Category Archives: Cyber Risk Insurance

A Briefing on Cyber Insurance for the Compliance Office

Nymity, a global research company specializing in compliance tools for the privacy office, asked me to offer my thoughts on Cyber insurance from the perspective of the Chief Compliance Officer.  The idea was to provide the non-insurance professional with key information about:

  • The coverages available,
  • The risks of not buying coverage,
  • Why so many organizations don’t buy coverage,
  • Coverage traps to avoid,
  • Value-added risk management services, and
  • Five recommendations for buying coverage

Nymity allowed me to publish it in this blog, so here it is: What is Cyber Insurance Interview

I’d like to thank Nymity for making this information available to the Compliance Officer profession.  There are many parties interested in the purchase of a Cyber policy; helping get the word out to all of them is vital.

Please click here for more information about Nymity.

RIMS Cyber Insurance Session Tuesday 9-11 AM – Cyber 3.0: Cutting-Edge Advancements in Insurance Coverage for Cyber Risk and Reality

I’ll be on the panel at this Innovative Level session on advanced Cyber insurance, addressing our vision of what Cyber needs to be, both for the benefit of insureds and of insurers. If you are attending, please feel free to come up to the podium after the session to say ‘hi’.
Here is the session description:

Category: Insurance and Contract Management
Level: Innovative
Date: Tuesday, April 29, 2014
Time: 9:00 AM – 11:00 AM
Room: 607

Cyber attacks are on the rise with unprecedented frequency, sophistication and scale. They are pervasive across industries and borders. Network security alone cannot fully address the issue-no security system is impenetrable. Every organization is at cyber risk, but not all understand the vital role that insurance can play. Some mistakenly assume that cyber insurance is primarily for financial, health care or retail institutions. Yet, the U.S. Securities and Exchange Commission advises that all disclosures should include a description of “relevant insurance coverage” for cyber risk. This session is hosted by RIMS Pittsburgh Chapter.
Learning Objective:

Explore the newest cyber insurance products.

Assemble a best practices checklist to facilitate successful placement.
Know how to enhance off-the-shelf insurance forms through negotiation.


Ellen Holland, Chief Risk Officer, Oregon University System
Roberta Anderson, Partner, K&L GATES LLP
Roberta Anderson, Partner, K&L GATES LLP
Richard Betterley, President, Betterley Risk Consultants, Inc.
Mark Camillo, Head of Network Security & Privacy Products, Americas, AIG
Risk Manager
Debra Samuel, Manager, Insurance Risk Management, Alcoa Inc.

Contingent Business Interruption and Cyber Events

Recently it was reported that conventioneers attending 2 different Boston conferences are believed to have suffered credit card thefts.  The convention center and various local establishments (hotels, restaurants, etc.) denied that they were the source.

But what got my attention was the comments from attendees that they might think twice about coming to Boston-based on these thefts.  Silly? Yes. It could (and does) happen anywhere.

And it reminded me – when it comes to cyber security, we are all part of one big community.  The losses of one can affect the businesses (and security and contentedness) of other members of their community.

How should (or can) cyber insurers help their insureds protect against the cyber losses of others in which the insured isn’t even involved?  This goes beyond ‘traditional’ contingent cyber interruption.

Your comments are welcomed.

Specialty Insurance Year End Wrap-up Webinar 12/12 at 11 AM by Advisen

Please forgive me for a bit of self-promotion, but this program should be really good; I already learned a lot from our panelists’ conference call.

On Thursday morning, December 12 at 11 AM (eastern time), I will be on a panel moderated by Advisen’s David Bradford to review the trends and developments of 2013 in Specialty Lines insurance. The panel of experts will also provide insight into 2014 & beyond. This free, one-hour webinar is sponsored by OneBeacon Professional Insurance; registration is here.

The panel includes:

  • Paul Romano, President, OneBeacon Professional Insurance
  • David Lewison, National Practice Leader, AmWINS
  • Rick Betterley, President, Betterley Risk Consultants
  • David Bradford, President, Research & Editorial division, Advisen (moderator)

The economy continued to improve in 2013, which generally benefitted the insurance market. For specialty insurers, however, the year posed a number of challenges. Healthcare reform continued to reshape the risk landscape of hospitals and other healthcare organizations. Lawyers continued to feel the fallout of the credit crisis and recession as claims activity remained above historical averages. Network security challenges further evolved in the endless cat-and-mouse game between cyber criminals and system security experts.

This webinar will review the trends and developments of 2013 in “Specialty Lines” insurance. Our panel of experts also will provide their insights into the factors that will influence the market in 2014 and beyond.

Hope you can join us!

PLUS Conference – Cyber 3.0 Follow Up Interview

At the risk of overdoing the ‘look at me, I spoke at PLUS’ image, here is a link to the PLUS blog follow-up interview, in which I capture the essentials of Cyber 3.0.

In all seriousness, this is important stuff – Boards of Directors, Washington, investors, and customers all want assurance that organizations are doing the right things to protect themselves.  I hope the interview helps them do so.

And – credit to our panel at PLUS, which provided depth and context to this idea. Thanks again, Lori, Kristen, Jeremy, and Jeff, as well as to PLUS for its support for this superb conference.

The Victorian Con Artist’s Approach to Spam (obviously pre-email)

I generally don’t like posting a link to another well-known publication, but this article in The Atlantic about spam and con artists in the days before email is a good reminder of the ‘wishful thinking’ problem in network security.

Although why they also picked on DEC is beyond me.

Here is the link.

I’ll Be Moderating the Cyber 3.0 Panel at PLUS Next Week

Wednesday morning 8:30 – 9:45 I will be moderating Cyber Liability 3.0: Cutting Edge Advancements in Coverage and Services.  In addition to my introductory remarks covering the concept and progress to date, my panelists will be offering their insight into the concepts involved, including the avoidance and control of potential breaches and other forms of loss.

Our panelists are:

  • Lori Bailey – Zurich’s Global Head of Professional Liability
  • Kristen Dauphinais – Underwriter at Beazley
  • Jeremy Henley – ID Experts’ Insurance Solutions Executive
  • Jeff Stull – Risk Analytics’ Founder and Chairman

Here are some of those topics:

  • Is the Highly Protected Risk Model Useful for Cyber Insurance?
  • Can HPR approaches be effective in Cyber?
  • Are the costs justified by reduced losses?
  • Do they improve customer retention?
  • The Latest in Data Theft – How the Black Hats are Stealing Your Insured’s Data
  • Why Firewalls Fail
  • The role of governmental actors
  • Are there so many breaches that it just doesn’t matter anymore? 
  • Helping Insureds Help Themselves
  • The latest in coverage design
  • International policy differences
  • Is Active Defense Successful – and is it practical?
  • Difference between “offense” and “proactive defense”
  • Are live privacy expert services effective in reducing exposures?
  • The Small- and Mid-sized Market
  • Is a live privacy expert viable in the SME market?

If you are attending the program, please come up afterwards and say ‘hi’?  I’ll be zooming off for a video interview right after the program but should be able to linger for a few minutes.