SlideShare ist ein Scribd-Unternehmen logo

Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai

Als PPTX, PDF herunterladen
Aftab Hasan
Aftab Hasan
1 von 19
“CYBER LIABILITY INSURANCE” PROTECTION OF YOUR BUSINESS AGAINST ONLINE CYBER RISK Presented By: AFTAB HASAN - CEO ‘Arya Insurance Brokerage CO. (LLC)’ Dubai - U.A.E. 05th September 2016
WHAT TO EXPECT TODAY  Introduction to Cyber Liability Insurance Cover (CLIC)  Causes and Implication of Cyber Security Risk  What to look for in your Cyber Liability Policy  Cyber Security Risk & Challenges faced to Maritime Industry  How to mitigate Cyber Security Risk  How to buy Cyber Liability Insurance Cover (CLIC)  Selecting the right policy for your business  What are important questions to consider at the time of buying a CLIC Policy  Conclusion  Q & A
INTRODUCTION TO CYBER LIABILITY INSURANCE COVER Cyber Liability Insurance Cover (CLIC)  The term "Cyber Liability Insurance Cover" (CLIC) is often used to describe a range of covers - in very much the same way that the word cyber is used to describe a broad range of information security related tools, processes and services.  “Cyber Liability Insurance Cover” (CLIC) has been around for 10 years, but most security professionals seem to have not heard of it or know that it exists.
CAUSES AND IMPLICATION OF CYBER SECURITY RISK  Human action or illicit malicious action to intrude other’s cyber space for illegitimate reason.  Stolen hardware devices – this is a common phenomenon due to the shrinking sizes of devices and ease of portability. Loss of laptops, iPads, USBs, etc. are also common examples but these thefts are not restricted only to these devices.  Emails with multimedia and/or data sent incorrectly – emails containing confidential information sent from an employee’s mailbox to an unintended recipient/s may increase exposure to cyber risk and liability.  Data Theft – this may occur due to ineffectively protected data or the vulnerability of data when accessed from outside the organization’s secure networks. This type of data loss is common in cases where a BYOD (Bring Your Own Device) policy is in existence and employees or associates are frequently connecting to the corporate network from public and / or unsecure networks.
CAUSES AND IMPLICATION OF CYBER SECURITY RISK  Phishing e-mails – these typically impersonate a known and trusted brand and direct the recipient to a website seeking personal information and files, bank details, passwords and other confidential data.  Denial of Service – a cyber-attack whereby attackers bombard a site with a large number of requests that cause a system overload and the site collapses, thus preventing normal business to be conducted.  Cyber Extortion – these are cases of threatening a direct cyber-attack or by activation of implanted Trojan/virus unless a ransom amount is paid.  Damage of Reputation – this typically occurs in the case of a security breach where your organization is perceived to have failed in ensuring due diligence and appropriate security measures to keep customers and their data from falling into the wrong hands.
WHAT TO LOOK FOR IN YOUR CYBER LIABILITY POLICY  “Cyber Liability Insurance Cover” (CLIC) provide protections to Policy Holders from:  Information security and privacy liability  Regulatory and defense penalties costs  Website and media content liability  Crisis management and public relations costs  First party data loss and data asset  Cyber extortion loss etc…
CYBER SECURITY RISK & CHALLENGES FACED TO MARITIME INDUSTRY  Pirates now have a better, more efficient weapon called internet!  In 2012 as per IMO records more than 120 ships, including Asian coast guard vessels, documented malicious jamming of global positioning signals.  In 2013 drug smugglers hacked cargo tracking systems at the Port of Antwerp to avoid detection.  In 2014 a major U.S. port facility suffered a system disruption by cyber intruder’s locked multiple ship-to-shore cranes for several hours.
CYBER SECURITY RISK & CHALLENGES FACED TO MARITIME INDUSTRY Coverage Gap of Cyber Insurance in Marine Insurance Policy  Marine insurance policies exclude computer related liability and losses resulting from computer and network security failure.  Standalone cyber insurance may offer cover for:  Data theft  Incident response  Network business interruption  Cyber extortion  Property damage* – excluded.  Bodily injury/harm/death* – excluded.
CYBER SECURITY RISK & CHALLENGES FACED TO MARITIME INDUSTRY Threats to the Maritime Sector  In 2013 University of Texas researchers demonstrated that it is possible to change a vessel’s direction by interfering with its GPS signal to cause the onboard navigation systems to falsely interpret a vessel’s position and heading.  Hacker caused a floating oil platform off Africa to tilt to one side, forcing temporary shutdown.  Somali pirates employed hackers to infiltrate a shipping company’s cyber systems to identify vessels passing through the Gulf of Aden with valuable cargoes and minimal on-board security leading to the hijacking of at least one vessel.
HOW TO MITIGATE CYBER SECURITY RISK Data breaches are now a fact of life together with duties and death, but how can businesses better manage the risks related to a data breach and reduce the significant cost that can result from them? One of the options is to buy: Cyber Liability Insurance Cover (CLIC) Technology rules our lives like never before. Digital communications have taken on a new meaning with the advent of social media. As we progress very rapidly through this digital age, technological advancements have changed the way we look at things. Internet of things (IoT) is the new mantra and will soon govern the way we live our lives. These are all the inevitable signs of what we consider to be good progress.
HOW TO MITIGATE CYBER SECURITY RISK  However, while there is a bright side to technology, it also comes with an inherent threat and associated risks. For a business owner, the reality of cyber risk has never been more intimidating. Cyber Liability and Cyber Security Insurance are as essential in your business protection toolkit today as other business insurance policies such as fire, flood, theft, etc. Business across all industry sectors and size of operations are vulnerable to cyber risks.  Some of the elements of a cyber-liability cover may be interconnected or overlap with cover from existing products, including those for business continuity, third-party supply chain issues and professional indemnity. Even if this overlap does exist, a decent cyber liability policy will ensure cyber risks are fully catered for.
HOW TO BUY CYBER LIABILITY INSURANCE COVER  For many insurers and brokers, the technicalities of information security and the details of how to deal with a data breach are still a mystery. The market for cyber liability products is also in its infancy, so be prepared to work with your provider to ensure that you get what you actually require.  A good starting point is to determine what costs or expenses you would like to have covered and what types of incidents you want cover for. Circulate and discuss this list with all the relevant people, not forgetting to get all the information you need from third-party suppliers and partners. List both your own costs (known as first-party costs) and the costs that others may attempt to claim from you as a result of the incident (known as third-party costs).
HOW TO BUY CYBER LIABILITY INSURANCE COVER The Broker  Getting the right broker is important.  A good specialist broker will save you time in determining what is right for your business, remembering that this may not be the broker you are currently using for your non-cyber risks.  Share your list of estimated expenses and costs with your broker and talk through the different exclusions that might stop you from making a claim.
HOW TO BUY CYBER LIABILITY INSURANCE COVER Insurance company  Apart from obviously being responsible for the product, insurance companies are responsible for providing support to your broker about the products.  In addition, they will decide if they are willing to take on your risks according to your completed proposal form and what premium you will need to pay.  Choosing the right insurer can be the difference between paying little for cover that you will never be able to utilize in the event of an incident or having cost-effective cover where the insurer understands the implications of a breach and the costs associated with it.
SELECTING THE RIGHT POLICY FOR YOUR BUSINESS  Selecting the right policy for your business, business model, industry, size, exposures and so forth is a very complex exercise, which is why a specialist broker is important, as they are likely to know the best products to suit your needs.  It is important to understand the support you receive as part of the cover. Some policies provide a point of contact who will handle everything from the moment the insurer has agreed the claim, whereas others will let you manage the incident and decide which services you want to use from their list of suppliers.  Remember that your organization may not have the people or experience to manage a data breach incident so third-party suppliers can often be a better route to take.
QUESTIONS TO CONSIDER AT THE TIME OF BUYING A CLIC POLICY All policies have a set of exclusions, terms and definitions. Understanding these is important, so here are some important questions to consider;  What security controls can you put into place that will reduce the premium?  Will you have to undertake a security risk review of some sort?  What is expected of you to reduce or limit the risks?  Will you get a reduction for each year you do not claim?  What assistance is provided to improve information governance and information security?  What and how big a difference to your future premiums will a claim make?  What support if any will be provided to assist in making the right security decisions for the industry / business you are in?  The security / protection industry is very fast changing, how can the insurance ensure that your policy is current?  Do all portable media/computing devices need to be encrypted?  What about unencrypted media in the care or control of your third-party processors?  Are malicious acts by employees covered?
QUESTIONS TO CONSIDER AT THE TIME OF BUYING A CLIC POLICY  Will you have to provide evidence of compliance to existing Data Protection Principles, in relation to your actual processing, to prove you were not acting disproportionately?  Although ignorance of the law is no excuse, we are just not able to keep up with all the compliance issues that may affect all the territories our company works in, would you refuse a claim if you were processing data that may infringe laws in one country but not another – because insurance policies often stipulate that you must not be breaking the law?  What if there is uncertainty around whether the incident took place a day before the cover was in place or on the day?  Are the limits for expenses grouped together in a way that the maximum limit that is covered is likely to be achieved very quickly, unless you increase the cover?  Are all and any court attendances to defend claims from others covered?  Could you claim if you were not able to detect an intrusion until several months or years have elapsed, so you are outside the period of the cover, (as with the Red October malware which was discovered after about five years)?
CONCLUSION  With respect to small and medium-sized enterprises (SMEs) there are very simple policies available, but sometimes these raise more questions than they answer as they do not always provide a long list of exclusions or terms and definitions. At least with detailed polices you should know where you stand.  Having worked with clients who did not have CLIC but suffered a data breach and witnessed all of the associated trouble and costs we are hopeful that many breached businesses will have an alternative to bankruptcy when they pull their CLIC out of their top drawer.  Review coverage wordings to meet the requirements of the Policy holders.  Bring key IT personnel of the organization to underwriting meetings.  Discuss the reality of claims process with prospects and client from the beginning itself.  No two businesses are the same when it comes to cyber risks, therefore it is key to understand the cyber risks your business faces and to ensure your cyber policy is tailored to mirror those risks.
QUESTIONS?

Empfohlen

CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!
topseowebmaster
 
A Guide To Cyber Insurance
A Guide To Cyber InsuranceA Guide To Cyber Insurance
A Guide To Cyber Insurance
John Ryan
 
Cyber Liabilty: A new exposure for businesses
Cyber Liabilty: A new exposure for businesses Cyber Liabilty: A new exposure for businesses
Cyber Liabilty: A new exposure for businesses
Maran Corporate Risk Associates, Inc.
 
Cyber liabilty
Cyber liabiltyCyber liabilty
Cyber liabilty
Maran Corporate Risk Associates, Inc.
 
Intermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial RisksIntermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial Risks
David Chase
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
Christopher Rieser
 
Security&reliability
Security&reliabilitySecurity&reliability
Security&reliability
caca1009
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance Temp
Rohan Sehgal
 

Empfohlen

CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!CyberSecurity Insurance - The Ugly Truth!
CyberSecurity Insurance - The Ugly Truth!
topseowebmaster
 
A Guide To Cyber Insurance
A Guide To Cyber InsuranceA Guide To Cyber Insurance
A Guide To Cyber Insurance
John Ryan
 
Cyber Liabilty: A new exposure for businesses
Cyber Liabilty: A new exposure for businesses Cyber Liabilty: A new exposure for businesses
Cyber Liabilty: A new exposure for businesses
Maran Corporate Risk Associates, Inc.
 
Cyber liabilty
Cyber liabiltyCyber liabilty
Cyber liabilty
Maran Corporate Risk Associates, Inc.
 
Intermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial RisksIntermountain CFO Summit - Managing Financial Risks
Intermountain CFO Summit - Managing Financial Risks
David Chase
 
Cyber Liability Risk
Cyber Liability RiskCyber Liability Risk
Cyber Liability Risk
Christopher Rieser
 
Security&reliability
Security&reliabilitySecurity&reliability
Security&reliability
caca1009
 
Cyber Insurance Temp
Cyber Insurance TempCyber Insurance Temp
Cyber Insurance Temp
Rohan Sehgal
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to Know
TechSoup
 
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
CODE BLUE
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Paige Rasid
 
Cyber Insurance - The Basics
Cyber Insurance - The Basics Cyber Insurance - The Basics
Cyber Insurance - The Basics
Chris Stallard
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanian
eletseditorial
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber security
Helen Carpenter
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
Rachel Anne Carter
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
Henry Worth
 
Financier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewFinancier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual review
Morgan Jones
 
Debunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsuranceDebunking Myths for Cyber-Insurance
Debunking Myths for Cyber-Insurance
Priyanka Aash
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf ready
Neira Jones
 
Cyber
Cyber Cyber
Cyber
Alberto Peñaranda Echevarría
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access management
seadeloitte
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
ITDogadjaji.com
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
Khawar Nehal khawar.nehal@atrc.net.pk
 
pci compliance for dummies
pci compliance for dummiespci compliance for dummies
pci compliance for dummies
Amithap Krishnan
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
Paul Melson
 
14 june
14 june14 june
14 june
Capt SB Tyagi, COAC'CC*,FISM,CSC,
 
Cyber Risks & Liabilities - Sept/Oct 2017
Cyber Risks & Liabilities - Sept/Oct 2017Cyber Risks & Liabilities - Sept/Oct 2017
Cyber Risks & Liabilities - Sept/Oct 2017
Gary Chambers
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
Richard Brzakala
 
Cyber Security and Data Protection
Cyber Security and Data ProtectionCyber Security and Data Protection
Cyber Security and Data Protection
Strategic Insurance Software
 

Weitere ähnliche Inhalte

Was ist angesagt?

Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to Know
TechSoup
 
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
CODE BLUE
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Paige Rasid
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
Rachel Anne Carter
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
Henry Worth
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf ready
Neira Jones
 

Was ist angesagt? (20)

Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to Know
 
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
[CB19] Integration of Cyber Insurance Into A Risk Management Program by Jake ...
 
Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101Statewide Insurance Brokers - Cyber Insurance 101
Statewide Insurance Brokers - Cyber Insurance 101
 
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar SeriesCyber Liability & Cyber Insurance - Cybersecurity Seminar Series
Cyber Liability & Cyber Insurance - Cybersecurity Seminar Series
 
Cyber Insurance - The Basics
Cyber Insurance - The Basics Cyber Insurance - The Basics
Cyber Insurance - The Basics
 
Dr K Subramanian
Dr K SubramanianDr K Subramanian
Dr K Subramanian
 
Cyber liability and cyber security
Cyber liability and cyber securityCyber liability and cyber security
Cyber liability and cyber security
 
The Security Circle- Services Offered
The Security Circle- Services OfferedThe Security Circle- Services Offered
The Security Circle- Services Offered
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
 
Financier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewFinancier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual review
 
Debunking Myths for Cyber-Insurance
Debunking Myths for Cyber-InsuranceDebunking Myths for Cyber-Insurance
Debunking Myths for Cyber-Insurance
 
Neira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf readyNeira jones pci london january 2013 pdf ready
Neira jones pci london january 2013 pdf ready
 
Cyber
Cyber Cyber
Cyber
 
Cyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access managementCyber 101: An introduction to privileged access management
Cyber 101: An introduction to privileged access management
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
 
Cyber Security for Financial Institutions
Cyber Security for Financial InstitutionsCyber Security for Financial Institutions
Cyber Security for Financial Institutions
 
pci compliance for dummies
pci compliance for dummiespci compliance for dummies
pci compliance for dummies
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The Board
 
14 june
14 june14 june
14 june
 
Cyber Risks & Liabilities - Sept/Oct 2017
Cyber Risks & Liabilities - Sept/Oct 2017Cyber Risks & Liabilities - Sept/Oct 2017
Cyber Risks & Liabilities - Sept/Oct 2017
 

Ähnlich wie Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai

Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditCyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
NationalUnderwriter
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
Michael Solomon
 
Client Briefing - Better information leads to better cyber coverage
Client Briefing - Better information leads to better cyber coverageClient Briefing - Better information leads to better cyber coverage
Client Briefing - Better information leads to better cyber coverage
Chris Beh
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
Michael C. Keeling, Esq.
 
Contents lists available at ScienceDirectJournal of Accoun
Contents lists available at ScienceDirectJournal of AccounContents lists available at ScienceDirectJournal of Accoun
Contents lists available at ScienceDirectJournal of Accoun
AlleneMcclendon878
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
Yasser Mohammed
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Ethan S. Burger
 

Ähnlich wie Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai (20)

Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
 
Cyber Security and Data Protection
Cyber Security and Data ProtectionCyber Security and Data Protection
Cyber Security and Data Protection
 
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an AuditCyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
Cyber Security and Insurance Coverage Protection: The Perfect Time for an Audit
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
 
Cyber risk
Cyber riskCyber risk
Cyber risk
 
Digital economy and its effect on cyber risk
Digital economy and its effect on cyber riskDigital economy and its effect on cyber risk
Digital economy and its effect on cyber risk
 
Client Briefing - Better information leads to better cyber coverage
Client Briefing - Better information leads to better cyber coverageClient Briefing - Better information leads to better cyber coverage
Client Briefing - Better information leads to better cyber coverage
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
 
What Not-for-Profits Can Do To Prevent "Uninspired" Theft
What Not-for-Profits Can Do To Prevent "Uninspired" TheftWhat Not-for-Profits Can Do To Prevent "Uninspired" Theft
What Not-for-Profits Can Do To Prevent "Uninspired" Theft
 
Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1Cloud security law cyber insurance issues phx 2015 06 19 v1
Cloud security law cyber insurance issues phx 2015 06 19 v1
 
Enterprise Ready for Amazon Web Services
Enterprise Ready for Amazon Web ServicesEnterprise Ready for Amazon Web Services
Enterprise Ready for Amazon Web Services
 
Intelligence-Driven Fraud Prevention
Intelligence-Driven Fraud PreventionIntelligence-Driven Fraud Prevention
Intelligence-Driven Fraud Prevention
 
Contents lists available at ScienceDirectJournal of Accoun
Contents lists available at ScienceDirectJournal of AccounContents lists available at ScienceDirectJournal of Accoun
Contents lists available at ScienceDirectJournal of Accoun
 
Cyber Security for the Small Business Experience
Cyber Security for the Small Business ExperienceCyber Security for the Small Business Experience
Cyber Security for the Small Business Experience
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
 
Why Cyber Security Is important?
Why Cyber Security Is important?Why Cyber Security Is important?
Why Cyber Security Is important?
 
How to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdfHow to assess your Cybersecurity Vulnerability_.pdf
How to assess your Cybersecurity Vulnerability_.pdf
 
How to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptxHow to assess your Cybersecurity Vulnerability_.pptx
How to assess your Cybersecurity Vulnerability_.pptx
 
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is HazardousComplacency in the Face of Evolving Cybersecurity Norms is Hazardous
Complacency in the Face of Evolving Cybersecurity Norms is Hazardous
 

Mehr von Aftab Hasan

Aftab Hasan Speaking at IBPC - 2016
Aftab Hasan Speaking at IBPC - 2016Aftab Hasan Speaking at IBPC - 2016
Aftab Hasan Speaking at IBPC - 2016
Aftab Hasan
 
S&p view of uae new regulation 8 jun15
S&p view of uae new regulation 8 jun15S&p view of uae new regulation 8 jun15
S&p view of uae new regulation 8 jun15
Aftab Hasan
 
PRM37_16-18_Cover story
PRM37_16-18_Cover storyPRM37_16-18_Cover story
PRM37_16-18_Cover story
Aftab Hasan
 
PRM40_16-18_Cover story
PRM40_16-18_Cover storyPRM40_16-18_Cover story
PRM40_16-18_Cover story
Aftab Hasan
 
2nd MEA Insurance - Speach
2nd MEA Insurance - Speach2nd MEA Insurance - Speach
2nd MEA Insurance - Speach
Aftab Hasan
 
Post Recession Offshore - Oil & Gas Industry
Post Recession Offshore - Oil & Gas IndustryPost Recession Offshore - Oil & Gas Industry
Post Recession Offshore - Oil & Gas Industry
Aftab Hasan
 
Aftab Hasan Speaking at Trade Credit Insurance Summit - 2014
Aftab Hasan Speaking at Trade Credit Insurance Summit - 2014Aftab Hasan Speaking at Trade Credit Insurance Summit - 2014
Aftab Hasan Speaking at Trade Credit Insurance Summit - 2014
Aftab Hasan
 

Mehr von Aftab Hasan (9)

Aftab Hasan Speaking at IBPC - 2016
Aftab Hasan Speaking at IBPC - 2016Aftab Hasan Speaking at IBPC - 2016
Aftab Hasan Speaking at IBPC - 2016
 
Financial and technical regulations issued by insurance authority
Financial and technical regulations issued by insurance authorityFinancial and technical regulations issued by insurance authority
Financial and technical regulations issued by insurance authority
 
Presentation on legal aspects of the financial regulations for Insurance Comp...
Presentation on legal aspects of the financial regulations for Insurance Comp...Presentation on legal aspects of the financial regulations for Insurance Comp...
Presentation on legal aspects of the financial regulations for Insurance Comp...
 
S&p view of uae new regulation 8 jun15
S&p view of uae new regulation 8 jun15S&p view of uae new regulation 8 jun15
S&p view of uae new regulation 8 jun15
 
PRM37_16-18_Cover story
PRM37_16-18_Cover storyPRM37_16-18_Cover story
PRM37_16-18_Cover story
 
PRM40_16-18_Cover story
PRM40_16-18_Cover storyPRM40_16-18_Cover story
PRM40_16-18_Cover story
 
2nd MEA Insurance - Speach
2nd MEA Insurance - Speach2nd MEA Insurance - Speach
2nd MEA Insurance - Speach
 
Post Recession Offshore - Oil & Gas Industry
Post Recession Offshore - Oil & Gas IndustryPost Recession Offshore - Oil & Gas Industry
Post Recession Offshore - Oil & Gas Industry
 
Aftab Hasan Speaking at Trade Credit Insurance Summit - 2014
Aftab Hasan Speaking at Trade Credit Insurance Summit - 2014Aftab Hasan Speaking at Trade Credit Insurance Summit - 2014
Aftab Hasan Speaking at Trade Credit Insurance Summit - 2014
 

Aftab Hasan Speaking at Cyber Security in Banking Conference - Dubai

  • 1. “CYBER LIABILITY INSURANCE” PROTECTION OF YOUR BUSINESS AGAINST ONLINE CYBER RISK Presented By: AFTAB HASAN - CEO ‘Arya Insurance Brokerage CO. (LLC)’ Dubai - U.A.E. 05th September 2016
  • 2. WHAT TO EXPECT TODAY  Introduction to Cyber Liability Insurance Cover (CLIC)  Causes and Implication of Cyber Security Risk  What to look for in your Cyber Liability Policy  Cyber Security Risk & Challenges faced to Maritime Industry  How to mitigate Cyber Security Risk  How to buy Cyber Liability Insurance Cover (CLIC)  Selecting the right policy for your business  What are important questions to consider at the time of buying a CLIC Policy  Conclusion  Q & A
  • 3. INTRODUCTION TO CYBER LIABILITY INSURANCE COVER Cyber Liability Insurance Cover (CLIC)  The term "Cyber Liability Insurance Cover" (CLIC) is often used to describe a range of covers - in very much the same way that the word cyber is used to describe a broad range of information security related tools, processes and services.  “Cyber Liability Insurance Cover” (CLIC) has been around for 10 years, but most security professionals seem to have not heard of it or know that it exists.
  • 4. CAUSES AND IMPLICATION OF CYBER SECURITY RISK  Human action or illicit malicious action to intrude other’s cyber space for illegitimate reason.  Stolen hardware devices – this is a common phenomenon due to the shrinking sizes of devices and ease of portability. Loss of laptops, iPads, USBs, etc. are also common examples but these thefts are not restricted only to these devices.  Emails with multimedia and/or data sent incorrectly – emails containing confidential information sent from an employee’s mailbox to an unintended recipient/s may increase exposure to cyber risk and liability.  Data Theft – this may occur due to ineffectively protected data or the vulnerability of data when accessed from outside the organization’s secure networks. This type of data loss is common in cases where a BYOD (Bring Your Own Device) policy is in existence and employees or associates are frequently connecting to the corporate network from public and / or unsecure networks.
  • 5. CAUSES AND IMPLICATION OF CYBER SECURITY RISK  Phishing e-mails – these typically impersonate a known and trusted brand and direct the recipient to a website seeking personal information and files, bank details, passwords and other confidential data.  Denial of Service – a cyber-attack whereby attackers bombard a site with a large number of requests that cause a system overload and the site collapses, thus preventing normal business to be conducted.  Cyber Extortion – these are cases of threatening a direct cyber-attack or by activation of implanted Trojan/virus unless a ransom amount is paid.  Damage of Reputation – this typically occurs in the case of a security breach where your organization is perceived to have failed in ensuring due diligence and appropriate security measures to keep customers and their data from falling into the wrong hands.
  • 6. WHAT TO LOOK FOR IN YOUR CYBER LIABILITY POLICY  “Cyber Liability Insurance Cover” (CLIC) provide protections to Policy Holders from:  Information security and privacy liability  Regulatory and defense penalties costs  Website and media content liability  Crisis management and public relations costs  First party data loss and data asset  Cyber extortion loss etc…
  • 7. CYBER SECURITY RISK & CHALLENGES FACED TO MARITIME INDUSTRY  Pirates now have a better, more efficient weapon called internet!  In 2012 as per IMO records more than 120 ships, including Asian coast guard vessels, documented malicious jamming of global positioning signals.  In 2013 drug smugglers hacked cargo tracking systems at the Port of Antwerp to avoid detection.  In 2014 a major U.S. port facility suffered a system disruption by cyber intruder’s locked multiple ship-to-shore cranes for several hours.
  • 8. CYBER SECURITY RISK & CHALLENGES FACED TO MARITIME INDUSTRY Coverage Gap of Cyber Insurance in Marine Insurance Policy  Marine insurance policies exclude computer related liability and losses resulting from computer and network security failure.  Standalone cyber insurance may offer cover for:  Data theft  Incident response  Network business interruption  Cyber extortion  Property damage* – excluded.  Bodily injury/harm/death* – excluded.
  • 9. CYBER SECURITY RISK & CHALLENGES FACED TO MARITIME INDUSTRY Threats to the Maritime Sector  In 2013 University of Texas researchers demonstrated that it is possible to change a vessel’s direction by interfering with its GPS signal to cause the onboard navigation systems to falsely interpret a vessel’s position and heading.  Hacker caused a floating oil platform off Africa to tilt to one side, forcing temporary shutdown.  Somali pirates employed hackers to infiltrate a shipping company’s cyber systems to identify vessels passing through the Gulf of Aden with valuable cargoes and minimal on-board security leading to the hijacking of at least one vessel.
  • 10. HOW TO MITIGATE CYBER SECURITY RISK Data breaches are now a fact of life together with duties and death, but how can businesses better manage the risks related to a data breach and reduce the significant cost that can result from them? One of the options is to buy: Cyber Liability Insurance Cover (CLIC) Technology rules our lives like never before. Digital communications have taken on a new meaning with the advent of social media. As we progress very rapidly through this digital age, technological advancements have changed the way we look at things. Internet of things (IoT) is the new mantra and will soon govern the way we live our lives. These are all the inevitable signs of what we consider to be good progress.
  • 11. HOW TO MITIGATE CYBER SECURITY RISK  However, while there is a bright side to technology, it also comes with an inherent threat and associated risks. For a business owner, the reality of cyber risk has never been more intimidating. Cyber Liability and Cyber Security Insurance are as essential in your business protection toolkit today as other business insurance policies such as fire, flood, theft, etc. Business across all industry sectors and size of operations are vulnerable to cyber risks.  Some of the elements of a cyber-liability cover may be interconnected or overlap with cover from existing products, including those for business continuity, third-party supply chain issues and professional indemnity. Even if this overlap does exist, a decent cyber liability policy will ensure cyber risks are fully catered for.
  • 12. HOW TO BUY CYBER LIABILITY INSURANCE COVER  For many insurers and brokers, the technicalities of information security and the details of how to deal with a data breach are still a mystery. The market for cyber liability products is also in its infancy, so be prepared to work with your provider to ensure that you get what you actually require.  A good starting point is to determine what costs or expenses you would like to have covered and what types of incidents you want cover for. Circulate and discuss this list with all the relevant people, not forgetting to get all the information you need from third-party suppliers and partners. List both your own costs (known as first-party costs) and the costs that others may attempt to claim from you as a result of the incident (known as third-party costs).
  • 13. HOW TO BUY CYBER LIABILITY INSURANCE COVER The Broker  Getting the right broker is important.  A good specialist broker will save you time in determining what is right for your business, remembering that this may not be the broker you are currently using for your non-cyber risks.  Share your list of estimated expenses and costs with your broker and talk through the different exclusions that might stop you from making a claim.
  • 14. HOW TO BUY CYBER LIABILITY INSURANCE COVER Insurance company  Apart from obviously being responsible for the product, insurance companies are responsible for providing support to your broker about the products.  In addition, they will decide if they are willing to take on your risks according to your completed proposal form and what premium you will need to pay.  Choosing the right insurer can be the difference between paying little for cover that you will never be able to utilize in the event of an incident or having cost-effective cover where the insurer understands the implications of a breach and the costs associated with it.
  • 15. SELECTING THE RIGHT POLICY FOR YOUR BUSINESS  Selecting the right policy for your business, business model, industry, size, exposures and so forth is a very complex exercise, which is why a specialist broker is important, as they are likely to know the best products to suit your needs.  It is important to understand the support you receive as part of the cover. Some policies provide a point of contact who will handle everything from the moment the insurer has agreed the claim, whereas others will let you manage the incident and decide which services you want to use from their list of suppliers.  Remember that your organization may not have the people or experience to manage a data breach incident so third-party suppliers can often be a better route to take.
  • 16. QUESTIONS TO CONSIDER AT THE TIME OF BUYING A CLIC POLICY All policies have a set of exclusions, terms and definitions. Understanding these is important, so here are some important questions to consider;  What security controls can you put into place that will reduce the premium?  Will you have to undertake a security risk review of some sort?  What is expected of you to reduce or limit the risks?  Will you get a reduction for each year you do not claim?  What assistance is provided to improve information governance and information security?  What and how big a difference to your future premiums will a claim make?  What support if any will be provided to assist in making the right security decisions for the industry / business you are in?  The security / protection industry is very fast changing, how can the insurance ensure that your policy is current?  Do all portable media/computing devices need to be encrypted?  What about unencrypted media in the care or control of your third-party processors?  Are malicious acts by employees covered?
  • 17. QUESTIONS TO CONSIDER AT THE TIME OF BUYING A CLIC POLICY  Will you have to provide evidence of compliance to existing Data Protection Principles, in relation to your actual processing, to prove you were not acting disproportionately?  Although ignorance of the law is no excuse, we are just not able to keep up with all the compliance issues that may affect all the territories our company works in, would you refuse a claim if you were processing data that may infringe laws in one country but not another – because insurance policies often stipulate that you must not be breaking the law?  What if there is uncertainty around whether the incident took place a day before the cover was in place or on the day?  Are the limits for expenses grouped together in a way that the maximum limit that is covered is likely to be achieved very quickly, unless you increase the cover?  Are all and any court attendances to defend claims from others covered?  Could you claim if you were not able to detect an intrusion until several months or years have elapsed, so you are outside the period of the cover, (as with the Red October malware which was discovered after about five years)?
  • 18. CONCLUSION  With respect to small and medium-sized enterprises (SMEs) there are very simple policies available, but sometimes these raise more questions than they answer as they do not always provide a long list of exclusions or terms and definitions. At least with detailed polices you should know where you stand.  Having worked with clients who did not have CLIC but suffered a data breach and witnessed all of the associated trouble and costs we are hopeful that many breached businesses will have an alternative to bankruptcy when they pull their CLIC out of their top drawer.  Review coverage wordings to meet the requirements of the Policy holders.  Bring key IT personnel of the organization to underwriting meetings.  Discuss the reality of claims process with prospects and client from the beginning itself.  No two businesses are the same when it comes to cyber risks, therefore it is key to understand the cyber risks your business faces and to ensure your cyber policy is tailored to mirror those risks.