Allianz Global Corporate & Specialty SE EMERGING RISKS AND THE FUTURE OF CYBER...
Transcript of Allianz Global Corporate & Specialty SE EMERGING RISKS AND THE FUTURE OF CYBER...
Nobuhle Nkosi
Victoria Falls, 13 November 2017
Allianz Global Corporate & Specialty SE
EMERGING RISKS
AND THE FUTURE
OF CYBER
INSURANCE
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 2
CONTENT 01 ALLIANZ RISK BAROMETER
02 CURRENT CYBER LANDSCAPE
03 FUTURE CYBER LANDSCAPE
04 CYBER PROTECTION AND RISK MANAGEMENT
05 CYBER INSURANCE SOLUTIONS
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 3
ALLIANZ RISK BAROMETER 2017 TOP GLOBAL BUSINESS RISKS
Top 10 and Top emerging risks for the long term
What are your top emerging risks for the long-term future (10yrs+)?
Source: Allianz Global Corporate & Specialty. Figures represent the percentage of answers of all participants wo responded (1,237). Up to three answers possible.
42% Cyber Incidents
40% New technologies
33% Market developments
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 4
1%
7%
9%
9%
11%
20%
45%
49%
61%
Other
Extortion
Notification costs
Website downtime
Subsequent requirement fromregulatory bodies
Loss of IP/trade secrets
Damages to be paid due to loss ofcustomer data
Business interuption
Loss of reputation
ALLIANZ RISK BAROMETER 2017 TOP RISKS IN FOCUS: CYBER INCIDENTS (#3)
Top risks in Focus
Which cyber risks are the main cause of economic loss?
Cyber incidents continues an impressive five-year climb
up the Risk Barometer list (30% of responses)
• Concern is increasing because
– It is still largely an unknown risk
– It is not isolated to a particular segment
– It spans different industries and sizes of companies
• Data protection rules becoming increasingly tough as
government agencies bolster cyber security
• Cyber insurance still-evolving to include many areas of
protection like business interruption, privacy and data
breach
Source: Allianz Risk Barometer 2015. Figures represent the percentage of all eligible responses to the questions (127 in total). More than one risk selected.
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 5
CYBER LANDSCAPE: ZIMBABWE R: TOP LONG TERM RISK CYBER THREAT REAL-TIME MAP: OCTOBER 2017
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 6
Business interruptions (BI), intellectual property theft
and cyber-extortion risk potential increasing. BI costs
could be equal to – or exceed-breach losses
CURRENT CYBER LANDSCAPE TOP 5 TRENDS IN CYBER RISK
Increasing interconnectivity and “commercialization” of
cyber-crime driving greater frequency and severity of
incidents, including data breaches
Data protection legislation will toughen globally. More
notifications and significant fines for data breaches in
future can be expected
Vulnerability of industrial control systems poses
significant threat
No silver bullet solution for cyber security
The cyber risk landscape today …
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 7
CURRENT CYBER LANDSCAPE COST OF A BREACH
A Ponemon Institute and IBM 2016 comprehensive
study resulted in the following findings:
• $4Mn was the average total cost of a data breach
(across Financial Institutions as well as commercial
companies involved in this study), taking into the
account all of the known Cyber events experienced
by the sample set of 383 companies during fiscal
2016. $158 per record
Source: McAfee - Global Cost of Cyber-Crime report 2014
“There are 556Mn cybercrime victims a year which equates to more than
1.5Mn per day or 18 victims per second" ( Norton cybercrime report)
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 8
CURRENT CYBER LANDSCAPE REGULATION
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 9
CURRENT CYBER LANDSCAPE (CONT’D) REGULATION
Here’s a copy of Zimbabwe’s draft Data Protection Bill, the law meant to protect you from data theft
Source: ww.techzim.co.zw 2016/08
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 10
CURRENT CYBER LANDSCAPE BUSINESS INTERRUPTION
With more companies increasingly reliant on
technology, business interruption exposures are
becoming ever more significant; particularly in
sectors such as telecoms, manufacturing,
Healthcare, transport, media and logistics.
BI triggers following Cyber event:
• Cyber attack – Ransomware/DDoS
• Technical Failure
• Human Error
• Regulatory
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 11
CYBER LANDSCAPE THREATS
Potential risk scenarios from cyber-attacks/incidents
• Critical data lost
• Customers may be lost and business interrupted
• Property change
• Theft
• Adverse media coverage/damage to reputation/lower market share – 71% of
customer said they would leave an organization after a data breach
• Regulatory actions and associated fines and penalties
• Profits impacted/value of shares may fall
• Loss of trade secrets/confidential information
• Extortion
• Breach of contract
• Product recall
• Notification costs and other response costs: i.e., forensic IT
• Network security liability
• Directors’ and officers’ liability
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 12
CYBER LANDSCAPE FUTURE TRENDS 5 FUTURE CYBER RISK TRENDS
Business will be increasingly exposed to – and focused
on – supply chain cyber risk
Cyber insurance market could be worth $20Bn+ by
2025
Liability and data protection risks dominate market
today but demand for, and take-up of, business
interruption cover will grow over next decade
Financial institutions, energy, utility, transport and
telecommunications sectors to lead widening demand
A catastrophic cyber loss is increasingly likely.
Governments, businesses and insurers will need to
collaborate to protect critical infrastructure
Cyber risk 2025 –
the next 10 years …
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 13
CYBER LANDSCAPE FUTURE TRENDS 5 INTERCONNETED CYBER THREATS
Cyber criminals will exploit increase in interconnectivity
between machines in the supply chain, creating new
exposures
Estimates suggest a trillion devices could be connected
by 2020
“The Internet of Things” will exacerbate cyber
vulnerability, bringing increasing potential loss and data
breaches
As technology evolves, aging hardware also become
vulnerable to attack
Cloud computing can create systemic risk
Emerging Risks:
Impact of technology
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 14
CYBER SECURITY AND PROTECTION TOP 5 CYBER RISK MITIGATION TIPS
Implement a crisis response or breach response plan.
Test it.
Identify key assets at risk and weakness such as the
“human factor” or over-reliance on third parties
Create a culture of cyber security and a “think-tank”
approach to tackling risk – different stakeholders from
the business need to share knowledge
Consider how merger and acquisition activity and
changes in corporate structures will impact third
party data
Make decisions around which risks to avoid, accept,
control or transfer
• Cyber prevention
should be part of good
Risk Management
• It estimated that 80% of
Cyber attacks can be
prevented or mitigated
by basic information
risk management
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 15
Implement an effective governance structure, maintain board engagement and produce appropriate
information security policies which should include
User education and awareness training
Monitoring policies and procedures for all networks and systems
Incident management procedures, including response and disaster recovery
Network security policies and procedures 05
Management and control of user privileges
Secure configuration guidance
Malware protection procedures
Control of removable media usage
Monitoring of mobile and home working procedures
CYBER SECURITY AND PROTECTION 10 STEPS TO CYBER SECURITY
01
02
03
04
10
09
08
07
06
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 16
CYBER RISK AND INSURANCE TOP 5 TRENDS IN CYBER INSURANCE
Cyber insurance market needs volume and
diversification. More segmentation in future with
insurers specializing in certain sectors
Exclusions in traditional policies will become more
commonplace. Standalone cyber product to be the
main source of liability cover
Cyber concept and wordings will be tested, potentially
resulting in litigation
Lack of education is an obstacle to growth – both in
terms of businesses’ understanding of exposures and
underwriting knowledge
In the event of a cyber security incident a speedy
response and use of third party experts can mitigate
losses
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 17
• Standalone cyber insurance market will continue to evolve but
development will bring challenges
• Many concepts and wordings yet to be tested and may
potentially result in litigation
• Education – both in terms of businesses’ understanding of
exposures and underwriting knowledge must improve if insures
are to meet demand
• Other challenges exist around pricing, modelling of risk
aggregation and incidents resulting in physical damage
• Currently 90% of premium income is from the US
• The current market is expected to grow by double digits figures
year on year and could reach $20Bn in the next 10 years
• Insurers buyers by industry – Healthcare, Retail,
Telecommunications, Manufacturing, Financial Institutions,
utilities, energy, transport
CYBER RISK AND INSURANCE
Cyber
insurance
market $2Bn
Global
Insurance
Penetration
10%
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 18
WHAT IS CYBER INSURANCE?
Policy Construction
IT response costs
First Party Coverage Third Party Coverage Regulatory Coverage
Cyber Extortion
Business Interruption
Breach Response Costs
Privacy Liability
Network Security Liability
Medial Liability
E-payment
Regulatory Investigations
Fines & Penalties
Defense Costs
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 19
WHO NEEDS COVERAGE?
Many organizations are in the dark over their true exposure, or if they even have exposures. Here are some key
elements that many companies overlook:
Everyone is a target
Size doesn’t matter …
Almost two-thirds of all
targeted attacks hit small-
and medium-size
businesses, according to
cyber security firm
Symantec. Small
companies are increasingly
targeted because they can
provide a backdoor into
companies with more
robust systems
Exposure
Is my company a Data Owner?
Does my company process credit cards (even if outsourced)?
Do I have access to other companies‘ confidential information?
Do I hold data that if destroyed would prevent my business from operating?
If a system went down that prevented operations, would net income be impacted?
Does my company have employees?
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 20
CYBER RISK AND INSURANCE CLAIMS HANDLING WITH REGARD TO CYBER RISKS
A co-ordinated and swift response is pivotal to contain the
attack (and loss) in the best possible manner:
• Breach is detected – Notification to Insurer
• External experts on site:
– Forensic expert on site for technical response
– Legal expert to guide through legal requirements and co-ordinate
from a legal point of view
– PR/Communications experts to implement communications strategy
• As a result, legal guidance as regards necessary notification of
breached parties
• Affected individuals notified. Ongoing containment of breach. Get client
back to business (BI!)
• If necessary, credit monitoring services set up. Affected individuals to
be registered with service provider. Regular reports etc. forwarded
• Legal experts to advise on regulatory response and potential third
party liability
From start to finalization, close consultation between
Insured, Insurer, and external experts to apply best
possible breach response
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 21
YOUR AGCS CONTACTS
+27 11 214 7907
Nobuhle Nkosi
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 22
QUESTIONS?
Copyright © 2017 Allianz Global Corporate & Specialty SE (All rights reserved)
File name | department | author
10-Nov-17 23
THANK YOU