190 likes | 338 Views
Technology Media Communications Industry Session. Introductions for Networking Discussion: Deciphering the E&O/Cyber Policy Download slides and handouts at www.rims.org/RIMS14 Or use the RIMS 2014 App (Session # IND021 ). What to Expect Today.
E N D
Technology Media Communications Industry Session Introductions for Networking Discussion: Deciphering the E&O/Cyber Policy Download slides and handouts at www.rims.org/RIMS14 Or use the RIMS 2014 App (Session # IND021)
What to Expect Today • 1. Networking & Optional Exchange of Contact Information • 2. Trends & Implications • Group Challenge • Cyber Coverage Terms • 5. Where is the E&O/Cyber Policy today • Proactive Measures to Manage Risk • RIMS 2015 – Topics for next Tech/Media/Comm Session • Takeaways: • Glossary of E&O/Cyber coverage terms • Sample Provision Wording
Introductions for Networking – Speakers • •Tim Burke – Marsh FINPRO • West Zone Practice Leader - Commercial Errors & Omissions • •Holly Daley – Willis San Francisco, Tech Media Telecom Practice Former Risk Manager: Hitachi Data Systems, PG&E, Park Lane Hotels • •Lora Figgat – NetApp, Risk Manager, Sunnyvale • Former Risk Manager: Symantec Corporation • •BertWells – Partner, Covington & Burling LLP, New York • Policyholder-Side Attorney – Insurance Recovery – • Transactional Matters – Policy Enhancements
Introductions for Networking – ParticipantsYour Name / Company / LocationDownload slides and handouts at www.rims.org/RIMS14Or use the RIMS 2014 App (Session # IND021)
Macro Trends • High profile data breaches • Increasing centrality of privacy & IT security • Regulatory scrutiny & evolving legal landscape • Supply chain risk
The Compliance ScrambleMismatch Implications • Vendor scrutiny • Contractual risk transfer • Indemnification • Insurance requirements
E&O/Cyber: Additional Insured Status • a. You as Customer perspective • Why you require AI status from your customers/partners • When your customer/partner will not meet your requirement • b. You as Vendor perspective ● Why your customer requires AI status of you as their vendor/partner ● As a vendor, should you provide AI status to customers/partners • c. Additional insured endorsements
Where Is the E&O/Cyber Policy Today? • Standardization - ISO, markets • E&O blend vs. stand-alone • Prior acts - average discovery lag 253-days • Menu of coverage pieces available: • typically offered • by special request
Deciphering the E&O/Cyber Policy • Network Security & Multimedia Liability • Cyber Security Liability • Computer Security Insurance • Network & Information Liability • Commerce or Internet Security Insurance • Privacy & Network Security Liability • Intellectual Property Insurance • Internet Security Liability • Privacy and Security Insurance • Cyber & Crime Liability • Data Insurance
Deciphering the E&O/Cyber Policy – Glossary • Glossary of cyber insurance terms
Role Play:What will you do differently next time? • Let’s open dialogue within the group this morning. • Chime Your CEO just sent you an email … • To open: Please turn your chairs into groups of 8-10.
Role Play: What will you do differently next time? • Congratulations on your brand new job in the Risk Management Department of • Arrow Stores • Following a highly-publicized data breachresulting in a 40% sales decline – and attributable to a vendor’s security lapse – your CEO asks your Risk Management team to get the company back on track. Here is your new email: • Please join me for lunch today in my office at high noon. I would like hear from your team: • Hindsight – Two steps or protocols Arrow could have implemented to avoid this mess. • Lessons Learned – Two steps or protocols you propose we start developing this afternoon. • Perry N. Arrow • CEO • Arrow Stores, Inc.
Risk Management – Best Practices • Create Tools to manage contract requirements • Provision Templates • Playbook • Escalate to RM as advised (per SOW, regions, fallback/fallforward) • Distribute to stakeholders • Post on RM site • Training and partnering: Legal, Procurement, Sales, Finance • Develop response protocols • Incident reporting directions (coverage assessment) • Breach response plan: spokesperson, notification process, legal team identified • Breach tabletop exercise
Playbook– Prepared Responses to Your Customers’ Requirements & Requests (Hypothetical Example Below)
Sample Contract Provision for Cyber Insurance • Vendor shall procure and maintain the following insurance: • Errors and Omissions Liability Insurance to cover loss arising from errors and omissions in the performance of all Services hereunder, including loss arising from destruction of data, in an amount of at least [$_______] per occurrence. • Cyber-Risk, Network Security, or other coverage (regardless of name) to cover the first-party losses and liability of Customer arising from breaches of security of data or computer networks of Vendor or Customer due to Vendor’s acts, errors and omissions, including such losses arising from [specific events or causes]; in an amount of at least [$_______] per occurrence. • [Other types and amounts of coverage as may be required.] • Each such liability policy shall name Customer as an Additional Insured for such liability of the Customer, and each such first-party policy shall name Customer as a Loss Payee. Such insurance shall be worldwide; primary and non-contributing with respect to any insurance or self-insurance of Customer, subject to the reasonable advance approval of Customer and issued by insurers having ratings reasonably satisfactory to Customer.
Actionable Points & Issues To share with your brokers, insurers, legal teams • Review coverage wordings • Bring key IT personnel to underwriting meetings • Discuss the reality of claims process
Wrap Up and Q&A • Q&A
Our Next Session: RIMS 2015 in New OrleansBrainstormTopic ideas for our next Tech Media Communications Industry SessionThank you