An Introduction to Cyber Liability Insurance

Catherine Berry

Senior Underwriter

What is cyber risk?

Exposures emanating from computer networks and the internet

The Cyber Risk Phenomenon

The incredible pace of technology-based innovation has produced huge dependenciesand interconnectivities of companies and organizations around the globe.

This has brought about great efficiencies and enhanced business practices – but hasalso created a wave of new problems : cyber-crime, media liabilities as a result of onlinepublishing, and a heavy reliance on the uptime of the network, for example.

As a result, there are new business exposures faced by commercial organizations,primarily driven by continually evolving e-commerce laws. Cyber liability to Third Parties,Network Security, Commerce Business Interruption and Loss of Data are just some of thenew liabilities clients need to build into their risk management and risk transfer strategies

Cyber risks

• Natural disasters

• System failures

• Cybercrime

• Corporate and state espionage

Cyber risks

• Cyber warfare:• 5th domain of warfare

• 2011 US drone fleet hit by Stuxnet – sabotaged Iran’s nuclear development plans

• Cyber terrorism

• Cyber activism

Business risks

• Operational

• Financial

• Intellectual property:• Erosion of competitiveness in global economy

• Legal and regulatory: sanctions / pecuniary fines

• Reputational:• Public visibility can cause harm to company’s image, brand and reputation

Non-malicious digital risks

• Natural disasters• Employees:

• Human error• Multitude of networks• BYOD• Mobile storage devices• Social networking:

• Information leaked• Spread of malware• Engineered attacks• Reputational damage

Hacking motivations

• Demonstration of skill, thrill-seeking• Cyber theft and cyber fraud • Industrial espionage• Insider attacks• Extortion:• Cyber terrorism• Cyber warfare:• Activism

Impact of a data breach

• Directors & Officers liability • 2014 Verizon Data Breach Investigation• Costs arising:

• Forensics• Crisis communications• Legal• Reputational

• Impact on brand value

Data breaches

• HFT:• PCI compliant to level 1• 2m credit card details stolen• Forensics, PCI assessments, crisis communications and credit

monitoring, PCI fines and penalties• Total claim: USD10,690,000

• Target:• Suspected to be same hacking group and malware as HFT• Class actions: 80 to date• Estimated total claim: USD244m

HFT:HFT:

Data breaches

• Home Depot:• 56m credit / debit card details stolen• Malware inserted at POS• News broke when batch of cards put up for sale on Internet• Estimated total claim: in excess of USD500m

Comprehensive cover,modular solutionThe eRisk product has been specifically designed as a one-stopsolution for a variety of needs.

It meets the requirements of IT professionals looking forcomprehensive Errors & Omissions coverage combined with cyberliability; at the same time, it answers the need or organizations seekinga first-class insurance product, providing cyber liability coverage forthird and first party e-commerce exposures.

The eRisk product has been designed in a modular format, with uniqueseparate insuring clauses for each section. These operateindependently or in combination; modules can be purchased either on acombined or stand-alone basis, depending on an organization’sparticular requirements.

Overview of Cover

1. Professional Services

2. Multimedia Liability

3. Security and Privacy Liability

4. Data Recovery and Loss of Business Income

5. Privacy Regulatory Defence Costs & Penalties

6. Crisis Management Costs, Customer support

7. Data Extortion

Risk Management Services

Risk Management Services

• Vulnerability assessment

• Private arbitration services

• Crisis communications guidelines

• Data breach guidelines

Camargue Commercial Crime

Presented by Justin Keevy

Senior Underwriter

Suspects

• Most common suspects

• Where did all the money go?

• Sentencing

• Recovery

Most Common Losses

• Stock Theft (Manual Invoicing) (Cycle Counting and Collusion)

• EFT Transfers

• Cash Theft

• Debtors (Rolling)

• Payroll (SARS) (Ghost Employees)

• Cheque Fraud

• Cyber Crime (Syndicates)

• Corruption

• Change of Banking Details

• Retail (Credit Cards) (Returns) (Cash)

Let’s Face the Facts

• Estimated loss to an organisation as a result of fraud = 5% of annual revenue

• Estimated that corporate fraud costs SA economy R150Bn annually

• Employees biggest perpetrators (47%) in Africa, average loss due to fraud is R400,000

• From 107 cases analysed in Africa, more than 20% of cases resulted losses of at least US$1m (ZAR 9,68 million)

• +/- 50% of organisations do not recover any losses suffered due to fraud

Overview of cover

What is covered?

• Theft of the company’s property by employees

• Includes Care, Custody and control

• Money and any other property

• Third party collusion

What is covered?

• Theft by employees (continued)

• Identifying guilty employees not required

• No restrictions on the method of theft

What is covered?

• Extortion• Committed by employees or third parties

• Threatened violence to commit theft

• Fraudulent Transfer Instructions• Employees or third parties

What is covered?

• Computer Fraud

• Hacking

• Use of viruses

• Employees or third parties

What is covered?

• Contractual Penalties

Contractual liabilities arising out of

• Theft by employees

• Computer Fraud committed by non-employees

Summary of Theft Cover

Type of Theft Employee OthersComputer Hacking/Virus Covered Covered

Fraudulent TransferInstructions Covered Covered

Extortion Covered Covered

Other/Ordinary Theft Covered Not covered

More about the cover

• Policy covers malicious destruction of data, including• Alteration or destruction of data

• Care, Custody and Control

• Destruction of media

• Computer programs

• Physical records, if damaged as a result of theft

Extensions

• Costs of recovery of uninsured loss

• Reinstatement of office records

• Claims preparation costs

Extensions

• Legal fees

• Automatic Reinstatement

Camargue Commercial Crime Risk Management Services

Whistle Blowing Hotline

Risk Management Hotline

• Risk management hotline

• Fraud risk surveys

“My employees will never steal from me”

“My employees will never steal from me”

72% are going to change their mind

Thank you

Questions?

Catherine BerrySenior Underwritercatherine@camargueum.co.zafacebook.com/camargueum

Disclaimer

The Camargue Internet team strives to provide you with useful, accurate, and timely information in this presentation. Accordingly, Camargue has attempted to provide accurate information and materials in this presentation but assumes no responsibility for the accuracy and completeness of that information or materials. Camargue may change the content of any information or materials available in this presentation, or to the products described in them, at any time without notice. However, Camargue makes no commitment to update the information or materials in this presentation which, as a result, may be out of date.

Information and opinions expressed in bulletin boards or other forums are not necessarily those of Camargue. Neither Camargue, nor its officers, directors, employees, agents, distributors, or affiliates are responsible or liable for any loss damage (including, but not limited to, actual, consequential, or punitive), liability, claim, or other injury or cause related to or resulting from any information posted on Camargue Web site. Camargue reserves the right to revise these terms and/or legal restrictions at any time. You are responsible for reviewing this page from time to time to ensure compliance with the then-current terms and legal restrictions because they will be binding on you. Certain provisions of these terms and legal restrictions may be superseded by expressly designated legal notices or terms located on particular pages of this Web site.

ALL INFORMATION AND MATERIALS AVAILABLE IN THIS PRESENTATION ARE PROVIDED "AS IS" WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, AND CAMARGUE DISCLAIMS ALL WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT OF INTELLECTUAL PROPERTY OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. IN NO EVENT SHALL CAMARGUE BE LIABLE FOR ANY DAMAGES WHATSOEVER (INCLUDING, WITHOUT LIMITATION, INDIRECT, SPECIAL, CONSEQUENTIAL OR INCIDENTAL DAMAGES OR THOSE RESULTING FROM LOST PROFITS, LOST DATA OR BUSINESS INTERRUPTION) ARISING OUT OF THE USE, INABILITY TO USE, OR THE RESULTS OF USE OF THIS PRESENTATION, ANY PRESENTATIONS LINKED TO THIS PRESENTATION, OR THE MATERIALS OR INFORMATION CONTAINED AT ANY OR ALL SUCH PRESENTATION, WHETHER BASED ON WARRANTY, CONTRACT, TORT OR ANY OTHER LEGAL THEORY AND WHETHER OR NOT ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IF YOUR USE OF THE MATERIALS OR INFORMATION ON THIS PRESENTATIONS RESULTS IN THE NEED FOR SERVICING, REPAIR OR CORRECTION OF EQUIPMENT OR DATA, YOU ASSUME ALL COSTS THEREOF.