As courts across the country grow increasingly inconsistent in their decisions impacting cyber litigation, plaintiffs and putative classes continue to find venues to pursue legal theories that have otherwise failed while simultaneously introducing novel theories, pushing the boundaries of constitutionality and justice under the guise of privacy and data security. This presentation will first discuss hot topics in cyber litigation, including increasing IoT and product liability claims, related biometrics litigation, and increasing professional liability claims arising from ransomware/phishing schemes. There will be evaluation of current trends and inconsistencies opening the door to theories of liability both new and old. And, discussion of strategies successfully implemented in defending against these claims, including the impact of Spokeo related decisions across the country will be reviewed. There will also be review of the future of cyber litigation, including increasing securities class actions, claims arising from cyber crime, such as swatting and jackpotting, and the impact of GDPR and related enforcement actions.
Takeaways:
• Know important updates impacting the cyber litigation landscape and resulting defense strategies, key among them being risk transfer to third parties
• Learn the resulting impact on cyber coverage and claim management
• Find out about future expectations and trends to look for
The panel will walk the audience step-by-step through a simulation of the aftermath/remediation of a system-wide ransomware attack that significantly disrupts business operations and also results in the exfiltration of sensitive data from the system. At each step of the remediation process, presenters will discuss best practices, preventative steps and security/system controls that, if implemented, would have mitigated the incident’s impact with a focus on the insurance, legal/compliance and forensic perspectives.
This session will offer four different perspectives on the evaluation of cyber business interruption. From the legal, forensic, insurance and broker perspectives, the audience will learn the complexity in handling BI cyber loss, including the data associated with measurement of loss, what's covered and where, and the techniques utilized to measure the business interruption. The panel will also address the importance of establishing the cause of disruption, what time period is covered for ongoing business interruption and factors considered in determining the return to normal operations. Aggregation will also be addressed dealing with supply chain and contingent BI risk while dealing with external factors in BI calculation involving industry and market trends. Panel will further address the challenge of insuring reputation and the fact that it cannot be measured accurately versus a simple reduction in revenue. Lastly, there will be a discussion on the methods of calculating loss and how they are governed by available data and the nature of business and losses suffered.
Takeaways:
• Cyber BI claims are complex and are driven by numerous forensic and business factors
• Presentation of BI cyber claims must be clear, concise, and easily definable and substantiated
• Understanding what BI is covered under one’s cyber policy is of utmost importance when dealing with a cyber BI loss
With the acceptance of cyber insurance policies as the go to coverage for cyber events, this panel will explore the silent cyber coverage that may exist in policies such as professional E&O, property and CGL for cyber risks, and how to coordinate coverage in those situations when more than just a cyber policy responds to a cyber event.
The cyber insurance business is no longer a small niche of insurance, but an essential aspect of nearly every insurer’s selection of product offering. What separates one cyber insurance policy from another is no longer just a matter of examining competing insuring agreements or definitions. More than ever, policyholders demand to know about the readiness, depth and sophistication of the people that will actually be handling a cyber claim in the event of an occurrence. An efficiently and appropriately handled cyber event reduces costs and mitigates future harm from regulatory investigations and third-party liability.
The content of this panel is ideal for insurance professionals looking for a competitive edge on cyber preparedness; other claim professionals looking to sharpen their own claim handling techniques; as well as, private counsel looking for lessons to bring home to their clients when counseling on privacy and cyber matters.
A careless vendor. A misplaced laptop. An employee whose been phished. The human element remains an overwhelming cause of cyber risk, with a staggering 58% of the claims included in this year’s Willis Towers Watson’s Reported Claims Index directly attributable to employee negligence and/or malfeasance. What role do low employee engagement, skills shortage, and talent deficit in IT departments play in creating cyber vulnerabilities? How can HR leaders, working with CISOs and corporate risk managers, help to mitigate this risk? In this session, our panelists will talk about their approach to cyber, how they address the people issues associated with cyber risk, and how HR, IT, and Finance work together to address the issues.
Takeaways:
• Learn how different departments within an organization can work together to create a cyber-smart workforce and build an effective risk management strategy.
• Learn why the human element is so vital to an organization’s integrated approach to cyber risk.
As cyber criminals become more sophisticated and better organized, the threats that financial services companies are facing are happening with greater frequency and in many cases companies are powerless to prevent the threats. Financial services companies have over invested on the technology and capabilities that are required to secure the enterprise ("left of the boom"), while at the same time have under estimated in areas such as incident management and orchestration ("right side of the boom") which leaves them highly vulnerable to respond to a major cyber security incident.
This session will explore the role of vulnerability disclosure programs in managing cyber risk. Technology vulnerabilities are among a company’s greatest risk exposures but are all too often discovered only after the damage has been done. Working with ethical hackers helps companies discover and manage vulnerabilities before they become significant problems. The session will educate risk managers about how sophisticated organizations are utilizing these programs and offer examples of critical lessons learned that have prevented breaches. We will also role-play the different outcomes for companies that bury their head in the sand versus those that enlist the global community of security researchers. Don’t be the ostrich!
When it comes to data breaches, the growing perception among corporations isn’t “if” a breach will occur, but “when.” As companies prepare for the inevitable by investing in cyber liability policies, it’s vital that insurance carriers, claims professionals, and panel counsel are aware of what’s involved in an effective response. This lively panel discussion will examine data breach response to help attendees understand:
the roadmap involved in a response to a data breach;
the common potholes that can deflate the reserve and blow out the budget…and how to avoid them;
the best route to staying on course for an effective and efficient response to a data breach.
The EU’s General Data Protection Regulation (GDPR) is a privacy regulation unprecedented in scope and importance to corporate entities that collect or process EU resident data. Yet, until it becomes fully active on May 25, its potential impact – including the fines and penalties piece on the forefront of everyone’s minds – will be difficult to discern. Five months later, we’ll have the benefit of hindsight to assess enforcement, compliance parameters, and insurance claims.
Takeaways:
• Know GDPR requirements and scope of the regulation.
• Coverage: How cyber policies have responded so far to the GDPR, and how they might need to be realigned going forward.
• Non-Compliance Enforceability: Know if the fines and penalties proposed under GDPR have real teeth.
• Insurability: Legal determinations, member-state guidance, and other issues potentially affecting insurability of GDPR fines and penalties.