Upload
sora
View
20
Download
3
Embed Size (px)
DESCRIPTION
Technology Media Communications Industry Session. Introductions for Networking Discussion: Deciphering the E&O/Cyber Policy Download slides and handouts at www.rims.org/RIMS14 Or use the RIMS 2014 App (Session # IND021 ). What to Expect Today. - PowerPoint PPT Presentation
Citation preview
Page 1
Recording of this session via any media type is strictly prohibited.
Page 1
Technology Media Communications Industry
SessionIntroductions for Networking
Discussion: Deciphering the E&O/Cyber Policy
Download slides and handouts at www.rims.org/RIMS14 Or use the RIMS 2014 App (Session # IND021)
Page 2
Recording of this session via any media type is strictly prohibited.
What to Expect Today
1. Networking & Optional Exchange of Contact Information2. Trends & Implications3. Group Challenge4. Cyber Coverage Terms5. Where is the E&O/Cyber Policy today6. Proactive Measures to Manage Risk7. RIMS 2015 – Topics for next Tech/Media/Comm Session
Takeaways: Glossary of E&O/Cyber coverage terms Sample Provision Wording
Page 3
Recording of this session via any media type is strictly prohibited.
Introductions for Networking – Speakers• Tim Burke – Marsh FINPRO
West Zone Practice Leader - Commercial Errors & Omissions
• Holly Daley – Willis San Francisco, Tech Media Telecom Practice Former Risk Manager: Hitachi Data Systems, PG&E, Park Lane Hotels
• Lora Figgat – NetApp, Risk Manager, SunnyvaleFormer Risk Manager: Symantec Corporation
• Bert Wells – Partner, Covington & Burling LLP, New YorkPolicyholder-Side Attorney – Insurance Recovery – Transactional Matters – Policy Enhancements
Page 4
Recording of this session via any media type is strictly prohibited.
Introductions for Networking – Participants
Your Name / Company / Location
Download slides and handouts at www.rims.org/RIMS14 Or use the RIMS 2014 App (Session # IND021)
Page 5
Recording of this session via any media type is strictly prohibited.
Macro Trends
• High profile data breaches• Increasing centrality of privacy & IT security• Regulatory scrutiny & evolving legal landscape• Supply chain risk
Page 6
Recording of this session via any media type is strictly prohibited.
The Compliance ScrambleMismatch Implications
• Vendor scrutiny• Contractual risk transfer• Indemnification• Insurance requirements
Page 7
Recording of this session via any media type is strictly prohibited.
E&O/Cyber: Additional Insured Status
a. You as Customer perspective• Why you require AI status from your customers/partners• When your customer/partner will not meet your requirement
b. You as Vendor perspective● Why your customer requires AI status of you as their vendor/partner
● As a vendor, should you provide AI status to customers/partners
c. Additional insured endorsements
Page 8
Recording of this session via any media type is strictly prohibited.
Where Is the E&O/Cyber Policy Today? Standardization - ISO, markets E&O blend vs. stand-alone Prior acts - average discovery lag 253-days Menu of coverage pieces available:
• typically offered• by special request
Page 9
Recording of this session via any media type is strictly prohibited.
Deciphering the E&O/Cyber Policy
Network Security & Multimedia LiabilityCyber Security Liability
Computer Security Insurance Network & Information Liability
Commerce or Internet Security Insurance
Privacy & Network Security Liability
Intellectual Property Insurance Internet Security Liability
Privacy and Security InsuranceCyber & Crime Liability
Data Insurance
Page 10
Recording of this session via any media type is strictly prohibited.
Cyber Insurance OverviewCommon Insuring Agreements
Insuring Agreement ISO Description
Third Party Liability
Network Security Liability Security Breach Liability Network security failure
Privacy Liability Programming Errors and Omissions Liability Failure to safeguard confidential information
Media Liability Website Publishing Liability orMedia Liability
Advertising & Personal Injury
First Party Privacy Expenses
Breach Response Costs Security Breach Expense First party expenses to manage data breach
Privacy Regulatory Actions Not available Defense costs, fines & penalties
First Party Network Interruption
Business Interruption Not available Loss of net income from network down time
Dependent Business Interruption Not available Vendor downtime
Data Restoration Replacement or Restoration of Electronic Data Costs to replace damages information assets
Page 11
Recording of this session via any media type is strictly prohibited.
Deciphering the E&O/Cyber Policy – Glossary
Glossary of cyber insurance terms
Page 12
Recording of this session via any media type is strictly prohibited.
Role Play:What will you do differently next time?
Let’s open dialogue within the group this morning.
Chime Your CEO just sent you an email …
To open: Please turn your chairs into groups of 8-10.
Page 13
Recording of this session via any media type is strictly prohibited.
Role Play: What will you do differently next time?
Congratulations on your brand new job in the Risk Management Department of
ARROW STORES
Following a highly-publicized data breach resulting in a 40% sales decline – and attributable to a vendor’s security lapse – your CEO asks your Risk Management team to get the company back on track. Here is your new email:
Please join me for lunch today in my office at high noon. I would like hear from your team:• Hindsight – Two steps or protocols Arrow could have implemented to avoid this mess.• Lessons Learned – Two steps or protocols you propose we start developing this afternoon.
PERRY N. ARROWCEOARROW STORES, INC.
Page 14
Recording of this session via any media type is strictly prohibited.
Risk Management – Best Practices
• Create Tools to manage contract requirements Provision Templates Playbook Escalate to RM as advised (per SOW, regions, fallback/fallforward)
• Distribute to stakeholders Post on RM site Training and partnering: Legal, Procurement, Sales, Finance
• Develop response protocols Incident reporting directions (coverage assessment) Breach response plan: spokesperson, notification process, legal team identified Breach tabletop exercise
Page 15
Recording of this session via any media type is strictly prohibited.
Playbook– Prepared Responses to Your Customers’ Requirements & Requests (Hypothetical Example
Below)
Request Your Policy Coverage Limit Risk Tolerance
Carve out to limitation of liability for data security to allow for unlimited liability
Security & Privacy liability
$20M Subject to approval, up to $20M
Page 16
Recording of this session via any media type is strictly prohibited.
Sample Contract Provision for Cyber InsuranceVendor shall procure and maintain the following insurance:Errors and Omissions Liability Insurance to cover loss arising from errors and omissions in
the performance of all Services hereunder, including loss arising from destruction of data, in an amount of at least [$_______] per occurrence.
Cyber-Risk, Network Security, or other coverage (regardless of name) to cover the first-party losses and liability of Customer arising from breaches of security of data or computer networks of Vendor or Customer due to Vendor’s acts, errors and omissions, including such losses arising from [specific events or causes]; in an amount of at least [$_______] per occurrence.
[Other types and amounts of coverage as may be required.] Each such liability policy shall name Customer as an Additional Insured for such liability of
the Customer, and each such first-party policy shall name Customer as a Loss Payee. Such insurance shall be worldwide; primary and non-contributing with respect to any insurance or self-insurance of Customer, subject to the reasonable advance approval of Customer and issued by insurers having ratings reasonably satisfactory to Customer.
Page 17
Recording of this session via any media type is strictly prohibited.
Actionable Points & Issues To share with your brokers, insurers, legal teams
• Review coverage wordings• Bring key IT personnel to underwriting meetings• Discuss the reality of claims process
Page 18
Recording of this session via any media type is strictly prohibited.
Wrap Up and Q&A
• Q&A
Page 19
Recording of this session via any media type is strictly prohibited.
Our Next Session: RIMS 2015 in New Orleans
Brainstorm
Topic ideas for our next Tech Media Communications Industry Session
Thank you