Why need for Specialized Training Programme on Cyber – Security, Crime, and Insurance?
Advances in information and communications technologies have revolutionised government scientific, educational and commercial infrastructures. The IT infrastructure has become integral part of the critical infrastructure which supports national capabilities such as power grids, emergency communication systems, financial systems, defense systems, and air traffic control networks. The operational stability and security of critical information infrastructure is vital for the economic security of the country for individuals, organizations, and systems across global networks for trade and economic requirements.
Increasing the complexity of IT systems and networks will mount security challenges for both providers and consumers. The increasing interconnectivity and accessibility (and consequently risk) to computer based systems that are critical to the country’s economy.
Every aspect of today’s Economic Activity, Government Activity, and Social Media, use of computers, Mobile Phone, ATM, and Net Banking is dependent on the Internet. You do not know viruses/ hacking can have huge impact on your business/ personal internet or computer. Cyber Risks cannot be ignored and it is necessary that we invest in Cyber Security.
The next step for any organization is to go in for Cyber Insurance so that losses to own organization or customers can be insured.
According to Asia insurance Review “Cyber Criminals remain ahead in this cat and mouse game against the defenders and the list of threats will only grow. How can Insurers protect themselves and at the same time provide a safety net for their clients? This is a dynamic role that Insurers must now embrace and juggle”.
Cyber Insurance training programme is intended to be a serious discussion among Stakeholders comprising of Corporate, Government, Police, Cyber Security Experts, Insurers to think in the direction on what needs to be done to avoid huge losses, which can affect even the survival of the organization and can impact shareholders wealth or market capitalization.
Scope/ Coverage and Nature of Coverage under Cyber Risk Insurance
It is intended to have coverage for first-party and third-party liability coverage to the organization when cyber-risk materializes and or cybersecurity controls at the organization fail.
The cyber insurance should cover property, theft, and liability as represented in the below section:
A- Property and Theft:
- Destruction of software system and network
- Unrecoverable Loss of information of organization’s stored data
- Recovery from malware or other malicious codes
- Business interruption due to cyber-incident (Loss of net profit as a result of a material interruption to the insured’s network)
- Denial of Service
- Information Theft – Loss of control of customer’s data/record
- Breach of intellectual property
- Cyber Extortion and Cyber espionage
- Losses due to cyber-terrorist acts
- Harm to electronic media or data contents
- Terrorism/War exclusion with carve back for Cyber terrorism
- Network Security
- Private confidentiality breach/Data Liability
- Loss of personal information
- Loss of corporate information
- Reputational damage
- Repair of the organization’s & individual’s reputation
- Notification and Monitoring
- Business continuity/supply chain disruptions
- Crisis management and response to data theft (includes costs of administrative expenses i.e. forensic investigations, penalties, regulatory and governmental fines)
- Cost of repairing, replacing and updating computer systems
C- Limit of Liability:
Aggregate Limit of Liability per Policy Period for all Loss of all insured under all insurance covers to be combined.
Cyber Crime – Most common forms:
- Hacking – Unauthorised attempts to bypass the security mechanism of an information system or network.
- Data theft (using flash/pen drives, digital cameras).
- Virus or worms, Malware or Trojan horses.
- Identity Theft
- E- mail spoofing
- Botnets and Zombies
Cyber Security Flow:
- Back Up and Recovery– There should be a policy in existence to ensure that regular back up of the critical data are taken and kept on-site and off-site to ensure its availability whenever required.
- Outsourcing– Risks related to integrity, availability and confidentiality of data need to be addressed
- Change Management controls– Only authorised and approved changes are made and proper documentation exists for each area of the system to support future modifications.
- System Security Issues
- Data Migration Issues
Cyber Liability Insurance:
Cyber liability refers to an IT firm’s liability when it is responsible for the security and privacy of a client’s data stored on the IT firm’s servers. Cyber liability insurance policies typically include coverage for:
- Denial of service attacks or inability to access websites or systems
- Unauthorized access to, use of, or tampering with data
- Disclosure of confidential data (invasion of privacy)
- Loss of data or digital assets (malicious or accidental)
- Introduction of malicious code or viruses
- Cyber extortion or terrorism threats
- Personal media injury (defamation, libel, or slander) from electronic content
- Regulatory action, notification, or defense expenses
- Crisis management and public relations expenses
- Data or system restoration
- Business interruption expenses
Who should buy Cyber Risk Insurance policy?
Following is the list of companies that must have Cyber Risk Insurance policy. This is just an indicative list and not exhaustive.
- Financial Services (Including Insurance Companies)
- Information Technology Companies: Software, Data Centers, ITeS, etc.
- Retailers: E-commerce & Brick and Mortar
- Health Care Products& Pharmaceuticals, etc.
- Airlines/ Airport
What are the Risks covered in Cyber Risk Insurance policy?
The following are some of the most common Risks covered in Cyber Risk Insurance policy.
- Legal Liability to others for Privacy Breaches or Computer Security Breaches
- Loss to Data/Information
- Loss of Revenue due to cyber attack
- Public Relation Expenses
- Regulatory Actions or Scrutiny expenses
- Incidental Expenses to respond to Cyber Attack
- Cyber Extortion Expenses
What are the Exclusions under Cyber Risk Insurance policy?
Some of the exclusions under this policy are:
- Government Entity or Public Authority
- Specific Network Interruption Condition
Topics to be covered:
- Need for Cyber Insurance for insurance related stakeholders
- Cyber Laws/ Regulatory Framework- Legal Issues
- Points to be kept in mind
- Cyber Laws/ Regulatory Framework- Legal Issues
- Cyber Insurance Policy
- Software Implementation for Cyber Protection
- Security Incident – Early Warning and Response
- Security Policy, Compliance and Assurance.
Objective of the Training Programme:
The conference will feature and address the following issues:
- To provide a platform for open house discussion between Corporates/ Government and stakeholders
- Software Companies ready to provide support for Cyber Security?
- Is suitable insurance available for cyber risk coverage?
Who Should Attend the Training Programme (Target Participants)?
This is a good opportunity for:
- Banks/ Financial Firms
- Insurance Companies (CEOs/CIOs/CTOs & COOs)
- Reinsurance Companies (CEOs/CIOs/CTOs & COOs)
- Insurance Brokerage Firms
- Cyber Security Firms
- Data Management Professionals
- Technology Experts & Other IT Service Providers
- eCommerce Companies
- Law Firms
- Compliance Personnel and In-House Lawyers
- Police Officials
- Chartered Accountants
- Insurance/ Reinsurance Professionals dealing with Technology Concerns
- Members from Chambers of Commerce and Industry
- Associations Representing Various Segments Connected with this industry
What you can expect from the Training Programme?
Complete learning of cyber security measures/ protection & choosing the best Cyber Insurance Policy for your business.
Some Key Take Away for Various Stake Holders will be:
- Understanding of Cyber Security
- Indian Perspective of Cyber Liability Insurance
- Legal Provisions/ Legal framework
- Possible Triggers
- Cyber Risk Insurance policy
- Cyber Security in India
- Data Security and Cybercrime in India
- Action required when you are attacked
Eminent Speakers addressing this Training Programme:
- Mr. Jaspreet Singh*, Partner – Cyber Security & Advisory Services, Ernst & Young LLP
- Dr. Rajeev Shorey*, Principal Scientist/Researcher, TCS Innovation Labs, Bangaluru
- Mr. Anuj Agrawal, Trainer and Consultant on Cyber Investigation
- Mr. Prashant Mali*, President – Cyber Law Consulting (Advocates & Attorneys), Leading International Lawyer, Speaker, Author, Cyber thought Leader of the Country
- Ms. Unnati Bajpai, Senior Underwriter Financial Lines, Allianz Global Corporate & Specialty (AGCS), Pune
- Mr. S. K. Sethi, Founder and Vice President, Insurance Foundation of India
– Participation fee: Rs. 4000/- per individual participant.
– Group participation fee (team of 3 persons): Rs.3750/- each.
– Group participation fee (team of 5 persons and above): Rs.3500/- each.
This is nonresidential Programme; however reasonable hotels/ guest houses are available in surrounding areas such as Nehru Place, Greater Kailash – I & II, Panchsheel Enclave. Nearest Metro Station Nehru Enclave & Nehru Place. Programme Coordinator will be ready to assist you in arranging the same (if required).
Certificates will be issued to the participants on completion of this Programme.
Programme Coordinator, Insurance Foundation of India, Om Plaza, 430/7, 1st Floor, Sant Nagar, East of Kailash, New Delhi – 110065