Schedule/Sessions

Breakfast

Keynote - Cyber: A Year in Review

• Speakers:

• Joe DePaul, IronGate

• Carla Maresca, Deasey Mahoney & Valentini, Ltd.

• George Pagano, Self Employed

• Judy Selby, Kennedys

Hear from industry experts as they talk about the most recent statistics, what the effect has been on litigation, and how certain proactive measures may help prevent an incident from occurring in the first place. This interactive discussion will provide a thoughtful prelude for the sessions of the day. 

SESSION 1 - The Future of Cyber Liability Risks and Exposures

• Speakers:

• Richard DePiero, Sompo International Insurance

• Allison McCabe, Aspen Insurance

• Matthew McCabe, Marsh

• Richard Reiter, Self Employed

The world is in the infancy of a technological revolution that is growing exponentially. Businesses are attempting to capitalize on the cyber marketplace and to create efficiencies in an effort to maximize profitability. As businesses enter these uncharted waters they are exposing themselves to a flood of new risks. The most publicized problem facing businesses is a cyber attack. The cyber attack comes in many forms and for many reasons; mostly, financial crime has been the impetus behind these hack-attacks. But when the target is the government, or possibly society at large, and there are underlying political motivations, insurers may be able to exclude coverage pursuant to the war exclusion. But to what extent the attacker represents a legitimate enemy of the state is an important question in determining whether this exclusion applies. As the marketplace evolves, the risks and coverage evolve as well. 
 

Break

SESSION 2 - The Interface of Underwriting, Claims and Counsel to Create Sustainable Insurance Products for Cyber Risk

• Speakers:

• Anthony Dagostino, WTW

• Christopher Liu, AIG

• Cathleen Rebar, Rebar Kelly

• Salvatore Sama, Swiss Re

Underwriting cyber risk has evolved significantly since the first cyber policy was written.  Understanding what data is used and how underwriters determine what risks to write, how to pick a winner and loser in the underwriting of a policy, and what parameters are utilized to build the desired portfolio are critical determinations made in crafting sustainable Cyber policies. Data mined from claims activity can determine the value added services in Cyber policies. Learning what questions to ask in underwriting and conversely what information claims can provide, is an important aspect of successful underwriting and in the continued insurability of Cyber Risk. This session will discuss how policy changes can be made after “unexpected claims” and other areas of insurance from which underwriters can draw to craft expectations. The audience will here from senior Underwriters, Reinsurers, Claims Managers and knowledgeable attorneys involving in handling Cyber Risk on their perspectives on the sustainability of the Cyber Insurance products.
 

Break

SESSION 3 - The Retail Data Breach - Navigating the Murky Waters of the Payment Card Industry

• Speakers:

• George Pagano, Self Employed

• Stuart Panensky, Pierson Ferdinand LLP

• Richard Sheridan, Berkley Cyber Risk Solutions

• Dan Twersky, WTW

This session examines the unique legal and practical issues when confronting a retail-industry data breach and the point-of-sale malware attacks so often reported. We will explore different sources of obligation for the client/insured including law, regulation and the Payment Card Industry (“PCI”) itself. We will discuss the relationships of the various players involved in the response including the credit card brands, issuing banks, payment processor and the client/insured. We discuss the process of the PCI forensic investigation (“PFI”) and the implications of its findings. We see what role state and federal regulators play and the scopes of their respective authority. We cover the various perils and exposures facing the client/insured and the possible coverages (and coverage defenses) available. Finally, we will summarize recent trends and forecast predictions for retailers when preparing for cyber risk.

Lunch

SESSION 4 - Healthcare: Evolving Claims, Exposures and Regulatory Enforcement

• Speakers:

• John F. Mullen, Mullen Coughlin

• Christopher Nutt, Kroll

• Neeraj Sahni, WTW

Panelists will discuss the ever-evolving state and federal legal landscape as it relates to the protection of health care information, analyze recent health care breaches in the news, and dissect events that lead to class actions and/or regulator fines and penalties. Neeraj Sahni, Vice President at Willis, Chris Nutt, Associate Managing Director at Kroll, and moderator Jennifer Coughlin, a partner in Lewis Brisbois’s Data Privacy and Network Security group, will use this information and analysis to highlight what a company should and should not do both before and after a data event and how these actions can directly impact the type and severity of regulator inquiries and litigation a company may face post-event.

Break

SESSION 5 - Death by Twitter: Impact and Appropriate Governance of Social Media to Prevent Data Breach or Liability Claim Doomsday

• Speakers:

• Kevin Ribble, Edgewater Holdings Ltd

• David Standish, Ironshore Insurance Company

• Scott Sweeney, Wilson Elser

Session will focus on four main issues: 1) Social media as a portal for cyber attack; 2) Liability claim exposure arising out of misuse of and/or failure to monitor social media sites; 3) What preventative measures can/cannot be taken to prevent such attacks; 4) Tips for plugging potential leaks in the dike.

Break

SESSION 6 - Be Prepared or Face the Consequences

• Speakers:

• Gregory Michaels, Kroll

• Karen Painter Randall, Unknown

• Howard Panensky, WTW

• Zach Scheublein, Aon

In the wake of large scale data breaches impacting every industry, businesses and even government agencies have been making significant strides to protect the confidential personal information of clients and employees. However, once preliminary planning occurs and a comprehensive written information security program is placed in writing, many businesses have a false sense of security. Proactive incident response planning is critical, thus, this presentation will focus upon the dangers of preparing for a cyber-attack by taking a “one off” project approach and the importance of integrating a cybersecurity program into the organization’s culture. This includes not only a comprehensive written information security program, but also a breach response plan and procedure. The panel will discuss how to take a “program approach” to cyber risk with support from the C-Suite, which includes designating a crisis team, training of employees and crisis team, tabletop exercises, and use of a reliable emergency notification system. Focus will also be placed on how to effectively engage in practice runs to rehearse a response to a breach incident in order to be prepared to respond quickly, mitigate legal and regulatory liability and preserve the business’ brand. Lastly, because breaches take place in microseconds, businesses find themselves reacting more than preventing cyber-attacks the National Cybersecurity and Critical Infrastructure Protection Act, which requires the Department of Homeland Security to share data about cyber-threats and vulnerabilities across the public- and private-sectors. Thus, we will discuss whether or not, if passed, this legislation will help reduce the number of cyber-attacks experienced by organizations today.

Networking Cocktails