Anda di halaman 1dari 29

Cyber Liability Insurance:

Reg Harnish, CISSP, CISM, CISA

Chief Security Strategist
GreyCastle Security
Steve Lobel
Vice President
Anchor Agency
October 17, 2013



Cybercrime Today

Major Trends
1. Increasing business complexity
2. Increasing criminal motivation
3. Increasing availability of
weaponized software

Whats your likelihood of


Case Studies

What is Cyber Liability Insurance?

Network Security and Privacy

New Age Exposure

Presentation by RF Ougheltree & Associates, LLC

Network Security & Privacy Insurance

Many forms and Labels

ClickStream Internet Liability-Hudson

TechVantage- C N A
Cyber Choice -Hartford
MicroTek-United States Liability
NetAdvantage/CyberEdge -AIG
AFB Media Tech-Beazley
Information Security & Privacy-Beazley
Technology Protection-Hiscox
NetGuard-NAS- Lloyds
NetProtect360-C N A

Network Security and Privacy Insurance

Product Differentiation-Scope of Coverage
Cyber lite:
protect employee (Identity Theft Expense)
[ under $500 or undisclosed premium (throw in]
protect company ( personal identity events only)
[$450 to 3,500)
Cyber extra:
protect company (company and personal data for privacy and security perils)
Cyber special edition:
protect company ( company and personal data for privacy and security perils)
Full 1st and 3rd party coverage
[$12,000 + ]

Network Security and Privacy

Product formats

Endorsements to other lines (D&O, E&O, EPL)

Mono line (stand alone) [Coverage Modules]
Multiple line Management Liability package (D&O +,
E&O +, EPL +)

Network Security and Privacy Insurance

Claims Handling




24/7 access to a call center for claim reporting and guidance

An attorney contacts the insured to help with the selection of a lawyer with expertise on applicable
laws and regulations and, if needed, a forensic expert able to investigate and report on the scope of the
breach. An action plan is drawn up.
The insured, with advice from legal counsel and continuing guidance from a breach coach
decides whether and to what extent notification is required. If notification is required, a notification
service provider is chosen to mail out notifications in line with applicable regulations.
The insured and attorney approve notification letters for mailing and a call center service
provider is selected. Q&A scripts for call center employees are prepared.
The notification service provider sends letters, which include an offer of either a credit
monitoring or identity monitoring package to affected individuals.
Individuals who are potentially affected by the breach receive letters and may enroll in the monitoring
services. Credit monitoring enrollment is either online or offline through the
call center. Those enrolled are also eligible for identity theft resolution or fraud support services should
they become a victim of identity theft or fraud caused by a covered breach.
The insured receives reports on the progress of the mailing and credit monitoring enrollment for
continuous monitoring of the event. The Breach Response Team maintains close contact with the
insured and the service providers throughout the process to ensure the breach is handled as effectively
as possible.

Understanding Cyber Liability


Final Thoughts

All businesses are vulnerable AND CAN BE

Cyber liability insurance is an absolute
must in todays risky environment
Cyber liability insurance does not replace
your cybersecurity program

Final Thoughts

Like cybersecurity, cyber liability insurance

requires experts that understand your
business and risks
Crossing your fingers is not a strategy

Everybody has a plan until they

get punched in the face.

- Mike Tyson

GreyCastle Security

(518) 274-SAFE

Anchor Agency

(518) 458-8908