CYBER INSURANCE MEL Educational Seminar PAUL J. MIOLA, CPCU, ARM AREA EXECUTIVE VICE PRESIDENT ARTHUR J. GALLAGHER RISK MANAGEMENT SERVICES Edward Scioli | Account Executive Conner Strong & Buckelew Public Sector Practice APRIL 17, 2015 • Not just insurance coverage Claims for damages by third parties • A variety of services Designed to prevent claims Respond on your behalf Deal with regulators o Make sure you comply Handle Public Relations Takes the burden off of you © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 2 • In the event of a data breach: Notify Employees Notify members of public Notify regulators o State/Multi State o Federal Additional efforts Who has to do this? © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 3 Responsibility lies with the offending entity © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 4 • Cyber claims are infrequent but they do occur • Big name companies are targets but you represent low hanging fruit Lack of formal security and “Privacy Policies” • What if it happens to you? • Will you know what to do? © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 5 • If you pass along a virus or other type of malware, even unknowingly, especially if another entity's customer information is then compromised. © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 6 • An employee gains unauthorized access to another entity's information or if confidential information is disclosed or misused. © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 7 • If an employee knowingly or unwittingly slanders another entity in a blog, e-mail, or in a social media or forum post, or infringes on copyrighted material. © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 8 • If you do not follow federal or state regulations controlling notification of members of the public/employees whose personal data has been compromised. © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 9 © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 10 © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 11 © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 12 What Are You Doing To Control Risk? Knocking on wood — hoping that it won't happen to you — isn't risk management. © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 13 XL Value Added Services • eRisk Hub Go to https://www.eriskhub.com/xl.php Complete Registration Form Access Code – 10448 Once Registered your have immediate access to the portal with User ID & password created during registration The eRisk Hub portal is a one-stop shop that brings you up-to-the-minute cyber risk information — expertise you would spend tens of thousands of dollars in consulting fees and staff hours to attain on your own. © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 14 eRisk Hub • Incident Roadmap – suggested steps to take following a network or data breach incident and free consultation with a Breach Coach® • News Center – articles on major breach events, security and privacy blogs, IT security updates, risk management events and helpful industry links • Learning Center – a library of best-practices articles, white papers and webinars from leading technical and legal practitioners • Risk Manager Tools – self-help for managing cyber risk, including a cyber-risk assessment survey, breach notification guides, what-if modeling tools to estimate the cost of a breach, and research tools to monitor the type, frequency and severity of incidents occurring in your business sector • eRisk Resources – a directory to help you find qualified third-party resources with expertise in pre- and post-breach disciplines © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 15 16 Public Sector Practice © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ 16 17 Public Sector Practice © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ 17 18 Public Sector Practice © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ 18 What More Should You Do To Control Risk? • Are you training employees? © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 19 Reinforcement Tools Protecting your data is too important to leave to once-a-year training. Reinforcement helps you get the message out any time of the year! Articles & Tent Cards Animated Videos Games Posters © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 20 © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 21 Ed Scioli Conner Strong & Buckelew • Claims Reporting and Coverage © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 22 • Breach occurs when an unauthorized 3rd party accesses your network or the network becomes infected with a virus or a denial of service attack. © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 23 And who pays for it? © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 24 Ghost Busters? © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 25 Immediately dial the XL Data Breach Hotline 1-855-566-4724 This is EXTREMELY IMPORTANT! Keep the number handy! © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 26 XL’s Cyber Claim Team They will guide you. But this does not meet the claims reporting requirements! © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 27 proclaimnewnotices@xlgroup.com © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 28 What’s Covered… Data Recovery: • Expenses required to replace, recreate, restore or repair the Insured’s network or information residing on the network to substantially the form in which it existed immediately prior to a breach. © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 29 Additional Exposure… Cyber Extortion: • Coverage provided to reimburse an Insured the amounts paid to avert a credible threat to commit or continue a network attack against the insured or to disclose personally identifiable information © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 30 Crisis Management Costs Data Breach Response • Costs incurred following a breach Forensic costs Public relations costs Legal Fees Mandatory notification costs Credit monitoring Call center Breach coach costs © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 31 Crisis Management Costs • PCI-DSS Response Costs incurred following a PCI-DSS incident Independent forensic investigation Attorney fees Fines and Penalties *Payment Card Industry Data Security Requirements © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 32 Third Party Liability Exposure Privacy Liability • Claims arising from third parties for allegations of: Violation of privacy torts, law and regulations (HIPPA, etal) Theft, loss, unauthorized disclosure of personally identifiable private information Including both on-line and off-line data © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 33 Regulatory Risks Defense • Defense costs resulting from a regulatory investigation or proceeding. Typical enforcement comes from the FTC or AGs. • FTC can charge defendants with violating of Section 5 of the FTC Act, which bars unfair and deceptive acts and practices in or affecting commerce. • The FTC has the power to press legal actions against organizations that have violated consumers’ privacy rights, or misled them by failing to maintain security for sensitive consumer information. © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 34 Media Coverage • Covers the content the Insured disseminates through various means including social media for a defined list of covered perils. Intellectual property infringement Defamation Other personal injury torts © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 35 Third Party Coverage: • Media Liability, Network Security and Privacy Liability $3,000,000 per claim $6,000,000 annual aggregate $25,000 deductible each claim • Regulatory Fines and Penalties sub limit of $1,000,000 • Retroactive date January 1, 2013 * Limits may vary by JIF © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 36 First Party Coverage: • Notification Costs, Extortion Threat, Crisis Management and Business Interruption $3,000,000 per claim limit $6,000,000 annual aggregate $25,000 deductible each claim * Limits may vary by JIF © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 37 • Data Breach Hotline • XL Cyber Claims Team • eRisk Hub © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 38 Paul J. Miola, CPCU, ARM Area Executive Vice President Arthur J. Gallagher Risk Management Services Edward Scioli, Account Executive Conner Strong & Buckelew This presentation will be posted to the JIF websites www.acmjif.org www.burlcojif.org www.tricojif.org © 2014 ARTHUR J. GALLAGHER & CO. | BUSINESS WITHOUT BARRIERS™ Public Sector Practice 39
© Copyright 2024