cyber terrorism: protecting critical infrastructure - rims handouts/rims 16... · cyber terrorism:...
TRANSCRIPT
Cyber Terrorism:Protecting Critical
Infrastructure
CRM009
Date: Tuesday 12th April, 2016
Time: 10:15 AM-11:15 AM
LEARNING OBJECTIVES
• Assemble indicators that help you detect the threats to which your operation could be vulnerable.
• Adopt a system to test assumptions.
• Compare solutions for first-party cyber risk management and risk transfer.
SPEAKERS
• Steve Mikhlin, ARM, CRIS Insurance Manager/Risk Financing - Treasury The Port Authority of New York and New Jersey
• David K.A. Mordecai, Ph.D.President Risk Economics, Inc.,
• Russell Kennedy, BA (Hons.), ACIIDivisional Director - Property, Political Violence and Political RisksBRIT Global Specialty
CONCERNS OF A RISK MANAGER • Steve Mikhlin - The Port Authority of New York and New Jersey
• IDENTIFY:
• NATURE OF THE THREAT?
• ANALYSE & EVALUATE:
• PRE-LOSS MITIGATION: IDENTIFICATION
• C-SUITE PARTICIPATION
• RESPOND
• INVESTMENT IN PROTECTION AGAINST THE THREAT
• THE INSURANCE BACKSTOP
• MONITORING
• POST LOSS MITIGATION
• STAYING AHEAD OF THE THREAT
CONCERNS OF A RISK MANAGER
WHAT IS THE RISK?
• Is physical damage from a cyber event an actual risk to all of the different occupancies in the room today?
• What sort of operational technology systems should we focus on protecting?
PRE-LOSS MITIGATION: HOW DO WE IDENTIFY IT, AND WHO SHOULD BE INVOLVED?
• We all invest considerable time and effort in identifying and evaluating cyber risk to our companies.
• How would the panel recommend that we do things differently, who should be involved in this process and/or is there a gold standard approach that we should be considering?
IS OUR CURRENT PHYSICAL RESPONSE TO THE THREAT ADEQUATE?
• We also make considerable investment in the protection of our systems through Information and Operational technology defences, but are we putting all our eggs in one basket by relying on these defence systems to mitigate the risk?
CONCERNS OF A RISK MANAGER
HOW DO WE BEST EDUCATE OUR C-SUITE AND WHAT IS THE RISK TO THEM?
• How exposed are our shareholders/stakeholders to a catastrophic loss, and how do we best educate them on the potential risks and solutions available to mitigate the risk?
WHAT INSURANCE OPTIONS ARE THERE & WHAT DO UNDERWRITERS TAKE INTO CONSIDERATION WHEN ANALYSING THE RISK?
• What insurance solutions are available and how do we know that we have covered ourselves adequately – should we be relying on write-backs under our property programmes or is there a better way to provide an insurance back-stop?
POST-LOSS MITIGATION?
• In the event of an attack what support can we get to help us deal with post-loss mitigation?
7
•
8
9
12
13
SEEING THE DIFFERENCE MAKES THE DIFFERENCE
CYBER ATTACK
RIMS 2016
B R I T
Evolution of the Cyber Market
• Third Party Cyber Cover
• Focus on Personal Data
• Financial Institutions, Healthcare Record etc
• All other types of Cyber Risk?
• Property Damage / Business Interruption
• Bodily Injury
• Non Physical Damage Business Interruption
• Environmental Liability
• Products Liability
• Threat / Extortion / Crisis Management
ICS
Existing Cyber Solutions
• Stand Alone Cyber Policies
• Specific Coverage
• DIC / DIL coverage
• Silent Coverage
• Exclusions / Write-Back
• CL380 / NMA 2914/5
• Advantages & Disadvantages
Underwriting Considerations
• Bespoke Coverage
• Certain, Appropriate, Clear
•Event Definition
•War & Terrorism / TRIPRA
• Underwriting Information
• Critical Digital Assets: IT / OT / ICS
• Security, Processes and Protocols
• Straightforward Pre-bind Process
Underwriting Considerations
•Risk Assessment
• 3rd Party Cyber Security Specialism
•Structure, Terms and Conditions
•Pricing
•Risk Aggregation
•Ultimate Systemic Catastrophe
SEEING THE DIFFERENCE MAKES THE DIFFERENCE
QUESTIONS PLEASE
B R I T
SPEAKER BIOGRAPHIES AND ADDITIONAL INFORMATION
Russell Kennedy BA (Hons.), ACIIDivisional Director - Property, Political Violence and Political RisksBRIT
After graduating in 2003 from the University of Manchester with an honours degree in History and Economics, Russell joined Brit on the Graduate Scheme. After rotations in the International Property Direct and Treaty divisions Russell finally settled in the War & Terrorism team in July 2006. Russell has was promoted to Class Underwriter in 2008 and was responsible for both underwriting the book on a daily basis in Lloyd’s and its’ overall strategic development. In 2014 Russell took over as Divisional Director for the Open Market Property, Political Violence and Political Risks Division. Russell has been at the forefront of cyber risk within the insurance industry over the last 3 years with his involvement in extensive research and product development.