1. “CYBER LIABILITY INSURANCE”
PROTECTION OF YOUR BUSINESS AGAINST ONLINE CYBER RISK
Presented By:
AFTAB HASAN - CEO
‘Arya Insurance Brokerage CO. (LLC)’
Dubai - U.A.E.
05th September 2016

2. WHAT TO EXPECT TODAY
 Introduction to Cyber Liability Insurance Cover (CLIC)
 Causes and Implication of Cyber Security Risk
 What to look for in your Cyber Liability Policy
 Cyber Security Risk & Challenges faced to Maritime Industry
 How to mitigate Cyber Security Risk
 How to buy Cyber Liability Insurance Cover (CLIC)
 Selecting the right policy for your business
 What are important questions to consider at the time of buying a
CLIC Policy
 Conclusion
 Q & A

3. INTRODUCTION TO CYBER
LIABILITY INSURANCE COVER
Cyber Liability Insurance Cover (CLIC)
 The term "Cyber Liability Insurance Cover" (CLIC) is
often used to describe a range of covers - in very much
the same way that the word cyber is used to describe a
broad range of information security related tools,
processes and services.
 “Cyber Liability Insurance Cover” (CLIC) has been
around for 10 years, but most security professionals
seem to have not heard of it or know that it exists.

4. CAUSES AND IMPLICATION OF
CYBER SECURITY RISK
 Human action or illicit malicious action to intrude other’s cyber space
for illegitimate reason.
 Stolen hardware devices – this is a common phenomenon due to the
shrinking sizes of devices and ease of portability. Loss of laptops, iPads,
USBs, etc. are also common examples but these thefts are not restricted
only to these devices.
 Emails with multimedia and/or data sent incorrectly – emails
containing confidential information sent from an employee’s mailbox
to an unintended recipient/s may increase exposure to cyber risk and
liability.
 Data Theft – this may occur due to ineffectively protected data or the
vulnerability of data when accessed from outside the organization’s
secure networks. This type of data loss is common in cases where a
BYOD (Bring Your Own Device) policy is in existence and employees
or associates are frequently connecting to the corporate network from
public and / or unsecure networks.

5. CAUSES AND IMPLICATION OF
CYBER SECURITY RISK
 Phishing e-mails – these typically impersonate a known and trusted
brand and direct the recipient to a website seeking personal
information and files, bank details, passwords and other confidential
data.
 Denial of Service – a cyber-attack whereby attackers bombard a site
with a large number of requests that cause a system overload and the
site collapses, thus preventing normal business to be conducted.
 Cyber Extortion – these are cases of threatening a direct cyber-attack
or by activation of implanted Trojan/virus unless a ransom amount is
paid.
 Damage of Reputation – this typically occurs in the case of a security
breach where your organization is perceived to have failed in ensuring
due diligence and appropriate security measures to keep customers and
their data from falling into the wrong hands.

6. WHAT TO LOOK FOR IN YOUR
CYBER LIABILITY POLICY
 “Cyber Liability Insurance Cover” (CLIC) provide protections to
Policy Holders from:
 Information security and privacy liability
 Regulatory and defense penalties costs
 Website and media content liability
 Crisis management and public relations costs
 First party data loss and data asset
 Cyber extortion loss etc…

7. CYBER SECURITY RISK & CHALLENGES FACED
TO MARITIME INDUSTRY
 Pirates now have a better, more efficient
weapon called internet!
 In 2012 as per IMO records more than 120 ships,
including Asian coast guard vessels, documented
malicious jamming of global positioning signals.
 In 2013 drug smugglers hacked cargo tracking
systems at the Port of Antwerp to avoid
detection.
 In 2014 a major U.S. port facility suffered a
system disruption by cyber intruder’s locked
multiple ship-to-shore cranes for several hours.

8. CYBER SECURITY RISK & CHALLENGES FACED
TO MARITIME INDUSTRY
Coverage Gap of Cyber Insurance in Marine
Insurance Policy
 Marine insurance policies exclude computer related
liability and losses resulting from computer and
network security failure.
 Standalone cyber insurance may offer cover for:
 Data theft
 Incident response
 Network business interruption
 Cyber extortion
 Property damage* – excluded.
 Bodily injury/harm/death* – excluded.

9. CYBER SECURITY RISK & CHALLENGES FACED
TO MARITIME INDUSTRY
Threats to the Maritime Sector
 In 2013 University of Texas researchers demonstrated that it is
possible to change a vessel’s direction by interfering with its GPS
signal to cause the onboard navigation systems to falsely
interpret a vessel’s position and heading.
 Hacker caused a floating oil platform off Africa to tilt to one side,
forcing temporary shutdown.
 Somali pirates employed hackers to infiltrate a shipping
company’s cyber systems to identify vessels passing through the
Gulf of Aden with valuable cargoes and minimal on-board
security leading to the hijacking of at least one vessel.

10. HOW TO MITIGATE CYBER SECURITY RISK
Data breaches are now a fact of life together with duties and death,
but how can businesses better manage the risks related to a data
breach and reduce the significant cost that can result from them?
One of the options is to buy:
Cyber Liability Insurance Cover (CLIC)
Technology rules our lives like never before. Digital
communications have taken on a new meaning with the advent of
social media. As we progress very rapidly through this digital age,
technological advancements have changed the way we look at
things. Internet of things (IoT) is the new mantra and will soon
govern the way we live our lives. These are all the inevitable signs
of what we consider to be good progress.

11. HOW TO MITIGATE CYBER SECURITY RISK
 However, while there is a bright side to technology, it also
comes with an inherent threat and associated risks. For a
business owner, the reality of cyber risk has never been more
intimidating. Cyber Liability and Cyber Security Insurance are as
essential in your business protection toolkit today as other
business insurance policies such as fire, flood, theft, etc. Business
across all industry sectors and size of operations are vulnerable to
cyber risks.
 Some of the elements of a cyber-liability cover may be
interconnected or overlap with cover from existing products,
including those for business continuity, third-party supply chain
issues and professional indemnity. Even if this overlap does exist,
a decent cyber liability policy will ensure cyber risks are fully
catered for.

12. HOW TO BUY CYBER LIABILITY INSURANCE COVER
 For many insurers and brokers, the technicalities of information
security and the details of how to deal with a data breach are still
a mystery. The market for cyber liability products is also in its
infancy, so be prepared to work with your provider to ensure
that you get what you actually require.
 A good starting point is to determine what costs or expenses you
would like to have covered and what types of incidents you want
cover for. Circulate and discuss this list with all the relevant
people, not forgetting to get all the information you need from
third-party suppliers and partners. List both your own costs
(known as first-party costs) and the costs that others may
attempt to claim from you as a result of the incident (known as
third-party costs).

13. HOW TO BUY CYBER LIABILITY INSURANCE COVER
The Broker
 Getting the right broker is important.
 A good specialist broker will save you time in
determining what is right for your business,
remembering that this may not be the broker you are
currently using for your non-cyber risks.
 Share your list of estimated expenses and costs with
your broker and talk through the different exclusions
that might stop you from making a claim.

14. HOW TO BUY CYBER LIABILITY INSURANCE COVER
Insurance company
 Apart from obviously being responsible for the
product, insurance companies are responsible for
providing support to your broker about the products.
 In addition, they will decide if they are willing to take
on your risks according to your completed proposal
form and what premium you will need to pay.
 Choosing the right insurer can be the difference
between paying little for cover that you will never be
able to utilize in the event of an incident or having
cost-effective cover where the insurer understands the
implications of a breach and the costs associated with
it.

15. SELECTING THE RIGHT POLICY FOR YOUR BUSINESS
 Selecting the right policy for your business, business
model, industry, size, exposures and so forth is a very
complex exercise, which is why a specialist broker is
important, as they are likely to know the best products to
suit your needs.
 It is important to understand the support you receive as
part of the cover. Some policies provide a point of contact
who will handle everything from the moment the insurer
has agreed the claim, whereas others will let you manage
the incident and decide which services you want to use
from their list of suppliers.
 Remember that your organization may not have the
people or experience to manage a data breach incident so
third-party suppliers can often be a better route to take.

16. QUESTIONS TO CONSIDER AT THE TIME OF BUYING A
CLIC POLICY
All policies have a set of exclusions, terms and definitions. Understanding these
is important, so here are some important questions to consider;
 What security controls can you put into place that will reduce the premium?
 Will you have to undertake a security risk review of some sort?
 What is expected of you to reduce or limit the risks?
 Will you get a reduction for each year you do not claim?
 What assistance is provided to improve information governance and
information security?
 What and how big a difference to your future premiums will a claim make?
 What support if any will be provided to assist in making the right security
decisions for the industry / business you are in?
 The security / protection industry is very fast changing, how can the
insurance ensure that your policy is current?
 Do all portable media/computing devices need to be encrypted?
 What about unencrypted media in the care or control of your third-party
processors?
 Are malicious acts by employees covered?

17. QUESTIONS TO CONSIDER AT THE TIME OF BUYING A
CLIC POLICY
 Will you have to provide evidence of compliance to existing Data Protection
Principles, in relation to your actual processing, to prove you were not
acting disproportionately?
 Although ignorance of the law is no excuse, we are just not able to keep up
with all the compliance issues that may affect all the territories our company
works in, would you refuse a claim if you were processing data that may
infringe laws in one country but not another – because insurance policies
often stipulate that you must not be breaking the law?
 What if there is uncertainty around whether the incident took place a day
before the cover was in place or on the day?
 Are the limits for expenses grouped together in a way that the maximum
limit that is covered is likely to be achieved very quickly, unless you
increase the cover?
 Are all and any court attendances to defend claims from others covered?
 Could you claim if you were not able to detect an intrusion until several
months or years have elapsed, so you are outside the period of the cover, (as
with the Red October malware which was discovered after about five years)?

18. CONCLUSION
 With respect to small and medium-sized enterprises (SMEs) there are very
simple policies available, but sometimes these raise more questions than they
answer as they do not always provide a long list of exclusions or terms and
definitions. At least with detailed polices you should know where you stand.
 Having worked with clients who did not have CLIC but suffered a data
breach and witnessed all of the associated trouble and costs we are hopeful
that many breached businesses will have an alternative to bankruptcy when
they pull their CLIC out of their top drawer.
 Review coverage wordings to meet the requirements of the Policy holders.
 Bring key IT personnel of the organization to underwriting meetings.
 Discuss the reality of claims process with prospects and client from the
beginning itself.
 No two businesses are the same when it comes to cyber risks, therefore it is
key to understand the cyber risks your business faces and to ensure your
cyber policy is tailored to mirror those risks.

19. QUESTIONS?