Non Physical Business Interruption

Malcolm Randles, Underwriter, Kiln Syndicate 510

01 February 2011

2

Network Security Threats

Event Probability

Information Warfare

Cyber Terrorism

Cyber Crime

Malicious Hacking

Vandalism

Experimentation

Fin

anci

al L

oss

Severity/Probability Matrix

3

First Party Technology/Network Risks

Direct physical loss - property policyExtortionDirect non-physical damage

Software failuresOperational mistakesMalicious Code (viruses)Denial of ServiceVandalism/Malicious ActsTerrorism

Contingent Business InterruptionUpstream/downstream - suppliers, chief customersCo-dependency on Other Vendors Infrastructure (BPO and IT)

4

Context of risk

Human ErrorDisgruntled Employees/ Contractors

System Failures

Cyber Terrorism

ExtortionProperty

Policy: Natural Disasters

5

Cyber First Party Coverages

Data/Electronic Information Loss• Covers the cost of recollecting or retrieving data destroyed, • damaged or corrupted due to a computer attack

Business Interruption or Network Failure Expenses• Covers cost of lost net revenue and extra expense arising from a computer

attack and other human-related perils. Especially valuable for computer networks with high availability needs.

Cyber-extortion• Covers both the cost of investigation and the extortion demand amount

related a threat to commit a computer attack, implant a virus, etc.

6

Key Kiln Differentiators

Coverage includes administrative or operational mistakes as defined and aspects of accidental damage or destruction, not just computer attacks

No small internal indemnity limits per hour

No sub-limit for virus exposure

Outsourcing/offshoring risks – contingent business interruption and data damage – full policy limits

Ability to endorse agreed amount for BI/EE with peak season adjustment (for example, retailers) and asset value of data

7

Key Kiln Differentiators

Minimum 4 hour waiting period, 10% coinsurance

Reimbursement for employee working time to replace, restore or recreate electronic data (endorsement on predefined billable hrs)

Expanded coverage and limits for Special Expenses - $500,000 or 25% of loss, whichever is greater. Within special expenses, sublimits for $250,000 Customer Notification Expenses and $250,000 Public Relations Expenses

Rogue employee coverage for computer attacks

No “shortcomings in security” or similar exclusions – “computer system is protected by security practices and system maintenance procedures that are equal to or superior to those disclosed in the proposal [application]”

8

Key Industry Groups

Financial services

Health care

Hospitality/Travel

Retail

Technology/Telecom

Media Services

Manufacturers

9

Summary

Threat is real. High value class actions and regulatory enforcements Tailored products Balance of intangible v tangible is changing It’s a board room/D&O issue – network availability and digital assets are critical

to infrastructure and revenues. Many clients think they have coverage under traditional policies or purchased

first generation cyber products with major limitations.