Crawford Cyber Risk Services

A definitive solution for cyber-related events

CYBER-RELATED EVENTS—An Increasing Threat Companies in all industries face an increasing threat of a cyber attack and cyber-related events. The event itself and those responsible for it continue to vary in levels of threat and sophistication, but whether from a hobbyist, criminal or terrorist group, the threat is real. As cyber-related events evolve, so does cyber insurance coverage to provide protection for damage caused by human error, malicious attacks, cyber sabotage/extortion, fraud and other unauthorized access to sensitive information. Traditional liability products were originally designed to protect businesses against third-party claims for bodily injury and property damage; these types of policies are increasingly subject to exclusions as new exposures emerge.

As we understand it today, cyber exposures are largely intangible—which makes determining the cause and coverage of cyber risk a significant challenge. Whether or not you choose to purchase separate cyber liability coverage—the exposure still exists. Crawford can help you manage this difficult, evolving risk.

1995

Hobbyists

Criminals/Terrorists

First MS Wordbased virus

2001Code red

worm attacksWhite House

2005Poison Ivy trojan

takes controlof PCs

2008Koobface virus

spread via socialnetworking sites

2010Industrial controlthreat - Stuxnet

2011First Sony

Playstation®

breach

2012Heartbleed bugaffects billions

of users

2013Target retailbreached

2014Second Sony

breach

2015Substantially

heightened awarenessby Risk Managers

NAVIGATING A CHANGING DIGITAL LANDSCAPE The increasing need for cyber coverage stems not only from deliberate acts, but also from the changing landscape of the digital world. From data breaches, intentional or otherwise, to the fines incurred from such breaches, mitigation of these losses are increasingly tricky.

Loss of Personal Data/BreachData can be lost or compromised accidentally—for example, by employee negligence, loss of hardware and devices, or network process errors. It can also be lost through intentional system attacks, such as viruses/malware, deliberate staff interference, or hacking. Exposure can be controlled, in part, by taking precautionary measures—examples include: monitoring of network and email traffic, controlling data transfer via removable media and installing dynamic virus/malware protection. Organizations must also hold inhouse IT and communications teams accountable for network activity, and strictly control user and administrative privileges.

Incurred FinesSignificant fines can be incurred for loss of data or breaches allowing access to personal data, the parameters of which are interpreted in varying ways. In the European Union, it is defined as any information relating to an identified or identifiable natural person. Further, certain types of personal data are deemed “Special Categories,” as their processing would have heightened impact on an individual’s privacy. In the United Kingdom, for example, this is data revealing information such as racial/ethnic origins, health data, offenses or court proceedings. In the United States, personally identifiable information includes categories such as a person’s first name, middle initial, last name, physical address, contact information and/or financial information. Fines can also be imposed for permanent data loss related to personal data, examples include: costs to the business for notifying data subjects of the loss, purchasing third-party data recovery expertise, and staff to manually recreate lost data.

Cyber Security PlanWhile cyber risks to brand and reputation face all corporations, these risks are especially acute for publicly-traded companies. According to a recent Reuter’s article1—less than half of company boards have the necessary skills to manage the rising threat of cyber-attacks. With four of five respondents, a survey of global investors further suggested they might blacklist businesses that have been hacked.

Crawford understands the critical need for a corporation to secure all proper partners in its cyber security plan (insurance, incident manager, legal professionals, and public relations firms). This crucial element also further demonstrates to institutional and non-institutional investors that your corporation’s cyber threat is effectively managed. Crawford’s Cyber Risk Services addresses this need with the Crawford Incident Manager, an end-to-end solution for Corporations and Insurance Carriers during a cyber event.1Sinead Cruise. (Wed Apr 15, 2015). Company executives poorly placed to handle rising cyber risk: KPMG survey [Reuters.com article] Retrieved from http://www.reuters.com/article/2015/04/15/us-kpmg-cyberpoll-idUSKBN0N616F20150415

IT MEGATRENDS

MobileLandscape

The increased adoption of mobile platforms is leading to an increasing trend of targeted cybercrimes; this is particularly pertinent to the android system due to its open source nature and app distribution model.

Bring YourOwn Device

(BYOD)Revolution

As more and more personal devices are used in the corporate space, ensuring security of data becomes even more challenging. Wewill see a higher frequency of severity losses (>USD 50M).

ContinuedCloud

The increasing use of cloud solutions, particularly the public cloud and on-demand services,means that there is an increased risk of high aggregation losses (both in respect of lost data, fines and penalties and loss of revenues).

Hacker Groupsand

Hacktivism

Advanced online groups will continue to penetrate systems for political reasons or personal gain. As more success is achieved there will be further incidents. Companies that hold sensitive data will be particularly at risk.

High-ProfileData

We are seeing an increasing trend in high profile catastrophe losses through malware infection and hacking. These events result in highly complex losses which are difficult to understand and mitigate.

CybercrimeEconomy

There is a concerning trend regarding the development of cybercrime resources and services under a black economy. This means potentially anyone can have access to cutting-edge hacking tools and know-how to aid criminal activities.

1. FNOLThe FNOL call sets the tone for the entire claim experience regardless of the type of event. This is especially true during a cyber-related event when details are often vague, losses are likely complicated and the atmosphere is frenetic. As with any 24/7/365 days a year operation, staffing, training and accurate claims intake are challenging for any organization. More and more businesses are realizing the benefits of outsourcing FNOL operations to experienced specialists. Our comprehensive call center follows a regulated process to ensure that even the most complicated claims are handled in the timeliest manner with clearly set goals for each hour and with the highest expertise in cyber-related events.

CRAWFORD INCIDENT MANAGER The Crawford Incident Manager solution provides a single, end-to-end turnkey solution. Our three core services (First Notice of Loss [FNOL], Public Notifications and Forensic Accounting) are complemented by key strategic partnerships. For more than 70 years, Crawford has been establishing relationships with leading cyber industry specialists. These specialists are contracted to Crawford and available on a 24/7 basis. Each specialist has successfully completed a rigorous due diligence process to confirm their suitability for the role. From regulatory notifications to public relations, we have the capabilities to handle every aspect of a cyber-related event/incident.

As the go-to incident manager, the entire event response is seamlessly managed from FNOL to resolution, including benefits such as:

• Guaranteed crisis management response • Global capability • Single FNOL center with 200 language capability • Specially selected, trained and accredited incident managers • Contracted specialists, available 24/7 and preeminent in their fields

Our core services are:

1. FNOL2. Public Notifications3. Forensic Accounting

FNOL• 24/7/365 notification• Incident Manager appointed• First response to Insured

24 HOURS• Investigations well underway• Initial indications emerging• Immediate mitigations continuing• Regular updates to stakeholders

5 HOURS• Appoint specialists• Triage calls with stakeholders• Commence investigations• Immediate mitigations• Policy coverage reviewed• Clear action plan emerges

48 HOURS• Initial investigations concluding• Regular updates to stakeholders continuing• Policy coverage view emerging• Immediate mitigation work maturing• Clear solution plans emerging

FNOL 5HOURS

24HOURS

48HOURS

CRAWFORD CYBER RISK SERVICES

An End-to-End Solution for Corporations and Insurance Carriers Every business has the goal to prevent cyber threats—before a breach of a network or loss of data occurs—but in the event that a threat occurs, having a plan in place is vital. Crawford has the tools to help manage events effectively and minimize the impact on your business or your customer’s business. Whatever the event, however complex, wherever in the world, Crawford can have experts on the ground, on the phone, and online—instantaneously.

Our Cyber End-to-End Solution Model Crawford is the reliable resource needed to ensure that your cyber-related event is handled instantly by the proper experts.

Blue indicates services performed directly by Crawford.Gray indicates services performed directly by strategic partnerships.

CRAWFORDINCIDENTMANAGER

PublicNotifications

incl. CallCenter

RegulatoryNotifications

FirstNotification

of Loss

PublicRelations

ForensicAccounting

ITForensic

CyberExtortion

Legal

IdentityProtection

3. Forensic Accounting Services Cyber-related event claims often come with large volumes of data—amounts that can be overwhelming for most claim departments. Crawford Forensic Accounting Services (CFAS) has the resources, expertise and experience to handle large volumes of data and provide immediate assistance in developing claims mitigation and settlement strategies. CFAS offers the market a single solution to meet the financial claims needs of clients, regardless of location.

Services

• Advanced loss of profits/delayed start-up• Arbitration and litigation support• Bankers bond• Business interruption• Contingent business interruption• Credit guarantee

Benefits

• High-caliber specialist adjusters with an extremely differentiated skill set, possessing strong commercial knowledge, combined with a deep forensic insight

• Ability to work seamlessly with our full team of adjusters to provide immediate assistance in developing claims mitigation and settlement strategies

• Outcome-driven focus on fast and effective resolution, reducing claims management and legal costs• Leverages the strength of Crawford’s global footprint and organizational infrastructure• Unparalleled customer service experience

Other ServicesIT Forensic • Legal • Regulatory Notifications • Identity Protection • Public Relations • Cyber Extortion

• Fidelity guarantee• Financial liability• Fraud• Malicious product tampering and extortion• Mediation support

2. Public Notifications Whether a cyber-related event affects one or a million customers, an efficient scalable solution is the best way to protect brand integrity and restore confidence, whether insurance coverage is available or not. Social media enables a cyber-related event to get quickly out of hand. The ability to access the right resources to respond to a cyber-related event is a unique ability of Crawford. Our goal is to be an extension of our clients’ customer relations/legal department and provide scalable resources to match the size of the communications needed to respond to customers.

• Customer intake services• Event cause investigation• Individual claim investigation and resolution• Subrogation demand preparation and support services• Loss funding, check issuance and data services• Local contact and legislative landscape• Report capabilities

Customer Intake Services – Our web intake service captures the nature of the inquiry directly from the customer. We then have the ability to respond directly to the customer complaint via automated email response, live Help Desk and proactive outreach services. These services can be provided on an overflow or primary basis depending on the needs of the client.

Event Cause Investigation – We can work with our client and third parties to determine: 1) the source of issue, 2) location and timeframe when customer was affected, 3) pool of potential claimants and 4) likely impact on customers.

Individual Claim Investigation and Resolution – We enable our clients to work in a positive environment for the customer impacted by an event. We will work to confirm claim details and if valid, reimburse claimants for reasonable costs or damages resulting from the event. Any claims that cannot be confirmed as valid will be denied.

Subrogation Demand Preparation and Support Services – Should the event source be a third party, we can assist our client with preparing a demand package to recover payments and expenses as an additional support service.

Loss Funding, Check Issuance and Data Services – We can provide administrative support for an event by providing check issuance services from an account funded by our clients. Additionally, we can provide our standard claim data file for the event that can be consolidated into our clients’ RMIS system as needed.

Local Contact and Legislative Landscape – Due to its global nature, cyber-related events can affect all companies in all markets. Crawford Cyber Risk Services provides solutions through an expansive global network serving clients in more than 70 countries.

Report Capabilities – We can provide and deploy reporting systems that are as simple or as complex as you need. From a simple report on cyber-related events—that can be analyzed at the data field level—to more complex reports that provide detailed costs and analytics, Crawford’s Risk Management Information System offers different levels of applications giving you unprecedented levels of customization.

LOSS MANAGEMENT AND TECHNICALCLAIM ADJUSTING—GTS™ Cyber Risk GroupFor major insurance claim events, the risk and insurance community needs a team of experts with experience and industry focus to evaluate and assess damages under extreme conditions. Crawford GTS® has the largest, most experienced team of strategic loss managers and technical adjusters in the world. We cover virtually every industry and every geographical region. With more nominated senior technical adjusters than any other independent adjusting resource, we have relationships spanning the insurance industry and with many corporations in the Fortune® 1000. Our teams are run by senior insurance professionals who bring skills much broader than claims adjusting. We marshal every resource to minimize the inevitable disruption of business as usual. Our technical adjusting staff function as strategic loss managers, and we offer the security and confidence that every aspect of large losses will be planned, organized and executed at the highest levels of industry, technical and regulatory standards.

The Crawford GTS Cyber Risk Group has experience and expertise in claims focused on: • First-party information and communication technology equipment losses• Outsourcing information and communication technology services (e.g. cloud, web services)

including privacy policies• Data transmission, corruption, loss and recovery• Secure methods of data disposal and deletion of sensitive data• Software, software licensing and the inherent problems associated with bespoke software• Firewall failures, antivirus protection and virus transmission• Electronic and mobile commerce

CRAWFORD CYBER RISK SERVICES provides the very best expertise and with the most developed global network of specialists backed by the largest independent claim organization.

For more information on how Crawford can help you with your cyber-related event, pleasecall 404.300.1284 or email us at solutions@us.crawco.com

www.crawfordandcompany.com

The Crawford SolutionTM

The most comprehensive global solution for claims administration Powered by Crawford iQTM

NYSE: CRD-A, CRD-B | Crawford & Company 1001 Summit Blvd | Atlanta GA 30319 | 800-241-2541

CRAW-CYBERNOTBRO-0416-TC

GCG®

CRAWFORD,® the CRAWFORD Globe logo,® CRAWFORD & COMPANY,® THE CRAWFORD SOLUTION,TM THE CRAWFORD SOLUTION logo,TM BROADSPIRE,® the BROADSPIRE Globe logo,TM CONTRACTOR CONNECTION,® CRAWFORD CONTRACTOR CONNECTION,® CRAWFORD GLOBAL TECHNICAL SERVICES,® CRAWFORD GTS,® GLOBAL TECHNICAL SERVICES,TM GTS,TM the GTS CRAWFORD GLOBAL TECHNICAL SERVICES logo,® RISK SCIENCES GROUP® and RSG® are trademarks or registered trademarks of

Crawford & Company or its affiliates in the U.S. and/or other countries. Foreign trademark registrations may also protect these trademarks. The foregoing is a non-exhaustive list of Crawford’s trademarks and service marks.