HB Litigation Conferences presents the
NetDiligence® Cyber Risk & Privacy Liability Forum
June 7-8, 2016 | Philadelphia | Welcome reception June 6, 2016
David Navetta Norton Rose Fulbright
Bo Holland AllClear ID
John Merchant Validus
Rebecca Swanson Markel
Jill Salmon Berkshire Hathaway Specialty Insurance
Monday, June 6
5:30 p.m. | Welcome Reception
Tuesday, June 7
All-Day Coffee Bar
7:00 a.m. | Registration & Breakfast
8:15 a.m. | Welcome & Opening Remarks
8:45 a.m. | Cyber Claims & Loss Updates
- NetDiligence Claims Study
- Types of claims being covered
- Examination of cost
- Claims notice & claims handling
10:00 a.m. | Breakouts
Internet of Things
- Contingent bodily injury and property damage
- High-jacking leading to PII or PHI loss
- Interception of connected transportation and movable devices
- Connected medical devices and clinical remote monitoring
- Is security an afterthought?
- How would a cyber policy respond to these perils and in which markets?
- What loss controls could be added to mitigate risk?
The Basics of Cyber Risk and Privacy Coverage
- Overview of network security
- Basics of privacy liability
- Cyber infrastructure
- Coverage under network security and privacy policies
- What NOT to do when breached
The Evolution of Cyber Products
- What to look for in a cyber product?
- New coverages
- New underwriting methodologies
- Evolving tech services to analyze and manage risk
- Potential legal risks
11:00 a.m. | Break and Refreshments
11:30 a.m. | Break Outs
Lessons Learned from 10 Years of Litigation
- Why are companies not litigating core issues in class actions and other suits?
- How to be better prepared for litigation: sound infosec program, good document management program, good witnesses
- The importance of standards
- Breach response and key factors to better prepare for litigation
- Lessons learned: how these measures will improve arguments on class and summary judgment
State of Litigation
- Recent court decisions
- Reducing the risk of litigation
- Class actions
- Identifying responsible parties
- Defense strategies
PHI Breach: Preparation and Response
- Legal issues in a PHI loss
- Underwriting and coverage issues
- Legal foundations for HIPAA and HI-TECH
- Role of HHS’ Office of Civil Rights (OCR) and its auditing and enforcement processes
- PHI breach response & best practices
- PHI on the black market
Stu Panensky Traub Lieberman, moderator
Michael Bruemmer Experian
Kurt Suhs Ironshore
Barbara J. Holland Office for Civil Rights, U.S. Department of Health & Human Services
Lauren Steinfeld Penn Medicine
12:30 p.m. | Lunch
Joel Brenner LLC
CISO Objections to the Need for Cyber Coverage
- CISO Objections to Coverage
- What does Cyber Insurance cover that even the best security and incident response cannot?
- Balancing investment in security with other risk management methods.
2:45 p.m. | Refreshment Break
3:15 p.m. | Breakouts
Security of Payments
- Mobile payment schemes like ApplePay, GooglePay, SamsungPay
- eCommerce shopping carts
- What underwriters need to know and questions they need to ask during the underwriting process
Policyholders’ Perspectives: Getting Claims Covered
- Application of sublimits
- Panel counsel selection
- Vendor selection
- “Voluntary” notification
- Coverage pitfalls
The Interaction Between Forms
- Where does cyber coverage hide in non-cyber policies?
- Intersection between cyber and property
- Intersection between cyber and manufacturing
- Interplay between cyber and crime coverage
- When does D&O and CGL coverage come into play?
- Does personal & advertising injury coverage apply?
4:30 p.m. | Automation and The Next Generation of Cyber Security
- How to solve the human capital problem
- Cyber security for the executives
- How to prepare your evidence and properly engage with law enforcement.
- Creating velocity and the power of orchestration within security practice
- How to create real-time legal oversight of cyber security through platform operations
- How to lower risk, measure risk, and manage risk within an organization.
5:30 p.m. | Cocktail Reception
Wednesday, June 8
7:15 a.m. | Registration and Breakfast
8:00 a.m. | Anatomy of a Data Breach from a Regulator’s Perspective
- Notice requirements: Are regulators and companies on the same page?
- Whether and how regulators assist companies with breach response.
- What do regulators want from companies during investigations?
- What can companies expect?
Bo Holland AllClear ID, moderator
Patrice Malloy Florida Assistant Attorney General
Gene Fishel Virginia Assistant Attorney General
Nicole DiTomo Pennsylvania Deputy Attorney General
9:05 a.m. | Breakouts
Cyber Risks and Exposure in the Manufacturing Sector
- Issues of property damage, supply chain & business interruption
- Operating systems: warranties and upgrades
- Problems with automation and robots
- IP resides in manufacturing enclaves that are sometimes hard to control
- Espionage and ransomware
- What is at risk?
- The legal landscape
- Vendor risk by industry
- Vendor contracts
- Insurance coverage – key terms and conditions
- Network assessments
- Vendor management programs
10:15 a.m. | Breakouts
The Cloud Providers: Current and Emerging Issues
- Securing of data going East-West
- Cloud of SLA issues
- Outages and reliability
- Securing hybrid IT
Systemic Risk and Aggregation Modeling Systemic Risk
Cloud outage and aggregate effect; zero-day malware; grid outage
Internet brownout; attacks against ‘common network technology’
What are the particular issues to staffing a large-scale incident?
How models can be used to assess cyber exposures.
What tools and benchmarks can be used to evaluate risk for cyber insurance coverage?
11:05 a.m. | Refreshment Break
11:30 a.m. | Compliance: Security Assessments, Training, and Planning
Incident response planning
Learn how to maximize breach response effectiveness and customer satisfaction and minimize litigation and regulatory risks
Best practices for mounting an effective security incident response strategy, including meeting compliance and exceeding customer expectations
Examine what your ethical obligations are to protect consumers and provide identity protection when a data breach hits
Learn how to navigate the legal intricacies and complexities involving security incidents and data breaches
12:30 p.m. | Closing Remarks & Conference Adjourns
Thanks to our sponsors!