willis towers watson – neca presentation

willistowerswatson.com

Are you ready for a Cyber attack?

Willis Towers Watson – NECA Presentation

5 August 2020

© 2020 Willis Towers Watson. All rights reserved.


OverviewTopics for Today

2© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.

No. Topic

1 Cyber Risk in Context

2 Current Landscape - WTW Global Cyber Data

3 Impacts of a Cyber Attack?

4 How should you prepare for a Cyber attack?

5 Questions and Discussion


NECAGuard Endorsed by NECA, powered by Willis Towers Watson

NECAGuard is the insurance program of choice for NECA members.

Over 350 NECA members currently enjoy the benefits of NECAGuard - endorsed by NECA and powered by Willis Towers Watson.



Willis Towers Watson Cyber CapabilityPractice Overview – Expert Cyber and Technology Risk Advisors


$700m+

20+

540+

600+

100+

In cyber insurance recoveries

Dedicated cyber risk experts globally

Global locations with cyber experts

Current incidents being managed by WTW

Local Cyber Clients

Comprehensive cyber risk management strategies

Market leading cyber insurance solutions and insurance claims advocacy

We deliver:


Cyber Risk in Context – Why are we talking about it?


010101001001011101010101101011010101010010100010101010001010010100110101101010101001010100100101110101010010101010001010010101001001011101010101101011010101010010100010101010001010010100110101101010101001010100100101110101010010101010001010010101001001011101010101101011010101010010100010101010001010010100110101101010101001010100100101110101010010101010001010010101001001011101010101101011010101010010100010101010001010010100110101101010101001010100100101110101010010101010001010010101001001011101010101101011010101010010100010101010001010010100110101101010101001010100100101110101010010101010001010010101001001011101010101101011010101010010100010101010001010010100110101101010101001010100100101110101010010101010001010010101001001011101010101101011010101010010100010101010001010010100110101101010101001010100100101110101010010101010001010010101001001011101010101101011010101010010100010101010001010010100110101101010101001010100100101110101010010101010001010

Estimated in 2019 nearly 90% of organisations experience a critical system downtime event causing

some business interruption.

Ransomware demands have increasing by over 33% in Q1

2020. Regular reports of ransom demands in excess of $1M.

Sophisticated state-based actor has been engaging in sustained cyber-attacks against Australian

organisations.Australia is one of the world’s most hacked countries, according to a list compiled by

security company, Specops Software.

9 in 10 IT executives in Australia reported an increase in the volume of cyber attacks at their organisations in

the past 12 months.


Cyber Risk in Context – What does it mean?

Cyber Risk refers to any risk of financial loss, disruption or damage to the reputation of an organisation resulting from the failure of its information technology systems.


System Controls

Physical Security

Identity and Access

Management

Privacy and Data Security

Governance

Supply Chain

ExposureCounter

Party and Contract

Risk

Social Engineering

Risks

Regulatory and Legal

Training, HR and

Workforce

Stakeholder Risks

Incident Response

and Recovery


The Current Landscape – Willis Towers Watson Global Data


1,150+analysed claims

Root CausesRecord Count


Willis Towers Watson Global Claims Data – Drivers of LossFirst Party Losses



WTW Global Claims Data – Industry and Data Exposed


Industry of Impacted Organisation Type of Data Disclosed


Impacts of a Cyber Attack?

There are a wide range of impacts caused by cyber events, and computer system threats.


Malicious intrusion

Interruption / disruption of computer systems (first

party or third party)

Breach of confidential information (personal & corporate information)

Extortion Event

Financial and reputational harm

Theft of funds

Data loss Unusable computer systems Incident response costs Ransom payment / ransom

expenses Business Interruption: Loss

of net profit Business Interruption:

Increased costs of working First party privacy costs Third party legal proceedings Regulatory investigation,

defence costs and fines Mitigation costs

Unintended Act (e.g. Human error)

System/ technical failure

Computer systems threats Impact

Potential Outcomes


Impacts of a Cyber Attack – Into the BECWhat is a Business Email Compromise attack?

Business Email Compromise (BEC) attacks occur when a third party gains access to business email accounts, or ‘spoofs’ a business email so their emails appear to come from within the company.


ACCC found business email compromise scams caused the highest losses across all scam types in 2019.

410% increase in the number of email fraud attacks detected by Proofpoint.

Telstra identified BEC frauds as the most common types of security incidents facing businesses.

Symantec found 11% of global BEC attacks were committed against Australian companies making Australia the third most common BEC target country.


How should you prepare for a Cyber attack?

Focus on simple principles


What controls and processes will reduce key cyber exposures?

How can you best triage a cyber event and reduce downtime?

Assessment Protection Recovery

What cyber exposures create financial risk to the business?


Preparing for a Cyber attack?Assessment

Key questions to focus on:

How is technology supporting your key business goals and operational objectives?

What are the realistic cyber risks that could affect operations and profitability?

What support would you need to recover from a significant cyber event?

How are these key risks dealt with?

Acceptance? Avoidance? Mitigation? Transfer?



Preparing for a Cyber attack?Protection

Many attacks are “low tech” and play on basic human traits, including our instinct to trust.

Protection strategies should look at both technology control and people risk.

Some good basic strategies to adopt:


Multi Factor Authentication

1Password Hygiene across the Organisation

2Investments in email focused security (filters, gateways)

3

Staff Awareness and Training

4Privilege and Access

5


Preparing for a Cyber attack?Recovery

Organisations commonly need the following support after a data breach:


Support needed Why is it important?

incident response advice and 24/7 assistance from incident responseexperts to triage the event

Extended downtime greatly increases loss. Under some privacy laws breaches must also be reported within 72 hours. Under Australian Privacy Act eligible breaches must be reported as soon as possible within 30 days.

IT Forensics expertise to help identify, contain the incident & repair the problem

A malicious actor may still be in the network or data may still be leaving the business.

Legal advice to determine privacy and other legal obligations arising from the event.

Data breaches commonly create contractual, common law, privacy and regulatory obligations that must be carefully navigated.

Data and system restoration Business interruption and loss will continue until IT assets and systems are restored to their pre-breach state.

Assistance with notifying of regulator and impacted individuals. Regulatory obligation require drafting & sending of notification communications to the regulatory and impacted individuals.

Cashflow and financial supports to meet costs of incident response vendors, recovery and business interruption.

Immediate losses will be incurred for costs to retain incident response vendors, complete triage and manage financial interruption.

PR assistance with communications strategy. Significant breaches commonly attract media and third party interest. Communication guidance helps instil confidence, protect brand and avoid reputational harm.


Preparing for a Cyber attackRecovery support provided by Cyber insurance

Cyber Insurance provides affirmative stand alone coverage to help support and manage the key exposures caused by cyber incidents.


First Party Outcomes Property General Liability Crime Directors

and OfficersProfessional

IndemnityTraditional

Cyber

Ransom Payments

Regulatory investigation and defense costs

Incident response costs

Business interruption: loss of net profit (non- physical damage)

Business interruption: increased costs of working (non - physical damage)

Restoration of data and computer systems

Extortion expenses

First party crime loss (theft of funds)

not covered affirmatively coveredsometimes coveredKey


Preparing for a Cyber attack (continued)Recovery support provided by Cyber Insurance

Cyber Insurance provides affirmative stand alone coverage to help support and manage the key exposures caused by cyber incidents.


Third Party Outcomes PropertyGeneral Liability Crime

Directors and Officers

Professional Indemnity

Traditional Cyber

Third party proceedings: privacy liability

Third party proceedings: network security liability

Third party proceedings: digital media liability

not covered affirmatively coveredsometimes coveredKey


Case Study ExampleA typical data breach

Incident response costs for the engagement of relevant services for cyber extortion and business interruption incidents also attract policy coverage.

For Cyber extortion incidents, this may also include but not be limited to Cyber extortion advice, ransom negotiations, IT forensic costs and Legal services.


Data breach is discovered

(by the Control Group)

Client struggles

with Immediate business

crisisCrisis environment and

need to mitigate a myriad of risks from short term interruption, financial

loss, long term business and reputational impacts and third party liability.

Support from Cyber

Insurance

Breach response assistance:

Client calls a incident response hotline

number shown on the cyber insurance policy to co-ordinate the following services to mitigate the impact of an incident

(where relevant):

Insurer(s)Pays for the costs

incurred to deal with the incident

PolicyholderPresent the insurer with the invoices for

these services

!Incident

is resolved

IT Forensics

LegalServices

Notifiy / Credit

monitoring

PR Costs


Questions? Let’s talk.


More Information:

Visit the NECA Group website: neca.asn.au/group

Get in touch with a NECAGuard Representative on 1300 361 099

Got a question? Click here to ask.

https://neca.asn.au/necagroup/home

https://neca.asn.au/necagroup/content/neca-group-contact-us

willis towers watson – neca presentation

Documents