Program Chairs
Oliver Brew Aspen Insurance
Steven Anderson QBE
David Lewison AmWins
Andrew Obuchowski RSM
John Mullen Mullen Coughlin

Monday, October 17

5:30 p.m. | Welcome Reception | Lower Pool Deck

Sponsored by:

netdiligence logo



Tuesday, October 18

7:00 a.m. | Charles River Associates Breakfast & Program Registration

charles river associates

8:15 a.m. | Welcome & Opening Remarks

8:45 a.m. |  Cyber Claims & Loss Updates

NetDiligence Claims Study | Types of claims being covered | Examination of cost | Claims notice and claims handling

John Mullen  Mullen Coughlin, moderator
Mark Greisiger NetDiligence
Lou Archbold Verizon
Brendan Kelley Chubb
Brian Robb CNA
Rich Sheridan Axis Insurance

Presentation: claims-and-losses

9:45 a.m. | Breakouts

AThe Evolution of Cyber Products

What to look for in a cyber product?
New coverages
New underwriting methodologies
Evolving tech services to analyze and manage risk
Potential legal risks

Jeremy Barnett NAS, moderator
Evan Fenaroli Philadelphia Insurance Companies
Marcus Breese Hiscox
Rennie Muzii Endurance
Laurie Kamaiko Sedgwick LLP
Adam Cottini Arthur J. Gallagher

Presentation: evolution-of-cyber-products

BSector Risk

Financial services

Pascal Millaire Symantec, moderator
John Farley HUB
Mary Guzman McGriff, Seibels & Williams
Paul Nikhinson Beazley
Sarah Stephens JLT
Stuart Kohn  Navigators

Presentation: trends-in-sector-risk

10:45 a.m. | SecureWorks Refreshment Break


11:15 a.m. |  Breakouts

AState of Litigation

Recent court decisions
Reducing the risk of litigation
Class actions
Identifying responsible parties
Defense strategies

Steven Anderson QBE, moderator
Matt Meade Buchanan Ingersoll & Rooney
Dom Paluzzi McDonald Hopkins
Eve-Lynn Rapp Edelson
John Yanchunis Morgan & Morgan

Presentation: litigation

BStandard of Care

Is evidence of a breach itself per se a finding of unreasonable security controls?
Industry still needs to be prepared to litigate
Ensuring good controls are in place
Is the response itself reasonable?
In an underwriting situation, how do you determine what controls are reasonable or not?
Resolving conflicts between different regulatory bodies’ standards of care

Mark Mao Troutman Sanders, moderator
Doug Meal Ropes & Gray
Tom Kang The Hartford
Adam Hamm North Dakota Department of Insurance
Edwin Acosta U.S. Department of Health and Human Services, Office of Civil Rights

Presentation: standard-of-care


12:15 p.m. | Travelers Lunch 

travelerslogoFeaturing Keynote Speaker
Peter Swire
Peter Swire
Former presidential cybersecurity advisor

Introduction by Jenny Soubra, Allianz Global Corporate & Specialty

Read more about Peter Swire

1:45 p.m. | Crime & Extortion

Types of social engineering exposures:  hacking, phishing,  rogue or “planted” employees and others. Are a company’s finances the only things at risk?  What about social engineering attacks designed to steal corporate secrets, including client/vendor lists and other highly sensitive and proprietary information that may not have actual monetary value or with goal of extortion? How is a bitcoin account set up?

David Lewison AmWins, moderator
Kelli Artin Liberty
Winston Krone Kivu
Chris Liu AIG
Erich Kron KnowBe4
Kimberly Anderson FBI

Presentation: crime-and-extortion

2:45 p.m. |  Markel Refreshment Break


3:15 p.m. | Breakouts 

A | Business Interruption Issues and Coverage

Status of market availability for significant cyber/data breach business interruption limits
Business interruption coverage for cyber/data breach:  Cyber vs. Property
What is covered in typical BI wording and what is not
Difference in liability for on-line retailers/hospitality vs. heavy industry, energy, infrastructure, etc.
Statistics on who is buying and how much
History on BI claims made to date on cyber/data breach trigger

Bob Parisi Marsh, moderator
Brad Murlick Navigant
John Cleary Vedder Price
Neeraj Sahni Willis Towers Watson
James Schibuk Arch Insurance Group
Jeremy Gittler XL Catlin

Presentation: business-interruption

B | Intrusion Detection Systems & Liability

How IDS works
Why most companies FAIL to detect breaches
Benefits of IDS and ongoing challenges
How to determine if your client is on the ball or just ticking the box

Andrew Obuchowski RSM, moderator
Andy Schworer Crowdstrike
Jason Rebholz Crypsis
Bill Lysaught SecureWorks
Brian Klenke Morphick
Chris Cronin, Halock Security Labs

Presentation: intrusion-detection



4:15 p.m. | Cyber Physical Perils

How are cyber-physical risks viewed in the insurance buyer’s mind?
How are cyber perils currently treated by other insurances?
How does a cyber policy handle physical risks?
What are the measures to address the exposures?
What are the implications of the internet of things in this?
How should regulators and industry respond?

Oliver Brew Aspen Insurance, moderator
Dave Navetta Norton Rose Fulbright
David White Axio Global
Brent Rieth Aon
Gail Arkin W.R. Berkley

Presentation: physical-perils

5:15 p.m. – 6:45 p.m. | Beazley Networking Reception | Lower Pool Deck


Wednesday, October 19

7:15 a.m. | RSA Breakfast & Registration


8:00 a.m. |  Regulators Speak

Whether and how regulators assist companies with breach response. Notice requirements: are regulators and companies on the same page? What do regulators want from companies during investigations? What can investigated companies expect?

Ernest Koschineg Cipriani & Werner, moderator
Vicki Chou Assistant U.S. Attorney, California
Gene Fishel Senior Assistant Attorney General, Virginia
Lisa Kim Deputy Attorney General, California

Presentation: regulators-speak

9 a.m. | Breakouts

AProfessional Services Breach

Rise of the frequency, severity and publicity of incidents (e.g. Panama Papers)
The relationship between professional malpractice and cyber risk
Nature of data handled by professional service providers (PII, PHI, et al.)
Breach response—special considerations

Stu Panensky Traub Lieberman, moderator
David Rock Allied World
Tim Francis Travelers
Bill Hardin Charles River Associates
Shawn Melito NPC
Christopher Keegan Beecher Carlson

Presentation: professional-services-risk

BCross-Border Data Breach Response

Implications of the 2016 EU Privacy Directive
Implications of Canada’s Notification and Reporting Laws
Rival common practices and standards

Ted Augustinos, Locke Lord, moderator
Alex Cameron Fasken
Bo Holland AllClear ID
James Creasy Novae
Shannon Groeber JLT
Dr. Thomas Rothärmel Munich Re

Presentation: cross-border-reduced-file-size

Privacy Litigation Supplement: highlights-of-privacy-litigation-2010-2016-alex-cameron-october-4-2016





10 a.m. | Liberty International Underwriters Refreshment Break


 10:30 a.m. | Breakouts

AVendor Assessments

Leveraging security reviews to evaluate risk and help solve the vendor problem
DHS Safety Act and potential immunity provided when using certified vendors

Spencer Timmel Hylant, moderator
Vinny Sakore Verizon
J.T. Malatesta Maynard Cooper & Gale
Mary Beth Borgwing LemonFish
Meghan Hannes Axis Insurance

Presentation: vendor-assessments

BSecurity of Payments

Mobile payment schemes like ApplePay, GooglePay, SamsungPay
eCommerce shopping carts
What underwriters need to know and questions they need to ask during the underwriting process

Chris Calnon Chubbmoderator
David Herron Hyperwallet
David Molitano OneBeacon
Dawn-Marie Hutchinson Optiv
Edward Li Mandiant

Presentation: security-payments

11:30 a.m. | Actuarial Cyber Risk Modeling

How models can be used to assess cyber exposures. Consideration of the value of assessment tools that can be utilized to assess an insured’s (and carrier’s) overall data aggregation exposure. What tools and benchmarks underwriters utilize when evaluating a risk for cyber insurance coverage. Carrier issue–impact of aggregation on NAIC rating.

John Wurzler One Beacon Technology Insurance Groupmoderator
Jon Laux
Russ Cohen Chubb
Jay Jacobs Bitsight
Ashwin Kashyap Symantec
Sandra DeSilva Nova Ltd.

Presentation: actuarial-risk

12:30 p.m.Closing Remarks & Conference Adjourns

Return to main page.

Thanks to our amazing sponsors!

CHUBB_Logo_Orange_RGB (1)

Basic CMYK



Crypsis_logo final_updated tagline




NPC Logo fka Immersion

philadelphia ins cos




one beacon