1 / 36

At First Glance

Cyber Insurance (a.k.a. Technology Insurance) Linda Kay Monks Center for Information Security Department of Computer Science University of Tulsa, Tulsa, OK 74104. At First Glance. I didn’t know this type of thing existed What? What is it? That sounds boring Compensation culture

rance
Download Presentation

At First Glance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Insurance(a.k.a. Technology Insurance)Linda Kay MonksCenter for Information SecurityDepartment of Computer ScienceUniversity of Tulsa, Tulsa, OK 74104

  2. At First Glance • I didn’t know this type of thing existed • What? • What is it? • That sounds boring • Compensation culture • Is this just another way for the rich to make more money? • Is this just another way to rip hard working people off who can’t even afford health insurance? • Fraud? rip off schemes (McD’s Coffee, pc ins?) result in raising rates, affecting society

  3. Overview • An insurer is a company selling the insurance • An insured or policyholder is the person or entity buying the insurance policy • The insurance rate is a factor used to determine the amount to be charged for a certain amount of insurance coverage, called the premium, based on risk

  4. Insurance Defined • In law and economics, insurance is a form of risk management primarily used to hedge against the risk of a contingent loss. • Defined as the equitable transfer of the risk of a loss, from one entity to another, in exchange for payment.

  5. Auto Home Health Accident Sickness Unemployment Casualty Property Life Liability Malpractice Business Method Patent (new assurance products can now be protected from copying) Traditional Policies

  6. Aviation Boiler (equip/machinery) Earthquake Flood Landlord Marine (ships, cargo) Volcano (damage-Hawaii) Windstorm (tornado) Prize Indemnity game shows Terrorism insurance provides protection against any loss or damage caused by terrorist activities Other Policies

  7. Insuring People That Matter • Employers of: • Formula One racing drivers • Hollywood actors • Musicians • often take out insurance against the risk that • star performers are unable to work because of • sickness, an accident or even scandal

  8. Specialized Policies • Entertainment Industry • Artists and Promoters • Filmmakers- James Bond • Film production insurance package covers has 13 key areas of cover including: employer’s liability; key person insurance; accident or injury to cast members and crew; damage to negatives; equipment hire; and props. • Las Vegas- Live Music Events • Madonna, Pink Floyd, Rolling Stones • Sports • Olympics, 21st Century Contingency Planning

  9. Hands Rolling Stones guitarist Keith Richards Pianist, Liberace Legs Fred Astaire Betty Grable Chest Hair Teeth Actor Ken Dodd Key Man Policies • Organizations covered • - if loss of major asset leads to a loss of money • - Legs, hands, voice, teeth, chest hair, • Famous celebrities • - depend on aspects of themselves for their fame • - if they become disabled lose that item, they lose their livelihood

  10. Today’s Companies At Risk • Evolution of Internet and way businesses operate has opened society for new attacks • If you have a: • Web site • Email/Internet Access • Credit Cards • Networked System • Sensitive Information • Courier service, third party vendor

  11. Increased Threats • Theft • Vandalism • Natural Disasters • hurricanes • earthquakes • tornados • Power Outages • Loss of Income, Business, Downtime • Disgruntled employee • Corporate Espionage • Secure Information

  12. Threats • Locking office doors doesn’t ensure unauthorized access to sensitive documents

  13. More Threats • Hackers, viruses, attacks on authenticating systems, intrusions, defacing websites, phishing, identity theft • Surveys reveal 90% of businesses and government agencies have detected security breaches • 75% of these result in financial loss • 34% admit to less-than-adequate ability to identify if their systems have been compromised • 33% admit lack of ability to respond

  14. Performance Crash • Feb. 2000 Coordinated denial-of-service attacks –prevented 5/10 most popular websites from serving customers • Perceptions changed after 9/11 • 2001 Three serious worm attacks in 3 months • Code Red -July, Nimdia-Sept, Klez-Oct • Global slow down of internet, measured at 60% degradation in performance • Slammer Worm 2003

  15. Managing Risks • Uncertainty of cyber-risks • Poses unlimited threat for damages • Planning and preparation • Consider the risk in all areas • Manage risks • Avoid the risk • Retain the risk • Mitigate the risk • Transfer the risk for a fee (obtain cyber insurance)

  16. Avoid the Risks • Reduce exposure to threats by no connectivity • not maintaining any dependence on networked computers, internet, website presence

  17. Retain the Risks • Make an informed, conscience decision • Is it more cost effective to absorb any losses intentionally or are other risk mgmt options not affordable • Retaining the risk may be the only financial option, don’t be risk-seeking

  18. Mitigate the Risks • Use managerial and technical processes • Invest in people and devices to • Identify threats • Prepare counter-measures • Continually improve security processes

  19. Transfer the Risk • To a third party licensed insurance company for a fee • Engages insurance to act as intermediary and conduct smooth payouts for uncertain events and spread variable costs into periodic costs

  20. Options • Take a risk management approach • Disburse the risks utilizing all approaches • Use product warranty or service contract • Conduct internet presence • Do not take internet transactions

  21. What is it? • Cyber coverage- offered in traditional polices • Property and Theft • Offered in millions • Based on • Destruction of Data or Software • Recovery from viruses or other malicious code • Business interruption • Denial of service attacks • Data theft • Cyber extortion • Losses due to terrorists acts

  22. Evolving Insurance • New type of policy, reactionary • 1990’s, Early Hacker Policy • Cyber Insurance started spreading 2002, eight years old • Love Bug virus 2000 affected 20 countries, 45 million users, cause 8.75 Billion in lost productivity and software damage • Slow Growth • Companies don’t want to report security breaches • Result • standardized insurance prices hard to come by

  23. Cyber Insurance Market Growth

  24. Cyber Insurance Coverages • Traditional Policies • Normal Liability policies cover physical property • Computer • Lightning, reimbursed • Virus destroys data, downtime, may/may not be covered • Cyber Insurance • Writes policies that deal directly with technology • Tailored to fit company needs

  25. Coverages cont’d • Liability • Network Security Liability • Content/electronic media injury • Privacy/breach of confidentiality liability

  26. Insurers • Narrow Coverages to target consumers • May seek to spread risk over different hardware and software platforms • Large and small organization • Bases questions on the Internet and connectivity

  27. Do We Need This? • Cyber Insurance- Conduct Self-Evaluation • Dependent on networked computer assets • Produces vulnerability in the market place • Need and demand protection against cyber risks • Focus on security, technical prevention of cyber attacks • Must manage risks as reality • Do we possess patents, trade secrets

  28. Insurance Evaluation • First and foremost question: • Look at company’s Network Security • No firewall, no anti-virus, NO POLICY • Market segments • Requires company to do security assessment of current conditions of technology

  29. Security Assessments • Large Corporations • Require third party assessments • At company expense • 16 page+ checklist • Security configurations • Documentation of security plans • Password Management • Backup Procedures • Much more

  30. Security Assessments • Small Companies • Self-Assessment • 1-2 page checklist • Basic security procedures: • Anti-virus software • Do you update the virus definitions • Use firewall • Conduct regular backups

  31. Redundancy in Policies • Auto Policies- don’t carry two • Cyber Policies • Don’t buy if already covered • Look at current policies • Does general liability cover physical damage to computers? • Does your computer have manufacturer’s warranty • Have current agent strike physical property from the current policy, reduce premium. • Don’t include things you won’t need • Restaurant has a web site but not a message board, don’t need libel insurance

  32. Benefits • Insure our people that matter: company, stakeholders, stockholders money • Produces peace of mind • Saves money, transfers risk • Increases safety /self-protection • Helps facilitate new standards of liability • Prevent legal liabilities, lawsuits

  33. Insurance Companies • More specialized insurance • Companies that offer Cyber Insurance: • American International Group (AIG) Inc’s NetAdvantage • Lloyds of London e-Comprehensive • InsureTrust.com • J.H. Marsh & McLennan • Sherwood • Many online companies • Not many traditional insurance providers like Allstate, Prudential, Nationwide, or State Farm

  34. Price Points • Policy Coverages • $ 5,000 –over 15 million • Typical Cost of a policy • Hundreds for a $5,000 policy • $5,000 to$60,000 per $1 million, however, standardizing policies and pricing is difficult and a critical challenge for some insurance companies to determine • Can’t apply brick & mortar costing for digitized assets • Cost includes info on company’s size, revenue, risk

  35. In Conclusion • Other industries find it necessary to cover risks through insurance • Common Sense, aggressive approach to security in the front of the house • Growing demand dictates that cyber insurance products could become over a 2.5 billion industry

More Related