Day 1 - Wednesday, April 11, 2018

7:00
Registration and Continental Breakfast
8:00
Co-Chairs’ Welcoming Remarks
8:15
The Politics and Policy of Cyber Security: Examining Agency Agendas and Enforcement Initiatives Relative to Breach and Disruption
9:30
Morning Coffee Break
9:45

HOT TOPICS IN DATA BREACH & CYBER SECURITY


Case Study
Too Big to Breach: Lessons in Privacy Protection and Security from the Cyber Breach of A Major Credit Bureau
10:45
GDPR: Preparing for Privacy Controls in International Business Dealings
11:45
Analyzing the Growth of Biometric Data Collection and Resolving Related Privacy Breach Concerns
12:30
Networking Luncheon
1:30
Exploring the Cyber Threat of Social Engineering
2:30
Afternoon Refreshment Break
2:45
Cyber Stress Test for the Internet of Things: Identifying Vulnerabilities, Assessing Threats, and Mitigating Liabilities
3:45
Managing Cyber Liability Claims and Related Class Action Litigation
4:30
Exploring the Link Between Cyber Risk, Data Breach and D&O Liability
5:30
Conference Adjourns to Day 2

Day 2 - Thursday, April 12, 2018

7:30
Continental Breakfast
8:00
Co-Chairs’ Recap of Day 1
8:15

FOCUS ON COVERAGE AND INSURANCE


Developing Strategies and Devising Coverages to Combat Ransomware Threats
9:00
Cyber Coverages for Property Damage, Bodily Injury, and Crime: Assessing the Gaps, Exclusions, and Policy Options
10:00
Morning Coffee Break
10:15
Business Interruption Coverages and Contingencies in Cyber Policies
11:00
Special Considerations for Sourcing Cyber Policies for the Small to Middle Market
12:00
Cyber Aggregation: Assessing Exposure for Multiple Insureds and Third Parties
12:30
Conference Ends; Lunch for Speakers and Attendees Registered for Post-Conference Workshop

Post-Conference Workshop

Cyber and Data Risk Insurance Master Class: Evaluating Coverages, Assessing Needs and Negotiating and Customizing Key Policy Provisions

Apr 12, 2018 1:30pm – 2:30pm

Speakers

Elisabeth Case
Managing Director – Cyber and Commercial E&O Advisory Leader
Marsh (Chicago, IL)

Seth D. Lamden
Partner
Neal, Gerber & Eisenberg LLP (Chicago,IL)

Day 1 - Wednesday, April 11, 2018

7:00
Registration and Continental Breakfast
8:00
Co-Chairs’ Welcoming Remarks

Richard J. Bortnick
Senior Counsel
Traub Lieberman Straus & Shrewsberry LLP (Red Bank, NJ)

Kirstin Simonson, CPCU, ARM, AU, ASLI
2VP | Global Technology
Travelers (St. Paul, MN)

8:15
The Politics and Policy of Cyber Security: Examining Agency Agendas and Enforcement Initiatives Relative to Breach and Disruption

Arsen Ablaev
Senior Attorney, Division of Enforcement
U.S. Securities and Exchange Commission (Chicago, IL)

Gene Fishel
Senior Assistant Attorney General and Chief of the Computer Crime Section
Office of the Virginia Attorney General (Richmond, VA)

Michael Hawes
Director of the Student Privacy Policy and Assistance Division (SPPAD)
U.S. Department of Education (Washington, DC)

Jeremy Pearlman
Assistant Attorney General Department Head Privacy and Data Security Department
Office of the Attorney General, State of Connecticut (Hartford, CT)

Eric Shiffman
Supervisory Special Agent
FBI (Chicago, IL)

Matthew Wernz
Attorney
Federal Trade Commission (Chicago, IL)

Moderator

Donna L. Wilson
Partner
Manatt, Phelps & Phillips, LLP (Los Angeles, CA)

  • Examining coordination between state and federal agencies for addressing and combating cyber attacks and data breaches
  • Anticipating federal national breach notification laws and the resulting state law pre-emption challenges
  • Analyzing the proposed NAIC model cyber security legislation
    • Examining the controversy over the proposed requirement that insurers report breaches to the Commissioner of Insurance of the state where individuals have been affected
  • Interpreting the impact of proposed federal legislation allowing businesses to fight hackers and “hack back” without any legal implications
  • Preparing for and responding to state and federal agencies’ security assessments
    • Reviewing security assessments from a cost-benefit analysis in light of different findings from various agencies
  • Identifying the type of breaches agencies are targeting
  • Assessing agency breach priorities
  • Exploring the latest fines and penalties from state and federal agencies regarding incidents of breach
  • Understanding what causes regulators to bring enforcement actions
  • Taking the appropriate steps to avoid regulatory enforcement actions

9:30
Morning Coffee Break
9:45

HOT TOPICS IN DATA BREACH & CYBER SECURITY


Case Study
Too Big to Breach: Lessons in Privacy Protection and Security from the Cyber Breach of A Major Credit Bureau

Mickey Estey
Senior Vice President – E&O/Cyber/Media
R-T Specialty, LLC (San Francisco, CA)

Steven H. Anderson, RPLU +
Vice President, Product Executive - Privacy & Network Security
QBE North America (Plano, TX)

News of the recent data breach of a major credit bureau has caused quite a stir in the cyber security community. This breach’s threat to half of the U.S. population’s personal and protected information is shocking enough. However, privacy and security stakeholders are questioning what consequences have yet to emerge from this event. The implications are far reaching and highlight the need for stronger cyber security and protection of data.

While this session will focus on this incident of a major credit bureau’s security breach of protected data, the lessons learned from this incident are also applicable to other industries. This session will provide an analysis of potential new cyber coverage options as well as D&O liabilities that might ensue as a result of this incident. Points of discussion will include:

  • Examining the recent wave of data breaches relative to credit bureaus and the industries they service
  • Identifying the new threats to personal information, including social security numbers and driver’s license numbers and resulting liabilities
  • Exploring new types of cyber coverage options
  • Analyzing potential D&O litigation

10:45
GDPR: Preparing for Privacy Controls in International Business Dealings

Steve Abrahamson
Sr. Director, Product Cyber Security
GE Healthcare (Milwaukee, WI)

Philip L. Gordon
Shareholder
Littler Mendelson P.C. (Denver, CO)

Cinthia Granados Motley
Member
Dykema Gossett PLLC

Nancy L. Perkins
Counsel
Arnold & Porter Kaye Scholer LLP (Washington, DC)

Nestor J. Rivera
Chief Privacy Counsel
GE Healthcare (Chicago, IL)

  • Evaluating the effects on privacy when the GDPR is implemented in May 2018
  • Determining the effect of the GDPR on US companies doing business in the EU
    • Tracking citizens through IP addresses, geolocation, biometrics, and email addresses
    • Analyzing web traffic
  • Examining the scope of cyber coverages and whether it will cover fines and penalties from failing to adhere to the GDPR
  • Incorporating privacy protection both by design and default into your data protection plan

11:45
Analyzing the Growth of Biometric Data Collection and Resolving Related Privacy Breach Concerns

Douglas A. Darch
Partner
Baker & McKenzie LLP (Chicago, IL)

Cara Dearman
Assistant General Counsel – eCommerce, Member Programs, and Privacy
Sears Holdings Corporation (Chicago, IL)

Liisa M. Thomas
Partner
Sheppard, Mullin, Richter & Hampton LLP (Chicago, IL)

In 2008, Illinois was one of the first states to pass a stringent law called the Biometric Information Privacy Act (BIPA). BIPA prohibited companies from taking biometric information such as iris scans, fingerprints, or facial recognition without consent. A recent surge of lawsuits throughout the country alleges that companies and employers have taken biometric information without proper consent. In this session, the speakers will explore the new wave of privacy litigation and strategies to manage it.

Topics of discussion will include:

  • Interpreting recent case law on biometric litigation
  • Exploring the latest wave of cases brought by Plaintiffs firms
  • Analyzing BIPA and cases specific to Illinois regarding the collection of information
  • Reviewing cases where companies take consumer information without their consent for cyber use
  • Determining whether BIPA is violated where employees take fingerprint scans of employees when they arrive to “punch in” their time card at work
  • Developing strategies for managing defenses and limiting liability

12:30
Networking Luncheon
1:30
Exploring the Cyber Threat of Social Engineering

Richard J. Bortnick
Senior Counsel
Traub Lieberman Straus & Shrewsberry LLP (Red Bank, NJ)

Christine Szafranski, CAMS
Director Information Risk Management
The Northwestern Mutual Insurance Company (Milwaukee, WI)

David T. Vanalek
Director, US Professional Liability
Markel (Chicago, IL)

The recent wave of phishing attacks promulgated by email scams has exposed the vulnerabilities and weaknesses of the information super highway. The email scam risk is now a global threat as UK hospitals and other entities abroad have been targeted. These threats, whether they are from sanctioned countries or fraudulent hackers within the United States, are wreaking havoc on the Web. Anyone with personal or protected information is affected on some level or another. This session will explore the new wave of social engineering and the catastrophic nature of its risks.

Topics of discussion will include:

  • Exploring the new wave of social engineering threats, both in the U.S. and abroad
  • Training employees to better understand the risk when opening a link or a demand for transfer of funds
  • Implementing tighter internal controls within the company to avoid attacks
  • Raising awareness of risk to policyholders who are the most affected (law firms, CPA’s, realtors, etc.)
  • Recognizing the gaps in cyber policies for social engineering

2:30
Afternoon Refreshment Break
2:45
Cyber Stress Test for the Internet of Things: Identifying Vulnerabilities, Assessing Threats, and Mitigating Liabilities

Elisabeth Case
Managing Director – Cyber and Commercial E&O Advisory Leader
Marsh (Chicago, IL)

Edward R. McNicholas
Partner
Sidley Austin LLP (Washington, DC)

Chris Novak
Director
Verizon Threat Research Advisory Center (New York, NY)

Georgiana Wagemann
Regional Manager-Midwest
Darktrace

  • Examining the surge of the internet of things and its impact on exposing cyber security weaknesses
  • Exploring the growing use of wearable cyber products that keep track of healthcare data and other personal information
  • Identifying the cyber security threats to appliances, thermostats, baby monitors, refrigerators, and other smart devices for the home
  • Evaluating the industrial internet of things and the threat of cyber-attacks to energy companies and other critical infrastructure
  • Assessing liabilities related to these categories and the whole Internet of Things
  • Identifying coverage options, if any, and the related risks

3:45
Managing Cyber Liability Claims and Related Class Action Litigation

Douglas H. Meal
Partner
Ropes & Gray LLP (Boston, MA)

Hillard M. Sterling, Esq.
Partner
Winget, Spadafora & Schwartzberg, LLP (Chicago, IL)

  • Identifying the latest plaintiff’s theories and laws advanced in cyber liability findings
  • Using recent cases and class action claims to assess breaches and determining the value of resulting claims
  • Assessing class action trends following Spokeo and reviewing recent court decisions
  • Developing cases based on negligence in cyber liability litigation
    • Assessing third party damage
    • Developing a standard of review
  • Data breach litigation involving statutes that cover privacy concerns including FDCPA and TCPA
    • Determining whether plaintiffs have suffered any harm
    • Assessing statutory penalties
  • Analyzing recent cookie litigation in California and exploring claims companies improperly flagged cookies and tracked data inappropriately

4:30
Exploring the Link Between Cyber Risk, Data Breach and D&O Liability

MILES R. AFSHARNIK, ESQ.
Senior Vice President | Professional Risk Practice
USI Insurance Services (Los Angeles, CA)

Brian H. Mukherjee
Counsel
Goodwin Procter LLP (Boston, MA)

Jacqueline A. Waters, Esq.
Managing Director & Practice Leader Aon Risk Solutions, Financial Services Group Legal & Claims Practice
AON (Chicago, IL)

  • Raising more attention to D&O litigation after the result of some major data breaches and security risks
  • Understanding the due diligence required to protect consumer information
  • Examining the wave of plaintiffs, firms encroaching into the D&O litigation space for data breaches
  • Reviewing D&O litigation as a result of data breaches from the perspective of the board of directors and shareholders

5:30
Conference Adjourns to Day 2

Day 2 - Thursday, April 12, 2018

7:30
Continental Breakfast
8:00
Co-Chairs’ Recap of Day 1
8:15

FOCUS ON COVERAGE AND INSURANCE


Developing Strategies and Devising Coverages to Combat Ransomware Threats

Joshua Gold
Shareholder
Anderson Kill P.C. (New York, NY)

Monique Ferraro
Cyber Counsel
Hartford Steam Boilers (New York, NY)

Bill Hayden, FIP/CIPM/CIPP
Senior Attorney Corporate, External & Legal Affairs
Microsoft Corporation (Redmond, WA)

  • Understanding the newest risk in ransomware attacks
  • Addressing system failures and inability to access computers and data
    • Assessing system failures from the vendor perspective
    • Building and testing proper business continuity
  • Exploring the method of demanding ransom in the form of bitcoins
  • Utilizing blockchain technology to trace ransom attacks
  • Re-drafting cyber policies and tightening exclusions in cyber policies after the surge in ransomware attacks
  • Analyzing kidnapping and ransomware coverage to include ransomware attacks and the resulting litigation that follows
  • Retaining the appropriate forensic experts to identify the vulnerabilities and strengthen the weaknesses in an internal system
  • Implementing risk management and better training for employees to reduce cyber attacks, phishing emails, viruses, and other data breaches

9:00
Cyber Coverages for Property Damage, Bodily Injury, and Crime: Assessing the Gaps, Exclusions, and Policy Options

Nick Economidis
Underwriter
Beazley (Philadelphia, PA)

Kirstin Simonson, CPCU, ARM, AU, ASLI
2VP | Global Technology
Travelers (St. Paul, MN)

Timothy R. Sullivan
Attorney
McCormick Barstow, LLP (Fresno, CA)

Brian J. Dusek
Partner
McCullough, Campbell & Lane LLP

  • Examining coverage options, exclusions, or limitations for property and bodily damage
    • Evaluating the need for more connectivity between policies
  • Providing clarifications on cyber-crime coverage involving loss of money and securities
  • Educating policyholders of the awareness of risk
  • Addressing concerns for manufacturers and critical infrastructure elative to claims for damages outside of the scope of what cyber policies cover
  • Assessing options for insurers pairing with reinsurers to offer property and bodily injury coverages for large facilities
  • Analyzing the St. Paul case on whether personal injury can be covered in a CGL policy
  • Examining case law on crime policies including the InComm case
    • Identifying the circumstances where the crime policy would be triggered
    • Explaining the surge of business email compromises cases and how it does/does not fit under a crime policy

10:00
Morning Coffee Break
10:15
Business Interruption Coverages and Contingencies in Cyber Policies

Linda Kornfeld
Partner
Blank Rome LLP (Los Angeles, CA)

Robert Parisi
Director
Marsh (New York, NY)

Colin Raufer
IP Counsel, BDS
The Boeing Company (Arlington, VA)

Ken Suh
Technology Media and Business Services
Beazley (Chicago, IL)

  • Broadening triggers for business interruption claims
  • Identifying the differences between cyber coverage for business interruption claims vs. business interruption for property damage
    • Examining how policies are triggered
  • Understanding what carriers are willing to cover for business interruption claims
    • Determining the factors underwriters are looking for when underwriting business interruption
  • Analyzing the recent surge in contingent business interruption claims
    • Evaluating third party risks, resulting claims coverage, and underwriting challenges
  • Realizing the need for more data and modeling to interpret risks for business interruption/contingent business interruption

11:00
Special Considerations for Sourcing Cyber Policies for the Small to Middle Market

Meredith Bennett, RPLU, AU, AIT
Second Vice President National Technology and Cyber Practice Leader
Underwriter for Professional Lines USLI (Wayne, PA)

Tyler O’Connor
Broker
CRC Insurance Services, Inc. (Birmingham, AL)

Andrew Lea
Vice President of Commercial Underwriting for E&O Cyber and Media
CNA (Chicago, IL)

  • Pricing and selling cyber policies for the small to middle market
  • Examining underwriting considerations for the small to middle market
  • Understanding the lack of data which results in the difficulty to price policies
  • Comparing existing coverages in the market
  • Closing in on the gaps in coverage for the small to middle market
  • Analyzing the claims in the small to middle market to better understand pricing models

12:00
Cyber Aggregation: Assessing Exposure for Multiple Insureds and Third Parties

Meghan Hannes
VP, Product Manager – Cyber, Technology
AXIS Capital (Chicago, IL)

Catherine Rudow
North America P&C SVP, Senior Underwriter
PartnerRe (Stamford, CT)

Neeraj Sahni
Vice President
Willis Towers Watson (New York, NY)

  • Understanding the potential for a single cause of loss impacting many policies within a company’s portfolio
  • Assessing exposure for risk when several insureds are attacked
  • Managing third parties and evaluating whether cyber coverage is necessary
  • Evaluating hold harmless agreements
  • Examining aggregation from the underwriting perspective
  • Handling claims when multiple insureds and vendors are affected

12:30
Conference Ends; Lunch for Speakers and Attendees Registered for Post-Conference Workshop

Cyber and Data Risk Insurance Master Class: Evaluating Coverages, Assessing Needs and Negotiating and Customizing Key Policy Provisions

Apr 12, 2018 1:30pm – 2:30pm

Elisabeth Case
Managing Director – Cyber and Commercial E&O Advisory Leader
Marsh (Chicago, IL)

Seth D. Lamden
Partner
Neal, Gerber & Eisenberg LLP (Chicago,IL)

What is it about?

In today’s cyber connected world, cyber and data risk insurance is a critical coverage that every business should have. Assessing coverage needs requires a thorough analysis of vulnerabilities and threats, as well as potential liabilities. In this interactive master class, speakers will explore every facet of a cyber and data risk policy including defining key terms, evaluating coverages, drafting provisions, and outlining limitations and exclusions.

As an attendee you will come away with detailed information on how to negotiate and customize cyber risk provisions and policies in the marketplace.

Topics of discussion will include:

  • Survey of types of available cyber coverages
  • Preparing a needs assessment checklist
  • Determining the scope of first and third party coverage
  • Understanding triggers of coverage
  • Detecting and clarifying uncertainties in the contract language
  • Defining key terms in the cyber policy
  • Negotiating significant limitations and exclusions
  • Examining consent and panel provisions
  • Dovetailing coverage with other insurance and indemnity agreements
  • Identifying the appropriate use of manuscript policies, customization, and interpretive letters