Day 1 - Thursday, July 28, 2016

7:10
The Fundamentals of Cyber and Data Risk Coverage
8:00
Main Conference Registration
8:30
Co-Chairs’ Welcome Remarks
8:35
Federal & State Enforcement & Investigative Landscape: Changes on the Horizon and Integrating New and Anticipated Initiatives Into Your Practice
10:20
Break
11:45
Property Based Risks and Bodily Injury Resulting from a Cyber Event: Who Should Cover These Risks?
12:45
Lunch for Speakers and Delegates
1:45
Coverages That Scope Creep into Cyber Policies as a Result of Data Breaches: Crime, Property, Reputational Harm, Business Interruption, and More
2:45
Emerging Perils: Cyber Liability Relating to Internet of Things, Insider Trading, Theft of Intellectual Property, Collection of Biometrics Data, New and Emerging Technologies and Threats, and What Clients Need to Anticipate
3:35
Break
3:40
In-House Panel on Identifying, Acquiring & Evaluating Cyber Liability Insurance
4:40
The Global Impact of Cyber Attacks and Other Data Breaches: Security and Compliance Risks, Regulatory Developments and Implications for Companies Doing Business Abroad
5:35
Aggregate Issues: Assessing Exposure for Risk When Multiple Insureds are Affected and Better Understanding How Vendors Pose an Aggregate Issue
6:30
Conference Adjourns to Day Two

Day 2 - Friday, July 29, 2016

7:30
Continental Breakfast
8:00
Underwriting Considerations for Cyber Policies: Assessing Coverage for the Small, Middle, and Larger Markets, Understanding the Difficulty of Comparing Existing Coverages in the Market, Pricing Policies When There is a Lack of Data, and More
9:40
Break
9:45
The Changing Landscape of Cyber Liability Litigation
11:15
Break
11:20
Board of Directors and C-Level Cyber Readiness for Preventing Cyber Attacks, Understanding the Inherent Risks, and Mitigation Strategies
12:45
Working Toward Prevention of the Breach: What Do Phishing Incidents Look Like?; How Do Forensic Investigations Take Place?; and Are There Ways to Try to Prevent the Breach?
2:00
Conference Ends – Lunch for Workshop B Participants
2:55
Negotiating and Drafting Cyber Risk Provisions and Policies

Day 1 - Thursday, July 28, 2016

7:10
The Fundamentals of Cyber and Data Risk Coverage

Gregg C. Rentko CPCU, AU, MSIM
Second Vice President, Brokerage-Professional
Western World Insurance

Jacqueline A. Waters (Urban) Esq.
Managing Director & Practice Leader
Aon Risk Solutions, Financial Services Group

Erin S. Bonin
Vice President and Associate General Counsel
Allied World Insurance Company

Erica Davis
Vice President Underwriting Manager
Zurich North America, Specialty E&O

  • What is Cyber insurance? And why isn’t my current my
    insurance enough?
    • Why traditional insurance policies such as CGL don’t work
    • Why your current property insurance may not cover the direct costs of the data breach
  • How cyber and data risk insurance really works
    • Basics of cyber insurance policies
    • What should they expect to see (first and third party coverages
    • What common limitations/exclusions are found
  • Understanding the language used in the policies to better communicate to your clients
    • Key provisions to look for (coverage, definitions and exclusions)
  • Overview on guidance from claim to post-breach costs
    • Types of damages a company may face – direct and indirect
    • Differences in costs, loss mitigation, etc. when a plan is in place to handle a breach event versus no plan
  • Answers to your basic coverage questions
  • Coverage Options, Claim Trends and Evaluating Risk
  • Pricing and Selling and what Policyholders Should Now Be Looking for in a Policy

7:10 a.m. – 8:30 a.m.
(separate registration required; registration opens at 7 a.m.)

8:00
Main Conference Registration
8:30
Co-Chairs’ Welcome Remarks

Richard J. Bortnick
Senior Counsel
Traub Lieberman Straus & Shrewsberry LLP

Kirstin Simonson CPCU, ARM, AU, ASLI
2VP, Cyber Lead – Global Technology
Travelers Global Technology

8:35
Federal & State Enforcement & Investigative Landscape: Changes on the Horizon and Integrating New and Anticipated Initiatives Into Your Practice

Gene Fishel
Sr. Asst. AG
Virginia AG Office

Matthew F. Fitzsimmons
Assistant Attorney General
Connecticut Attorney General’s Office

Paul Singer
Deputy Chief - Consumer Protection Division
Office of the Texas Attorney General

John Michael Abel
Senior Deputy Attorney General Pennsylvania
Pennsylvania Office of the Attorney General

Patrice Malloy
Chief, Multi-State and Privacy Bureau Sr. Assistant Attorney General
Florida Office of the Attorney General

Chris Hetner (invited)
Cybersecurity Lead
SEC

Tracy L. Wilkison
Chief, Cyber & IP Crimes Sec.
U.S. Att. Office, C.D. Calif. Crim. Div.

Jay Kramer (invited)
Attorney
FBI – U.S. Department of Justice

Darren Lubetzky
Attorney
FTC Northeast Region

Prashanth Mekala
Supervisory Special Agent, NY Field Office, Cyber Div.
FBI

Co-Moderators:

Richard J. Bortnick
Senior Counsel
Traub Lieberman Straus & Shrewsberry LLP

Matthew H. Meade
Shareholder
Buchanan Ingersoll Rooney PC

  • Trends in law enforcement; trends in cyber criminal activity; Civil or criminal penalties for failure to disclose, or for security/privacy failures discovered as a result of disclosing
  • Balancing state breach notification requirements with responsibilities arising under other federal and state laws
  • What kinds of breaches, if any, are exempt from reporting
  • Notification guidelines: how soon a company is required to inform customers of a data breach
  • Working with Law Enforcement:
    • When to disclose a cyber security incident or risk
    • What steps can potential victims take to raise the possibility of their case being successfully investigated and prosecuted?
    • Law enforcement priorities for type of cyber case
    • What can firms expect once they contact law enforcement re: a potential cyber incident?
  • Investigations & Lessons Learned: Lessons learned from recent investigations and type of Investigations
  • Data Loss PII, PHI: What can industry do to assist?
  • Impact the Cybersecurity Framework will have on cyber security insurance market
  • What cyber initiatives do the federal law enforcement organizations have to offer?
  • Recent trends in money mule networks
  • Data collection – federal government creating a data repository of information from insurance companies?
  • Private right of action: whether this option exists: are plaintiffs
    succeeding in this area?
  • Using insurance effectively to assist with related cost

10:20
Break

Steve Kinion
Director, Bureau of Captive and Financial Insurance Products
Delaware Dept. of Insurance

Joseph Borg
Director
Alabama Securities Commission

Patrick H. McNaughton
Chief Examiner
Washington State Office of the Insurance Commissioner

Paul Hanson
Chief Examiner
Minnesota Department of Commerce

Belinda H. Miller
Chief of Staff
Florida Office of Insurance Regulation

Arlene Knighten
Executive Counsel
Louisiana Department of Insurance

11:45
Property Based Risks and Bodily Injury Resulting from a Cyber Event: Who Should Cover These Risks?

Joshua Gold
Shareholder
Anderson Kill

Mariah Quiroz
Partner
Thompson, Coe, Cousins & Irons LLP

Robert A. Parisi Jr.
Managing Director
Marsh FINPRO

Kirstin Simonson CPCU, ARM, AU, ASLI
2VP, Cyber Lead – Global Technology
Travelers Global Technology

  • Addressing issues surrounding attacks on power grid, life support devices, cars, etc.
  • Which policy should respond to these risks: traditional insurance or cyber?
  • Are insurers beginning to offer property and bodily injury coverage in cyber policies?

12:45
Lunch for Speakers and Delegates
1:45
Coverages That Scope Creep into Cyber Policies as a Result of Data Breaches: Crime, Property, Reputational Harm, Business Interruption, and More

T. Thomas Kang CIPP/US
Cyber Product Manager
Hartford Financial Products

Richard J. Sheridan
Vice President – Claims
AXIS Pro

Linda D. Kornfeld
Managing Partner
Kasowitz, Benson, Torres & Friedman LLP

John Merchant
Senior Vice President, Cyber Liability Underwriter
Validus

  • When should coverages be offered as a traditional coverage and not part of a coverage in a cyber policy?
  • Assessing crime, property, reputational harm, and business interruption as coverages resulting from data breaches

2:45
Emerging Perils: Cyber Liability Relating to Internet of Things, Insider Trading, Theft of Intellectual Property, Collection of Biometrics Data, New and Emerging Technologies and Threats, and What Clients Need to Anticipate

Melissa K. Ventrone
Partner
Thompson Coburn LLP

David J. Molitano
Senior Vice President
OneBeacon Technology Insurance

  • Corporate espionage and theft of intellectual property
  • Employee hack-backs and sextortion
  • Ransomware and the growing cyber component to traditional crimes
  • Phishing and Spear Phishing
  • “Doxing” and “Swatting”
  • DDoS

3:35
Break
3:40
In-House Panel on Identifying, Acquiring & Evaluating Cyber Liability Insurance

Peter M. Kelly
Chief Employee Benefits Counsel
Blue Cross Blue Shield

Ronnie Brandes
Litigation Counsel
Marsh & McLennan Companies, Inc.

Adam Rubin
General Counsel
PrizeLogic, LLC

Michael Von Ohlen
Vice President, Legal Affairs
ConvaTec

Moderator:

Carl E. Metzger
Partner
Goodwin Procter LLP

4:40
The Global Impact of Cyber Attacks and Other Data Breaches: Security and Compliance Risks, Regulatory Developments and Implications for Companies Doing Business Abroad

Lisa J. Sotto
Managing Partner
Hunton & Williams LLP

Brian T. Robb
Senior Claim Counsel
CNA Specialty Claim

  • Globalization and implications for data privacy, security and liability
  • Impact of the Snowden revelations abroad
  • Overview of privacy regulation in key foreign markets
  • Existing EU data protection regime
  • Draft EU Regulation – status
  • Expanded extraterritorial effect and increased fines
  • New privacy rights and damage claims
  • New data breach notification obligations
  • Anatomy of a data breach affecting multiple jurisdictions
  • Special concerns regarding compliance and liability forcompanies with overseas operations
  • Managing multinational data breach incident response from a legal and regulatory perspective
  • Geographic scope of cyber risk coverage for US-based companies
  • Availability of cyber insurance policies outside the US
  • Opportunities, risks and forecast for first and third-party cyber risk coverage abroad

5:35
Aggregate Issues: Assessing Exposure for Risk When Multiple Insureds are Affected and Better Understanding How Vendors Pose an Aggregate Issue

Jeff Kulikowski
Senior Vice President
Endurance Professional

Salvatore Sama
Head Professional Underwriting Desk
Swiss Re

Meghan M. Hannes
Vice President
AXIS Insurance

  • Assessing exposure for risk when several insureds are attacked
  • Managing vendors and whether they should have cyber coverage even though they are not required to
  • Evaluating Hold harmless agreements

6:30
Conference Adjourns to Day Two

Day 2 - Friday, July 29, 2016

7:30
Continental Breakfast
8:00
Underwriting Considerations for Cyber Policies: Assessing Coverage for the Small, Middle, and Larger Markets, Understanding the Difficulty of Comparing Existing Coverages in the Market, Pricing Policies When There is a Lack of Data, and More

Vincent Regina
Underwriting Specialist – Professional, Privacy and Technology Liability
Liberty International Underwriters

Laura Zaroski J.D.
V.P. Management, Professional & Cyber Liability
Socius Insurance

William Kelly
Senior Vice President – Underwriting
Argo Pro

Nicholas Economidis
Underwriter
Beazley

Jeromy Shrum
Vice President & Assistant Product Manager, Technology E&O and Cyber Liability
Axis Capital

Gamelah Palagonia
Senior Vice President
Willis Towers Watson

Becky Swanson
Managing Director, Misc. Professional Lines – E&O, Technology & Cyber
Markel – Product Line Leadership

  • Understanding the lack of data for cyber policies and the difficulty of pricing policies
  • Comparing existing coverages in the market
  • Underwriting considerations for small, middle, larger markets

9:40
Break

Cathleen Kelly Rebar
Partner
Stewart Bernstiel Rebar Smith

David J. Shannon Esq.
Chair, Privacy and Data Security Practice Group
Marshall Dennehey Warner Coleman & Goggin

James H. Kallianis Jr.
Partner
Hinshaw & Culbertson LLP

Molly McGinnis Stine
Partner
Locke Lord LLP

Kimberly A. Horn
Specialty Lines Claims
Beazley

9:45
The Changing Landscape of Cyber Liability Litigation

Hillard M. Sterling Esq.
Managing Partner
Winget, Spadafora & Schwartzberg, LLP

Kimberly A. Horn
Specialty Lines Claims
Beazley

Molly McGinnis Stine
Partner
Locke Lord LLP

David J. Shannon Esq.
Chair, Privacy and Data Security Practice Group
Marshall Dennehey Warner Coleman & Goggin

James H. Kallianis Jr.
Partner
Hinshaw & Culbertson LLP

Cathleen Kelly Rebar
Partner
Stewart Bernstiel Rebar Smith

  • Latest plaintiffs theories and laws advanced in cyber liability filings
  • How to use recent cases and class action claims to assess breaches and resulting claims are worth
  • FTC actions
  • Class action trends
    • What defense strategies worked in class actions and how were class actions defeated?
    • What are the specific strategies used in particular to data breach class actions?
  • Lawsuits involving credit/payment card security and unencrypted files

11:15
Break
11:20
Board of Directors and C-Level Cyber Readiness for Preventing Cyber Attacks, Understanding the Inherent Risks, and Mitigation Strategies

Elissa K. Doroff
Vice President, Underwriting and Product Manager for Technology and Cyber Liability
XL Catlin

Lynn Sessions
Partner
Baker Hostetler LLP

Randy V. Sabett
Vice Chair of the Privacy and Data Protection Practice Group
Cooley LLP

David Cox
Partner
Kilpatrick Townsend & Stockton LLP

Sarah Abrams Esq.
Senior Claims Examiner
Markel – Claims

Steven Bonafonte
Partner
Davis Clark & Bonafonte LLC

  • How an organization can be prepared and prevent cyber attacks
  • Understanding inherent risks and creating mitigating strategies
  • What is the most effective way to educate board of directors and
    c-level members?

12:45
Working Toward Prevention of the Breach: What Do Phishing Incidents Look Like?; How Do Forensic Investigations Take Place?; and Are There Ways to Try to Prevent the Breach?

Ronald I. Raether
Partner
Troutman Sanders LLP

Alfred J. Saikali
Partner
Shook, Hardy & Bacon, LLP

Cinthia Granados Motley
Partner
Sedgwick LLP

James J. Giszczak
Member
McDonald Hopkins PLC

Peter Castillo
Vice President, Financial Lines
Chubb

  • Phishing, spearphishing, malware; what’s the difference and what does it look like if a company has a problem?
  • Most frequent causes of data breaches?
  • Procedures and processes for timely identification of potential data breaches
  • What can a company do to be proactive on the preventative side?; What can a company do to train employees on how to ensure the security of sensitive information?

2:00
Conference Ends – Lunch for Workshop B Participants
2:55
Negotiating and Drafting Cyber Risk Provisions and Policies

Suhey Nevarez Esq.
Counsel, Professional Risk – E&O/Cyber
Chubb

D. Tyler O’Connor
Broker
CRC Insurance Services, Inc.

Elissa K. Doroff
Vice President, Underwriting and Product Manager for Technology and Cyber Liability
XL Catlin

Randy V. Sabett
Vice Chair of the Privacy and Data Protection Practice Group
Cooley LLP

Sarah Abrams Esq.
Senior Claims Examiner
Markel – Claims

  • Determining the scope of coverage: 1st v. 3rd party coverage
  • Trigger of coverage
  • Detecting and clarifying uncertainties in the contract language
  • Defining key terms: which are most problematic later
  • Significant limitations and exclusions – and how to negotiate them
  • Consent and panel provisions
  • Dovetailing coverage with other insurance and indemnity agreements
  • Manuscript policy/customization/interpretive letters: appropriate use

2:55 p.m. – 4:55 p.m.
(separate registration required; registration opens at 2:30 p.m.)