icnz/nz insurance law association “cyber risks: year in ... · 11/16/2017 · - the insurance...
TRANSCRIPT
ICNZ/NZ Insurance Law Association “Cyber risks: year in review” Auckland – 16th November, 2017 Ian Pollard, Managing Director, Delta Insurance
Delta Insurance
–Locally owned but global outlook & expertise
–Passion for Specialty & Niche products – best of NZ, Singapore and overseas
–Not the biggest but the best at what we do
–Operations in New Zealand and Singapore
–DELTA = "Change":
• The best of traditional insurance (personalised service; relationships)
• Better, more efficient delivery, harness technology
• Thought Leadership & Risk Management
–Coverholder at Lloyd’s
–NZTE Focus 700
–Deloitte Fast 50 2017
Intro – A Year in Review…Some Highlights (or lowlights)
a)Ransomware
b)NZ Cyber Security Strategy
c)NZ Cert
d)State Sponsored Threats
e)Cyber Criminals
f) Equifax
g)Lloyd’s / Cyence – “Counting the Cost:
Cyber exposure Decoded”
Panellists
–Jeremy Jones – Theta
–Isaac Holliss - NCPO
–David Maritz - MDD Forensic Accountants
Cyber security threats
Jeremy Jones
Head of Cyber Security
Theta
“A computer lets you make more
mistakes faster than any invention in
human history, with the possible
exceptions of handguns and
tequila”
0 20 40 60 80 100 120
Ac
tivit
y
Days
Cyber Kill Chain: Attacker v Defender
detect
protect
recover
target
deliver
exploit install
command
& control evade &
conceal execute recon weaponise
understand
The NZ context
mentality
time zone
not a target
rich
environment
…and was significant because?
Rapid weaponisation of tools into commodities
…that caused or enabled…
More effective ransomware attacks
Attack mechanism
Stolen/leaked NSA/CIA capabilities
Wannacry
…and was significant because?
Information warfare now capable of altering the geo-political balance
…that caused or enabled…
Disruption to democratic processes
Attack mechanism
Manipulation of social media
Information warfare
…and was significant because?
Even “good guys” get hacked
Reputational damage?
…that caused or enabled…
Unauthorised access to email accounts
Attack mechanism
Weak login protection
Deloitte data breach
Attack
mechanism
…that caused
or enabled…
…and was
significant
because?
Web application
vulnerabilities
+
Poorly
coordinated
incident response
+
Weak corporate
governance
Large data
breach
+
Protracted,
expensive and
embarrassing
coverage
+
C-Suite share
sell-off
Need to do the
basics
+
Spread
investment
across range of
defensive
activities
+
Cyber security is
driven from the
top down
Equifax data breach
Where do we start?
roles and
responsibilities
Management oversight
Response plans
Support training and
awareness campaigns
appoint a cyber
specialist
Or an independent expert
Present on cyber issues
Be responsive to new or elevated threats
quantify cyber risk
Cyber risk in financial terms
Annualised Loss Expectancy by
threat and cost type
Track cyber maturity
regulatory &
compliance
Establish how cyber risk affects
share value
Data breach notification
obligations
Personal privacy protection
disclosure
Describe cyber risks in any capital
raising prospectus, mergers or
acquisitions
review cost of
protection
Cyber insurance
Training and certification
IT security budget
theta.co.nz /solutions/cyber-security/
Questions?
New Zealand’s Cyber Security Strategy A secure, resilient and prosperous online New Zealand
Isaac Holliss National Cyber Policy Office 16 November 2017
Principles
• Partnerships are essential
• Economic growth is enabled
• National security is upheld
• Human rights are protected online
It’s not just about risk
Source: Building a Digital Nation, MBIE, March 2017
NZILA / ICNZ Liability
Discussion Group
16 November 2017
Presenter
David Maritz, Senior Manager
• Originally founded in the US in 1933.
• Over 40 offices with over 300 professional staff globally.
• MDD’s forensic accountants specialize in a wide range of insurance
and litigation matters.
• Routinely retained for evaluations that require an extensive
knowledge of accounting, business, operational and manufacturing
processes across many industries.
• Global experience in a wide range of cyber related losses acting on
behalf of insurers, reinsurers and underwriters.
• Local association with Gallagher Bassett Cyber Services offering a
comprehensive response to claims
23
MDD
Very sophisticated and difficult to trace
Uses an NSA hacking tool called Eternal Blue that was created by
exploiting a vulnerability in Windows
• 2 other methods also used (one was stealing victims’ credentials) to promote the
spread
Microsoft issued fix in March but many companies didn’t install it or installed
it wrong
May have disguised itself as a M.E.Doc accounting software update;
• M.E.Doc reportedly didn’t update software for 4 years and were backdoored
(meaning security was bypassed) multiple times
• M.E.Doc server equipment seized by Ukrainian police after officials detected another
cyber attack coming from their infrastructure
What We Know About Petya
You Have Been a Victim!
Companies Impacted
Company/Entity Type of Business Impact of Attack Financial Impact
(if known)
BNP Paribas (France)
Banking Real estate division affected
SNCF (France)
Railway
Has been able to stop attempted
intrusions thus far
Chernobyl Nuclear Plant (Ukraine)
Power Generation
Workers manually monitoring
radiation at the exclusion zone
Merck (International)
Pharmaceutical
Computer network compromised
Rosneft (Russia) Energy Switched to reserve IT system;
reportedly had to turn off network at
oil refinery in Ryazan; servers hit
Saint-Gobain (France) Construction Isolated its computer systems to
protect data
WPP (UK) Advertising Several IT systems affected
Home Credit Bank (Russia) Banking All offices closed
MAERSK (International) Shipping Multiple systems and business
units impacted globally; 17 shipping
terminals hacked (including those in
Rotterdam and the Port of NY &
NJ); container terminal at Mumbai’s
Jawaharlal Nehru airport also
affected
"It is too early to predict what the
impact will be on the quarter-two, or
potentially the quarter-three result."
DLA Piper (International) Law Firm Disabled its email; all network
services down
Companies Impacted
Company/Entity Type of Business Impact of Attack Financial Impact
(if known)
Heritage Valley Health Systems
(US)
Healthcare Affiliated hospitals in
Pennsylvania had to cancel
operations (we don’t know how
many)
Mondelez International Food Preparation Computer outage across global
operations; Cadbury factory in
Tasmania impacted; 5
manufacturing facilities in
Australia and NZ all hit but some
were able to carry out limited
production
Growth would be reduced by 3 % due
to the recent global cyber attack.
Qantas Airline Booking system failed
Nuance Communications (U.S.) Software Affected portions of network
Metro (Germany) Retailer Affected wholesale stores in
Ukraine
Bashneft (Russia) Oil Servers attacked
Evraz Steel Manufacturing and Mining Company said output not affected
Beiersdorf (Germany) Personal Care Products Affected IT and telephone
systems in Hamburg and affiliates
worldwide
MARS Inc. Food Manufacturer Spokeswoman said company had
isolated the issue
Reckitt Benckiser Consumer Goods Disrupted production and
deliveries of goods to customers
in several countries
Expecting a 3% annual increase for
2017, but now only 2% which equates
to around £100m in lost revenue
Map of Disrupted Areas
Business is a international pet food manufacturer.
• Petya affected 95% of servers (3,000 units) and 90% of
workstations (4,000 units)
• Affected all manufacturing locations (13 locations) spread across
the world, company also had to operate an order – to - cash
system following the loss until systems back up and running
• Significant claim – EUR60m to EUR80m. BI – EUR42m to
EUR51m) for GP and EUR10m to EUR15m for Additional
Costs. PD is EUR8m to EUR13m
• Claim currently goes to October 2017 (systems were fully
restored in late September 2017) however there may be ongoing
losses / make up to the end of the year.
Case Study 1 - Scale
Business is a large US retailer with nearly 1,800 stores across the US:
• 40 million credit and debit card details hacked over Thanksgiving
holiday
• Profits down 50% of that quarter, shares down 11% on NYSE,
proceedings for class actions issued and $3.6bm liability for fines
• Online business not affected by attack but severely affected as a
consequence
• Banks froze credit cards after unaffected card holders shopped there
Case Study 2– Reputational Loss
Business is an international financial services provider
• Major DoS attack partially shut down services for a week
• Concerns that customer data may have been compromised
• MDD asked to measure damages but not allowed to disclose the name
of the Insured in reports
• Main issue was the understanding of recouped fixed expenses
• Company hit again and shut down for another week.
• PR successfully kept identity and nature of both attacks out of the public
domain.
Case Study 3 – Secrecy
THANK YOU!
L31 Vero Centre
48 Shortland Street
Auckland
Phone 09 363 3826
Mobile 021 2985 159
www.mdd.com
The Future / 2018 Outlook
a) Threats
b)Ransomware
c)Legal Developments – May 2018 EU GDPR
d)Cloud Exposures
e)New Risks – IOT / AI / AR
f) New Solutions – Security / Insurance
g)Home / Personal Cyber Risk – FT 8th Nov, 2017 “Should
individuals buy insurance against cyber attacks?”
https://www.ft.com/content/72e11ca6-98ad-11e7-8c5c-c8d8fa6961bb
3
4
OECD work on cyber insurance
In May 2017, the OECD delivered a report to the G7 Finance
Ministers and Central Bank Governors , providing an overview
of the market for cyber insurance and identifying potential policy
measures to address some of the main challenges to its
development.
In mid-November, the OECD intends to release a
more comprehensive report on these issues,
examining :
- The type and magnitude of losses incurred from
cyber incidents
- The insurance coverage available for cyber-
related losses
- Challenges to the development of the cyber
insurance market
- Initiatives aimed at addressing challenges to
market development
“Unleashing the potential of the cyber insurance market” 22-23
February 2018, OECD - Paris (in partnership with MMC)
Questions