Counsel to Counsel Cyber Insurance Supplemental Materials ... · Cyber Risk Management w CYBER IS AN EVOLVING RISK MANY ACTORS, MANY ATTACKS ... BASIC CYBER POLICY ADDRESSES Cyber

Counsel to Counsel 2019

Cyber Insurance Discussion

May 17, 201

MARSH } 2

Cyber Risk Management w

CYBER IS AN EVOLVING RISKMANY ACTORS, MANY ATTACKS

NATION STATE ATTACKS

In 2014, North Korean targeting of a media company with “wiper malware,” disabling networks for more than a week and triggering 7 class action data breach lawsuits.

RANSOMWARE

WANNACRY and PETYA. (2017) targeted the “Eternal Blue” vulnerability for a legacy Microsoft protocol. Self-proliferating capability spreads ransomware worldwide.

INDUSTRIAL CONTROL ATTACKS

CrashOverride (2016) Second known malware designed to disrupt physical systems. Highly adaptable to target specific industrial control systems.

DATA BREACH

For a decade, hackers have persistently and successfully targeted consumer data. Examples include Target, Home Depot, FaceBook, JP Morgan Chase, Anthem.

INSIDER ATTACKS

GEORGIA PACIFIC INSIDER (2014) Terminated systems administrator for remotely hacks into his ex-employer’s industrial control system and caused significant damage.

SYSTEM OUTAGES

Cyber attacks & system failures repeatedly create havoc for airline systems, affecting major carriers as Delta, United, Southwest and British Airways.

DEPENDENT BUSINESS

INTERRUPTION

DYN DDoS (2016) Attackers using the Marai botnet to target a DNS provider with the largest DDoS attack ever recorded, degrading cloud services and websites worldwide.

MARSH } 3


Coverage Description

Network Interruption/Extra Expense

Loss of income and/or extra expense resulting from interruption, partial disruption or suspension

of computer systems due to a failure of technology.

Dependent business interruption: Loss of income and extra expense as a result of a cyber breach

on a critical vendor’s network.

Supply Chain Disruption: Loss of income and extra expense as a result of a cyber breach that

affects a counterparty (scheduled to the policy) who is outside of your network.

Data Asset ProtectionCosts to restore, recreate, or recollect your data and other intangible assets (i.e., databases, software,

applications) that are corrupted or destroyed by a computer attack.

Data Breach Event Management

Costs to provide the following costs resulting from a privacy breach:

Forensic service; Breach notification services (including legal fees, call center, etc.); Identity/fraud

monitoring expenses; public relations.

Cyber ExtortionCosts of consultants and extortion monies for threats related to interrupting systems and releasing

private information.

Privacy Liability

Defense and liability for failure to prevent unauthorized disclosure of confidential information

(including failure of others to whom you have entrusted data). Coverage extends to personally

identifiable information and confidential information of a third party.

Network Security Liability

Defense and liability for failure of system security to prevent or mitigate a computer attack including

but not limited to spread of virus or a denial of service. Failure of system security includes failure of

written policies and procedures addressing technology use.

Regulatory Defense Costs

Costs to defend a regulatory action or investigation due to a privacy breach, including indemnification

for any fines or penalties assessed.

Media Liability Defense and liability for media tort from online publication (libel, disparagement, misappropriation of

name or likeness, plagiarism, copyright infringement, negligence in content).

CYBER RISK TRANSFERCyber Insurance Coverage Overview

MARSH } 4


CYBER COVERAGE SPECTRUM CYBER RISKS

BASIC CYBER POLICY ADDRESSES

Cyber Incident Response (legal and forensic costs, data breach mitigation, public relations)


Privacy Regulatory Investigations

Cyber Extortion

IT Network Business Interruption

Restoration of Data and Cyber Assets

REQUIRES TAILORED CYBER POLICY

Voluntary Shutdowns

Bricking

System Failure Business Interruption

IoT & Product Security Risk

Network Security Regulatory Investigations

Dependent Network Interruption

EITHER P&C, CYBER EXCESS DIC, ORA CYBER GAP EXCLUSION BUYBACK

1st Party Property Damage

Bodily Injury / 3rd Party Property Damage

Intellectual Property Risks

Property

Casualty

PhysicalEvents

Non-Physical Events

First-Party Loss

Third-Party Claims

KEYS TO PROGRAM ALIGNMENT

Generally, a traditional P&C tower should focus on physical events, while the cyber tower should focus on non-physical events.

As cyber events become more complex, the potential for conflict between in P&C, Aviation, Crime, and other towers with the Cyber tower increases.

Sometimes overlap is inevitable, and may even be desirable (e.g., free coverage extensions, legacy coverage enhancements).

Other Insurance clauses for all programs should always be aligned.

Cyber

EVOLUTION OF COVERAGEOPTIONS FOR INSURING AGAINST CYBER RISK

MARSH } 5


Moved quickly across networks, by capturing passwords and administrator rights.

Serious disruptions to

government systems, critical

infrastructure and multiple

global businesses, resulting in

over $1 billion aggregate losses.

Encrypts computer files and demands $300 Bitcoin ransom –but ransom feature not functional, effectively destroying data.

HOW CYBER INSURANCE RESPONDSNotPetya Case Study

Cyber Insurance Response to Petya-like Events

Ransomware encrypts data,

seizing systems, and disrupting

operations.

Implementation of contingency plans and remediation

steps.

Customer service and invoicing are delayed. Operations resort to manual processes.

Network remediation continues.

Potential litigation from adversely

affected customers and business associates.

Coverage triggers as a result of the security failures, including any voluntary shutdown to mitigate harm.

Policy reimburses costs for retained counsel and computer forensic experts.

Policy reimburses cost of executing cyber incident response plan, including extra expense for redundant facilities.

Mitigation costs include reasonable cost to repair systems.

Reimburses revenue lost from reduced efficiency, including expense of retaining additional personal.

Extra expense also includes cost of forensic accounting to documentation to document the loss

Reimburses defense costs and damages.

Reimburses legal costs from any regulatory investigation.

MARSH } 6


CYBER ANALYTICS

MARSH } 7


THE MARSH APPROACHMarsh Approach to Assessing Cyber Risk

ASSESS & IDENTIFY SECURE & INSURE RESPOND & RECOVER

Understanding your attack scenarios

and risk profile is vital to addressing

cyber risks. We help you identify

assets, quantify the threat

environment, assess your controls,

and model the potential impact of

events.

Managing your cyber risks means

preparing your business for the

inevitable event. We help you

optimize the security controls that

protect and detect threats, and

transfer exposures off your balance

sheet.

Quick, effective response to a cyber

event is crucial for your business.

We guide and support you through

the event, and enhance your

protection moving forward.

Data -1st Party

Data Breach-Liability


Cyber Extortion

Cyber TerrorismNetwork

Interruption

IP Theft

Confidential Data Theft

PD/BIDependent

Network Interruption

RegulatoryRisk

Frequency

Seve

rity

Key risks include …

Interruption to Complex Networks

Dependency on outsourced vendors

Disruption of distribution networks

Bodily Injury/Property Damage

Cyber terrorism

Increased Regulatory Scrutiny

Marsh Uses Proprietary Tools to Assist with Each Stage of Cyber Risk Management

MARSH } 8


Marsh’s Cyber Self-Assessment provides a maturity analysis of an organization’s cybersecurity program based on user responses.

Marsh Cyber Self-Assessment utilizes key elements from multiple cybersecurity frameworks, including the NIST CSF, CIS CSC-20, and ISO 27001.

Results are presented using the five traditional NIST CSF functions: Identify, Protect, Detect, Respond, and Recover, and can be used as a diagnostic for all stakeholders in the firm.

ASSESS AND ANALYZECybersecurity Controls Self-Assessment

MARSH } 9


Cyence uses non-invasive data analysis to

define cyber risk.

Evaluates factors like incentives for bad

actors to target your company, signs of

vulnerabilities, level of insider risk, and

evidence of current compromise.

Non-invasive assessment provides a

tool for assessing cyber risk throughout

the company.

Comparative scoring against a peer

group based on overall sophistication

and targetability.

Risk scoring vs peers

ASSESS AND ANALYZECyence Non-Invasive Threat Assessment

MARSH } 10


Comparative Demographics

Peer Group Size: 60

Industries Included: Pharmaceutical and Biotech Manufacturing

Annual Revenue Range $1-50B

Countries Included United States

Cyence Average: All Cyence-rated Companies

Motivation and Perceived Susceptibility

Cyence Overall Threat Risk Score

• 17th highest Overall Threat Risk versus Peers.

• 1.20x lower threat risk than Peer average.

• 9.40x higher threat risk than Cyence average

Legend

Client Threat Rating

Peer Range

Peer Group Average

Cyence Average (all companies in Cyence database)

Relative Threat Scale1x 10x 100x 1,000x

Perceived Susceptibility

Mo

tiva

tio

n

CLIENT NAME.

Peers Peer Average

The Overall threat rating includes two components:

• Motivation evaluates the human behaviors and economics elements of cyber threats. Motivation considers a wide range of non-technical factors.

• Perceived Susceptibility measures a network’s apparent technical vulnerability to attack. This external perception may vary from the actual state of the control environment.

Motivation Score:

• 47th of 60 peers, 78th percentile vs. Peers

Perceived Susceptibility Score:

• 39th of 60 peers, 65th percentile vs. Peers

Cyence Overall Threat Risk Rating Report date: May 2018

• Marsh uses a cyber threat model developed by Cyence, a leading cyber security analytics services provider

• Cyence externally and non-invasively monitors organizational threats to create an Overall Threat Risk Rating that measures an organization’s projected likelihood to experience a cyber event over the next 12 months.

MARSH CYENCE SNAPSHOT

MARSH } 11


Assess & Analyze

Respond & Recover

Secure & Insure

Marsh analysts collaborate with you using the purpose-built CyberXQ tool to develop and analyze cyber event scenarios.

Combines the power of Marsh’s expertise in both cybersecurity and risk analytics.

A systematic building block approach to estimating cyber risk exposure:

Cyber Event Classes

Cyber Event Elements

Scenario Narrative

Proprietary cost models for a wide range of impacts

CyberXQ Unique Features

CyberXQ analysis provides cyber exposure data analysis required for informed risk transfer decision making.

CyberXQ Delivers

Complete, concise report documenting the scenario, key assumptions, and impact in dollar terms.

Informs discussion about insurance gaps, limits, and coverage.

Quantifying prioritized cyber risk scenarios of most interest provides clients with actionable information that:

Illuminates the diverse financial impacts that these events may cause.

Helps identify priorities for mitigation actions.

Highlights insurance policy coverage requirements.

Project duration – approximately 20 working days.

Note: Two pages of an example report shown. A completed report provides multiple pages of detailed information about the specific scenarios selected for analysis.

MARSH } 12


ASSESS AND ANALYZE Cyber IDEAL - Privacy Breach Cost Modeling

Marsh’s industry-leading privacy breach cost model includes frequency and severity models, customized to your unique

exposures.

• Marsh uses a dynamic decision support tool created by Marsh’s cyber and actuarial experts

to project a full range of outcomes over first and third party data breach costs around cyber

breach events.

• Modeling is company-specific, and predicts a range of outcomes across frequency and

severity, accounting for your unique threat environment and cybersecurity program maturity.

Key Assumptions

• Number and type of records (PCI, PHI, PII).

• Cost per record calculated through historical loss data and available studies; breaches randomly generated to create events.

• Severity is calculated by multiplying records breached by a cost per record.

MARSH } 13


Cyber Perils Property CGL E&O Crime Cyber

Physical Damage caused by Cyber Incident.

Liability for failure of network security (ex. failure to prevent unauthorized

access, spread of a virus or a denial of service)

Liability for failure to prevent unauthorized access to personal data

(customer or employee).

Liability for not properly notifying of a privacy breach.

Costs to defend an action by Attorney General, FTC, or other regulator

due to a privacy breach. Including related fines/penalties.

Costs to respond to a breach, including forensics credit monitoring, call

centers, public relations and forensic investigations.

Liability for publication torts for online content (libel, slander,

disparagement, misappropriate of name or likeness, trademark,

copyright, plagiarism, copyright infringement, etc.)

Business Interruption due to a material interruption in an element of your

computer system due to failure of computer or network security –

including administrative errors.

Dependent Business Interruption due to a vendor incurring an outage as

a result of a security failure or system outage.

Costs of consultants and extortion monies for threats related to

interrupting systems and releasing private information.

“Cyber Insurance” fills gaps in traditional insurance programs. However, in some cases limited coverage may exist

depending on case law and specific exclusions. Marsh can conduct a policy gap analysis to determine what

coverage may be available to respond to claims and losses in the event of computer attack, breach of privacy, or

loss of confidential information.

Not coveredCoveredCoverage is neither explicit granted or denied, or may partially exist.

ASSESS AND ANALYZEInsurance Gap Analysis

MARSH } 14


Service Description

Cyber Business Interruption Quantification (CBIQ)

Help clients determine likely revenue exposure from cyber attack events on critical systems and processes. Specific, qualitative scenarios to support risk retention / risk transfer strategy, including limits decisions. Justification of remediation and mitigation strategies / efforts. Concrete data to demonstrate to senior management and BOD why decisions were made.

Board of Directors Cybersecurity Seminar

Help prepare the Board members to carry out their fiduciary responsibility in cybersecurity. 2 to 4-hour session with full Board in a seminar format. Range of topics inform Board members on what they need to know about cyber, e.g.: fiduciary responsibility, expectations of management, cyber metrics, cyber risk management strategy. Case studies of illustrative recent events.

Cyber Awareness Training

Training designed to increase employee awareness of cybersecurity risks. Includes instruction on the company’s Authorized Usage Policy. Defenses against phishing and other social engineering tactics. Overview of mobile device security practices.

Controls Performance Testing

Application of special tools to determine how well enterprise cybersecurity controls perform. Indicators of Compromise. Adversary Simulation. Vulnerability scans/ penetration testing.

Operational Procedures Development

Review and development of operational procedures documents based on best practices. Vulnerability Management/Patch Management procedures. Ransomware response procedures. Malware eradication procedures. Incident Escalation procedures.

Enterprise Cybersecurity Policy Review

Review of the enterprise cybersecurity policy based on best practices and guidance from authoritative sources including National Institute of Standards and Technology, SANS, ISACA, and ISO 27000-series standards.

Cybersecurity Threat Intelligence

Detailed industry-specific cybersecurity threat intelligence briefing encompassing nation-state, organized crime, terrorist, hacktivists, and other organized threat actors.

Client Prep for Self-Assessments

Support of prep calls for security self-assessments.

ASSESS AND ANALYZEMarsh Risk Consulting Cyber Services

MARSH } 15


SECURE AND INSURECyber Insurance Market Trends

In Q2 2017, cyber rates decreased by an average of 1.7% for all industries within Marsh’s client base.

Renewals delivered decreases to 38% of our clients, when compared to 23% in Q2 2016. This is higher than in any of the previous four quarters. Twenty-seven percent of clients renewed with an increase, compared to 52% in Q2 2016.

Overall, insurer appetite remains strong, with a market-wide focus on growth in 2017. Competition among insurers strengthened for clients in all revenue segments and all industry sectors. Clients continue increasing their total program size and ascertain “full limits” on all insuring agreements. New entrants continue to emerge domestically and abroad.

Cyber capacity exceeds $1.5 billion globally. Total program size varies with industry and coverage, with many large towers placed between $200 - $500 million.

Several insurers have begun offering large blocks ($50m+) capacity (incl. AIG, Chubb, Beazley/Munich Re).

-25%

-20%

-15%

-10%

-5%

0%

5%

10%

15%

20%

Q2' 2016 Q3' 2016 Q4' 2016 Q1' 2017 Q2' 2017

Total Premium Rate Change - All IndustriesSource: Marsh Global Analytics (Marsh Clients)

Avg 6.9%Median: 0.6%

Average: 5.2%

Median: 1.3%

Average: 1.4%

Median: 0.0%

Average: -1.7%

Median: 0.0%

Average: -1.5%

Median: 0.0%

♦Average Third Quartile First Quartile

MARSH } 16


SECURE AND INSUREMarketplace

Capacity

$1.3B in notional capacity, heavily domiciled in the US. Large towers are typically $200-$500M.Common primary markets: AIG, XL, Zurich, Lloyds.

Coverage

Enhancements have been introduced to address the needs

of more industrial customers. E.g. system failure, business

interruption.

Appetite

Underwriting process is increasingly thorough. Tech E&O and manufacturing remain favorable classes for many insurers.

Retentions

For organizations >$1B in revenue, retentions >$1M often

lead to full limits across all insuring agreements. Increasing

retentions leads to nominal premium savings.

Pricing

Premium is heavily dependent on industry, security controls, limitations of liability within contracts, retention level, coverage requests, and loss history.

MARSH } 17


$22

$10 $10 $10

Average Median 1st Quartile 3rd Quartile

17

Total Limits ($Millions) – 13 PeersMax: $100 Min: $5

Peer Group Pricing Summary Average Median 1St Quartile 3rd Quartile Max Min

Total Revenues (Millions) $2,772 $1,992 $1,665 $2,528 $10,282 $1,105

Total Premium (Thousands) $324 $119 $88 $252 $1,910 $52

Primary Limit (Millions) $10 $10 $10 $10 $15 $5

Retention (Thousands) $612 $250 $150 $250 $5,000 $100

Primary Price Per Million $16,822 $14,476 $11,020 $20,010 $42,346 $5,166

Total Price Per Million $13,685 $11,909 $10,947 $15,525 $25,150 $5,166

Primary Industry

Revenues

Peers Based on your Selection

Life Sciences

$1 Billion - $15 Billion

13

SECURE AND INSUREPeer Comparison

MARSH } 18


SECURE AND INSUREMarsh Cyber Echo/BMEX

Following a series of high-profile cyber losses, underwriters have become more selective, and in some cases are reducing the amount of capital that they are willing to deploy on certain risks — especially those involving health care and payment card data. This trend is particularly acute in the excess cyber market, where rates have more than doubled in the US over the last 12 months. To address this issue, Marsh’s Cyber ECHO provides access to additional insurance capacity that can be deployed efficiently on favorable terms and conditions — bringing more stability to the volatile market for excess cover.

Who it’s for:

Marsh clients exclusively — public and private companies that purchase (or would like to purchase) more than $5 million of cybercover per year.

Companies of all sizes and industries.

What you get:

Up to $50 million in limits, excess of an underlying cyber cover.

Clear and concise policy wording:

True follow-form language.

Pre-priced options to reinstate the ECHO excess limit after insurers are notified of a cyber event during the policy period.

Innovative structure designed to avoid issues that could complicate or delay insureds from recovering on a loss under a more traditional excess policy structure.

An efficient placement process, in which several insurers’ capital can be assessed through one lead insurer.

Claims approvals are limited by Lloyd’s claim protocols.

The financial strength of Lloyd’s syndicates.

Additionally, Marsh BMEX Cyber offers exclusive, dedicated excess capacity through Bermuda that can be deployed efficiently on favorable terms and conditions, and is available to public and private companies of any size, in any industry. This is up to $25M in limits, excess of underlying cyber cover, with true concise follow-form coverage and pre-priced options to reinstated BMEX excess limit after insurers are notified of a cyber event during the policy period. Further includes DIC cover for punitive damages, fines, or penalties when the exposure is deemed uninsurable in the applicable jurisdiction.

MARSH } 19


RESPOND AND RECOVERClaims Advocacy

Among the methods that we employ to make the claims process easier:

Provide day-to-day claims assistance on claims issues and claims handling matters including breakdowns in the claims handling process.

Provide oversight for all high exposure and sensitive claims and will work with the insurer, and defense counsel, to manage the claim to a successful conclusion.

Assist in the resolution of coverage disputes responding to coverage questions, declination of coverage and reservation of rights letters.

Facilitate four claim reviews annually so that you may understand the financials associated with your exposures and resolution strategies that will form the basis for claim closures.

Assist in developing settlement strategies that recognize your business issues or concerns in resolving claims in a timely and cost effective manner.

Assist with litigation management issues that impact claim settlements (i.e. choice of counsel, primary and excess insurer involvement, and communications).

Conduct an annual stewardship review with the market/TPA that includes information to measure the effectiveness of the cost containment programs and the overall program performance.

MAKING THE CLAIMS PROCESS EASIER

Ongoing monitoring of significant developments concerning relevant substantive law, coverage issues, and legal and business trends that may potentially impact your exposures and programs.

Ongoing monitoring of significant developments concerning relevant substantive law, coverage issues, and legal and business trends that may potentially impact your exposures and programs.

RENEWALCIRCUMSTANCES

GIVING RISE TO A CLAIMCLAIM INITIAL ADVOCACY

COVERAGE AND NEGOTIATION ADVOCACY

RESOLUTION ADVOCACY

Negotiate and draft manuscript wording.

Provide advice on whether to provide notice and the ramifications offiling a claim.

Evaluate coverage for the claim.

Assist with the approach ofdefense counsel.

Coordinate communications with insurers, defense and coverage counsel.

Analyze reservationof rights letters and assist in preparing effective responses.

Help ensure timelyand appropriate advancement of defense costs.

Provide innovative solutions and approaches.

Offer zealous advocacy with insurer senior management (claimsand underwriting).

Timely report of claim under all applicable policies.

Unsurpassed Technical Expertise + Strong Relationships with Major Insurers = Favorable Claim Resolution

Leverage Marsh Claims Advocacy and market presence to drive overall claim process. MRC’s Crisis Response services to coordinate and support event response. MRC’s Financial Advisory Services (FAS) to drive claim recovery.

MARSH } 20


APPENDIX: CYBER LOSSES - PETYA

MARSH } 21


PETYAReported Financial Impact

Industry Financial Impact Loss Description

Reckitt Benckiser

Consumer Goods

Employees: 37,000

Revenue: 2016 Annual: £10bn ($13 bn)2017 Q1: £2.64bn ($3.4 bn)

2017 HY-1: £5.01 bn ($6.54 bn)2017 Q2: : £2.47bn ($3.2 bn)

2017 Q2 LFL Net Growth Rate: -2%H1 LFL net revenue decline of -1%

“Weakness was primarily driven by the known issue of Scholl / Amopé Wet & Dry Express Pedi launch in 2016, which failed to meet our expectations, and the recent, cyber-attack on 27 June.”

“From an operational perspective, as expected we had a tough first half, with challenging conditions exacerbated by a sophisticated cyber-attack.”

July 24, 2017 H1 Earnings Report“Systems were recovered progressively from 3 July. By 11 July most of our manufacturing sites were producing close to normal capacity. There are, however, a number of activities which will take until the end of August to complete in full and we continue to face some operational disruption. Key impacts have been reduced factory operations, delayed shipping and invoicing, and in somecircumstances, lost sales. We believe we have materially quantified the impact of this cyber-attack onour trading.”

July 6, 2017, Press Release"The attack did disrupt the company's ability to manufacture and distribute products to customers in multiple markets across the RB Group. Consequently, we were unable to ship and invoice some orders to customers prior to the close of the quarter.”

Mondelez International, Inc(NASDAQ:MDLZ)

Food and Beverage Manufacturer

Employees: 90,000

Revenue: 2016 Annual $26 bn2017 Q1: $6.41 bn2017 Q2: Aug. 2

2017 Q2: TBD

“Our preliminary estimate of the revenue impact of this event is a negative 300 basis points on our second quarter growth rate. “We expect to incur incremental one-time costs in both our second and third quarters as a result of this issue, but our underlying margin progress continues to be in line with our outlook of mid-16 percent for the full-year.”

July 6, 2017 Press Release“Shipping and invoicing were disrupted during the last four days of June due to the computer virus.”

“Also, in a few of the markets, the company permanently lost some of its revenues due to holiday feature timing”

MARSH } 22



Saint Gobain Manufacturing (Industrials)

Employees: 170,000

Revenue:2016 Annual: €39.1bn ($44 bn)

2016 H1: €19.5 bn ($22.8 bn)2017 H1: €20.4 bn ($23.8 bn)

2017 H1: Organic growth at 3.5% with volumes up 1.7% despite a negative impact of around €220 million (1.1%) resulting from the June 27, 2017 cyber-attack, fully in line with our July 13, 2017 announcement.

“The cyber-attack is estimated to have had a negative impact of €220 million on first-half sales and of €65 million on first-half operating income.

Over the full year, the negative impact is estimated at less than €250 million on sales and €80 million on operating income, with July including additional losses in some businesses in the first few days of the month, a claw-back of June sales, and costs associated with re-starting operations.”

2017 H1 Earnings Statement On June 27, 2017, Saint-Gobain experienced an important cyber-attack, which led to information system downtime and supply chain disruptions. IT systems were quickly restored and all of our operations had returned to normal by July 10.

July 13, 2017 Press Release“IT systems were disconnected to stop the spread of the virus and back-up working modes were immediately activated in all businesses of Saint-Gobain.”

FedEx

(TNT Express)

Logistics/Shipping

Employees: 400,000

Revenue 2017 Annual: $60.3

bn 2017 Q4: $15.7 bn

“Given the recent timing and magnitude of the attack, in addition to our initial focus on restoring TNT operations and customer service functions, we are still evaluating the financial impact of the attack, but it is likely that it will be material.

We do not have cyber or other insurance in place that covers this attack. Although we cannot currently quantify the amounts, we have experienced loss of revenue due to decreased volumes at TNT and incremental costs associated with the implementation of contingency plans and the remediation of affected systems.”

July 17, 2017 10-K Press ReleaseWe are currently focused on restoring remaining operational systems, along with finance, back-office and secondary business systems. We cannot yet estimate how long it will take to restore the systems that were impacted, and it is reasonably possible that TNT will be unable to fully restore all of the affected systems and recover all of the critical business data that was encrypted by the virus.

June 28, 2017 Press Release“While TNT operations and communications systems have been disrupted, no data breach is known to have occurred.”


MARSH } 23



Nuance Communications

(NASDAQ: NUAN)

Communications

Employees: 14,000

Revenue: 2016 Annual: $1.95

bn 2017 Q1: $496 ml 2017 Q2: $499 ml 2017 Q3: Aug. 8

TBD – Aug 8 2017 Q3

Approx $15 million in lost revenue for Q3 (expected)

“Nuance expects fiscal third quarter GAAP revenues to be between $485.0 million and $489.0 million and non-GAAP revenues to be between $494.0 million and $498.0 million. The company estimates that, had the malware incident not occurred, third quarter GAAP revenues on a pro forma basis would have been between $500.0 million and $504.0 million and non-GAAP revenues on a pro forma basis would have been between $509.0 million and $513.0 million.”

July 21, 2017 Press Release“Nuance expects the malware incident to have an impact on its financial results for third fiscal quarter of 2017, primarily owing to the loss of healthcare transcription revenues in the final week of the third quarter and the inability to fulfill partner orders for imaging products during the same period.”

“While Nuance has made significant progress in remediating systems related to the malware incident, the company nonetheless expects a material effect on financial results for its fourth fiscal quarter of 2017.”

July 5, 2017 Blog Post“As soon as we became aware of the malware, we immediately took measures to contain it and assess the extent of its effects on our network, including taking certain systems offline regardless of whether they had been impacted.”

“Our healthcare business has been the most affected. We are doing everything within our power to support our healthcare customers and provide them with the information and resources they need to provide quality patient care, including offering an alternative transcription system and additional Dragon Medical solutions.”


MARSH } 24



Moller-Maersk

Transportation/Logistics/Energy

Employees: 88,000

Revenue: 2016 Annual: $35.4 bn 2017 Q1: $9 bn 2017 Q2: Aug. 16

TBD – Aug. 16 - Q2 Report

June 28, 2017, Maersk Tweet“A number of IT systems are deliberately shut down across multiple sites and select business units, also impacting email systems”.

June 29, 2017 Maersk Tweet“For APM Terminals the situation continues to improve. Impacted terminals have implemented business continuity plans and operations teams are carefully implementing IT solutions that will restore full operations.”

Merck

(NYSE: MRK)

Pharmaceutical

Employees: 68,000

Revenue: 2016 Annual: $39.8 bn 2017 Q1: $9.4 bn

TBD – Q2 Report Aug 3

June 28, 2017, Merck Tweet“We immediately shut down our IT systems as a precautionary measure to help contain the problem and, where needed, moved to business continuity plans.”

WPP

Advertising/Media

Employees: 205,000

Revenue 2016 Annual: £14.4 bn

($18.8bn) 2017 Q1: £ 3.6 bn ($4.7

bn)

TBD June 29, 2017 Press Release“As soon as we became aware of the attack on Tuesday 27 June, we took appropriate precautionary measures, including shutting down systems to protect business and client operations and data.”

DLA PIPER

Professional Services: Legal

Employees: 4000 attorneys

Revenue 2016 Annual: $2.5 bn

TBD July 3, 2017 Press Release“Following the widely reported malware incident that occurred on Tuesday 27 June, we have brought our email safely back online, and continue to bring other systems online in a secure manner.”

“The firm took immediate steps to contain the threat, and we have seen no evidence that client data was taken or that there was a breach of confidentiality of that data.”


MARSH } 25


PETYA Global Impact for Companies in All Industries

Industry News Article

Reckitt Benckiser Manufacturing (Consumer Goods)July 24, 2017 H1 Earnings ReportJuly 6, 2017, Press Release

Saint Gobain Manufacturing (Industrials)2017 H1 Earnings Statement July 13, 2017 Press Release

Mondelez International, Inc(NASDAQ: MDLZ)

Food and Beverage Manufacturer July 6, 2017 Press Release

July 10, 2017 Yahoo News

WPP Advertising/Media June 29, 2017 Press Release

FedEx(TNT Express)

Logistics/ShippingJuly 17, 2017 10-K Press ReleaseJuly 6, 2017 Press Release

AP Moller-Maersk Transportation/Logistics/EnergyJune 28, 2017, Maersk TweetJune 29, 2017 Maersk Tweet

Merck(NYSE: MRK)

Pharmaceutical June 28, 2017, Merck Tweet

NuanceCommunications(NASDAQ: NUAN)

CommunicationsJuly 21, 2017 Press ReleaseJuly 5, 2017 Blog Post

DLA PIPER Professional Services: Legal June 28, 2017 Press Release

This document and any recommendations, analysis, or advice provided by Marsh (collectively, the “Marsh Analysis”) are intended solely for the

entity identified as the recipient herein (“you”). This document contains proprietary, confidential information of Marsh and may not be shared

with any third party, including other insurance producers, without Marsh’s prior written consent. Any statements concerning actuarial, tax,

accounting, or legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as

actuarial, accounting, tax, or legal advice, for which you should consult your own professional advisors. Any modeling, analytics, or projections

are subject to inherent uncertainty, and the Marsh Analysis could be materially affected if any underlying assumptions, conditions, information,

or factors are inaccurate or incomplete or should change. The information contained herein is based on sources we believe reliable, but we

make no representation or warranty as to its accuracy. Marsh shall have no obligation to update the Marsh Analysis and shall have no liability to

you or any other party with regard to the Marsh Analysis or to any services provided by a third party to you or Marsh. Marsh makes no

representation or warranty concerning the application of policy wordings or the financial condition or solvency of insurers or reinsurers. Marsh

makes no assurances regarding the availability, cost, or terms of insurance coverage. All decisions regarding the amount, type or terms of

coverage shall be your ultimate responsibility. While Marsh may provide advice and recommendations, you must decide on the specific

coverage that is appropriate for your particular circumstances and financial position. By accepting this report, you acknowledge and agree to the

terms, conditions, and disclaimers set forth above.

Copyright © 2017 Marsh LLC. All rights reserved.

Documents

Counsel to Counsel Cyber Insurance Supplemental Materials ... · Cyber Risk Management w CYBER IS AN EVOLVING RISK MANY ACTORS, MANY ATTACKS ... BASIC CYBER POLICY ADDRESSES Cyber