techassure presentation pdf linkedin

Network Security and Privacy (Cyber Coverage)

Sales and ProductionBrian D. Brown

CyberSpecialist Group

[email protected] 404 849 3004

http://lnkd.in/XXCFi7 This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in

this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.

mailto:[email protected]

http://lnkd.in/XXCFi7

This is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.

2

President – CyberSpecialists Group

3495 Waddeston Way, Suite 101C, Atlanta, Georgia 30319

[email protected]

404 849 3004 Brian is a naEonally recognized expert in Network Security and Privacy (Cyber) exposures and Insurance. He has worked in the Cyber field for over a decade and had a hand in draSing the first Cyber products. He also developed and taught the first CIC classes on e-‐Business risk and insurance responses.

Having worked with both naEonal brokers and carriers, he brings a unique and broad perspecEve to the subject. In addiEon to Cyber experEse, Brian was an account execuEve at naEonal brokers so has a broad range of knowledge and skills in all areas of property and casualty insurance. He has been instrumental, in his career, in developing successful, innovaEve, cuWng edge programs and products for both insurance carriers and brokers.

Brian is an acEve member of the PLUS Southeastern Chapter and a regular speaker for PLUS and RIMS events and seminars. He is also a published author in Property Casualty 360 and the American Bar AssociaEon magazine. In the last month he has an arEcle the Texas magazine, The Insurance Record – September 4, 2014 and another naEonally in The Insurance Journal – September 22, 2014.

In his spare Eme Brian is a freelance fine arEst and a Dad to his three children and current resides in Atlanta, GA.

Brian D. Brown


3

1. Discuss Data Privacy exposures 2. Determine the # of records at risk 3. Explain the costs of a Breach 4. Review causes of a Breach

• Negligence • Rogue Employee • Business Assoc./Vendor • Hacker

5. Present Insurance solution

Typical Sales Process


4

Your Experiences


5

Not Us

Isn’t this already insured?

“BULLETPROOF Security”

I just don’t get this tech stuff

End

Costs Too Much

Apps. – Too Much Work

X

State Security Breach Notification Laws -Forty-seven states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information

http://www.digestiblelaw.com/files/upload/securitybreach.pdf

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) - Health Information Technology for Economic and Clinical Health (HITECH) http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

Gramm–Leach–Bliley Act (Subtitle A: Disclosure of Nonpublic Personal Information, codified at 15 U.S.C. §§ 6801–6809)

• The Safeguards Rule requires financial institutions to develop a written information security plan that describes how the company is prepared for, and plans to continue to protect clients’ nonpublic personal information. 6

Not us?


http://www.digestiblelaw.com/files/upload/securitybreach.pdf

http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

http://en.wikipedia.org/wiki/Title_15_of_the_United_States_Code

http://www.law.cornell.edu/uscode/15/6801.html

http://www.law.cornell.edu/uscode/15/6809.html

Progress on Federal Notification Bill

7

National Data Breach Notification Bill Advances Measure Would Pre-empt State Breach Notification Laws By Eric Chabrow, April 15, 2015.

The House Energy and Commerce Committee approved on April 15 the Data Security and Breach Notification Act by a 29-20 vote, with only Republicans supporting the measure. Even its Democratic co-sponsor, Rep. Peter Welch of Vermont, voted against it.

http://www.databreachtoday.com/national-data-breach-notification-bill-advances-a-8109

https://plus.google.com/109948240304376053479

http://www.databreachtoday.com/national-data-breach-notification-bill-advances-a-8109


Further Federal Intervention

8

House Panel Passes Cyberthreat Info Sharing Bill Democratic Attempts to Limit Liability Safeguards Fail By Eric Chabrow, April 14, 2015.

"If you abide by the provisions of this act," Cedric Richmond (D-LA) said, "then you're exempt from liability. It's just that simple. Instead of adding all these other concepts to the liability language, if we take the time to pass a bill and you abide by it, you have liability exemption. If you don't, then you don't have exemption."

http://www.databreachtoday.com/house-panel-passes-cyberthreat-info-sharing-bill-a-8106

https://plus.google.com/109948240304376053479

http://www.databreachtoday.com/house-panel-passes-cyberthreat-info-sharing-bill-a-8106


9

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

Not Us…Right?

5/12/2014

10© 2014 CyberSpecialist, LLC All Rights Reserved.


•Back

http://www.csid.com/resources/stats/data-breaches-by-industry/ https://www.privacyrights.org/data-breach

http://www.csid.com/resources/stats/data-breaches-by-industry/

https://www.privacyrights.org/data-breach

11

Isn’t This Already Insured?

A. Coverage

2. Property Not Covered Covered property does not include:

n. The following property, except as provided in the Coverage Extension for Electronic Media And Records and Valuable Papers And Records:

(1) Electronic media and records, meaning the following:

(a) Media, meaning disks, drives, CD-ROMs, tapes, cells or other computer software, or any media which are used with electronically controlled equipment. Software includes systems and applications software.

(b) Data, meaning information or facts stored on media described in (1)(a) above. Data includes valuable papers and records converted to data.

(c) Computer program, meaning a set of related electronic instructions which direct the operations and functions of a computer or device connected to it, which enable the computer or device to receive, process, store, retrieve or send data.

ISO BUILDING AND PERSONAL PROPERTY CP-00-10


12

Isn’t This Already Insured?

ISO COMMERCIAL GENERAL LIABILITY COVERAGE FORM CG-00-01 12 04 (Cov. A - BI & PD)


p. Electronic Data Damages arising out of the loss of, loss of use of, damage to, corruption of, inability to access, or inability to manipulate electronic data. As used in this exclusion, electronic data means information, facts or programs stored as or on, created or used on, or transmitted to or from computer software, including systems and applications software, hard or floppy disks, CD- ROMS, tapes, drives, cells, data processing devices or any other media which are used with electronically controlled equipment.

Exclusion Pg. 5 of 15

Endorsement for Cov. B (P &AI)

14

PROFESSIONAL LIABILITY POLICIES HEALTH CARE ORGANIZATIONS AND PROVIDERS PROFESSIONAL LIABILITY, GENERAL

LIABILITY AND EMPLOYEE BENEFIT LIABILITY POLICY - ONE BEACON - HPF-10002-02-13

(12)

(a) unauthorized, unlawful, or unintentional taking, obtaining, accessing, using, disclosing, distributing, disseminating, transmitting, gathering, collecting, acquiring, corrupting, damaging, destroying, deleting, or impairing of any information or data of any kind, including but not limited to any health care or other medical information or Personally Identifiable Health Information; provided, that this Exclusion (D)(12)(a) shall not apply to any Claim for a Professional Services Wrongful Act as defined in DEFINTION (OO)(3); “((3) any inadvertent: (a) publication)”

(b) failure or inability of any computer, computer component (including but not limited to any hardware, network, terminal device, data storage device, input and output device, or back up facility), application, program, software, code, or script of any kind (a “System”) to perform or function as planned or intended, including but not limited to any failure or inability of any System to prevent any hack, virus, contaminant, worm, trojan horse, logic bomb, or unauthorized or unintended accessing or use involving any System;

Be careful of exclusions disguised as sub-limits

•BackThis is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in


15

“Jam Up and Jelly Tight”

BOTTOM LINE There is always an incremental risk – It is unavoidable…

AND IT IS PERFECTLY “OKAY”.

•BackThis is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in


Automatic Sprinkler Analogy

There is no need to get into extremely deep technical details

As with most insurance, one of the underwriting consideration is management concern (resources and focus)

Brief Network Security and Privacy Primer • Architecture • Concerns

oHardware oSoftware oPeople oMobile o“Off network” risks

16

I Just Don’t Get This Tech Stuff


17

I Just Don’t Get This Tech Stuff

Wireless

The Network

Remote Users/Laptops

Vendor

•BackThis is for illustrative purposes only and is in no way complete, or comprehensive.. The use and reliance on all information contained in this presentation is at the users sole discretion. Any and all policy language shall be paramount in all cases.

Realms of “Cyber” Exposures


18

Interest /Need

Complete Application

Obtain Quotes

Present

Bind

Interest /Need

Complete Application

Obtain Pricing

Present

Bind

Obtain Quotes

Traditional Cyber Cycle

BACK

The Sales Process is Now

Flipped


Sample Costs - $1M limit - $250k Sub-Limits Matrix for Community Banks

Revenues BandsOption #1 Premium Range

$0 - $1M $1,000$1M - $2M $1,000 - $1,450$2M - $3M $1,450 - $2,000$3M - $4M $2,000 - $2,350$4M - $5M $2,350 - $2,700$5M - $7.5M $2,700 - $3,500$7.5M - $10M $3,500 - $4,300$10M - $20M $4,300 - $8,150

19 Back


Insurance Pricing How it REALLY works.

20 Back

It’s a very complex process. Insurance can’t be priced like most products, by supply and demand, because the money people pay for it is intended to help protect against the cost of unforeseen future happenings—for example, a fire, a burglary or an auto accident. While many factors are considered in rate making, rates basically are dependent on one major factor—the combined cost of all the losses or claims—known as the company’s loss experience. http://www.pia.org/IRC/qs/qs_other/QS90360.pdf

http://www.pia.org/IRC/qs/qs_other/QS90360.pdf

http://www.pia.org/IRC/qs/qs_other/QS90360.pdf


Insurance Pricing How it REALLY works.

21 Back

'Underwriting Cycle' At the beginning of the cycle, the underwriting business is soft due to increased competition and excess insurance capacity, as a result of which premiums are low. (leading to) lower insurance capacity … enabling insurers to raise premiums and post solid earnings growth. This robust underwriting environment attracts more competitors, which gradually leads to more capacity and lower premiums, setting the stage for a repetition of the underwriting cycle. http://www.investopedia.com/terms/u/underwriting-cycle.asp

http://www.investopedia.com/terms/u/underwriting-cycle.asp

http://www.investopedia.com/terms/u/underwriting-cycle.asp


Bang for Your Buck

Nearly all States have a Safe Harbor provision included in their State Notification Law for Personal Identifiable Information which is

encrypted.

TX –

“Sensitive personal information” only applies to data items that are not encrypted.

Free Sites

https://www.gnupg.org/ http://en.wikipedia.org/wiki/

Comparison_of_disk_encryption_software

And others.22

https://www.gnupg.org/

https://www.gnupg.org/

http://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software


Brian D. Brown

23

[email protected] 404 849 3004

CyberSpecialistGroup.com


http://CyberSpecialistGroup.com

techassure presentation pdf linkedin

Documents