HB Litigation Conferences presents the
NetDiligence® Cyber Risk & Privacy Liability Forum
October 18-19, 2016 | Santa Monica | Welcome reception October 17, 2016
Oliver Brew Aspen Insurance Group
Steven Anderson QBE
David Lewison AmWins
John Mullen Lewis Brisbois Bisgaard & Smith
Monday, October 17
Tuesday, October 18
7:00 a.m. | Registration & Breakfast
8:15 a.m. | Welcome & Opening Remarks
8:45 a.m. | Cyber Claims & Loss Updates
- NetDiligence Claims Study
- Types of claims being covered
- Examination of cost
- Claims notice & claims handling
10:00 a.m. | Breakouts
The Basics of Cyber Risk and Privacy Coverage
- Overview of network security
- Basics of privacy liability
- Cyber infrastructure
- Coverage under network security and privacy policies
- What NOT to do when breached
The Evolution of Cyber Products
- What to look for in a cyber product?
- New coverages
- New underwriting methodologies
- Evolving tech services to analyze and manage risk
- Potential legal risks
11:00 a.m. | Break and Refreshments
11:30 a.m. | Break Outs
Lessons Learned from 10 Years of Litigation
- Why are companies not litigating core issues in class actions and other suits?
- How to be better prepared for litigation: sound infosec program, good document management program, good witnesses
- The importance of standards
- Breach response and key factors to better prepare for litigation
- Lessons learned: how these measures will improve arguments on class and summary judgment
State of Litigation
- Recent court decisions
- Reducing the risk of litigation
- Class actions
- Identifying responsible parties
- Defense strategies
PHI Breach: Preparation and Response
- Legal issues in a PHI loss
- Underwriting and coverage issues
- Legal foundations for HIPAA and HI-TECH
- Role of HHS’ Office of Civil Rights (OCR) and its auditing and enforcement processes
- PHI breach response & best practices
- PHI on the black market
Stu Panensky Traub Lieberman, moderator
Michael Bruemmer Experian
Kurt Suhs Ironshore
Barbara J. Holland Office for Civil Rights, U.S. Department of Health & Human Services
Lauren Steinfeld Penn Medicine
12:30 p.m. | Lunch
Joel Brenner LLC
CISO Objections to the Need for Cyber Coverage
- CISO Objections to Coverage
- What does Cyber Insurance cover that even the best security and incident response cannot?
- Balancing investment in security with other risk management methods.
2:45 p.m. | Refreshment Break
3:15 p.m. | Breakouts
Security of Payments
- Mobile payment schemes like ApplePay, GooglePay, SamsungPay
- eCommerce shopping carts
- What underwriters need to know and questions they need to ask during the underwriting process
Policyholders’ Perspectives: Getting Claims Covered
- Application of sublimits
- Panel counsel selection
- Vendor selection
- “Voluntary” notification
- Coverage pitfalls
The Interaction Between Forms
- Where does cyber coverage hide in non-cyber policies?
- Intersection between cyber and property
- Intersection between cyber and manufacturing
- Interplay between cyber and crime coverage
- When does D&O and CGL coverage come into play?
- Does personal & advertising injury coverage apply?
4:30 p.m. | Automation and The Next Generation of Cyber Security
- How to solve the human capital problem
- Cyber security for the executives
- How to prepare your evidence and properly engage with law enforcement.
- Creating velocity and the power of orchestration within security practice
- How to create real-time legal oversight of cyber security through platform operations
- How to lower risk, measure risk, and manage risk within an organization.
5:30 p.m. | Cocktail Reception
Wednesday, June 8
7:15 a.m. | Registration and Breakfast
8:00 a.m. | Anatomy of a Data Breach from a Regulator’s Perspective
- Notice requirements: Are regulators and companies on the same page?
- Whether and how regulators assist companies with breach response.
- What do regulators want from companies during investigations?
- What can companies expect?
Bo Holland AllClear ID, moderator
Patrice Malloy Florida Assistant Attorney General
Gene Fishel Virginia Assistant Attorney General
Nicole DiTomo Pennsylvania Deputy Attorney General
9:05 a.m. | Breakouts
Cyber Risks and Exposure in the Manufacturing Sector
- Issues of property damage, supply chain & business interruption
- Operating systems: warranties and upgrades
- Problems with automation and robots
- IP resides in manufacturing enclaves that are sometimes hard to control
- Espionage and ransomware
- What is at risk?
- The legal landscape
- Vendor risk by industry
- Vendor contracts
- Insurance coverage – key terms and conditions
- Network assessments
- Vendor management programs
10:15 a.m. | Breakouts
The Cloud Providers: Current and Emerging Issues
- Securing of data going East-West
- Cloud of SLA issues
- Outages and reliability
- Securing hybrid IT
Systemic Risk and Aggregation Modeling Systemic Risk
Cloud outage and aggregate effect; zero-day malware; grid outage
Internet brownout; attacks against ‘common network technology’
What are the particular issues to staffing a large-scale incident?
How models can be used to assess cyber exposures.
What tools and benchmarks can be used to evaluate risk for cyber insurance coverage?
11:05 a.m. | Refreshment Break
11:30 a.m. | Compliance: Security Assessments, Training, and Planning
Incident response planning
Learn how to maximize breach response effectiveness and customer satisfaction and minimize litigation and regulatory risks
Best practices for mounting an effective security incident response strategy, including meeting compliance and exceeding customer expectations
Examine what your ethical obligations are to protect consumers and provide identity protection when a data breach hits
Learn how to navigate the legal intricacies and complexities involving security incidents and data breaches