Chapter 13 Cyber Risk, Terrorism, International Insurance

Explain why acts of terror are inherently catastrophic.

The losses can be limitless and very unpredictable to underwrite the potential loss exposures.

Identify the reason that Congress enacted the Terrorism Risk Insurance Act of 2002 (TRIA).

The reason was to overcome the reluctance of insurers to offer coverage in the immediate aftermath of the terrorist attacks of 9/11. This Act established a cost-sharing mechanism that allowed that insurance industry and federal government to jointly pay claim resulting from acts of terrorism.

Identify the manner in which an organization can assess the potential extent of its cyber risk net income loss exposures.

They assess cyber risk net income loss exposures by considering how it might be affected by a reduction in or interruption of its normal business operations as a consequence of a computer network security breach.

List the four general categories of exclusions in cyber risk insurance policies.

1. General insurance exclusions 2. Product-related exclusions 3. Service-related and security-related exclusions 4. Cyber risk-related exclusions

Identify the three methods of risk financing for cyber risk.

1. Insurance 2. Non=insurance risk transfer 3. Retention

Identify the categories of losses to which an organization is exposed when it uses technology-based systems.

1. Property loss 2. Net income 3.Liability loss

Describe the benefits of a properly structured cyber risk security strategy.

A cyber risk security strategy: 1. Preserves an organization's resources 2. Reduces the severity of losses that occur 3. Reduces recovery times from a cyber loss.

Identify the circumstances under which federal participation in the payment of losses for a terrorist attack occurs.

Federal participation in the payment of losses if the act results in aggregate insured losses in excess of the program trigger. Started at $5M in 2002, then $100M in 2015, and now increases by $20M each year until $200M is reached in 2020.

Aaron, Becky, and Chuck have just formed an accounting partnership. They have a website to advertise the company and a computer system to prepare and maintain clients' financial records. When they meet with their insurance agent to set up their commercial package policy, including cyber risk insurance, they also discuss what they should do in the event of a cyber loss. Describe a post cyber incident rapid recovery program for this company.

Full backups of computers stored at a different location, store clients documents in fire-safe, plan to contact clients if accident occurred.

Identify the two main categories of personal property into which property exposed to loss because of cyber risk typically falls.

Intangible property Tangible property

Explain why the distinction between tangible and intangible personal property is more relevant to commercial liability forms than to commercial property forms.

It is more relevant to commercial liability forms because many commercial liability forms define property damage to mean damage to tangible property only, and that electronic data are not tangible property.

Compare physical controls with procedural controls for cyber risk loss exposures.

Physical controls place barriers between cyber criminals and their targets. Procedural controls specify that tasks be performed in secure ways that prevent or reduce losses.

Describe the potential sources of cyber risk property damage loss exposures.

Potential sources include an organization's overall technology operations problems, including those related to software, hardware, and electronic data.

Describe the personnel controls an organization can use to mitigate the cyber risk loss exposures presented by their employees.

Pre-employment screening, training, outlining unacceptable cyber behavior with associated consequences, and termination procedures that include revoking access and passwords.

Describe the coverage provided by an intellectual property insuring agreement in a cyber risk insurance policy.

Provides coverage for any copyright, trade secrets, trademark, or patent infringement claims arising out of the use of the insured's protected ideas or works.

Describe the coverage provided by an electronic data protection insuring agreement in a cyber risk insurance policy.

Provides coverage for costs to recover or restore electronic data that have been altered, destroyed, deleted, or damaged

Describe the coverage provided by a business interruption insuring agreement in a cyber risk insurance policy.

Provides coverage for loss of: 1. business income 2. loss of contingent business income 3. payment of extra expenses incurred from business interruption

Describe the coverage provided by a privacy liability insuring agreement in a cyber risk insurance policy. a. Describe the coverage that could be provided in a privacy liability insuring agreement related to privacy provisions in various laws. b. Describe the actions that would typically trigger coverage under a cyber risk policy's privacy liability insuring agreement.

a. Provides coverage for liability arising from unauthorized disclosure or use of the private information of others or depending on the insuring agreement, liability arising out of an insured's failure to comply with privacy provisions contained in laws under HIPPA, GLBA, or any anti-identity theft legislation b. Actions generated by a network security breach or unauthorized access to or use of information