Non Physical Business Interruption
Malcolm Randles, Underwriter, Kiln Syndicate 510
01 February 2011
Network Security Threats
Severity/Probability Matrix
Financial Loss
Information Warfare
Cyber Terrorism
Cyber Crime
Malicious Hacking
Vandalism
Experimentation
Event Probability
2
First Party Technology/Network Risks
Direct physical loss - property policy
Extortion
Direct non-physical damage
Software failures
Operational mistakes
Malicious Code (viruses)
Denial of Service
Vandalism/Malicious Acts
Terrorism
Contingent Business Interruption
Upstream/downstream - suppliers, chief customers
Co-dependency on Other Vendors Infrastructure (BPO and IT)
3
Context of risk
4
Hum an Error
Disgruntled
Em ployees/
Contractors
System
Failures
Cyber
Terrorism
Extortion
Property
Policy: Natural
Disasters
Cyber First Party Coverages
Data/Electronic Information Loss
• Covers the cost of recollecting or retrieving data destroyed,
• damaged or corrupted due to a computer attack
Business Interruption or Network Failure Expenses
• Covers cost of lost net revenue and extra expense arising from a computer
attack and other human-related perils. Especially valuable for computer
networks with high availability needs.
Cyber-extortion
• Covers both the cost of investigation and the extortion demand amount
related a threat to commit a computer attack, implant a virus, etc.
5
Key Kiln Differentiators

Coverage includes administrative or operational mistakes as defined and
aspects of accidental damage or destruction, not just computer attacks

No small internal indemnity limits per hour

No sub-limit for virus exposure

Outsourcing/offshoring risks – contingent business interruption and data
damage – full policy limits

Ability to endorse agreed amount for BI/EE with peak season adjustment (for
example, retailers) and asset value of data
6
Key Kiln Differentiators

Minimum 4 hour waiting period, 10% coinsurance

Reimbursement for employee working time to replace, restore or recreate
electronic data (endorsement on predefined billable hrs)

Expanded coverage and limits for Special Expenses - $500,000 or 25% of loss,
whichever is greater. Within special expenses, sublimits for $250,000 Customer
Notification Expenses and $250,000 Public Relations Expenses

Rogue employee coverage for computer attacks

No “shortcomings in security” or similar exclusions – “computer system is
protected by security practices and system maintenance procedures that are
equal to or superior to those disclosed in the proposal [application]”
7
Key Industry Groups

Financial services

Health care

Hospitality/Travel

Retail

Technology/Telecom

Media Services

Manufacturers
8
Summary






9
Threat is real.
High value class actions and regulatory enforcements
Tailored products
Balance of intangible v tangible is changing
It’s a board room/D&O issue – network availability and digital assets are critical
to infrastructure and revenues.
Many clients think they have coverage under traditional policies or purchased
first generation cyber products with major limitations.