Intl Risk

According to the World Economic Forum's Global Risk Report 2020 what are the most frequent and severe types of risks facing the world?

extreme weather and climate action failure

The primary difference between a cyber virus and a cyber worm used as malware is that worm must be triggered by the activation of their host; whereas virus are stand-alone malicious programs that can self-replicate and propagate independently as soon as they have breached the system

false

while a ______ deductible pays out the full amount once the amount of loss equals or exceeds the deductible.

franchise

_____ risk that events or actions in one country (or region) could influence political or social policy or events in another country or region.

geopolitical risk

How Do Cyber Attacks Occur?

malware, Denial of Service (DOS), logic bomb

Situation in which an employer is held liable for an injury caused by an employee using his or her own property when acting on the employer's behalf.

nonownership liability

contractual liability (civil liability)

occurs when the terms of a contract are not carried out as promised by either party to the contract.

insurance

often exclude coverage for nuclear, flood, earth, terrorist act

common law

on the other hand, is based on custom and court decisions.

is a contractual provision that transfers financial responsibility for liability from one party to another.

hold-harmless agreemen

website hijacking

involves unautho-rized changing of a website's registration or otherwise taking over a domain name or website todeceive users.

These types of risks are similar to political risks, in that they often result from political changes, but these risks also exist independently.

legal risk

Trojan

malicious software disguised to look legit

Torts (civil liability)

All civil wrongs that do not involve a breach of contract are considered

All of the following are reason or the apparent increase in the number and size of natural catastrophes over time EXCEPT

Governmental record-keeping and media coverage is improving over time so assessment of losses is more accurate now than in the past

zombies

Infected computers in abotnet.

malware

Malicious software programs designed to disrupt or harm a computer, network, smartphone, or other device.

In the cyber insurance coverage for Privacy Liability there is no requirement of negligence on the part of the insured to trigger coverage, and it provides coverage for the intentional acts of insured's employees

True

While the source of liability may be intentional or unintentional, more often it is unintentional, which involves

negligence

is the body of written law created by legislative bodies.

statutory law

botnet

A network ofbot-compromisedcomputers used to carryout malicious cyberattacks.

To prove the occurrence of negligence four elements must be present. Which of the following is not required to determine negligence?

Awareness of the duty to act (or not to act) in some way.

All of the following statements about catastrophic risk are true EXCEPT

Catastrophic risk exposure can be avoided by adequate planning

logic bomb

Code that is intentionally inserted into a software system that will set off a malicious function when triggered by specific action.

firewall

Device that protects anetwork from intrusion bypreventing access unlesscertain criteria are met.

Severe Inflation

Economic Risk

A benefit of purchasing cyber insurance is it that the purchasing organizations will not incur the costs of loss of making corrective measures

False

Most cyber breaches are discovered within a month of the event having happened

False

is the risk that events or actions in one country (or region) could influence political or social policy or events in another country or region.

Geopolitical risk

In the lecture on managing catastrophic risk, all of the following were delineated as factors impacting the susceptibility of a structure and environment to damage EXCEPT

Insurance coverage for the damaging peril

Two examples of political risk management are:

Investing in infrastructure in host countries and cultivate a strong track record of being a good corporate citizen and explore public political risk insurance coverage through Seek multiyear policies or coverage for as short a time frame as possible and keep tightlipped about the existence of any political risk coverage you obtain

This doctrine allows a plaintiff to sue any of several defendants individually for the full harm incurred, meaning one party only slightly-at-fault could be held primarily responsible for the entire loss.

Joint and several liability doctrine

Legal Liability

Legal liability is based on societal rules which reflect social and cultural norms. Liability exposure may arise out of either statutory or common law, Legal liability is the responsibility to right some wrong done to another person or organization. Legal liability is based in law.

What are some different ways employee actions can result in cyber property loss?

Malware is often spread by employees who click on email links or open attachments, Circumventing security features can also leave corporate network vulnerable to attack, Employees connecting their own devices to the network

virtual private network (VPN)

Network that connectssatellite offices with acentral location and allowsremote users to gainsecure access to acorporate network.

Liability arising from the ownership, maintenance, and use of premises and conduct of activity.

Operations Liability

Physical property that is mobile (not permanently attached to something else).

Personal Property

Consists of real or personal property.

Physical Property

Democratic Election

Political Risk

Military Coup

Political Risk and Conflict Risk

Terrorism

Political and Conflict Risk

This doctrine shifts the burden of proof from the plaintiff to the defendant.

Res ipsa loquitur

_____ is the name for the method in which analysts generate simulation "what if" games that are used by management to consider and develop plans to deal with alternative futures

Scenario Planning

Worm or Virus

The primary difference between a cyber virus and a cyber worm used as malware is that viruses must be triggered by the activation of their host; whereas worms are stand-alone malicious programs that can self-replicate and propagate independently as soon as they have breached the system.

The top 10 external cyber vulnerabilities accounted for nearly 52% of all identified external vulnerabilities. The thousands of vulnerabilities account for the other 48%

True

keylogging

covert recording of every keystroke entered... steal user names and passwords

is concerned with acts that are contrary to public policy.

criminal law

_______ deductible shrinks as the amount of loss increases

disappearing

Denial of Service (DOS)

disrupt traffic but flooding with traffic or overloading... botnets or zombies

In risk management, the distinction between real and personal property is relevant because:

dissimilar properties are exposed to perils with different likelihoods

Which of the following best describes global risks

interconnected

Which of the following words best describes global risks.

interconnected

The owner or tenant of premises, for example, does not owe the same duty to each person who enters the property. The highest degree of care is owed to:

invitees

killware

next big cyber threat... actually end lives... purely for harm (damage water supply)

Retention

recommended when insurance unavailable, unaffordable... property owners have the capability of financing losses internally.... often used with other risk finance options.....

a ______ provides compensation for a person who has been harmed in some way.

remedy

This doctrine shifts the burden of proof from the plaintiff to the defendant.

resa ipsa loquitur

Compensation for harms that generally are easily quantifiable into dollar measures. Also known as "economic damages".

special damages

With a ___ deductible, the policyholder pays for all losses less than a specified amount

straight

All civil wrongs that do not involve a breach of contract are considered

torts

is a person who enters the premises of another without either express or implied permission from a person with the right to give such permission.

trespasser

Two thirds of employers monitor internet connections of their employees

True

Each of the following is considered in the book chapter and lecture notes as a man-made catastrophic risk EXCEPT

Tsunamis caused by undersea oil exploration using dynamite and sonar to locate reserves

Cyber risk can be very well controlled by having strong passwords, firewalls and constant monitoring of the computer system for signs of a breach

False

Premium payments for nonadmitted coverage are tax deductible, even in countries where nonadmitted coverage is permitted

False

Social Media (Facebook, YouTube, Twitter, WhatsApp, Messenger, WeChat, Instagram, Pinterest, Reddit, LinkedIn, SnapChat, Tik Toc, etc.) used by employees is a risk for employing organizations only if it is done while on the job

False

Most failures in cyber security are caused by external people, or by disgruntled or dishonest employees

True

Compensation for harms that are not specifically quantifiable but that require compensation all the same. Also known as "noneconomic damages."

general damages

Even if the business' network is breached, they are covered under their general liability policy or their crime policy

False

Select all of the following statements that accurately describe deductibles.

A deductible requires the insured to bear some portion of loss before the insurer is obligated to make a payment. Deductibles help maintain reasonable premiums because they eliminate administrative expenses of the low-value, common losses.

virus

A program or code thatreplicates itself inside acomputer or network withthe intent to damage,destroy, or hijack anoperating system orcontrol program.

worm

Similar to a virus, except that it is a program rather than a code segment hidden in a host program. A worm also copies itself automatically and actively transmits itself directly to other systems.... don't need a person to take action

If you dam a creek on your property to build a lake, you will be liable in most situations for injury or damage caused if the dam collapses and floods the area below. This is an example of:

Strict liability

Statutory Law

is the body of written law created by legislative bodies.

Select all of the following statements which accurately describe global risks:

- Global risks include all the political, economic, cultural, technological, and environmental risks which exist outside the influence of any single country's government. - Global risks are all the external, uncontrollable risks which could damage a company financially. - Global risks can affect a business whether they operate internationally or not. - Global risks are risks that cross borders and have the potential to affect everyone.

Select all of the following statements which accurately describe global risks:

-Global risks can affect a business whether they operate internationally or not. -Global risks are all the external, uncontrollable risks which could damage a company financially. -Global risks include all the political, economic, cultural, technological, and environmental risks which exist outside the influence of any single country's government. -Global risks are risks that cross borders and have the potential to affect everyone.

Three things to know about ransomware

1.Ransomware Attackers Are Evolving, From Whom They Target to How 2. Key Ransomware Exposures Every Business Must Prepare For Cyber insurance-legal risks, cryptocurrency, reputational risk, business interruption coverage 3. Steps Risk Professionals Need to Take to Combat Ransomware The importance of education can never be overstated when it comes to ransomware

Identify this type of insurance written by companies authorized to write insurance in the country where a risk exposure is located

Admitted insurance

All of the following are true regarding a CAT (or Catastrophe) Bond EXCEPT

Answer: CAT bonds are highly rated and are priced similar to highly rated corporate bonds The CAT bond is issued by a Special Purpose Vehicle (SPV) CAT bonds are often issued by insurers or reinsurers who have catastrophic risk exposure they would like to get rid of Investor are attracted to CAT bonds because their return on the CAT bond is uncorrelated with other economic assets in their portfolio (zero beta) CAT bonds are designed to pay higher coupons (interest) to investors if there is no catastrophe, but the investor stops getting these coupons if there is a catastrophe of a specified magnitude

All of the following are risk reduction measures the either lower the probability of flooding or storm surge damage along the coast or the severity of the consequences of flooding or storm surge along the coast EXCEPT

Answer: Financial assistance to damaged homes by FEMA or HUD.... Correct: Elevating and flood proofing structures Levees and sea walls Surge barriers along the coast Land use restrictions

Which of the following statements about global political risk management is incorrect?

Answer: Insurance is the only way firms can protect themselves against loss from global political risks. Private insurers in the political risk insurance market are concentrated mostly in the UK, USA and Bermuda Some types of political risk insurance are available through international government agencies. Political risk policies are not standardized Political risk coverage is available against a variety of perils, including expropriation of property by a government and political violence

Which of the following statements about global political risk management is incorrect?

Answer: Insurance is the only way firms can protect themselves against loss from global political risks. -Private insurers in the political risk insurance market are concentrated mostly in the UK, USA and Bermuda -Political risk policies are not standardized -Political risk coverage is available against a variety of perils, including expropriation of property by a government and political violence -Some types of political risk insurance are available through international government agencies.

Insurance policies often exclude coverage for the all of the following catastrophic events EXCEPT

Answer: Large chemical plant explosions with resulting deaths, property damage and evacuations Terrorist acts with resulting deaths, property damage and economic disruption Flood damages with resulting deaths, property damage and evacuations Nuclear-related events with resulting deaths, property damage and evacuations Earthquakes with resulting deaths, property damage and evacuations

All of the following are reasons causing increases in catastrophic losses over time EXCEPT

Answer: Population increase means people have no choice but to live in hazardous areas Because of economic considerations, many businesses marshal their factors of production in close proximity to rivers and ocean ports for easier or less costly transportation Global climate change is increasing causing more extreme weather and rising sea levels People are drawn to live in pleasant locations like coastal areas and rivers because of their desirable beauty, but these locations can have greater threats of natural catastrophes

All of the following are true regarding financing catastrophic risk EXCEPT

Answer: The Federal government payment to hurricane victims damaged by flooding is based solely on the amount of damage experienced and not whether or not the individual had bought insurance from the National Flood Insurance Program of FEMA Government often steps in as a risk taker of last resort Risk financing capacity for catastrophic loss exposures remains a major concern for the insurance industry internationally Primary insurers can insure catastrophic risk if they can arrange a reinsurance program to spread the risk internationally Insurance policies often exclude coverage for many catastrophic events

The lecture notes provided 5 Simple Ways to Block Most Malware. This included all but which of the following

Answer: Use a difficult to guess password.... Correct: Prevent VBScript and JavaScript abuse, Use your firewall/email filtering to block the most commonly abused file types, Lock down Microsoft Office, Put restrictions on PowerShell

to prove the occurrence of negligence four elements must be present. Which of the following is not required to determine negligence?

Awareness of the duty to act (or not to act) in some way

cat bond

Catastrophe bonds emerged from a need by insurance companies to alleviate some of the risks they would face if a major catastrophe occurred, which would incur damages that they could not cover by the invested premiums. An insurance company issues bonds through an investment bank, which are then sold to investors. These bonds are inherently risky, generally BB,[1] and usually have maturities less than 3 years. If no catastrophe occurred, the insurance company would pay a coupon to the investors. But if a catastrophe did occur, then the principal would be forgiven and the insurance company would use this money to pay their claim-holders. Investors include hedge funds, catastrophe-oriented funds, and asset managers. They are often structured as floating-rate bonds whose principal is lost if specified trigger conditions are met. If triggered the principal is paid to the sponsor. The triggers are linked to major natural catastrophes. Catastrophe bonds are typically used by insurers as an alternative to traditional catastrophe reinsurance.

Which of the following is NOT a characteristic of terrorism, as defined in the text reading and lecture notes?

Committed against foreigners for the purpose of reclaiming or conquering land

functions of local govt.

Direction and control Communications Warning Emergency public information

Lower-level computer languages are typically used for development in handheld devices (for space, battery, and speed rationales). This will increasingly prevent the continuation of basic cyber vulnerability flaws

False

With a really good computer firewall, good password protection and frequent monitoring of external attacks so as to keep outsiders out of the organization's computer system, there is no need for partitioning the computer system to allow employees selective access to only certain parts of the system

False

Select all of the following statements that accurately describe legal liability.

Liability exposure may arise out of either statutory or common law. Legal liability is based on societal rules which reflect social and cultural norms. Legal liability is the responsibility to right some wrong done to another person or organization. Legal liability is the responsibility to right some wrong done to another person or organization. Legal liability is based in law.

what kind of risk? Terrorism

Political, Conflict

Permanent structures that if removed would alter the functioning of the property.

Real Property

cybersquatting

Seeking compensation forthe use of a registereddomain name from therightful trademark holder.

Which of the following is not considered to be a catastrophic natural hazard loss prevention activity?

Small Business Administration low interest loans through FEMA for rebuilding

Why might an American company operating in a foreign country choose to purchase non-admitted coverage?

So, they can utilize terms and conditions familiar to U.S. risk managers.

bot (internet bot orweb robot)

Software applicationsrunning automated tasks(scripts) used to performrepetitive tasks.

In common law, the courts are guided by the this doctrine, which holds that once a court decision is made in a case with a given set of facts, the courts tend to adhere to the principle thus established and apply it to future cases involving similar facts.

Stare decisis

"Denial of Service" (or Distributed Denial of Service (DDoS)) disrupts the function of a website by overloading their servers with pulses called pings so it is inaccessible

True

A logic bomb is a code that is intentionally inserted into a software system that will set off a malicious function when triggered by specific action

True

A zero day vulnerability is one that has never been recognized or exploited

True

E-mails can be traced back to the computer from which they were originally sent, so it is important to be careful in what you send

True

Global cyber crime losses are on the order of 6 trillion US dollars per year

True

It is good corporate policy to warn employees that personal e-mails sent on company machines will be treated no differently than their business messages and are subject to inspection

True

One benefit of the cyber insurance carrier providing coverage on Dollar Sublimit Basis is that the insured then knows exactly how much money they have available for a cyber event

True

One negative associated with the cyber insurance carrier providing coverage on Per Persson Sublimit Basis is that the insured can only select a response firm from a panel counsel list

True

Over 2/3 of cyber breaches took months or years to discover

True

Over 3/4 of breaches at banks could have been eliminated if they blocked any attempted entry from the Tor (dark web) internet addresses

True

Risk differences between traditional e-Commerce modes and wireless m-Commerce can be largely attributed to the different communication platforms used to access the company's computers. To hack an e-commerce transaction you need to actually tap a wired connection. With m-commerce you only need to be listening nearby

True

Setting up a filtering process to combat multiple pings (or calls) upon the website of a company experiencing a DoS attack is an active defense mechanism

True

Five ways to block most malware

Use your firewall/email filtering to block the most commonly abused file types. Lock down Microsoft Office. Prevent VBScript and JavaScript abuse. Use endpoint protection that improves on antivirus Put restrictions on PowerShell

With this type of liability, the liability of one person may be based on the tort of another. An employer, for example, may be liable for damages caused by the negligence of an employee who is on duty. Identify this type of liability.

Vicarious liability

domain namehijacking

When an individual or abusiness reserves adomain name that usesthe trademark of acompetitor.

Negligence

While the source of liability may be intentional or unintentional, more often it is unintentional, which involves

antivirus software

a computer program used to prevent, detect, and remove malware once it shows up

Honeypot

a fake network with known exploits that is connected to the real network used to lure attackers. Makes fake network easier to enter so exploiters target fake network instead of harder real target

Firewall

a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

Filtering

active defense used to stop DoS attacks before servers are down.

In some cases, small children are attracted by dangerous objects or property. In such circumstances, the owner has a special duty toward the children, especially if they are too young to be responsible for their own safety. Pools and trampolines are common examples of this source of liability, which is known as:

an attractive nuisance

phishing

appears to comre from trusted individual or institution but is actually fradulent

deals with acts that are not against society, but rather cause injury or loss to an individual

civil law

The ____ clause has two provisions. First, it requires you to carry an amount of insurance equal to a specified percentage of the value of the property if you wish to be paid the amount of loss you incur in full, and second, it stipulates a proportional payment of loss for failure to carry sufficient insurance....Under this clause, a property is considered fully covered if coverage is at least

coinsurance... 80%

on the other hand, is based on custom and court decisions.

common law

Liability stemming from activities of the firm in installing equipment or doing other jobs for hire off its own premises

completed operations liabiltiy

Situation in which a firm is liable for an independent contractor's negligence because the firm did not use reasonable care in selecting someone competent.

contingent liability

Civil liability may derive from either:

contracts or torts

When the terms of a contract are not carried out as promised by either party to the contract this is known as:

contractual liability

occurs when the terms of a contract are not carried out as promised by either party to the contract.

contractual liability

A number of defenses against negligence exist, with varying degrees of acceptance. Which of the following are valid defenses against negligence?

contributory negligence, comparative negligence, immunity, last clear chance, assumption of risk

Passive Defense

defenses that try to keep an attacker from being able to successfully enter the computer system. It is passive in that it sets up barriers or compares to known lists of viruses without proactively changing the environment

what kind of global risk? Severe inflation

economic

Professionals' mistakes can result in professional liability claims. The insurance protection for this type of risk is:

errors and omissions liability coverage

What kind of global risk? Democratic Election

political risk

what kind of risk? Coup

political, conflict

vulnerability

potential for harm to the community. physical assets, social capital, political access... mitigated by effective measures

Situation in which a manufacturer may be liable for harm caused by use of its product, even if the manufacturer was reasonable in producing it.

product liability

Awards intended to punish an offender for exceptionally undesirable behavior.

punitive damages

How to reduce travel risk

safe travel planning, arrival procedures, prudent behavior during the stay, departure procedures, coping with captivity

why at risk

unfamiliar territory, perceived wealth, high profile

cookie theft

used to access online accounts.... steal usernames and passwords

clickjacking/UI redressing

user thinks they click on a link but unwittingly click on a hidden one and taken to different location

crackers

vandals who want to break into a company's security network and steal proprietary info for personal gain

Hackers

virtual vandals who try to poke holes in a company's security network

ransomware

which holds data hostage until a ransom ispaid (usually in cryptocurrency). Ransomware makes infected data inaccessible, often by encrypt-ing it. Individuals as well as organizations of all sizes—including police departments andhospitals—have been the targets of ransomware attacks.

Active Defense

will search and respond accordingly to prevent or retaliate during an attack. Is proactive.

examples of catastrophic risk natural sources

wind, fire, ice, earthquake, water, climate

Classic Threats of cyber

ØInsiders ØDisgruntled employees ØDisgruntled contractor ØActive agencies ØCompetitors ØOrganized crime

Cyber Threat Sources

ØNational Governments ØTerrorists ØIndustrial Spies and Organized Crime Groups ØHacktivists ØHackers

Third-party cyber liability insurance is available with coverage that typically protects liability arising from:

ØUnauthorized access of confidential information from the commercial entity's computer system. ØAccidental release of confidential information. ØTransmission of Malware to a third party.

Businesses can take loss-control steps to reduce the cyber risk (cyber risk is part of e-commerce)and business interruption by using the following:

• Security products and processes,• System audits,• Antivirus protection,• Backup systems and redundancies,• Data protection and security,• Passwords,• Digital signatures,• Encryption,• Firewalls,• Virtual private network (VPN),• Hiring ethical or "white hat" hackers to identify security flaws.