Cyber Gap Insurance Cyber Risk Filling The Coverage Gap
Global Marine PracticeCYBER GAP INSURANCECYBER RISK: FILLING THE COVERAGE GAP
1 Cyber Gap Insurance
CYBER RISK: A GROWING CONCERNThe ability to create and analyze vast quantities of electronic data, and to share it over a network of computers within anorganization and potentially with the outside world via the internet, is essential to today’s business environment. Rapidadvances in information technology over the last quarter century have brought enormous benefits in terms of reduced costs,increased efficiency, and a general streamlining of operations. However, while the benefits are clear and undeniable, the speedof the advances has brought with it a succession of new threats that are not fully understood, and which the cybersecurityindustry has struggled to keep pace with.While there have been relatively few reports of successful cyber-attacks on either shipping or on shore-based facilities, they arenot unknown, and comparable industries have suffered attacks that suggest, at the very least, that the maritime sector may bevulnerable.It has been reported that significant weaknesses have been identified in the cyber security of critical technology used fornavigation at sea. Global Positioning Systems (GPS), Automatic Identification Systems (AIS), and Electronic Chart Displays andInformation Systems (ECDIS) are all essential aids to navigation, and each has been identified as potentially vulnerable to attack.The International Maritime Organization (IMO) has required that AIS be fitted on board the majority of ships, since 2004. TheIMO regulations require that AIS will be capable of automatically exchanging information regarding a vessel’s identity, type,position, course, speed, navigational status, and other safety-related information with other ships, shore-based facilities, andaircraft. AIS has come to be relied upon as a navigational tool on board ship as an alternative to radar, and is also an integral partof vessel traffic separation systems used by organizations with delegated authority for safety at sea.Vessel navigation and propulsion systems, cargo handling, and container tracking systems at ports and on board ships, andshipyard inventories and automated processes, are all controlled using software that needs to be completely reliable. However,recent events suggest that these systems might be vulnerable.CASE STUDY 1CASE STUDY 2Hackers working with a drug smuggling gang infiltratedthe computerized cargo tracking system of the Port ofAntwerp to identify the shipping containers in whichconsignments of drugs had been hidden. The gangthen drove the containers from the port, retrieved thedrugs, and covered their tracks. The criminal activitycontinued for a two-year period from June 2011, until itwas stopped by joint action by Belgium and Dutchpolice.Using equipment that reportedly cost US 700 cybersecurity firm Trend Micro, was able to demonstrate howAIS could be compromised by preventing a ship fromproviding movement information, by making“phantom” vessels or structures appear, by staging fakeemergencies, and by making it appear to other AISusers that a ship was in a false location.Marsh 2
EXISTING CYBER RISK INSURANCEThe first cyber risk insurance products were introduced in the mid-1990s, but only became popular when changes in USlegislation dictated the inclusion of the unauthorized disclosure of personal information. This resulted in premium volumesincreasing from zero to circa US 1 billion1 in under a decade.To date, cyber risk insurance has primarily focused on liability exposures for privacy and data breach, but insurers are nowoffering broader products that cover certain first-party risks. The most significant developments have been in businessinterruption for which the cyber risk insurance market offers coverage that can be triggered by non-physical businessinterruption events.WHAT IS CURRENTLY COVERED BY ACYBER RISK POLICY?Cyber risk policies tend to include the following policysections either as standard wording or by specificendorsement. Specifically, the cyber risk policy covers:Privacy and data breach – the unauthorized disclosure ofpersonally identifiable information. Cover includes: Liability claims. Defense against regulatory action (and penalty whereinsurable). First-party response costs, including the notification ofaffected individuals. Forensic IT costs involved in investigating a securitybreach that led to the disclosure.Business interruption – Coverage can be triggered bycertain intangible (non-physical damage) businessinterruption events, such as hacking of IT systems and thenegligent acts of staff causing software/hardware failure.Hacking damage – The reconstitution of data, and thereplacement and/or repair of software following a hack.THE “CYBER RISK GAP”Due to the presence of certain cyber risk exclusions,commercial policies will not provide cover for bodily injury,property damage, and business interruption arising from ahacking event.Clause CL380, which has been inserted into the majority ofmarine policies since 2003, removes cover for the use of ITsystems as a means of inflicting harm. This exclusionremoves all cover for a cyber-attack leaving a clientcompletely uninsured, including any associated businessinterruption loss.In marine insurance, Clause CL380 (and any variants thatmay be applied by protection & indemnity (P&I) clubs andothers) will be widespread, but other clauses may be in placeon insurances covering shore-based facilities such as ports,terminals, and shipyards.These include:Terrorism Form T3 LMA3030 Exclusion 9 excludes cyberattacks motivated by terrorism (in a similar fashion toCL380).Extortion – Covers the cost of the ransom demand arisingfrom a hack and the appointment of an expert negotiator todeal with the extortionist.Electronic Data Exclusion NMA2914 is typically found innon-marine property and business interruption policies. Itdoes not contain as many exclusions as CL380 but still leavessignificant gaps in coverage.Multimedia – Provides protection against claims arisingfrom defamation, intellectual property infringement, andinvasion of privacy through content published online(corporate website, corporate pages on social mediaplatforms, etc.).Negotiations with insurers to remove these exclusions havebeen unsuccessful because the removal of these clauses,which are features of most treaty contracts, could leave themexposed to substantial “net” losses.WHAT IS NOT COVERED?While cyber risk insurers now provide cover for businessinterruption arising from an IT system failure, policiesgenerally exclude bodily injury and property damage – evenloss of use in some instances.3 Cyber Gap InsuranceExisting cyber risk policies do not respond to the gap incoverage (the “cyber risk gap”) created by these exclusions.1. Cyber/Privacy Insurance Market Survey – 2012, The Betterley Report.
CYBER EXCLUSION WORDINGSInstitute Cyber Attack Exclusion Clause CL380:1.1 Subject only to clause 1.2 below, in no case shall this insurance cover loss, damage, liability, or expense directly orindirectly caused by, or contributed to by, or arising from, the use or operation, as a means for inflicting harm, of anycomputer, computer system, computer software programme, malicious code, computer virus or process or any otherelectronic system.1.2 Where this clause is endorsed on policies covering risks of war, civil war, revolution, rebellion, insurrection, or civil strifearising therefrom, or any hostile act by or against a belligerent power, or terrorism or any person acting from a politicalmotive, Clause 1.1 shall not operate to exclude losses (which would otherwise be covered) arising from the use of anycomputer, computer system or computer software programme or any other electronic system in the launch and/orguidance system and/or firing mechanism of any weapon or missile.Terrorism Form T3 LMA3030 Exclusion 9 (Extract)This Policy does not insure against loss or damage by electronic means including but not limited to computer hacking or theintroduction of any form of computer virus or corrupting or unauthorised instructions or code.Electronic Data Exclusion NMA2914Notwithstanding any provision to the contrary within the Policy or any endorsement thereto, it is understood and agreed asfollows:a)This Policy does not insure loss, damage, destruction, distortion, erasure, corruption or alteration of ELECTRONIC DATAfrom any cause whatsoever (including but not limited to COMPUTER VIRUS) or loss of use, reduction in functionality,cost, expense of whatsoever nature resulting therefrom, regardless of any other cause or event contributingconcurrently or in any other sequence to the loss.ELECTRONIC DATA means facts, concepts and information converted to a form useable for communications,interpretation or processing by electronic and electromechanical data processing or electronically controlled equipmentand includes programmes, software and other coded instructions for the processing and manipulation of data or thedirection and manipulation of such equipment.COMPUTER VIRUS means a set of corrupting, harmful or otherwise unauthorised instructions or code including a set ofmaliciously introduced unauthorised instructions or code, programmatic or otherwise, that propagate themselvesthrough a computer system or network of whatsoever nature. COMPUTER VIRUS includes but is not limited to ‘TrojanHorses’, ‘worms’ and ‘time or logic bombs’.b)However, in the event that a peril listed below results from any of the matters described in paragraph a) above, thisPolicy, subject to all its terms, conditions and exclusions, will cover physical damage occurring during the Policy periodto property insured by this Policy directly caused by such listed peril. Listed Perils:FireExplosionMarsh 4
5 Cyber Gap Insurance
FILLING THE GAP IN COVERAGEThe coverage gaps in policies created by Exclusion Clause CL380, and by other cyber risk exclusion clauses potentially leavecatastrophic events unindemnifiable and the numerous attempts to remove or alter them have, to date, been unsuccessful.To help our clients overcome the gaps in coverage created by these exclusions, Marsh has developed a new facility, providedby Lloyd’s of London insurers, that will indemnify the insured in the event that indemnification under the normal property,business interruption, liability, terrorism, or package policies (the “Controlling (Re)Insurance Policies”) is denied solely due tothe existence of any of these cyber risk exclusions. In effect, it negates the inclusion of these clauses (and subject to its limits,and terms and conditions it eradicates the cyber gap).UNDERWRITINGBENEFITSIn collaboration with underwriters and specialists in ICSsecurity, Marsh has developed a questionnaire specificallytailored to deliver the information required by insurers toassess the maturity of insured companies’ security practices.This dedicated questionnaire is further supported byin-depth assessment capabilities delivered by these securityaudit specialists and utilized when a more detailedunderstanding of corporate practices is required. Insurerswill also be provided with a copy of the underwritingsubmission for controlling insurance policies.Benefits of Marsh’s cyber gap insurance include the: Provision of protection against a cyber-attack. Closure of the gaps in coverage. Facilitation of more complete risk mitigation and riskplanning strategies. Security of protection provided by insurers with aminimum Standard and Poor’s (S&P) rating of A-.Marsh 6
For further information, please contact your local Marsh office or visit our website at: marsh.comANTWERPUitbreidingstraat 180B 2600 AntwerpBelgium 32 3 286 6411CYPRUS1 Michael MichaelidesStreetLimassolCY-3030Cyprus 357 25 878100DUBAIAl Gurg Tower 3Plot 125-117Riggat Al ButeenBaniyas Road, DeiraP.O.Box 14937, DubaiUnited Arab Emirates 971 4 223 7700HONG KONG26th Floor, Central Plaza18 Harbour RoadWanchaiHong Kong 852 2301 7000OSLOVika AtriumMunkedamsveien 45 D0123 OsloNorway 47 2201 1000SAN FRANCISCO345 California StreetSuite 1300San Francisco, CA 94104United States 1 415 743 8000LONDONTower PlaceLondonEC3R 5BUUnited Kingdom 44 20 7357 1000PARISTour Ariane - La Défense 9Paris La Défense cedex992088France 33 1 4134 5000SINGAPORE8 Marina View #09-02Asia SquareTower 1Singapore 018960 65 6922 8388NEW YORK1166 Avenue of theAmericasNew YorkNY 10036-2708United States 1 212 345 6000ROTTERDAMConradstraat 183013 AP RotterdamThe Netherlands 31 10 40 60 600HAMBURGCremon 3D-20457 HamburgGermany 49 40 376920Marsh is one of the Marsh & McLennan Companies, together with Guy Carpenter, Mercer and Oliver Wyman. This document is not intended to betaken as advice regarding any individual situation and should not be relied upon as such. The information contained herein is based on sources webelieve reliable, but we make no representation or warranty as to its accuracy. Marsh shall have no obligation to update this publication and shallhave no liability to you or any other party arising out of this publication or any matter contained herein. Any statements concerning actuarial, tax,accounting or legal matters are based solely on our experience as insurance brokers and risk consultants and are not to be relied upon as actuarial,tax, accounting or legal advice, for which you should consult your own professional advisors.Any modeling, analytics, or projections are subject to inherent uncertainty, and the Marsh Analysis could be materially affected if any underlyingassumptions, conditions, information, or factors are inaccurate or incomplete or should change. Marsh makes no representation or warrantyconcerning the application of policy wording or the financial condition or solvency of insurers or re-insurers. Marsh makes no assurancesregarding the availability, cost, or terms of insurance coverage. Although Marsh may provide advice and recommendations, all decisions regardingthe amount, type or terms of coverage are the ultimate responsibility of the insurance purchaser, who must decide on the specific coverage that isappropriate to its particular circumstances and financial position.In the United Kingdom, Marsh Ltd is authorised and regulated by the Financial Conduct Authority.Copyright 2014 Marsh LLC All rights reserved – [MA14-13015]
submission for controlling insurance policies. BENEFITS Benefits of Marsh's cyber gap insurance include the: Provision of protection against a cyber-attack. Closure of the gaps in coverage. Facilitation of more complete risk mitigation and risk planning strategies. Security of protection provided by insurers with a
Closing the insurance gap A world at risk 07 1. The size of the global insurance gap A world at risk, Lloyd's second underinsurance report, shows there is a global insurance gap of US 162.5 billion in 2018. This shows there is a significant gap between the level of insurance in place to cover
With our reliance on ICT and the value of this data come risks to its security, integrity and failure. This cyber risk can either have a natural cause or be man-made, where the latter can emerge from human failure, cyber criminality (e.g. extortion, fraud), cyberwar, and . Ten Key Questions on Cyber Risk and Cyber Risk Insurance 9 Table 1 .
Insurance Gap Insurance Need -Actual Cover gap: k) www.truesouth.co.za Need for insurance Earnings R0.6m Replacement requirement 54% Capitalisation factor 13.8 Insurance need R4.6m Actual insurance Retail R1.5m Group Life R0.8m Government grants R0.0m Total R2.3m R4.6m -R2.3m R2.3m Average death insurance gap for richest 20% of SA .
purchase GAP insurance 6 2.6. Add-on GAP insurance purchasers are not a homogeneous group 6 2.7. The remedies may have provided reassurance, but have not yet helped improve knowledge 6 3. Profile of research participants 8 3.1. Car purchase 8 3.2. Demographics 8 3.3. Awareness of GAP insurance 8 3.4. Purchase of GAP insurance 9 3.5.
Cyber Vigilance Cyber Security Cyber Strategy Foreword Next Three fundamental drivers that drive growth and create cyber risks: Managing cyber risk to grow and protect business value The Deloitte CSF is a business-driven, threat-based approach to conducting cyber assessments based on an organization's specific business, threats, and capabilities.
Need Life Insurance Have Life Insurance The gap between "I need" and "I "have" equals 18-points, or 46 million consumers This understates unmet need in the market. Life Insurance Ownership Gap - 2011 to 2021 Source: 2021 Insurance Barometer Life Insurance Ownership Gap 18-points
CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY WHIT A Sponsored by While estimates vary widely, the cyber insurance market globally represents over 1 billion of written premiums. CYBER LIABILITY INSURANCE MARKET TRENDS: SURVEY Global reinsurer PartnerRe collaborated with Advisen to conduct a comprehensive market survey on trends that are shaping the cyber insurance marketplace. The survey is .
2nd Grade . ELA Priority Standards Grade 2 CCSS PA Core Foundational Skills RF.2.3 CC.1.1.2.D Know and apply grade level phonics and word analysis skills in decoding words. Distinguish long and short vowels when reading regularly spelled one- syllable words. Decode two-syllable words with long vowels and words with common prefixes and suffixes. Read grade level high-frequency .
