Oct 8
Seminar

October Cyber Liability - Continuing Education - CE Credit

10/08/14 8:00am to 1:00pm

Cyber Liability - Continuing Education Program - Three Hours CE Credit

When: October 8, 2014 8 AM registration - First Class Starts 8:30 AM

Where: Audubon Country Club, 3265 Robin Road, Louisville, Ky 40213

Data security and privacy exposures can result in massive financial loss and reputational damage for organizations and businesses of all sizes, in the public, private, for-profit and non-profit sectors.  Producers, underwriters and claims professionals need to understand the scope and the extent of these exposures and the risk management and insurance strategies available to address them.

We are pleased to announce the Kentucky Chapter of the CPCU Society will be offering a program on Cyber Liability.  The program has been approved for three hours of CE credit for Kentucky and Indiana.  The program itself will be presented by the good people of Zurich Insurance company on behalf of the Kentucky Chapter.  Please see more program information on the Materials tab.

At the conclusion of the educational program at 12:00 noon we will hold a luncheon and are pleased to announce that our speaker will be representatives of the new Louisville professional soccer team.  The speaker will be either the President, Djorn R. Buckholz or the Head Coach, James O'Conner. If possible, both will be joining us.

The cost of the program is as follows:

  • Three hours of CE on Cyber Liability $30
  • Luncheon $20 (lunch is free for dues-paid CPCU chapter members) 

       *     *     *     *     *     *     *     *

Registration

The following people will be attending the Continuing Education Program.  Please list below the names and company/agency of the people attending.  If you want CE credit, please provide your Department of Insurance number.

1.

2.

3.

4.

The following people will attend the luncheon.

1.

2.

3.

4.

Enclosed is a check for $___________

Please mail your registration and check to

CPCU Society

C/O Darlene Phillps

KHA Solutions Group

PO Box 436629

Louisville, KY 40253-6629

 

Event Materials

A GROWING THREAT TO DATA SECURITY

Information, Network Security and Privacy Risk Management

Program Overview

Data security breaches continue to occur not only with alarming frequency, but also with significant severity.  Identity theft continues to rise, jumping 13% from 2010 to 2011.  Close to 12 million adults were victimized by identity theft, and was the number one complaint filed with the Federal Trade Commission in 2011.

It is no longer unusual for single incidents of data breach to involve the compromise of several hundred thousand and perhaps even millions of records involving personal information.  These breaches may also not be discovered for considerable lengths of time.  Heartland Payment Systems provides bank card payment processing services to 250,000 merchants and businesses nationwide.  A massive data breach was apparently launched in 2007, not discovered until 2008 and not made public until 2009.  Over this time period, Heartland has incurred over $13 million in costs associated with the breach, incalculable damage to its corporate reputation, and a 40%+ drop in its stock price.  Predictably, Heartland's directors and officers are the targets of ongoing lawsuits by shareholders, regulators, and other effected parties.

Perpetrators of data breaches range from amateur hackers to political and social activists to organized crime gangs.  While intuition might suggest that larger, more sophisticated organizations would be able to fend off attacks, the reality is otherwise, as major US banks and government organizations (including the CIA and State Department) have been hacked.  The Wikileaks hacks of the military and state departments have revealed extremely sensitive information related to our national security.  In addition to data breaches, liability exposures can include trademark, copyright and/or patent infringement.

Data security and privacy exposures can result in massive financial loss and reputational damage for organizations and businesses of all sizes, in the public, private, for-profit and non-profit sectors.  Producers need to understand the scope and extent of these exposures and the risk management strategies available to address them.

Program Objectives

As a result of this program, the producer will:

  • Understand the scope and extent of network security exposures and that organizations of all sizes are as risk;
  • Learn about the multiple U.S. federal and state privacy laws, and similar privacy laws in effect in the European Union, their requirements, and potential fines and penalties imposed by these regulations;
  • Understand the scope of potential financial and reputational costs associated with data breaches and other privacy-related exposures;
  • Learn the essential components of a network security and privacy insurance contract, definition of insureds, defense and settlement provisions and exclusions;
  • Understand how the underwriting process works in assessing an applicant, and related "best practices" for identifying and quantifying a risk;
  • Understand how the network security and privacy claim is processed, managed and resolved;
  • Learn how to employ a holistic network security and privacy risk management program combining avoidance, reduction, retention, and risk transfer strategies.

 

Program Content

I.  Current and Emerging Risks in Network Security and Privacy (20 Minutes)

a. Types of threats

i. Denial of service

ii. Privacy breach

iii. Extortion threats

iv. Malware

v. Sabotage, defacement and vandalism

vi. Libel, slander

vii. Copyright and/or patent infringement

viii. Income Loss

b. Number of breaches/trends

c. Industry-related breaches

d. Corporate breaches: case studies

e. Perpetrators

i. Criminals

ii. Amateur hackers

iii. Activists

II. Regulatory Environment (20 Minutes)

a. U.S. State and Federal Privacy Laws

i. HIPAA

ii. Gramm-Leach Bliley

iii. Children's Online Privacy Protection Act

iv. Computer Fraud and Abuse Act

v. Fair and Accurate Credit Transactions Act/"Red Flag Rules"

vi. State Laws

b. European Union Data privacy Laws

i. Information Directive of 1995

ii. Directive on Privacy and Electronic                          

III. Costs Associated with Data Security Breaches (10 Minutes)

a. Forensic analysis/damage assessment

b. Expense to secure compromised networks

c. Costs of mandatory notices to consumers and government authorities

d. Credit monitoring services

e. Defense costs and damages

f. Costs of compliance with government investigations

g. Fines (e.g.violations of HIPPA, GLBA, FCRA)

h. Lost business

i. Loss of trust

j. Reputational damage

IV. Liability Risks (15 Minutes)

a. Defamation

b. Invasion of privacy

c. Trademark, copyright, patent infringement

d. Copyright infringement

e. Loss of access

V. First-Party Risks (15 Minutes)

a. Business interruption and CBI

b. Extra expense

c. Digital asset replacement expense

d. Cyber-extortion threats

VI. Network Security and Privacy Insurance/Analysis of a Sample Form (40 Minutes)

a. Why This Coverage is Necessary:  Shortcomings and Deficiencies in the Traditional CGL Form

b. Definition of insured

c. Definition of Loss

i. Privacy wrongful act

ii. Security wrongful act

d. Coverage parts

i. Security and privacy liability coverage (third party)

ii. Privacy breach cost coverage (first party)

iii. Business income and dependent business income loss coverage (first party)

iv. Digital asset replacement expense coverage (first party)

v. Cyberextortion coverage (first party)

vi. Internet media liability coverage (third party)

e. Defense and settlement

f. Other insurance

g. Exclusions

VII. Underwriting and Application Considerations (20 Minutes)

a. Recommend participants

i. Chief Information Officer

ii. Chief Privacy Officer

iii. High level information technology officer

b. Identifying and quantifying the risk

i. Business activities

ii. International exposures

iii. Organization and governance

iv. Network security

v. Data management

vi. Incident response

vii. Business continuity planning

viii. Loss history

c. Industry classification

d. Implications for regulated industries (healthcare, financial, commercial retailers)

e. Developing the rating basis

f. Completing the application

g. Using endorsements to modify policy terms

VIII. Handling the e-Claim (20 Minutes)

a. First party claims/Third-party claims

b. Actions for injunctive relief

c. Selection of defense counsel

d. Consent to settle and the hammer clause

IX.  Data Security Risk Management (20 Minutes)

a. Risk management options

i. Avoidance

ii. Reduction

iii. Retention

iv. Transfer

b. Network security "best practices"

X.  Conclusions/Q & A

TOTAL TIME:  180 MINUTES/ 3 HOURS 

 

Presentations

PDF icon October 2014 Cyber Liability.pdf