Day 1 - Wednesday, November 30, 2016

A | The Fundamentals of Cyber and Data Risk Insurance Coverage

Nov 30, 2016 7:10am - 8:30am

Speakers

Gregg C. Rentko
Vice President
Western World

Jacqueline A. Waters (Urban)
Managing Director & Practice Leader
Aon

Roberta D. Anderson
Partner
K&L Gates LLP

8:00
Main Conference Registration
8:30
Co-Chairs’ Welcome Remarks
8:35
Federal and State Regulatory and Enforcement Landscape
10:15
Break
10:25
The Cyber Extortion Plight: Dealing with the Uptick in Ransomware, Spear Phishing, and Social Engineering Events – Which Way to Go When It Happens, the Extent to Which It Is Covered, and Some Practical Guidance on Mitigating the Effects and Potentially Preventing These Types of Attacks?
11:25
Business Interruption and Dependent/Contingent Business Interruption Coverage: What Is It, How Is It Triggered, What Is It Intended to Cover, and Can Carriers Respond to the Needs of the Insureds?
12:15
Lunch for Speakers and Delegates
1:15
Interaction or Lack Thereof between Cyber, Property, and Crime Coverage: What’s Being Covered Where and When?
2:15
Handling of the PCI and Payment Card-Type Breaches
3:15
Break
3:25
What Has Been the Experience so far for the Buyers of Cyber Insurance?
4:25
The PHI Breach: Preparing to Deal with a PHI Breach, Ways of Preventing It, and a Brief Examination of the Phase 2 of the OCR HIPAA Audit Program
5:25
Emerging Threats and New Areas of Coverage: Growing Risk of Security Breaches as It Relates to the IOT and a Brief Examination of whether or not There Is Coverage under Cyber Policies for the Theft of Intellectual Property, the Next Generation Ransomware, and the Cyber Terrorism
6:25
Cocktail Reception

Day 2 - Thursday, December 1, 2016

7:45
Continental Breakfast
8:00
Simulation Results
8:30
What Is Available to Small and Medium-Sized Markets in Terms of Coverage and Why Smaller Companies Should Get This Type of Insurance?
9:40
Doing Business with Europe: An Examination of the Implications of the GDPR and the Privacy Shield
10:40
Break
10:45
Developments with Cyber Liability Litigation, Handling Privacy Class Actions in Light of Spokeo Decision, and Recent Developments in Cyber Insurance Coverage Litigation
11:45
Special Cyber and Data Risk Insurance Considerations for Technology and Early Stage Companies: How Is the Risk Profile for These Companies Different and Are the Insurance Coverages Sufficient to Cover Those Unique Risks?
12:30
Insurance Coverage for Lawyers and Law Firms: What Is Covered under a Cyber Policy and What under an LPL Policy?
1:30
Conference Ends – Lunch for Workshop B Participants

B | Negotiating and Drafting Cyber Risk Provisions and Policies

Dec 1, 2016 2:30pm - 4:30pm

Speakers

Gregg C. Rentko
Vice President
Western World

Cinthia Granados Motley
Partner
Sedgwick LLP

Richard J. Bortnick
Senior Counsel
Traub Lieberman Straus & Shrewsberry LLP

Day 1 - Wednesday, November 30, 2016

8:00
Main Conference Registration
8:30
Co-Chairs’ Welcome Remarks

Jenny Soubra
National Practice Leader, Cyber, Media & Specialty PI
Allianz – AGCS

Hillard M. Sterling
Partner
Winget, Spadafora & Schwartzberg, LLP

8:35
Federal and State Regulatory and Enforcement Landscape

Marcelo Ramella
Deputy Director, Financial Stability
Bermuda Monetary Authority

Laura D. Berger
Attorney, Division of Privacy and Identity Protection
Federal Trade Commission

Joe Borg
Director
Alabama Securities Commission

Joanne McNabb
Director of Privacy Education & Policy
California Dept. of Justice, Office of the Attorney General

Paul L. Singer
Deputy Chief, Consumer Protection Division
Office of the Texas Attorney General

Kristin Snyder
Associate Regional Director
U.S. Securities and Exchange Commission

Moderator

Hillard M. Sterling
Partner
Winget, Spadafora & Schwartzberg, LLP

  • How are state and federal regulators coordinating with one another?
  • As various agencies are becoming well-versed in security issues, they are looking to bring in their own teams to perform security assessments – how are companies to respond to this from a risk as well as from a cost-benefit analysis, especially if various agencies differ in their findings?
  • What type of a data breach are various agencies interested in?
  • What are their priorities?
  • Are they more interested in preparations, risk assessments, protocols or are they more interested in what companies are doing to solve the problem and provide customers with some solutions?
  • What is their stance on credit monitoring?
  • Latest on the fines and penalties being assessed by regulators: how many of these fines are being seen these days? What is their size?
  • What do regulators want companies to do to prepare?
  • What causes them to bring an enforcement action?
  • What do companies need to do to potentially avoid regulatory enforcement actions?

10:15
Break
10:25
The Cyber Extortion Plight: Dealing with the Uptick in Ransomware, Spear Phishing, and Social Engineering Events – Which Way to Go When It Happens, the Extent to Which It Is Covered, and Some Practical Guidance on Mitigating the Effects and Potentially Preventing These Types of Attacks?

Jenny Soubra
National Practice Leader, Cyber, Media & Specialty PI
Allianz – AGCS

David M. Lisi
Shareholder
Greenberg Traurig, LLP

Randy V. Sabett
Vice Chair of the Privacy and Data Protection Practice Group
Cooley LLP

Cristina De Luca
Assistant Vice President, Professional Lines
Endurance

Katie A. Kruizenga
Vice President, Professional Lines
AmWINS Insurance Brokerage of California, LLC

  • Should ransom be paid/not paid? What are the consequences of either of these decisions? If it is paid, how does it affect insurance? What should cyber insurance cover? Is it a separate element that has to be purchased within cyber policies? Should it be sublimited?
  • How to deal with the cost of business interruption after a
    ransomware event: How does the cyber policy respond? Does
    it pay as a business interruption loss? As an extra expense? As a
    cyber-extortion loss?
  • What is/should be insurance solution for the theft of electronic
    funds? Cyber? Crime? Other? Where does it fall now? Where are
    the gaps? Does it need to be a new product or an endorsement
    on an existing product?
  • What may be some of the ways to avoid these types of attacks?
    • Backing up data and updating systems
    • The need for companies to have a proactive security posture in terms of monitoring what’s coming into the network; The need for companies to have a strong people-management given that a lot of these attacks involve employee error
    • How often to keep training and how to keep maintaining employee awareness?

11:25
Business Interruption and Dependent/Contingent Business Interruption Coverage: What Is It, How Is It Triggered, What Is It Intended to Cover, and Can Carriers Respond to the Needs of the Insureds?

Nancy Adams
Member
Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C.

Robin Fischer
Senior Vice President
Risk Management & Cyber Liability

Woodruff-Sawyer & Co.

Brett Kreiter
Regional Underwriting Manager, Professional Liability – Specialty E&O
Zurich

John Morgan
Attorney
Clyde & Co

  • Business interruption coverage
    • Are we starting to see broadening of the triggers?
    • From a policy holder’s perspective, what is business interruption? What is it intended to cover? Does cyber business interruption operate differently than business interruption from a property perspective? How is it triggered?
    • From a carrier’s perspective, what does the wording look like? What is the difference between a system being down versus a system being degraded? What sort of information is a carrier looking at when analyzing it?
    • How can insurance companies and brokers ascertain what insureds want within the business interruption coverage? What sorts of failures are insureds looking insurance companies to cover and what are insurers willing to cover? Do insurers understand how to underwrite that?
  • Dependent/Contingent BI
    • How far can insurers extend this coverage given that a carrier is agreeing to cover its insured for the actions of someone else?
    • How is an insurer to evaluate various third parties

12:15
Lunch for Speakers and Delegates
1:15
Interaction or Lack Thereof between Cyber, Property, and Crime Coverage: What’s Being Covered Where and When?

Roberta D. Anderson
Partner
K&L Gates LLP

Emy R. Donavan
Regional Head of Cyber, North America
Allianz – AGCS

Rebecca S. Pearson
Senior Vice President, FINEX Cyber and E&O Team
Willis Towers Watson

Mariah Quiroz
Partner
Thompson, Coe, Cousins & Irons LLP

Jacqueline A. Waters (Urban)
Managing Director & Practice Leader
Aon

  • Addressing the need for more connectivity between policies
  • Where has traditional p/c insurance expanded or contracted? Where has/hasn’t cyber policy stepped up to bridge the gap? How can cyber insurance policies better respond to some of the insureds’ risk from the property damage and bodily injury perspective?
  • Addressing a considerable concern manufacturing companies have as bodily injury and property damage arising out of hacks are typically outside of scope of what cyber policies cover; How is insurance changing to respond to that? Insurers pairing with reinsurers to offer coverage to companies that have large facilities to cover bodily injury and property damage;
  • How far to extend cyber policies to cover something that might be covered under another type of policy?

2:15
Handling of the PCI and Payment Card-Type Breaches

Randal L. Gainer
Partner
Baker & Hostetler LLP

Mickey Estey
Senior Vice President
RT Specialty

Scott Godes
Partner
Barnes & Thornburg LLP

Mark A. Smith
Director – Professional Services Group
Swett & Crawford

  • P.F. Chang’s China Bistro Inc. v. Federal Insurance Co.
    • What’s the difference between PCI fines and assessments?
    • What happens when card brands fine by withholding reimbursement? What happens when card brands ask clients to pay back for the cost of reissuance of cards to customers? How do these costs break down?
    • How should clients try to protect themselves against potential fines and assessments? How should they react and whom can/ should they contact for help?
    • How does insurance work with fines and assessments?
  • Eustis Insurance Co.’s third-party complaint against R-T Specialty, Inc.
  • How are payment card-type breaches to be covered? Should it be sub-limited?; Should full limits be offered?; What about the policy language? Are insurance companies providing the right language to make sure that companies are covered properly?
  • How can retailers make certain that their cyber insurance or any insurance pays for losses after a payment card breach?

3:15
Break
3:25
What Has Been the Experience so far for the Buyers of Cyber Insurance?

Joshua Gold
Shareholder
Anderson Kill P.C.

Bruce Adams
General Counsel
In-Q-Tel, Inc.

Loren Crannell
Sr. Mgr., Treas. & Risk Assurance
Symantec

D. Tyler O’Connor
Broker
CRC Insurance Services, Inc.

Moderator

Carl E. Metzger
Partner
Goodwin Procter LLP

Additional Speaker(s) to be announced

Check AmericanConference.com/CyberRiskSNF for this and other exciting speakers being added.

  • For those insureds that are thinking of getting this type of insurance, what kinds of things are insurance companies looking to see in an insured? What type of vetting are carriers doing?
  • What has been the experience so far for insureds that have and are maintaining cyber insurance?
  • What are insureds being asked to do by carriers if they are renewing their policies?
  • As more companies take on cyber security as an additional line item in their budgets, does that impact their cyber insurance in any way, i.e., does that make them more attractive? Does it make a difference? What is considered a good risk from an underwriting perspective?
  • Some helpful hints for understanding when a carrier is more likely to cover an incident – what actions or measures can a business take to improve its standing in the cyber insurance market?

4:25
The PHI Breach: Preparing to Deal with a PHI Breach, Ways of Preventing It, and a Brief Examination of the Phase 2 of the OCR HIPAA Audit Program

Richard J. Bortnick
Senior Counsel
Traub Lieberman Straus & Shrewsberry LLP

Nick Economidis
Underwriter
Beazley

Jeannie Lee Park
Attorney
Stewart Bernstiel Rebar Smith

Marc Voses
Partner
Kaufman Dolowich & Voluck, LLP

  • Preparing to deal with a PHI breach
  • How does one respond to a PHI breach?
  • What are the legal, underwriting, and coverage issues with a PHI breach?
  • Role of the HHS’ Office of the Civil Rights with respect to a PHI breach
  • Are there any effective ways of preventing this sort of a breach?
  • OCR’s next phase of audits of covered entities and their business associates
    • What has been the experience so far and best practices

5:25
Emerging Threats and New Areas of Coverage: Growing Risk of Security Breaches as It Relates to the IOT and a Brief Examination of whether or not There Is Coverage under Cyber Policies for the Theft of Intellectual Property, the Next Generation Ransomware, and the Cyber Terrorism

William T. Um
Counsel
Kilpatrick Townsend & Stockton LLP

Wendi Boyden
Vice President
OneBeacon Technology Insurance

Eric Cernak
VP, Cyber Risk Practice Leader
The Hartford Steam Boiler Inspection and Insurance Co.

Sharon R. Klein
Partner
Pepper Hamilton LLP

  • What new areas are being looked at?
  • How are these new risks being thought about from an insurance perspective?
  • As the number of connected devices is increasing exponentially, how to manage securely? How has IOT changed the framework of coverage? How is it forcing the insurance market to evolve?
  • Is there coverage under cyber policies for stealing of ideas? How should it be covered?
  • Responding to the next generation ransomware and new attack scenarios
  • Are cyber policies going to cover cyber terrorism?
    • Underwriting challenges
    • Is an official government agency required to certify that an act is an act of terrorism?
    • Does cyber terrorism have an element of violence and does it truly fit into the criteria of terrorism?

6:25
Cocktail Reception

Sponsored by:

p_symantec_3928

Day 2 - Thursday, December 1, 2016

7:45
Continental Breakfast
8:00
Simulation Results

Brought to You By:

p_symantec_3928

8:30
What Is Available to Small and Medium-Sized Markets in Terms of Coverage and Why Smaller Companies Should Get This Type of Insurance?

Patrick Thielen, CPCU
Cyber Product Leader
Chubb

Kerrigan Malek
Assistant Vice President – Specialty E&O
Liberty International Underwriters

Laura Zaroski
Cyber, Management & Professional Liability
Socius Insurance Services

Michael Varshavski
Director of Business Operations, Cyber Insurance
Symantec

Gregg C. Rentko
Vice President
Western World

  • Are smaller markets still under-served in terms of cyber insurance products that are available to them?
  • To what extent more education is needed in these markets as to what cyber-type of coverage does and how it is provided? To what extent does the complexity of the policies add to the insureds’ misunderstanding of this insurance?
  • How are smaller markets going to make sure that they are paying the right price for insurance?; Where do they look for guidance?
  • Why should these companies get cyber insurance: Understanding why it is important to have and its affordability; Understanding that their financial bottom line may be at stake in case of an event and understanding what the biggest return on their investment will be

9:40
Doing Business with Europe: An Examination of the Implications of the GDPR and the Privacy Shield

Jennifer J. Daniels
Partner
Blank Rome LLP

Lothar Determann
Partner
Blank Rome LLP

Cinthia Granados Motley
Partner
Sedgwick LLP

Brian T. Robb
Senior Claim Counsel, Global Cyber and Technology Claims
CNA Specialty Claim

  • What are the operational impacts of the GDPR?
  • The EU Privacy Shield and its impact on the US companies
  • The Network and Information Security Directive (NIS Directive) and its impact
  • What are some of the more practical ways in which businesses can understand various rules in different locations where they do business?

10:40
Break
10:45
Developments with Cyber Liability Litigation, Handling Privacy Class Actions in Light of Spokeo Decision, and Recent Developments in Cyber Insurance Coverage Litigation

James H. Kallianis Jr.
Partner
Hinshaw & Culbertson LLP

Mark C. Mao
Partner
Troutman Sanders LLP

Douglas H. Meal
Partner
Ropes & Gray LLP

David T. Vanalek
Director, US Professional Liability
Markel

  • Latest in the types of cases that are being seen
  • What arguments are being put forth?
  • How are courts applying Spokeo?
    • What are the next steps courts are taking on a procedural side? On a substantive side, is this decision barring Plaintiffs from bringing class actions the way Defendants thought it might or is there no effect on litigation at all?

Recent developments in cyber insurance coverage litigation and their potential impact on available coverage for companies

    • State Bank of Bellingham v. BancInsure, Inc.
    • Travelers Indemnity Co. v. Portal Healthcare Solutions
    • Apache Corporation v. Great American Insurance Co.
    • New Hotel Monteleone, LLC v. Certain Underwriters at Lloyd’s of London

11:45
Special Cyber and Data Risk Insurance Considerations for Technology and Early Stage Companies: How Is the Risk Profile for These Companies Different and Are the Insurance Coverages Sufficient to Cover Those Unique Risks?

Jeremy Barnett
Senior Vice President, Marketing
NAS Insurance Services

Kirstin Simonson
2VP, Global Technology
Travelers

  • How is the risk profile for early stage or technology companies different than for more typical businesses?
  • Are the insurance coverages currently available sufficient to cover those unique risks?

12:30
Insurance Coverage for Lawyers and Law Firms: What Is Covered under a Cyber Policy and What under an LPL Policy?

Linda D. Kornfeld
Partner
Kasowitz, Benson, Torres & Friedman LLP

Andrew Lea
SVP, Professional Liability Manager
AIG

Salvatore Sama
Head of US Professional Lines Desk
Swiss Re

  • When is each triggered and to what extent these two policies overlap/don’t overlap? If an attorney/law firm only has an LPL policy, is some sort of a cyber insurance included in it, and if so, what does it cover?
  • Potential liability of law firms for failing to adequately protect client data as opposed to a breach generally – to what extent that kind of liability is covered by legal malpractice policies or is cyber liability-type of coverage needed for that?
  • Attorneys wiring money to hackers – is it covered and under
    what policy?

1:30
Conference Ends – Lunch for Workshop B Participants

A | The Fundamentals of Cyber and Data Risk Insurance Coverage

Nov 30, 2016 7:10am - 8:30am

$400

Speakers

Gregg C. Rentko
Vice President
Western World

Jacqueline A. Waters (Urban)
Managing Director & Practice Leader
Aon

Roberta D. Anderson
Partner
K&L Gates LLP

What is it about?

(separate registration required; registration opens at 7 a.m.)

  • What is cyber insurance and why existing insurance may not be enough?
  • How cyber and data risk insurance really work
  • Understanding the language used in the policies
  • Brief overview on guidance from a claim to post-breach costs
  • Coverage options, claim trends, and evaluating risk
  • Pricing and selling and what policyholders should now be looking for in a policy
  • If an insured has an indemnification agreement, does that exclude coverage?
  • Special considerations for small and medium-sized companies

B | Negotiating and Drafting Cyber Risk Provisions and Policies

Dec 1, 2016 2:30pm - 4:30pm

$400

Speakers

Gregg C. Rentko
Vice President
Western World

Cinthia Granados Motley
Partner
Sedgwick LLP

Richard J. Bortnick
Senior Counsel
Traub Lieberman Straus & Shrewsberry LLP

What is it about?

(separate registration required; registration opens at 2:15 p.m.)

  • Determining the scope of coverage: 1st v. 3rd party coverage
  • Trigger of coverage
  • Detecting and clarifying uncertainties in the contract language
  • Defining key terms which are most problematic later
  • Significant limitations and exclusions and how to negotiate them
  • Consent and panel provisions

Elite Pass Both Workshops Bundle

$800