Transcription
10/4/2021DEMYSTIFYCYBERINSURANCE.How Controls Can Save Manufacturers Moneyand Increase ProtectionPresenters:Parker Smith & Jonathan Davies, Willis Towers WatsonSteve Mustard, MCGA / National Automation / ISAOctober 4, 2021 IMEC All rights reserved.1Cyber insurance - Core Coverage OverviewLiability coveragePrivacy liabilityLiability associated with your inability to protect personally identifiable information or corporate confidentialinformation of third parties. The information can be in any format and breached intentionally or negligently byany person, including third party service providers to which you have outsourced information. Third partyservice providers include, but are not limited to, IT service providers.Network securityliabilityLiability costs associated with your inability to prevent a computer attack against your computer network.Media liabilityTort liability associated with content you create, distribute or is created and distributed on your behalf ,including social media content.Direct (Loss mitigation coverage)Breach responsecostsDirect costs expended to mitigate a privacy breach. Costs typically include public relations expenses,notification, identity theft restoration, credit monitoring services and forensic/remediation expenses.Direct (First party coverage)Income loss/extra expenseIncome loss/extra expense associated with your inability to prevent a disruption to your computer networkcaused by a computer attack or programming or software failure. Lost income due to a network outage of asecurity/privacy incident.DatareconstructionYour costs to recreate or recollect data lost, stolen or corrupted due to your inability to prevent a computerattack against your computer network.Extortion costsYour costs expended to comply with a cyber extortion demand.DependentBusiness IncomeLossIncome loss/extra expense due to a network outage or disruption that originates from a security/privacyincident at a dependent third party provider, leaving your operations with a disruption.System FailureUnintentional or unplanned network outage resulting from an error or omission in data entry or ComputerSystem operations.Regulatory finesFines assessed by a regulatory body due to your data breach.221
10/4/2021Cyber market overviewTimeline of factors affecting rate (2015 to the present)At least 60insurerscompetitivelydrive downratesHistoric ratedeteriorationWidespread pricepressure andbroader coverageterms driven byabundant capacityfrom 2015 – 2019A singleNotPetya losswas estimatedat about 1 billion2017 NotPetyaand WannaCryransomwareattacksMaterial networkoutage lossesincurred across allindustries, with totalglobal damagesestimated at 10 billionPotential finesof 4% ofannualturnover applywith GPDRSolarWindsintrusionPotential finespotentiallyof 4% ofaffects 18,000annualorganizationsturnover applywith GPDREvent-driven cyberexposuresRansomware crisis2018 and 2019regulatorydevelopmentsGDPR, CCPA andother stringentprivacy compliancelaws increaseunderwritingconcerns(2020 to present)Targeted attacks withnew, dangerousmalware variantslead to anexceptional increasein size ofransomwaredemands andensuing lossesSolarWinds, Accellionand MSE attackshighlight supply-chainvulnerabilities. Fullextent of potentiallosses are unknownbut potentiallyAccellion datacatastrophicexfiltrationattack againstFTAapplicationRate prognosis and forecastPrognosis:§ The last 12 months have seen carriers pushing harder for higherrates, noting that that current cyber premiums are inadequatecompensation for the risks assumed§ Coverage restrictions for losses arising from ransomware attacksForecast: Rest of 2021§ Overall: 100% - 200% Rate prediction? 2021 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Wa tson client use only.33Cyber threat environmentThe ransomware crisis 20B 11.5B 8B§According to KnowBe4, ransomware damageswill cost the world more than 20 billion by2021, more than 60 times greater than in 2015§Ransomware currently attacks a businessevery 14 seconds§New variants of ransomware have proven todestroy backups, steal credentials, exposevictims, leak stolen data and threaten thetarget companies’ customers§Approximately 188 million ransomware attacksoccurred in 2019 alone§Ransomware is outpacing all other losses, withthe frequency and severity of claims —insurers are reporting demand increases from239% to more than 400% during the past twoyears§Single ransom demands exceeded 60 millionin 2020§There were four times more extortion demandspaid in 2019 than 2018§Net Diligence reported its key findings from2015 – 2019 (five-year period): the averagetotal incident cost for large companies — costsfor all ransomware claims was 18.9 million 5B 325M 2021 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Wa tson client use only.442
10/4/2021Cyber LiabilityState of the Market and claims, legal, emerging trendsKey takeawayRate PredictionsPremiums 100% to 200%ChallengedindustriesHealthcare, higher education, publicentities, manufacturing, financialinstitutions, construction and largemedia and technology companiesRisk TrendsAs insurers continue their strategies to mitigate the financial losses from thesignificant increase in frequency and severity of ransomware incidents over thepast year, they must now also assess how organizations may have been impactedby the Solarwinds, Accellion and Microsoft Exchange Server breaches.CompetitionIn an already hardened insurance market, these recent developments are likely totighten the terms and availability of certain cyber coverage for some organizations,especially for those that cannot demonstrate strong cyber risk controls, culture andoverall cyber hygiene. The use of analytics to assess potential cyber exposures anddetermine optimal insurance limits for insureds has become vital as we navigate amarketplace that keeps hardening.Driving Cyber underwriting concerns:86%8.19milof those surveyed in WillisRe study think cyberattack frequency will increase due to COVID-19Average cost of data breach in 2020, up 5.3%since 2019of the cyber claims in our WTW 2020 Reported63% Claims Index were attributable to the humanelement, the leading cause of cyber lossCOVID-19: The work-from-home era, now in its second year, may be contributingto an increase in phishing and hacking activity, as certain organizations have beenmore vulnerable than usual due to employees working remotely on potentially lesssecure networks with less secure hardware.Sufficient cyber risk controls: To combat ransomware and other recent cyberincidents.Solarwinds, Accellion and Microsoft Exchange Server incidents: We will likelycontinue to see certain markets asking additional underwriting questions andconsider exclusions based on these incidents.5 2021 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and WillisTowers Watson client use only.5Cyber liabilityTechnical controls and core focus areas for underwriters 2021 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Wa tson client use only.663
10/4/2021Proactive defense measures for risk leadersRisk leaders can help reduce their organization’s risk exposure by:§Adopting a holistic, cross-functional approach to assessing and quantifying cyber risk, andprioritizing risks according to level of business criticality§Addressing ransomware recovery in their business continuity plan (BCP), incident response plan(IRP) and disaster recovery plan (DRP), all of which should be reviewed and tested annually§Including pre-established, clear decision-making rights in the IRP§Maintaining an effective cybersecurity training and awareness program, or anti-phishing trainingas a minimum standard, and fostering a security-aware corporate culture 2021 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Wa tson client use only.77Proactive defense measures for IT/Infosec teamsIT/Infosec teams can help reduce their organization’s risk exposure by:§Maintaining a robust, enterprise-level vulnerability and patch management program§Backing up business-critical data, and regularly testing the restoration procedure§Blocking SMB port access (445 & 139) and RDP (3389) to all computers from the internet§Ensuring all Windows OS and Microsoft software are patched, especially forMS17-010; any unsupported or outdated operating systems should either be upgraded orreconfigured to stop SMB and RDP§Maintaining an effective access management program, limiting access to the rule of leastprivilege, and implementing multifactor authentication (MFA)§Implementing continuous monitoring of networks for anomalous behavior, with clear proceduresfor identifying, detecting, protecting from, responding to and recovering from threats 2021 Willis Towers Watson. All rights reserved. Proprietary and Confidential. For Willis Towers Watson and Willis Towers Wa tson client use only.884
10/4/2021Potential Causes in Risk ChainLoss ofproductionFACILITIESTHAT HAVE RISKSPROCEDURESTHAT RUNFlaw inNetworkPEOPLEFOLLOWINGFlaw indeviceSYSTEMSTHAT ARE OPERATED BYFailure todetect flawin testingPRODUCTSTHAT MAKEPROCESSESTO m to theenvironmentData breachEquipmentdamageFailure tointerveneFailure tocheck USBdriveLoss of lifeor injuryFailure todetectintrusionLoss ofproductionRegulatory/BrandHarm to theenvironmentDatabreachEquipmentdamageLoss of lifeor injury99YOUR NEXT STEP: REGISTER!ROADMAP TO SECURITY:Cybersecurity Questionnaireand Virtual Workshop October 19 8:30am Quick review of Top 10 cyber gaps at Illinoismanufacturers Interactive workshop Venue for manufacturers to ask questions ofexperts and peers Opportunity to share good/best practicesRegister at: bit.ly/IMEC-CYBER-101921 IMEC All rights reserved.105
10/4/2021MADE IN ILLINOIS: A Modern Playbookfor Manufacturers to Compete and WinChapter 6: IntegratingTechnology for GreaterProcess Innovation Mitigating Cyber Risk in a / Get your copyStrategy GuideBook Discussion Guide IMEC All rights reserved.11CONTINUING: MAKE STEADY PROGRESS:CMMC Cybersecurity 15-Part Series 23 companies currently registered 1st Wednesday per month through Oct. 2022 3-hour monthly live, virtual trainingMonthly homework guidance & IMEC check-inRecording and resources for all 15 sessions 1 set of controls / monthPrepare companies to confidently seek CMMCcertification Outlining the Department of Defensecybersecurity requirements 3,500/companyRegister: bit.ly/IMEC-CMMC-Series-21-22 IMEC All rights reserved.126
10/4/2021CYBERSECURITY AWARENESS MONTHDateSessionPresenterMAKE STEADY PROGRESS: CMMC Cybersecurity 15-PartTraining Series for ManufacturersCerberus SentinelOctober 13STEPS FOR PROTECTION: Cybersecurity Day at John WoodCommunity CollegeWinsor ConsultingOctober 14ADVANCED MANUFACTURING EXPLAINED: IoT – DataGathering Sensors to Inform Your Operations WebinarKen WunderlichOctober 19ROADMAP TO SECURITY: Cybersecurity Questionnaire andVirtual WorkshopWinsor ConsultingOctober 26DISCOVER CNC AUTOMATION: How Machine Shops CanAutomate with Robotics Live On-Site DemoFusion OEMOctober 28AUTOMATE YOUR FACILITY: Collaborative RoboticsAutomation ConferenceJeremy Smith FPE AutomationOctober 6Thru Oct 2022Learn more at www.IMEC.org/Events/ IMEC All rights reserved.137
SolarWinds, Accellion and MSE attacks highlight supply-chain vulnerabilities. Full extent of potential losses are unknown but potentially catastrophic Ransomware crisis (2020 to present) Targeted attacks with new, dangerous malware variants lead to an exceptional increase in size of ransomware demands and ensuing losses 2018 and 2019 regulatory
