cyber-attacks: insurance coverage for cyber risks and ...relations, lawsuits, regulatory defense...
TRANSCRIPT
![Page 1: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/1.jpg)
© Copyright 2013 by K&L Gates LLP. All rights reserved.
Roberta D. Anderson [email protected]@RobertaEsq
June 25, 2014
Cyber-Attacks: Insurance Coverage for Cyber Risks and Realities
![Page 2: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/2.jpg)
1
Lloyd’s of London (Reuters) May 8, 2000
![Page 3: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/3.jpg)
Agenda The Spectrum of Cyber Risk Practical Risk and Exposure Legal and Regulatory Framework What to do Before an Incident? What to do After an Incident? Potential Coverage Under “Legacy” Policies Limitations of “Legacy” Insurance Policies Technology Errors & Omissions Coverage Cutting Edge “Cyber” Products How to Enhance “Off-The-Shelf” Cyber Insurance Forms Through Negotiation A Word About Vendor Contracts Audience Q&A
![Page 4: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/4.jpg)
© Copyright 2013 by K&L Gates LLP. All rights reserved.
THE SPECTRUM OF CYBER RISK
![Page 5: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/5.jpg)
The Spectrum of Cyber Risk Malicious attacks
Advanced Persistent Threats Social engineering/employee sabotage Vruses, worms, Trojans DDoS attacks
Data breach Software vulnerability (HeartBleed) Unauthorized access (spyware) Inadequate security and system glitches Employee mobility and disgruntled employees Lost or stolen mobile and other portable devices Vendors/outsourcing (the function but not the risk) & the “cloud” Human error
![Page 6: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/6.jpg)
klgates.com 5
oops!!
backlink
![Page 7: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/7.jpg)
klgates.com 6
![Page 8: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/8.jpg)
7
“[T]here are only two types of companies: those that have been
hacked and those that will be. And even they are converging into
one category: companies that have been hacked and will be
hacked again.” Robert S. Mueller, III, Director, Federal Bureau of Investigation, RSA Cyber Security Conference San Francisco, CA (Mar. 1, 2012)
“[T]here are only two types of companies: those that have been
hacked and those that will be.
“[T]here are only two types of companies: those that have been
hacked and those that will be. And even they are converging into
one category: companies that have been hacked and will be
hacked again.”
![Page 9: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/9.jpg)
© Copyright 2013 by K&L Gates LLP. All rights reserved.
LEGAL AND REGULATORY FRAMEWORK
![Page 10: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/10.jpg)
State Privacy Laws http://www.ncsl.org/research/telecommunications-and-information-
technology/security-breach-notification-laws.aspx State Consumer Protection Laws Federal Laws
Gramm-Leach-Billey Act HIPAA/HITECH Federal Trade Commission Act, Section 5 (FTC v. Wyndham Worldwide Corp.) FCRA /FACTA/Red Flags Rule
Foreign Laws PCI Data Security Standards (PCI DSS) Common law
Legal and Regulatory Framework
back
![Page 11: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/11.jpg)
Five Tips to Consider When Any Public Company Might be The Next Target, http://www.klgates.com/five-tips-to-consider-when-any-public-company-might-be-the-next-target-02-11-2014
Legal and Regulatory Framework
SEC Guidance -- “[A]ppropriate disclosures may include”: “Discussion of aspects of the registrant’s business or operations that give rise to
material cybersecurity risks and the potential costs and consequences”; “To the extent the registrant outsources functions that have material cybersecurity
risks, description of those functions and how the registrant addresses those risks”; “Description of cyber incidents experienced by the registrant that are individually, or
in the aggregate, material, including a description of the costs and other consequences”;
“Risks related to cyber incidents that may remain undetected for an extended perid”; and
“Description of relevant insurance coverage.”
![Page 12: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/12.jpg)
Legal and Regulatory Framework
![Page 13: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/13.jpg)
NIST Cybersecurity Framework -- provides a common taxonomy and mechanism for organizations to:
Describe their current cybersecurity posture; Describe their target state for cybersecurity; Identify and prioritize opportunities for improvement within the context of a
continuous and repeatable process; Assess progress toward the target state; Communicate among internal and external stakeholders about cybersecurity
risk. The Framework is voluntary (for now)
Legal and Regulatory Framework
![Page 14: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/14.jpg)
NIST Cybersecurity Framework
Legal and Regulatory Framework
NIST Unveils Cybersecurity Framework, http://www.klgates.com/nist-unveils-cybersecurity-framework-02-17-2014/
![Page 15: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/15.jpg)
Legal and Regulatory Framework
back
![Page 16: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/16.jpg)
© Copyright 2013 by K&L Gates LLP. All rights reserved.
PRACTICAL RISK AND EXPOSURE
![Page 17: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/17.jpg)
Breach Notification Costs/Identity Monitoring
Computer Forensics/PR Consulting
Loss of Customers/Revenue
Damaged Reputation/Brand
Regulatory Actions/Fines/Penalties/Consumer Redress
Lawsuits & Defense Costs
Loss of “Crown Jewels”
Business Interruption & Supply Chain Disruption
Drop in Stock Price/Loss of Market Share
Potential D&O Suits (Target)
Practical Risk and Exposure
![Page 18: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/18.jpg)
“[T]he average total cost of a data breach for the companies participating in this research increased 15 percent to $3.5 million”
Practical Risk and Exposure
“The average cost paid for each lost or stolen record containing sensitive and confidential information increased more than 9 percent from $136 in 2013 to $145 in this year’s study.”
“However, German and US organizations on average experienced much higher costs at $195 and $201, respectively.”
“These countries also experienced the highest total cost (US at $5.85 million and Germany at $4.74 million)”
“[W]e do not include data breaches of more than approximately 100,000 compromised records in our analysis.”
![Page 19: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/19.jpg)
© Copyright 2013 by K&L Gates LLP. All rights reserved.
WHAT TO DO BEFORE AN INCIDENT?
![Page 20: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/20.jpg)
Pro-active management of cyber risks at the C-Suite level Assessment of key risks impacting the business and identifying critical
information assets Get a graded cybersecurity assessment Regular internal training on information management and IT security Have an incident response plan in place before a cybersecurity incident Pay attention to vendor contracts Address and mitigate risk through insurance
What to do Before an Incident?
![Page 21: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/21.jpg)
© Copyright 2013 by K&L Gates LLP. All rights reserved.
WHAT TO DO AFTER AN INCIDENT?
![Page 22: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/22.jpg)
Look (hopefully) to the incident response plan Notification of a security breach must be given to all or some of:
Potentially impacted individuals State AGs / Regulators
“Breach coach” counsel should: Advise on who, when, and how to notify Engage pre-vetted forensics professionals and other crisis management
responders (e.g., credit monitoring, public relations)
What to do After an Incident?
![Page 23: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/23.jpg)
© Copyright 2013 by K&L Gates LLP. All rights reserved.
POTENTIAL COVERAGE UNDER “LEGACY” POLICIES
![Page 24: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/24.jpg)
Directors’ and Officers’ (D&O) Errors and Omissions (E&O)/Professional Liability Employment Practices Liability (EPL) Fiduciary Liability Crime
Retail Ventures, Inc. v. National Union Fire Ins. of Pittsburgh, Pa., 691 F.3d 821 (6th Cir. 2012) (DSW covered for expenses for customer communications, public relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its blanket crime policy)
Property? Commercial General Liability (CGL)?
Potential Coverage Under “Legacy” Policies
![Page 25: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/25.jpg)
Coverage B provides coverage for damages because of “personal and advertising injury”
“Personal and Advertising Injury” is defined in part as injury arising out of “[o]ral or written publication, in any manner, of material that violates a person’s right of privacy”
What is a “Person’s Right of Privacy”? What is a “Publication”?
Potential Coverage Under “Legacy” Policies
![Page 26: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/26.jpg)
© Copyright 2013 by K&L Gates LLP. All rights reserved.
LIMITATIONS OF “LEGACY” INSURANCE POLICIES
![Page 27: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/27.jpg)
Limitations of “Legacy” Insurance Policies
![Page 28: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/28.jpg)
klgates.com
Limitations of “Legacy” Insurance Policies
![Page 29: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/29.jpg)
ISO states that “when this endorsement isattached, it will result in a reduction ofcoverage due to the deletion of anexception with respect to damagesbecause of bodily injury arising out of lossof, loss of use of, damage to, corruption of,inability to access, or inability to manipulateelectronic data.”
Limitations of “Legacy” Insurance Policies
![Page 30: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/30.jpg)
Limitations of “Legacy” Insurance Policies
![Page 31: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/31.jpg)
Limitations of “Legacy” Insurance Policies
![Page 32: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/32.jpg)
Limitations of “Legacy” Insurance Policies
![Page 33: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/33.jpg)
Zurich American Insurance Co. v. Sony Corp. of America et al.
Limitations of “Legacy” Insurance Policies
![Page 34: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/34.jpg)
© Copyright 2013 by K&L Gates LLP. All rights reserved.
TECHNOLOGY ERRORS & OMISSIONS COVERAGE
![Page 35: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/35.jpg)
Essential for a provider of e-commerce-related solutions Covers
Errors & Omissions in the Provision of Technology Services Failure of Technology Products to Serve Their Purpose
But there are limitations Triggered By a “Claim” That Alleges An Act or Omission May Exclude Security Beach or Unauthorized Access to Information May Not Include Breach Notification Costs, Which is Viewed As More of a “First-
Party” Loss
Technology E&O Coverage
![Page 36: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/36.jpg)
© Copyright 2013 by K&L Gates LLP. All rights reserved.
CUTTING EDGE “CYBER” PRODUCTS
![Page 37: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/37.jpg)
Privacy And Network Security Provides coverage for liability (defense and indemnity) arising out of data
breaches, transmission of malicious code, denial of third-party access to the insured’s network, and other network security threats
Regulatory Liability Provides coverage for liability arising out of administrative or regulatory
proceedings, fines and penalties Media Liability
Provides coverage for liability (defense and indemnity) for claims alleging infringement of copyright and other intellectual property rights and misappropriation of ideas or media content
Specialty “Cyber” Policies – Third Party
![Page 38: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/38.jpg)
Information Asset Coverage Coverage for damage to or theft of the insured’s own systems and hardware,
and may cover the cost of restoring or recreating stolen or corrupted data. Network Interruption And Extra Expense (and CBI)
Coverage for business interruption and extra expense caused by malicious code, DDoS attacks, unauthorized access to, or theft of, information, and other security threats to networks.
Extortion Coverage for losses resulting from extortion (payments of an extortionist’s
demand to prevent network loss or implementation of a threat) Crisis Management
Specialty “Cyber” Policies – First Party
![Page 39: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/39.jpg)
© Copyright 2013 by K&L Gates LLP. All rights reserved.
HOW TO ENHANCE “OFF-THE-SHELF” CYBER INSURANCE FORMS THROUGH NEGOTIATION
![Page 40: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/40.jpg)
klgates.comback
![Page 41: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/41.jpg)
Data Breach Example 1
![Page 42: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/42.jpg)
Data Breach Example 1
![Page 43: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/43.jpg)
Data Breach Example 2
![Page 44: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/44.jpg)
Data Breach Example 2
![Page 45: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/45.jpg)
Data Breach Example 2
![Page 46: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/46.jpg)
Data Breach Example 2
![Page 47: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/47.jpg)
Network Security Example 1
![Page 48: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/48.jpg)
Network Security Example 1
![Page 49: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/49.jpg)
Network Security Example 2
![Page 50: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/50.jpg)
Network Security Example 2
![Page 51: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/51.jpg)
Network Security Example 3
![Page 52: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/52.jpg)
Network Security Example 3
![Page 53: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/53.jpg)
TIPS For A Successful Placement ■ Privacy And Network Security■ Regulatory Liability
■ Media Liability
■ Information Asset Coverage
■ Network Interruption And Extra Expense (and CBI)
■ Extortion
■ Crisis Management
Remember Dave?
![Page 54: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/54.jpg)
TIPS For A Successful Placement ■ Embrace a Team Approach
■ Understand the Risk Profile
■ Review Existing Coverages
■ Purchase Cyber Coverage as Needed
■ Remember the “Cyber” Misnomer
■ Spotlight the “Cloud”
■ Consider the Amount of Coverage
■ Pay attention to the Retroactive Date and ERP
■ Look at Defense and Settlement Provisions
■ Engage Coverage Counsel
![Page 55: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/55.jpg)
BEWARETHE
FINE
![Page 56: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/56.jpg)
![Page 57: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/57.jpg)
“A well drafted policy will reduce the likelihood that an insurer will
be able to avoid or limit insurance coverage in the event
of a claim.”
Roberta D. Anderson, Partner, K&L Gates LLP (June 25, 2014)
![Page 58: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/58.jpg)
© Copyright 2013 by K&L Gates LLP. All rights reserved.
A WORD ABOUT VENDOR CONTRACTS
![Page 59: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/59.jpg)
A Word About Vendor Contracts■ Be specific
■ Who is responsible for securing stored data? Data in motion?
■ Reference objective standards, e.g., Version 5 of the SANS Institute Critical Security Controls http://www.sans.org/critical-security-controls
■ Who has access – and to which parts –to various parts of the organizations network?
■ What are the required cybersecurity standards?
■ Dovetail Vendor Contracts With Insurance Contracts
![Page 60: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/60.jpg)
© Copyright 2013 by K&L Gates LLP. All rights reserved.
AUDIENCE Q&A
![Page 61: Cyber-Attacks: Insurance Coverage for Cyber Risks and ...relations, lawsuits, regulatory defense costs, and fines imposed by Visa and Mastercard under the computer fraud rider of its](https://reader033.vdocuments.net/reader033/viewer/2022050218/5f63e3ec6c1d5541c34327ea/html5/thumbnails/61.jpg)
60
Linkedin: robertaandersonesq
Twitter: @RobertaEsq
Insurance Thought Leadership