.) • Cyber Extortion• Cyber Terrorism• Security Event Costs
What Do Cyber Policies What Do Cyber Policies Cover?Cover?
Most policies are different but most include:
• Third Party Protection:• Network Security and Privacy
Liability• Employee Privacy Liability• Electronic Media Liability• Disclosure Law Liability• California SB1386
Breach Disclosure LawsBreach Disclosure Laws
California SB 1386 (2002): requires companies to notify any California resident to be notified “whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. “ (SB1386)
46 States now have similar laws.
Costs of breach: Notification, Credit Monitoring Services, Forensics, Pubic Relations Expenses
Breach Disclosure LawsBreach Disclosure Laws
HITECH Act (Health Information Technology for Economic and Clinical Health)
• addresses privacy and security concerns associated with the electronic transmission of health information and strengthens civil and criminal enforcement of HIPAA rules. (HHS.gov)
• Maximum Penalties - $1.5 million for all violations per provision.
“Cyber insurance is seen as a way to get to a more secure world, without a heavy-handed government mandate that could stifle innovation,“
-Howard Schmidt, White House cyber security coordinator
Breach Disclosure LawsBreach Disclosure Laws
Costs of breach: • Notification • Forensics• Credit Monitoring Services• Pubic Relations Expenses
• Ponemon (3/8/2011)• Cost per breach average $214/record.
Post-Breach ServicesPost-Breach Services
Notification, Credit Monitoring Services, Forensics, Pubic Relations Expenses
Insurance companies often have relationships with companies that provide post-breach services to help with compliance of disclosure laws.
Common service providers:
What does it cost?What does it cost?
Every company is different, has specific risks, and different controls. These attributes help determine the carriers, products, and coverage for which it qualifies.
Some insurers price higher because they have little experience or properly realize the risk of cyber threats and expenses. Knowing the details of each policy is important.
Risk Managers should be expected to understand these risks and purchase accordingly.
What does it cost?What does it cost?
Chevrolet vs. LexusExample:• Small IT company with two employees• Only works within one state• $100,000 in annual sales• Liability Limit: $1,000,000 / incident, $2,000,000/
year• Cost: $1200 minimum premium/ year
Example:• Zurich Security and Privacy Protection Policy• Cost: $7,500 minimum premium/ year.
The Betterley ReportThe Betterley Report
Details• Who buys cyber insurance.• Market growth opportunities .• Actuarial methods.• Market Penetration and Production
Awareness.• Opinions on Product Features.• Perceptions of Insurance Companies,
Brokers, and Risk Management Service Providers.
Special ThanksSpecial Thanks
Interviews:
Tim Stapleton – Assistant Vice President Professional Liability Product Manager Zurich North America
Rebecca Sank – Commercial Underwriter Erie Insurance Group
John Meng – Senior Account Executive Victor O. Schinnerer & Co., Inc.
Tom DeOrnellas – Senior Commercial Producer Spicer Insurance Agency
QuestionsQuestions
?
ReferencesReferences
Web References:
http://betterley.com/samples/crmm_10_nt.pdf
http://info.sen.ca.gov/pub/01-02/bill/sen/sb_1351-1400/sb_1386_bill_20020926_chaptered.html
http://www.ponemon.org/blog/post/cost-of-a-data-breach-climbs-higher
http://www.post-gazette.com/pg/10173/1067262-96.stm#ixzz1JvohGBvO
Interviews:
Tim Stapleton – Assistant VP, Professional Liability Product Manager , Zurich North America
Rebecca Sank – Commercial Underwriter, Erie Insurance Group
John Meng – Senior Account Executive, Victor O. Schinnerer & Co., Inc.
Tom DeOrnellas – Senior Commercial Producer, Spicer Insurance Agency
top related