Cyber Security Jeremy Gittler Head of Cyber &

Transcript:Cyber Security Jeremy Gittler Head of Cyber &:
Cyber Security Jeremy Gittler Head of Cyber & Technology Underwriting – Americas AXA XL Gwenn Cujdik Manager– North America Cyber Incident Response Team AXA XL Learning Objectives Ability to identify key cyber risks and trends Ability to identify and implement needed internal security measures, specifically technologies, training, and management practices. Ability to train employees to better identify cyber risks and respond effectively. Ability to plan and execute post cyber occurrence responses, including communications with external parties. NetDiligence® 2022 Cyber Claims Study Average Revenue Size SME $88M Large Company $14B Legal/Regulatory Costs: 2017-2021 Ransomware Criminal v. Non-Criminal: SMEs Claims Percentages Cause of Loss Claims Percentages Forward Looking Economic Legislative Cyber insurance market is growing exponentially, driven by the frequency and severity of cyber incidents. But if companies are struggling financially due to economic downturn, we need to pay attention to any decreases in IT security budgets and/or cyber insurance purchasing decisions (smaller firms may choose to go bare). State privacy law remains inconsistent but there are discussions about a federal law. GDPR – outstanding questions about insurability of fines/penalties in each EU country. Some states are introducing legislation on cybersecurity and proposals to address cyber threats against public/private entities, including prohibition of public entities paying ransoms in Florida and North Carolina. In general, we continue to see more stringent reporting requirements and directives on the collection and use of consumer data. Forward Looking Legal Environment Industry We continue to monitor recent OFAC Announcements about sanctioned threat actors and how it may impact us. Strict protocols around Russia/Ukraine/Belarus exposures. Russia arresting threat actors. Merck decision – Chubb’s War Exclusion inapplicable. Ongoing discussions within industry around war exclusion. Carriers were regularly limiting Ransomware coverage with sub-limits and/or co-insurance or eliminating coverage altogether. However, more recently, competitors are beginning to increase RW limits on most deals, even with some key RW controls missing. Less and less Tech E&O capacity available in the market, with many competitors exiting the space non-renewing, etc. Softening market in terms of pricing and higher limits being deployed. Market still continues to have capacity issues for large towers but capacity increasing. Many Insureds still reducing limits overall either by choice or inability to secure capacity. Aggressiveness of insuretech (MGA/MGU) entrants backed by VC money and carrier paper. Beazley being extremely aggressive on pricing, undercutting on many deals. First Critical Minutes/Hours Introduction to a Cyber Incident Response Experts Breach Coach Forensics