Slide 1

County Reinsurance, Limited A Member-Owned Reinsurance Company Slide 2 Background A number of County Association Pool Managers began discussions about forming a national reinsurance program. The National Council of County Association Executives (NCCAE), through NACo, facilitated meetings. 1994 First Committee Meeting 1996 Feasibility Study Completed 1997 CRL established as a Vermont Captive with 5 states and 8 pools participating. 2014 17 years, 17 States, and 25 members 2 Slide 3 CRL Member and Premium Growth 1998 Statistics 5 States and 8 Pools. Net Revenue: $4 MM Assets: $13 MM 3 2014 Statistics 17 States and 25 Pools. Net Revenue: $25 MM Assets: $196 MM Slide 4 4 Slide 5 What are the Benefits? We specialize in Counties and County-related entities. A Pool for Pools Ownership = Control Sharing Program Ideas Long Term Stability Profits and Investment Income belong to Members. 5 Slide 6 Additional Benefits Claim Audits. We send independent auditors out to review your files and test reserves. We share these results with you. Policy Form Reviews. We use a reinsurance / insurance expert to review your policy forms. Underwriting and Claims Management Training for Members. 6 Slide 7 How Does CRL Operate Membership Elects a Board of Directors Board hires an Executive Director Executive Director implements policies of the Board, and supervises service providers. CRL uses Committees. Current Committees include Underwriting, Claims, Investment, Audit, and Personnel. CRL also occasionally uses Ad-Hoc Committees. Most Committee and Board meetings are by teleconference, but we have at least two face-to- face Board Meetings each year. Detailed policies and procedures are provided to the Members. 7 Slide 8 Phil Bell Executive Director Mary Kay Johnson Administrative Assistant Brenda Gibson Member Services Manager Frank Peterson Regional Claims Manager Marsh USA, Inc. Cheryl Jennings Greg Mann Lindsay Grimes Johnson Lambert & Co. LLP CPA and Consultant Barrett Evans Regional Claims Manager Workers Comp. Safety National Casualty Corp Liability AIG Property Various Companies Primmer Piper Eggleston & Cramer PC Morris, Manning & Martin, LLP By The Numbers Actuarial Consulting Strategic Asset Alliance National Association Of Counties USA Risk Group Andy Sargent Cindy Lyford Brent Wells Senior Reinsurance Analyst CS STARS CRL Board of Directors 8 Slide 9 Cyber Risk Key Exposures for Counties Cyber Liability Recent Claims What can be Done? Cyber Liability Insurance Risk Control - eRiskHub 9 Slide 10 Key Cyber Exposures for Counties Many organizations will collect/ store/share VAST private data ! More data often collected than needed Data often stored for too long (no records retention limits) Mishaps (malicious & mistakes) in safeguarding personal info such as: Health Records (Jails, Health Departments, Social Services, Mental Health) Financial Transactions Vendors will have breaches, very common! Lost Laptops: Left unencrypted with lots of personal info! Online based County Services: Websites are very porous & need constant care (hardening & patching). Bad guys still rely on the prevalence of human error unchanged default settings missing patches wide open laptop customer records (paper) improperly disposed guessable access Computer and internet-based services mean: 95% of all network intrusions could be avoided by keeping systems up-to-date (CERT) 10 Slide 11 Cyber Liability Recent Claims September 19, 201411 (June 2014) After an NBC 6 Investigation reported a data breach among Miami-Dade County workers last week, officials have started notifying employees about a massive data breach that is putting the identities of the workers at risk. Sources told the Team 6 investigators the data breach affected the identities and personal information of hundreds of government workers. Whoever is responsible for the breach is using the information to file fake unemployment claims and even open up credit cards. (May 2014) Hackers breached Wayne Countys payroll processor, potentially gaining access to hundreds of government employees Social Security numbers, home addresses and bank account information. The County Chief Clerk confirmed the county was notified Tuesday that Paytime Inc. of Mechanicsburg discovered on April 30 that records of multiple clients were accessed by online hackers (March 2014) Skagit County was penalized $215,000 in HIPPA violations by the Department of Health and Human Services for inadvertently putting protected health information (PHI) on a public server. The data breach involved 1,581 local patients health information, including the testing and treatment of infectious diseases. This case marks the first HIPPA settlement with a county government. (January 2014) The North East King County Regional Public Safety Communication Agency (NORCOM) has announced it is investigating the security breach of a server that stored records of an estimated 6,000 medical responses for Duvall Fire District 45, Skykomish Fire Department and Snoqualmie Pass Fire & Rescue (Fire District 51). "We discovered very recently that a computer had been hacked by a hacker who had basically broke down a password... a low level password to one of our stand-alone computers," said Tom Orr, Exec. Director of NORCOM. Two recent CRL Claims Slide 12 Cyber Liability What can be Done? September 19, 201412 Cyber Liability Insurance o Coverage for a Cyber Security Event o Coverage for first party privacy response expenses o Coverage for regulatory proceedings and penalties o Coverage for third party liability o Policy limits and sublimits subject to some customization Cyber Risk Control: o eRisk Hub (customized for each CRL Member Pool) o Awareness Tools: Online Cyber Risk Self-Assessment o Breach Coach feature: Post Breach Assistance, coordinated with each Pools claims organization Slide 13 YOU +++ 13 Slide 14 YOU +++ A One-Stop Shop for Pre- and Post-Breach Services Homepage gives you a place to speak directly to pool members Incident Roadmap spells out the steps to take in the event of a breach Risk Manager Tools help manage cyber risk more effectively eRisk Resources Directory features qualified third-party providers of breach-related services News Center monitors breach events and trends Learning Center provides best-practices articles, white papers & on-demand webinars Search makes it easy to find specific information 14 Slide 15 15 Slide 16 16 Slide 17 17 Slide 18 Purpose: Showcase Baseline Safeguards Raise Awareness Reaffirm reasonable safeguards Benchmark to Standards Start a discussion! Set plan in place for improvements eRisk Hub Tool: Self-Assessment 18 Slide 19 Questions? Slide 20 Contact Information Philip E. Bell, CPCU, ARM, ARe Executive Director County Reinsurance, Limited 6201 Towncenter Drive, Suite 240 Clemmons, NC 27012 P: (336) 354-4053 E-mail: philip.bell@countyreinsurance.org 20