1 / 18

Criminals

Cyber Insurance presentation for: The 2nd Anti Cybercrime Forum Beirut, 29 th November 2016 Alexander Blom, Head of Financial Lines, AIG MENA. Threat Actors. Criminals. Spies. Hacktivists. Insiders. Terrorists. Military. Cyber Risk in the Financial Services Sector.

richardmcclain
Download Presentation

Criminals

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Insurance presentation for: The 2nd Anti Cybercrime ForumBeirut, 29th November 2016Alexander Blom, Head of Financial Lines, AIG MENA

  2. Threat Actors Criminals Spies Hacktivists Insiders Terrorists Military

  3. Cyber Risk in the Financial Services Sector

  4. Financial Institutions Cyber Risk Sensitivity of Data Headline Risk & High Value Targets Regulatory Oversight • Financial institutions are often considered critical infrastructure and systemically important • Money and securities are a high value target both physically and electronically • Reputation is extremely important and a high value / high impact target • Attacks against financial institutions make great headlines • Financial data is a special class much like medical data • Financial data is both inherently valuable and useful for facilitating other threat vectors • Both consumer and commercial customers have sensitive data • Financial data has monetary value both on the black market and intrinsically • Financial institutions are one of the most regulated industries • The combination of increasing data privacy regulatory scrutiny and financial regulatory oversight creates increased challenges to firms • Cost of regulatory compliance in addition to cyber security and operations spend

  5. End-to-End Risk Management Approach

  6. Cyber Loss Spectrum Losses due to cyber events (data breaches, destructive attacks, and other unauthorized access or use of your computer systems)can be categorized into these four quadrants: 3rd Party Damages (To Others) 1st Party Damages (To Your Organization) Financial Damages Tangible (Monetary) Damages

  7. Financial / 1st Party Damages Cyber Loss Spectrum • Response costs: forensics, credit monitoring, notifications, crisis management, public relations • Legal expense: advice and defense • Revenue losses from network or computer outages, including cloud • Cost of restoring lost data • Cyber extortion expenses 3rd Party Tangible (Monetary)

  8. Financial / 1st Party Damages Available Insurance AIG offers this coverage as a part of CyberEdge, in the Event Management, Network Interruption, and Cyber Extortion coverage sections. 1st Party Damages (To Your Organization) 3rd Party Damages (To Others) • Response costs: forensics, credit monitoring, notifications, crisis management, public relations • Legal expense: advice and defense • Revenue losses from network or computer outages, including cloud • Cost of restoring lost data • Cyber extortion expenses 1st Party Damages (To Your Organization)

  9. Financial / 3rd Party Damages Cyber Loss Spectrum • 3rd party entities may seek to recover: • Consequential revenue losses • Restoration expenses • Legal expenses • Their credit monitoring costs • Value of their intellectual property stolen from you • 3rd party entities may issue or be awarded civil fines and penalties. 1st Party Tangible (Monetary)

  10. Financial / 3rd Party Damages Available Insurance • 3rd party entities may seek to recover: • Consequential revenue losses • Restoration expenses • Legal expenses • Their credit monitoring costs • Value of their intellectual property stolen from you • 3rd party entities may issue or be awarded civil fines and penalties. AIG offers this coverage as a part of CyberEdge, in the Security and Privacy Liability coverage section. 1st Party Damages (To Your Organization) 3rd Party Damages (To Others) 1st Party Damages (To Your Organization) 1st Party Tangible (Monetary)

  11. Tangible (Monetary) / 1st Party Damages Cyber Loss Spectrum 3rd Party Financial • Theft of Funds of your monies, securities, funds, etc. • Destruction or damage to your facilities or other property • Reputational Harm to your operation (valuation) • Lost revenues from physical damage or reputational harm • Your Intellectual Property compromise, both value and use

  12. Tangible (Monetary) / 1st Party Damages Available Insurance 3rd Party Financial • Property policies and fidelity/crime policies maycover these cyber-peril losses. • Potential pitfalls: • Silence • Cyber exclusions • Other applicable exclusions (data, terrorism, etc.) • Theft of Funds of your monies, securities, funds, etc. • Destruction or damage to your facilities or other property • Reputational Harm to your operation (valuation) • Lost revenues from physical damage or reputational harm • Your Intellectual Property compromise, both value and use (Traditional) cyber policies typically exclude bodily injury (BI), property damage (PD), Theft of Funds and Intellectual Property & Reputation value loss

  13. Tangible (Monetary) / 3rd Party Damages Cyber Loss Spectrum 1st Party Financial • Mechanical breakdown of others’ equipment • Destruction or damage to others’ facilities or property • Theft of Funds of customers, in your custody • Lost revenues from physical damage • Bodily injury to others

  14. Tangible (Monetary) / 3rd Party Damages Available Insurance 1st Party Financial Other policies may cover these cyber losses; subject to the same potential issues as Property. • Mechanical breakdown of others’ equipment • Destruction or damage to others’ facilities or property • Theft of Funds of customers, in your custody • Lost revenues from physical damage • Bodily injury to others (Traditional) cyber policies typically exclude bodily injury (BI) and property damage (PD)

  15. Addressing Financial Institutions Cyber Loss • Insurance market needs: • A better understanding of the risks, threats and vulnerabilities faced by the financial services sector so that insurance can provide more comprehensive solutions • Further exploration of “cyber as a peril” and how many policies can be impacted (E&O, EPL, Fidelity, D&O, etc.) 3rd Party 1st Party Financial Financial Institutions’ needs: • Clarifications in cyber insurance policies, cyber coverages and additional cyber risk mitigation services • Continually developing insurance offering customized to financial institutions’ needs Tangible (Monetary)

  16. Pricing and Underwriting Considerations

  17. Contact Information Alexander Blom Head of Financial Lines, MENA AIG MEA Limited, Dubai +971 56 681 5564 alexander.blom@aig.com Aisling Malone Professional Indemnity & Cyber Lead, MENA AIG MEA Limited, Dubai +971 56 682 8399 aisling.malone@aig.com

  18. American International Group, Inc. (AIG) is a leading international insurance organization serving customers in more than 130 countries.. AIG companies serve commercial, institutional, and individual customers through one of the most extensive worldwide property-casualty networks of any insurer. In addition, AIG companies are leading providers of life insurance and retirement services in theUnited States. AIG common stock is listed on the New York Stock Exchange and the Tokyo Stock Exchange. Additional information about AIG can be found at www.aig.com | YouTube: www.youtube.com/aig | Twitter: @AIG_LatestNews | LinkedIn: http://www.linkedin.com/company/aig AIG is the marketing name for the worldwide property-casualty, life and retirement, and general insurance operations of American International Group, Inc. For additional information, please visit our website at www.aig.com. All products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Products or services may not be available in all countries, and coverage is subject to actual policy language. Non-insurance products and services may be provided by independent third parties. Certain property-casualty coverages may be provided by a surplus lines insurer. Surplus lines insurers do not generally participate in state guaranty funds, and insureds are therefore not protected by such funds.

More Related