Transcript Slide 1
Crawford & Company
CYBER & Product Liability &
Professional Indemnity
‘Everything you always wanted to
know about claims ‘
Mark Vos, Head of GTS CEMEA
June 2013
Version 18 June 2013
Now back to the basics + discussion of a case.
What is your Cyber Risk
• Many definitions
SM
Crawford GlobalCrawford
Technical&Services
Company
How structured is your organisation ?
SM
Crawford GlobalCrawford
Technical&Services
Company
What is Cyber Liability
• Many definitions
SM
Crawford GlobalCrawford
Technical&Services
Company
CYBER Risk definition
• Criminal
• Yearly
• Benefit
2011: Norton
• Emerging
• Recurring
• Risk
2013 USA
SM
Crawford GlobalCrawford
Technical&Services
Company
It is another Risk,
which comes back in every kind of policy like
Property, Casualty, Construction , Marine &
Transportation; without national limitations.
Loss
of
Control and Integrity
of
* Hardware, * Software,
* Data
SM
Crawford GlobalCrawford
Technical&Services
Company
•
Product Liability
Professional Indemnity
Defining the product
–
•
Procurement
–
–
•
What is Cyber proof?
• A Dynamic Risk
• Encryption & log–in strategy
Over-selling & Under-delivery
Misperception of expectation
Contract
–
–
What does the client say, he wants
What does the final user actually needs
•
Technical / Functionality specification
•
Validation
•
Warranty & Limited Liability
•
Fit for purpose < -- > Critical in the Business Continuity
SM
Crawford GlobalCrawford
Technical&Services
Company
Who worries about our safety
• Chief Information Officer
– Who worries about the information storage and retrieval
– Days of the Business Process management data mining
• Chief Technology Officer
– Who worries about interconnectivity of systems
• Chief Digital Officer
– Who worries about total usage and management of data
– Big data en IP6
• Data Protection Officer
– EU regulation 2104 applied per 2016:
• Data Protection Directive 95/46/EC
• Company > 250 staff
• Notify breaches to Authorities
• < 24 hrs
SM
Crawford GlobalCrawford
Technical&Services
Company
Anti Virus software
• Fire wall
– N-1
• Anti Virus software
– N
– N-1?
– Response on N-1
• System patches
SM
Crawford GlobalCrawford
Technical&Services
Company
The Contamination
SM
Crawford GlobalCrawford
Technical&Services
Company
SM
Crawford GlobalCrawford
Technical&Services
Company
SM
Crawford GlobalCrawford
Technical&Services
Company
The Contamination
SM
Crawford GlobalCrawford
Technical&Services
Company
Liability starts at First Party
running on Products (Product L + PI)
•
Material damage ? BI / drop of Share price
–
•
Down time and Business Interruption / Loss of Goodwill
–
•
Internal protocols
Back up
USB clause
Virus software clause
Hardware or Data not necessarily at risk location
–
–
–
–
•
Regulation impact
First Party Policy Requirements
–
–
–
–
•
Virus or hacker
Computer Centre
Cloud (Public, Private, Hybrid) & EU Data Protection Directive 95/46/EC
Spread throughout organisation
Revalidation of software
Master policy coverage versus local policy
SM
Crawford GlobalCrawford
Technical&Services
Company
Will your Company be hacked?
• Cyber crime is larger than Narcotics.
– Identity theft: USA 2007 $56 Billion 2011 $ 37 Billion / 8 Million people
– You do not die in the Internet
• Drivers
–
–
–
–
Money transfer/ credit card data
Knowledge / espionage
Competition benefits
Nuisance / power / authority / war
• Risk factors
– External
• Crime
• Nuisance
– Internal
• Content leakage
• Espionage
• Rotation of staff
• Fraud
SM
Crawford GlobalCrawford
Technical&Services
Company
10 Steps to Cyber Security
SM
Crawford GlobalCrawford
Technical&Services
Company
SM
Crawford GlobalCrawford
Technical&Services
Company
10 Steps to Cyber Security
•
1. Secure Configuration
•
5. Managing User Privileges
•
2. Network Security
•
6. User Education Awareness
•
3. Malware Protection
•
7. Home & Mobile Working
•
4. Removable Media Controls
Contractors
&
Consultants
The World
8. Information Risk Management Regime
9. Monitoring
10. Incident Management
SM
Crawford GlobalCrawford
Technical&Services
Company
Incident Management
• Can you shut down? Generally No, unless you are shut down
• Pre-select the appropriate companies, which can review your systems,
and provide direct 24/7 support.
• Bring systems back in control.
• Make an inventory of level of First Party damage, and analyse virus in
back-ups.
• Make an inventory of level of Third party damage, and analyse
commercial and legal exposure.
• Report to insurers & Report to Press.
• Involve loss adjusters, who understand your problem.
SM
Crawford GlobalCrawford
Technical&Services
Company
Cyber Risk team
• Dr Mark Hawksworth, UK
• Mark Vos, CEMEA, Rotterdam
SM
Crawford GlobalCrawford
Technical&Services
Company
Crawford & Company
Many countries
Many languages
Many specialists
Many services
ONE point of contact:
www.crawfordandcompany.com
SM
Crawford GlobalCrawford
Technical&Services
Company