Transcript Bridget Sakach, Network Security and Privacy Specialist

CyberEdge® Risk Management Solution
Today’s Discussion Topics
 Cyber as a Peril
 The Need for an End-to-End Risk Management Approach for
Cyber
2
Financial Lines 2014 Producer Conference
What’s New
 Cyber as a Peril
–CyberEdge Plus
3
Financial Lines 2014 Producer Conference
Cyber Impact Framework
Potential damages from a cyber event
3rd Party Damages
Cyber event impacts
and insurance
coverages map to
these four quadrants
Tangible
Financial
1st Party Damages
4
Financial Lines 2014 Producer Conference
4
Impacts from a Cyber Event — the details
Cyber impacts will align with one or more of these four quadrants
Financial
• Response costs: forensics,
notifications, credit monitoring
• Legal: advice and defense
• Public Relations: brand protection
• Revenue losses from network or
computer outages, including cloud
• Cost of restoring lost data
• Cyber extortion expenses
• Value of intellectual property
Tangible
1st Party Damages
• Mechanical breakdown of your
equipment
• Destruction or damage to your
facilities or other property
• Environmental cleanup of your
property
• Lost revenues from physical damage to
your (or dependent) equipment or
facilities (business interruption)
• Bodily injury to your employees
3rd Party Damages
3rd Parties may seek to recover:
• Consequential revenue losses
• Restoration expenses
• Legal expenses
• Shareholder losses
• Contractual liabilities
• Other financial damages
3rd Party Entities may issue or be awarded
civil fines and penalties
• Mechanical breakdown of others’
equipment
• Destruction or damage to others’
facilities or other property
• Environmental cleanup of others’
property
• Bodily injury to others
5
Financial Lines 2014 Producer Conference
Destructive Cyber Attack
 Security failure was of the pipeline
owner’s computer system
 Resulted in pipeline breach and spilled
30,000 barrels of oil
 Impact summary:
3rd
Tangible
Financial
1st
• Environmental
Cleanup
• Property Damage
• Business interruption
6
Financial Lines 2014 Producer Conference
Cyber Product Liability
 Unlike the other 2 examples, security failure was
of a computer system designed by the Auto
maker, but was owned by vehicle owner
 Demonstration of capability to hack, did not result
in accidents, but did result in recall by auto
manufacturer to minimize potential for accidents
and injuries
 Potential impact summary:
Tangible
• Investigation
expenses
• Public relations
and other event
response expenses
3rd
Financial
1st
• Accidents and injuries did not
occur, but could have, which
would have resulted in damages
in this quadrant
7
Financial Lines 2014 Producer Conference
INTERNAL USE ONLY
7
End-to-End Risk Management Solution
8
Financial Lines 2014 Producer Conference
9
10
11
Claims Narratives in
CyberEdge App
12
Infrastructure Vulnerability Scanning
Powered by IBM




Key Components
Reports demonstrate compliance with federal, state and industry regulations
Assess an environment from either the external or internal perspective
IBM expertise improves accuracy of findings and reduces mitigation time
Consultation on recommendations for improved security
CyberEdge Hotline: 1-800-CYBR-345
IBM experts respond to Insureds and
review key indicators of a breach with the Insured’s IT
13
RiskAnalytics
CyberEdge RiskTool
 Managing the human element of risk
Proactive Shunning Services
 New layer of network security
14
14
CyberEdge RiskTool
75% of breaches reported were due to human error/negligence.
 Web-based customizable risk management platform
 Manage the human element of cyber risk and manage
compliance
 Pre-populated with:
‒ Corporate security policies
‒ Training with exams
‒ Self assessments and risk guides
 Simplifies and documents end user training
 Unlimited use
15
What is Shunning?
 Service blocks CrimeWare through multiple appliance
options
 Matched to network speed and failover requirements
 Positioned outside the firewall, no impact to existing network
 Real-time updates
16
Cybersecurity Maturity Assessment
 Leverages the NIST Cybersecurity Framework
 Organizations will have a view of gaps between their current
and ideal cybersecurity posture.
 Insureds have access to RSA’s Advanced Cyber Defense
(ACD) practice to provide operational expertise in closing the
gaps and protecting the critical business assets.
17
NIST Cybersecurity Framework Overview
Informative
References
Tiers
Subcategorie
s
Functions
Categories
Core
Tier 1: Partial
Ad hoc risk management
Limited cybersecurity risk awareness
Low external participation
Tier 2: Risk Informed
IDENTIFY
Some risk management practices
Profile
Current Profile
Current state of alignment between Core
elements and organizational
requirements, risk tolerance, &
resources.
Where am I today relative to the
Framework?
Increased awareness, no program
PROTECT
Informal external participation
Tier 3: Repeatable
DETECT
RESPOND
Formalized risk management
Organization-wide program
Target Profile
Receives external partner info
Desired state of alignment between Core
elements and organizational
requirements, risk tolerance, &
resources.
Tier 4: Adaptive
Adaptive risk management practices
RECOVER
Roadmap
Cultural, risk-informed program
Where do I aspire to be relative to the
Framework?
Actively shares information
18
BitSight Security Ratings
 Security ratings for organizations to measure and monitor their
own network and those of their third-party vendors.
 Continuous measuring of externally observable event and
diligence data
19
BitSight Security Ratings
20
BitSight Security Ratings – sample report
21
Financial Lines 2014 Producer Conference
Dark Net Intelligence Powered by K2 Intelligence
Dark Net Intelligence
 Intel of latest chatter inside the black hacker markets and
forums, ‘dark net’
 Mines the dark net for data using web crawlers and
sophisticated human intelligence
Value Add
 Proactive threat intelligence
 Due diligence during M&A transactions
22
Portfolio Analysis Powered by Axio Global
 One-day loss scenario workshop to estimate the financial
impact of information technology and control systems
 Analysis of a client’s entire Property and Casualty insurance
portfolio to identify how it would respond to a complex cyber
event
 Self-evaluation of a client’s cybersecurity program based on the
Cybersecurity Capability Maturity Model (C2M2)
23
Consultation
 Two complimentary hours from a specialized law firm to provide guidance
on building and executing an incident response plan, as well as ensuring
an organization is compliant with regulatory standards.
 One complimentary hour from a forensic firm on what an organization’s
technical response plan should include.
 One complimentary hour from a vetted public relations firm to discuss an
effective crisis communication plan to handle and mitigate the potential
reputational and brand risk an organization would face in the event of a
breach.
24
CyberEdge Pre-loss Complimentary Services
Service Name
Value Summary
RiskTool
Employee Awareness,
Training, & Compliance
Powered by Global Threat
Intelligence
Secures your DNS for a
safer Internet
Blacklist IP
Blocking
SecureDNS
Domain Protection
Infrastructure
Vulnerability
Scan
Risk
Consultation –
Legal
Risk
Consultation -Forensic
Risk
Consultation -Public Relations
CyberEdge
Hotline
Insurance
Portfolio
Diagnostic
Cybersecurity
.
Information
Portal
Identify and Block typo
squatting domains
Identification of high risk
infrastructure
vulnerabilities
Review and strengthen
Incident Response
capabilities
Organizational
preparedness for different
threat scenarios
Crisis communication plan
best practices and
preparation
24/7/365 cyber forensic
hotline
Cyber as a peril analysis
against insurance portfolio
Online Access to
Cybersecurity Information
Included
Unlimited use, customizable solution that reduces the single largest risk to an
organization - human error.
Stops criminal activity on your network by blocking bad DNS and IP traffic –
inbound or outbound
Takes away a very critical route cyber criminals need to phish and trick users to
deliver Ransomware, infect systems, exfiltration stolen data and cause a cyber
breach. It redirects users to a safe landing page and sends bad traffic to a
sinkhole for analysis
Protects your organization by identifying and then blocking knockoff domains used by
criminals through social engineering to trick employees into clicking and accepting
Select parts of your infrastructure to have experts discover and identify
vulnerabilities that are open to potential exploits by cyber criminals
Two hours of consultation from an expert on incident response planning,
regulatory compliance, security awareness, and privacy training.
One hour from a forensic expert on what an organization needs to think about
and prepare for different threat scenarios
One hour from an expert to discuss preparations and plans for your organization
to handle potential scenarios should they occur
Experts immediately available to call and review Indicators of Attack or Indicators
of Compromise to triage potential cyber events
Experts review your entire property and casualty portfolio to determine how it is
anticipated to respond to the full spectrum of cyber predicated financial and
tangible losses.
24/7 365 access to current cybersecurity information
25
Discounted Fee Based Partner Services
Dark Net
Intelligence,
Advisory Services
 Customized human intelligence gathering to help clients stay apprised of
what the latest chatter is inside the black hacker markets and forums aka
“dark net.”
Cybersecurity
Maturity
Assessment
 RSA’s Governance, Risk, and Compliance (GRC) solution helps
organizations assess their cybersecurity risk.
BitSight
Security
Ratings
 Generates security ratings for organizations to measure and monitor their
own network and those of their third-party vendors.
Portfolio
Analysis
 Provides clients with a holistic picture of their cyber exposure by
addressing the full range of potential cyber losses.
Configuration,
Auditing, and
Management Tool
 Focuses on compliance and remediation requirements for key areas like
PCI DSS 3.0, HIPAA, ISO, CSA, etc.
Security Regulation
Resource
 Cybersecurity resource featuring information on mandates in 23 key
markets
26
Discounted Fee Based Partner Services
Anti-Phishing
 Simulated phishing attacks, auto enrollment, and interactive training
modules for employees
Vendor Security
Ratings
 Generates security ratings for organizations to measure and monitor their
own network and of their third party vendors
Visit http://www.aig.com/business/insurance/cyberinsurance and watch our CyberEdge Partner video series.
… and more to be announced shortly!
27
Contact Information
Bridget Sakach
Network Security & Privacy Specialist
216.479.8951
[email protected]
28
American International Group, Inc. (AIG) is a leading international insurance organization serving customers in more than 130 countries. AIG companies serve commercial, institutional, and individual
customers through one of the most extensive worldwide property-casualty networks of any insurer. In addition, AIG companies are leading providers of life insurance and retirement services in the
United States. AIG common stock is listed on the New York Stock Exchange and the Tokyo Stock Exchange.
Additional information about AIG can be found at www.aig.com | YouTube: www.youtube.com/aig | Twitter: @AIG_LatestNews | LinkedIn: http://www.linkedin.com/company/aig
AIG is the marketing name for the worldwide property-casualty, life and retirement, and general insurance operations of American International Group, Inc. For additional information, please visit our
website at www.aig.com. All products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Products or services may not be available in all countries, and
coverage is subject to actual policy language. Non-insurance products and services may be provided by independent third parties. Certain property-casualty coverages may be provided by a surplus lines
insurer. Surplus lines insurers do not generally participate in state guaranty funds, and insureds are therefore not protected by such funds.