Protecting the Balance Sheet Cyber and Management Liability

Protecting the Balance Sheet Cyber and Management Liability

Protecting the Balance Sheet Cyber and Management Liability Insurance Solutions 1 Sandra K. Carroll, Esq. Vice President Strategic Risk Advisor Executive Risk Hylant Group Herb Churchill Vice President Client Executive Hylant Group 2 Agenda Introduction Cyber Crime

Directors and Officers Liability Employment Practices Liability Fiduciary Liability Questions This is intended merely for informational purposes and is in no way to be considered to be a grant or offer of coverage. 3 Cyber - Event Costs First Party Costs Response Cost Business Interruption & Extra Expense Data Recovery Costs Extortion Ransomware Lost Business Third Party Liabilities Privacy Liability

Regulatory Proceedings Data Privacy GDPR, CCPA, HIPAA State Breach Notice Laws Media Liability This is intended merely for informational purposes and is in no way to be considered to be a grant or offer of coverage. 4 Cyber - Insurance Coverages First Party Breach Response Extortion Business Interruption Dependent Business Interruption Data Recovery Costs Reputational Harm Third Party Network Security and Privacy Liability Regulatory Fines and Penalties* PCI Fines and Penalties Media Liability eCrime Social Engineering Fraud (SEF)* Telecommunications Fraud Funds Transfer Fraud* This is intended merely for informational purposes and is in no way to be considered to be a grant or offer of coverage.

5 Cyber - Market Market Pricing & Trends Rates are generally stable and competitive due to the over $1 billion of capacity with 80+ insurers. Increase in underwriting sophistication is providing more beneficial for customers who invest in cyber security measures and procedures. Coverage Trends Dependent business interruption sublimits are going up with various new levels of underwriting scrutiny. Coverage solutions addressing the insurability of fines/penalties continue to evolve. Examples include the new Zurich cyber policy affirmatively covering GDPR fines/penalties, though the legality of insuring those fines and penalties in the various EU jurisdictions is yet to be tested. Industry Issues & Considerations 2018 saw 6,515 breaches (3.2% decrease) and 5 billion records exposed (35.9% decrease); 74% of the records exposed were due to 12 large breaches (Source: Risk Based Security, Inc. Feb 2019).

The EU General Data Protection Regulation (GDPR) went into effect in May 2018. For organizations doing business in California, the California Consumer Privacy Act (CCPA) goes into effect on 1/1/2020. Recent settlements include a $16 million HIPAA penalty against Anthem following their previous 2017 class action settlement of $115 million; a Yahoo data breach following a D&O litigation settlement of $80 million, plus another $35 million fine to the SEC for late reporting. This is intended merely for informational purposes and is in no way to be considered to be a grant or offer of coverage. 6 Cyber Value Add Beyond Insurance 1. Fact Finding & Risk Profiling 2. Exposure Quantification Risk Modeling Privacy and Business Interruption 3. Insurance Procurement & Negotiations 4. Cyber Risk Readiness Incident Response Planning Vendor Vetting 5. Assessment and Tabletop Planning and Selection This is intended merely for informational purposes and is in no way to be considered to be a grant or offer of coverage. 7 Crime/Employee Theft

Provides protection for Theft by employees of money, securities and property of the organization. o Special consideration precious metals and valuable papers Theft by employees of customers money, securities and property Wire transfer fraud Computer fraud Social engineering fraud manipulation of employees resulting in theft of organization assets This is intended merely for informational purposes and is in no way to be considered to be a grant or offer of coverage. 8

Directors and Officer Liability Directors and officers of public, private and non-profit organizations owe a duty of care, loyalty and obedience to their organization and its shareholders. They can be held personally liable for their actions under a myriad of federal, state and local statutes or common law or the laws of other countries. Sources of suits Shareholders and other Investors direct or derivatively Regulators/Attorneys General Employees Customers Competitors

Creditors Family members Donors This is intended merely for informational purposes and is in no way to be considered to be a grant or offer of coverage. 9 Directors and Officer Liability D&O Coverage Organization balance sheet protection o An organization can be held liable separately from its directors and officers. In addition, the organization is obligation by law to provide indemnification and defense cost to its individual directors and officers in most circumstances. > The D&O policy protects the balance sheet by covering

defense costs, settlement amounts or judgments. Individual protection A D&O policy also protects individuals for those situations in which the organization cannot indemnify them either because it is by law prohibited from doing so or it cannot due so due to financial insolvency. o In the absence of D&O policy, the individuals would have to pay loss out of their own pockets. This is intended merely for informational purposes and is in no way to be considered to be a grant or offer of coverage. 10 Directors and Officer Liability Key considerations Publicly held organizations o Privately held organizations o

Largest threats are from employees and shareholders Not-for- profit organizations o Largest threat is from shareholders Largest threats are from employees and donors The D&O market is in the midst of a correction with significant upward pressure on premium rates and retentions. o This is especially true for publicly traded companies and those going through an IPO. This is intended merely for informational purposes and is in no way to be considered to be a grant or offer of coverage. 11 Employment Practices Liability Employment Practices Liability policies have evolved dramatically over the 27 years since the coverage was first introduced. It provides protection for the organization and its directors, officers and employees and pays defense costs and settlement and judgment amounts. Coverage

Current Trends Wrongful termination #MeToo Sexual and other types of harassment Social media recruiting Wage and hour will continue Unlawful discrimination Complex employment relationships Wrongful discipline Joint employer liability

Gender identity/sexual orientation discrimination Religious discrimination Employer wellness programs EEOC regulations under ADA Website accessibility litigation is gaining momentum and will continue as a developing opportunity for the plaintiffs bar. Number of claims increased from 814 in 2017 to 2,258 in 2018 (Source: Seyfarth Shaw LLP). Wrongful failure to employ or promote Negligent employee evaluation

Retaliation Third party discrimination/ harassment by your employees against non-employees This is intended merely for informational purposes and is in no way to be considered to be a grant or offer of coverage. 12 Employment Practices Liability Organization balance sheet protection o The majority of EPL claims are corporate obligations. A well constructed EPL policy will protect the organization by providing defense costs coverage as well as coverage for settlements and judgments. o Value Add Services > Access to risk management data base > Legal advice

o Potential coverage for therapeutics This is intended merely for informational purposes and is in no way to be considered to be a grant or offer of coverage. 13 Fiduciary Liability ERISA established standards of conduct for fiduciaries of employee benefit plans. Anyone who exercises discretionary management or administrative control over sponsored welfare (e.g., health, dental, vision, etc.) or retirement (e.g., defined contribution and defined benefit) plans can be held personally liable. Decisions to create, modify or terminate a plan are outside the scope of ERISA and are known as settlor functions. A well constructed Fiduciary Liability policy should include coverage for defense costs arising out of such decisions. ERISA coverage protects the organization, its sponsored plans as as well as the individual fiduciaries such as o Plan administrators

o Trustees o Directors or officers o Human resources staff o Other clerical staff Fiduciary policies do not satisfy the ERISA bonding requirement; such coverage is found in crime policies This is intended merely for informational purposes and is in no way to be considered to be a grant or offer of coverage. 14 Fiduciary Liability Litigation Trends and Examples Denial of benefits o

Benefits due provision Administrative errors and omissions Negligent selection of advisor/provider Imprudent investments This is intended merely for informational purposes and is in no way to be considered to be a grant or offer of coverage. 15 Questions 16

Recently Viewed Presentations

  • Outline of RTCTF Update - Electric Reliability Council of Texas

    Outline of RTCTF Update - Electric Reliability Council of Texas

    Real-Time Co-Optimization Task Force Update to TAC. Matt Mereness. May 22, 2019. Outline of RTCTF Update . Meeting schedule ... RTCTF Charter Phase 1: Develop key principles/scope for RTC design, and identify policy issues beyond the scope of RTC. Scheduled...
  • Unit-iii Combinational Logic Design

    Unit-iii Combinational Logic Design

    In an even parity code, the parity bit is chosen so that the total number of 1 bits in a code word is even. Parity circuits like the 74x280 are used both to generate the correct value of the parity...
  • Spring Webinar Series Week 3: Working with Individuals

    Spring Webinar Series Week 3: Working with Individuals

    The Epilepsy Foundation of MN is an affiliate of a National Epilepsy Foundation, this is their webpage, where you can buy videos, books and other brochures. SHOW VIDEO Conclusion:
  • Start-Up - Discussion 1/9/18 In your triads, discuss

    Start-Up - Discussion 1/9/18 In your triads, discuss

    So what steps can you take to ensure you are using a credible source? One way is to use The C.R.A.A.P. METHOD. Please complete the . notetaking. handout as you watch this next video - you will be asked to...
  • Electoral College - Vashon Island High School

    Electoral College - Vashon Island High School

    States in red have laws that punish faithless electors. Other Issues: 3rd Parties Aiyson Kennedy Socialist Workers Party Jill Stein Green Party Gary Johnson Libertarian Party Darrell Castle Constitution Party 13 States in disarray; suspicious of strong central government and...
  • AND The Periodic Table particle element Atomic Theory

    AND The Periodic Table particle element Atomic Theory

    The central core of an atom containing protons and usually neutrons. Neutron. A small particle in the nucleus of the atom, with no electrical charge. Proton. A proton is a small, positively charged particle in the nucleus of the atom.
  • Addressing Burnout and Secondary Trauma Presenters: Christine Gendron,

    Addressing Burnout and Secondary Trauma Presenters: Christine Gendron,

    Completing the cycle is a physiological shift, not an intellectual choice. Just telling yourself that everything is okay will not work. Physical activity tells your brain that you have survived the threat and now your body is a safe place...
  • The Spanish Period (1521 - 1898)

    The Spanish Period (1521 - 1898)

    THE SPANISH PERIOD (1521 - 1898) a new conqueror , a divided rule. ... (most importantly Bombay and Goa), in China (Macau), and Oceania (most importantly Timor, namely East Timor), amongst many other smaller or short-lived possessions ... being killed...