Adapting a Cyber-Security Framework

Elissa K. Doroff, Esq. Underwriting and Product Manager

Cyber & Technology Liability

June 17, 2015

1

2

Data Security and Privacy: A Multi-Threat Environment

3

Technology

Internal

Regulatory

External

Old School

A single exposure can result in: • Legal Liability • Vicarious liability for acts of vendors/service providers • Compliance with breach notification laws • Loss of revenue/extra expense due to a system outage • Loss or damage to reputation • Regulatory actions and scrutiny • Loss or damage to data/information

4

Cyber Stats

© 2015, XL Group plc. All rights reserved. MAKE YOUR WORLD GO

5

Current Events

7

8

German Steel Mill

Cyber attack – December 2014

9

Legal and Regulatory Data Protection Measures • Individual State Notification Laws

• California’s Song Beverly Act • Massachusetts Written Information Security Program

(“WISP”) • Delaware recently enacted legislation similar to Cyber

Information Sharing Act (CISA) • National Cybersecurity and Critical Infrastructure

Protection Act • Regulatory Oversight (FTC, HIPAA/HITECH, and GLBA)

10

The Changing Legal Landscape

• Krottner v. Starbucks Corp.

• Clapper v. Amnesty International

• In re Adobe Sys., Inc. Privacy Litig.,

• Spokeo, Inc. v. Robins

• What does the future look like?

11

Types of Coverage Implicated

• Traditional insurance does not respond to all cyber liability. • Errors and Omissions (E&O); • Commercial General Liability (CGL); • Property; • Crime; • Kidnap and Ransom (K and R); • Directors and Officers (D and O);

12

Specific Cyber Coverages

• Cyber & Technology Liability Policy Coverages

• First Party Coverages • Third Party Coverage • Additional Coverage available

by endorsement: • PCI Fines and Penalties • Dependent Business Interruption

13

Emerging Risks….Are we keeping pace?

• The risks and exposures are constantly increasing • Past data breaches do not necessarily predict future

exposures • Bodily injury / property damage to a third party as

the result of a cyber incident? • Cyber War–

How is the Insurance Industry Responding?

14

What does a Cyber Security Framework look like within your organization?

• How important is cybersecurity within the organization?

• How is it viewed from c-suite? • How are your cybersecurity practices responding to

emerging risks?

15

16

THANK YOU QUESTIONS?

Elissa K. Doroff, Esq. Underwriting and Product Manager Cyber & Technology Liability 212.915.6542 Elissa.doroff@xlgroup.com

17

About XL Catlin

• XL Catlin is the global brand used by XL Group plc’s insurance and reinsurance companies which provide property, casualty, professional and specialty products to industrial, commercial and professional firms, insurance companies and other enterprises throughout the world. To learn more, visit xlcatlin.com.

• The XL Catlin insurance companies offer property, casualty, professional, financial lines and specialty insurance products globally. Businesses that are moving the world forward choose XL Catlin as their partner. To learn more, visit xlcatlin.com.

• The XL Catlin reinsurance companies are among the world’s leading reinsurers. They offer products that include aerospace, property, casualty, marine and specialty. The world’s top insurers choose XL Catlin to help move their businesses forward. To learn more, visit xlcatlin.com.

• We are the organization clients look to for answers to their most complex risks and to help move their world forward. To learn more, visit xlcatlin.com.

© 2015, XL Catlin companies. All rights reserved. I MAKE YOUR WORLD GO

18

Legal Disclaimer US • In the US, the insurance companies of XL Group plc are: Greenwich Insurance Company, Indian Harbor Insurance Company, XL

Insurance America, Inc., XL Insurance Company of New York, Inc., XL Select Insurance Company, and XL Specialty Insurance Company. Not all of the insurers do business in all jurisdictions nor is coverage available in all jurisdictions.

• The information contained herein is intended for informational purposes only. Insurance coverage in any particular case will depend upon the type of policy in effect, the terms, conditions and exclusions in any such policy, and the facts of each unique situation. No representation is made that any specific insurance coverage would apply in the circumstances outlined herein. Please refer to the individual policy forms for specific coverage details.

19