2. What is Cyber Risk ??
Types of Damages
How are industries exposed to this risk ?
Common Misconceptions in Cyber Risk
Cyber Liability Exposures
Cyber Risk Impact ( Energy Sector )
Insurable Cyber Risks
Pricing & UW Considerations
Managing Cyber Risks
OUR DISCUSSION TODAY
3. Cyber Risk
• any risk of financial loss, disruption
or damage to the reputation of an
organisation from some sort of failure
of its information technology
systems (includes networks & the
internet).
4.
5. Non-Physical Damage
• Data Corruption
• Theft of Intellectual property
• Financial DataTheft
• Extortion
Physical Damage
• Infection of software
• Manipulation / overriding system controls
• Operations disruption
Types of Damages
6. 2Types of companies
• Companies who have had a security breach
• Companies who don’t Know that they have had a breach
ALL COMPANIES HAVE CYBER RISK
7. “We have a 3rd Party Payment process , so we have transferred our
exposure “
Even if a breach happens with payment processor, Primary company
will be still held liable under privacy laws
We have upgraded our security by transferring our data to a cloud
provider “
Cloud Service providers are the best opportunity for hackers , And
guess what the data handled by them isYOUR CUSTOMER DATA
ANDTHEFT OFTHAT DATA IS GOINTO PUTYOU INTROUBLE
Common Misconceptions
9. Market Disruption
• Hacking into company data on reserves – cause industry wide impact
• Commodity pricing
Physical Damage
• Attack on dams – Massive PD & compromise water supply
• Gaining control of wind turbine – damage of equipment
IMPLICATIONS ON ENERGY SECTOR
10. Human Harm
• Hacking a Nuclear plant – Core meltdown – radioactive
catastrophe – Another Chernobyl !!!!
• Infiltration of Electric grid – Result in mass black-out
Financial Loss
• Business interruption / CBI
• DataTheft
• Liability of power producers towards manufactures
• Regulatory Fines
13. 2015, Ukraine , Power Grid
• Hack on 3 distribution companies
• Affected 80,000 Energy Customers
2012, SAUDIARABIA , ARAMCO
• 30,000 Computers affected because of virus ( SHAMOON)
• Systems offline for 10 Days, 85 % of company's hardware
destroyed
2003, Ohio Nuclear Plant
• Slammer fastest worm in history disabled safety monitoring
systems for 5 Hrs
List of Past Cyber Attacks
14. Theft:
• Identity theft
• Theft of digital assets
Business interruption
• Lost Income
• Recovery of damaged data records
• Reputational damage
• Cost of Credit Monitoring of impacted clients
Key Insurable Cyber Risks
15. Pricing Cyber Risk
Strength of Security System
Likelihood of intrusion
Risk Management Culture
Control in place & role of compliance & audit
Frequency Severity
Disaster Recovery
Ability to recover from attack
Rating of Service Providers
Reliability of cloud providers, backup providers, website, etc
Legal Fees & Fines
IT Staff Costs
Data restoration
PR & Marketing Costs
Extortion
Customer Support
Lost Income
16. Policy Terms
Legal Liability
Not complying with privacy laws
Crisis Management Costs
Informing customers, public relations & adverts
Data Extortion
Ransom Payment
First Party Risks Third Party Risks
Loss of Income
As a result of network failure & downtime
Data Recovery
IT Staff overtime, data retrieval & verification
Security Liability
Liability arising from breach of security
Multimedia Liability
Liability arising from insured’s internet, advertising &
marketing activities
Professional Liability
Liability arising out of negligence in providing IT Services
17. Business
• Type of business
• Size of business
• Scope of the business
Number of customers
Multimedia
• Presence on theWeb
• Data collected and stored
Enterprise Risk Management (ERM) techniques applied by the
business to protect its computer network and its assets.
• Risk management procedure & culture
UW Considerations
18. Cyber Crime – Global Costs -
Sources: 1 World Bank (2013) 2Net Losses: Estimating the Global Cost of Cyber-Crime,
CSIS/McAfee 3Allianz Global Corporate & Specialty
26. Risk Identification / proposal Form
Potential Risk Event Likelihood
Potential
Impact
Website copyright/trademark infringement claims
Legal liability to others for computer security breaches
(non-privacy)
Legal liability to others for privacy breaches
Privacy breach notification costs & credit monitoring
Privacy regulatory action defense and fines
Costs to repair damage to your information assets
Loss of revenue due to a failure of security or computer
attack
Loss of revenue due to a failure of security at a dependent
technology provider
Cyber Extortion Threat
27. • Cyber risk is an emerging risk in the world
• Cyber risk is no-longer an IT issue, it is a Board Level issue
• Increasing Interconnection & Digitization
• Technology vendors play a critical role
• Cyber insurance is one mechanism of risk transfer
Conclusions
29. Key Statistics & sources of information
• Key Statistics- Source Advisen Ltd – Partner re Publication Oct 2016
• Aon Cyber Survey 2016
• Marsh Global economic Forum – Energy Risk Cyber Article
• Allianz Cyber risk Articles
• Liberty Specialty Presentation on Cyber