Upload
others
View
11
Download
0
Embed Size (px)
Citation preview
willistowerswatson.com
Are you ready for a Cyber attack?
Willis Towers Watson – NECA Presentation
5 August 2020
© 2020 Willis Towers Watson. All rights reserved.
willistowerswatson.com
OverviewTopics for Today
2© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
No. Topic
1 Cyber Risk in Context
2 Current Landscape - WTW Global Cyber Data
3 Impacts of a Cyber Attack?
4 How should you prepare for a Cyber attack?
5 Questions and Discussion
willistowerswatson.com
NECAGuard Endorsed by NECA, powered by Willis Towers Watson
NECAGuard is the insurance program of choice for NECA members.
Over 350 NECA members currently enjoy the benefits of NECAGuard - endorsed by NECA and powered by Willis Towers Watson.
3© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
willistowerswatson.com
Willis Towers Watson Cyber CapabilityPractice Overview – Expert Cyber and Technology Risk Advisors
4© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
$700m+
20+
540+
600+
100+
In cyber insurance recoveries
Dedicated cyber risk experts globally
Global locations with cyber experts
Current incidents being managed by WTW
Local Cyber Clients
Comprehensive cyber risk management strategies
Market leading cyber insurance solutions and insurance claims advocacy
We deliver:
willistowerswatson.com
Cyber Risk in Context – Why are we talking about it?
5© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
010101001001011101010101101011010101010010100010101010001010010100110101101010101001010100100101110101010010101010001010010101001001011101010101101011010101010010100010101010001010010100110101101010101001010100100101110101010010101010001010010101001001011101010101101011010101010010100010101010001010010100110101101010101001010100100101110101010010101010001010010101001001011101010101101011010101010010100010101010001010010100110101101010101001010100100101110101010010101010001010010101001001011101010101101011010101010010100010101010001010010100110101101010101001010100100101110101010010101010001010010101001001011101010101101011010101010010100010101010001010010100110101101010101001010100100101110101010010101010001010010101001001011101010101101011010101010010100010101010001010010100110101101010101001010100100101110101010010101010001010010101001001011101010101101011010101010010100010101010001010010100110101101010101001010100100101110101010010101010001010
Estimated in 2019 nearly 90% of organisations experience a critical system downtime event causing
some business interruption.
Ransomware demands have increasing by over 33% in Q1
2020. Regular reports of ransom demands in excess of $1M.
Sophisticated state-based actor has been engaging in sustained cyber-attacks against Australian
organisations.Australia is one of the world’s most hacked countries, according to a list compiled by
security company, Specops Software.
9 in 10 IT executives in Australia reported an increase in the volume of cyber attacks at their organisations in
the past 12 months.
willistowerswatson.com
Cyber Risk in Context – What does it mean?
Cyber Risk refers to any risk of financial loss, disruption or damage to the reputation of an organisation resulting from the failure of its information technology systems.
6© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
System Controls
Physical Security
Identity and Access
Management
Privacy and Data Security
Governance
Supply Chain
ExposureCounter
Party and Contract
Risk
Social Engineering
Risks
Regulatory and Legal
Training, HR and
Workforce
Stakeholder Risks
Incident Response
and Recovery
willistowerswatson.com
The Current Landscape – Willis Towers Watson Global Data
7© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
1,150+analysed claims
Root CausesRecord Count
willistowerswatson.com
Willis Towers Watson Global Claims Data – Drivers of LossFirst Party Losses
8© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
willistowerswatson.com
WTW Global Claims Data – Industry and Data Exposed
9© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
Industry of Impacted Organisation Type of Data Disclosed
willistowerswatson.com
Impacts of a Cyber Attack?
There are a wide range of impacts caused by cyber events, and computer system threats.
10© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
Malicious intrusion
Interruption / disruption of computer systems (first
party or third party)
Breach of confidential information (personal & corporate information)
Extortion Event
Financial and reputational harm
Theft of funds
Data loss Unusable computer systems Incident response costs Ransom payment / ransom
expenses Business Interruption: Loss
of net profit Business Interruption:
Increased costs of working First party privacy costs Third party legal proceedings Regulatory investigation,
defence costs and fines Mitigation costs
Unintended Act (e.g. Human error)
System/ technical failure
Computer systems threats Impact
Potential Outcomes
willistowerswatson.com
Impacts of a Cyber Attack – Into the BECWhat is a Business Email Compromise attack?
Business Email Compromise (BEC) attacks occur when a third party gains access to business email accounts, or ‘spoofs’ a business email so their emails appear to come from within the company.
11© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
ACCC found business email compromise scams caused the highest losses across all scam types in 2019.
410% increase in the number of email fraud attacks detected by Proofpoint.
Telstra identified BEC frauds as the most common types of security incidents facing businesses.
Symantec found 11% of global BEC attacks were committed against Australian companies making Australia the third most common BEC target country.
willistowerswatson.com
How should you prepare for a Cyber attack?
Focus on simple principles
12© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
What controls and processes will reduce key cyber exposures?
How can you best triage a cyber event and reduce downtime?
Assessment Protection Recovery
What cyber exposures create financial risk to the business?
willistowerswatson.com
Preparing for a Cyber attack?Assessment
Key questions to focus on:
How is technology supporting your key business goals and operational objectives?
What are the realistic cyber risks that could affect operations and profitability?
What support would you need to recover from a significant cyber event?
How are these key risks dealt with?
Acceptance? Avoidance? Mitigation? Transfer?
13© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
willistowerswatson.com
Preparing for a Cyber attack?Protection
Many attacks are “low tech” and play on basic human traits, including our instinct to trust.
Protection strategies should look at both technology control and people risk.
Some good basic strategies to adopt:
14© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
Multi Factor Authentication
1Password Hygiene across the Organisation
2Investments in email focused security (filters, gateways)
3
Staff Awareness and Training
4Privilege and Access
5
willistowerswatson.com
Preparing for a Cyber attack?Recovery
Organisations commonly need the following support after a data breach:
15© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
Support needed Why is it important?
incident response advice and 24/7 assistance from incident responseexperts to triage the event
Extended downtime greatly increases loss. Under some privacy laws breaches must also be reported within 72 hours. Under Australian Privacy Act eligible breaches must be reported as soon as possible within 30 days.
IT Forensics expertise to help identify, contain the incident & repair the problem
A malicious actor may still be in the network or data may still be leaving the business.
Legal advice to determine privacy and other legal obligations arising from the event.
Data breaches commonly create contractual, common law, privacy and regulatory obligations that must be carefully navigated.
Data and system restoration Business interruption and loss will continue until IT assets and systems are restored to their pre-breach state.
Assistance with notifying of regulator and impacted individuals. Regulatory obligation require drafting & sending of notification communications to the regulatory and impacted individuals.
Cashflow and financial supports to meet costs of incident response vendors, recovery and business interruption.
Immediate losses will be incurred for costs to retain incident response vendors, complete triage and manage financial interruption.
PR assistance with communications strategy. Significant breaches commonly attract media and third party interest. Communication guidance helps instil confidence, protect brand and avoid reputational harm.
willistowerswatson.com
Preparing for a Cyber attackRecovery support provided by Cyber insurance
Cyber Insurance provides affirmative stand alone coverage to help support and manage the key exposures caused by cyber incidents.
16© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
First Party Outcomes Property General Liability Crime Directors
and OfficersProfessional
IndemnityTraditional
Cyber
Ransom Payments
Regulatory investigation and defense costs
Incident response costs
Business interruption: loss of net profit (non- physical damage)
Business interruption: increased costs of working (non - physical damage)
Restoration of data and computer systems
Extortion expenses
First party crime loss (theft of funds)
not covered affirmatively coveredsometimes coveredKey
willistowerswatson.com
Preparing for a Cyber attack (continued)Recovery support provided by Cyber Insurance
Cyber Insurance provides affirmative stand alone coverage to help support and manage the key exposures caused by cyber incidents.
17© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
Third Party Outcomes PropertyGeneral Liability Crime
Directors and Officers
Professional Indemnity
Traditional Cyber
Third party proceedings: privacy liability
Third party proceedings: network security liability
Third party proceedings: digital media liability
not covered affirmatively coveredsometimes coveredKey
willistowerswatson.com
Case Study ExampleA typical data breach
Incident response costs for the engagement of relevant services for cyber extortion and business interruption incidents also attract policy coverage.
For Cyber extortion incidents, this may also include but not be limited to Cyber extortion advice, ransom negotiations, IT forensic costs and Legal services.
18© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
Data breach is discovered
(by the Control Group)
Client struggles
with Immediate business
crisisCrisis environment and
need to mitigate a myriad of risks from short term interruption, financial
loss, long term business and reputational impacts and third party liability.
Support from Cyber
Insurance
Breach response assistance:
Client calls a incident response hotline
number shown on the cyber insurance policy to co-ordinate the following services to mitigate the impact of an incident
(where relevant):
Insurer(s)Pays for the costs
incurred to deal with the incident
PolicyholderPresent the insurer with the invoices for
these services
!Incident
is resolved
IT Forensics
LegalServices
Notifiy / Credit
monitoring
PR Costs
willistowerswatson.com
Questions? Let’s talk.
19© 2020 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Watson client use only.
More Information:
Visit the NECA Group website: neca.asn.au/group
Get in touch with a NECAGuard Representative on 1300 361 099
Got a question? Click here to ask.