Program Chairs
Darin Bielby, Managing Director, Navigant Information Security
Jason Glasgow, Vice President E&O Division, Allied World
Chris Keegan, Senior Managing Director, Beecher Carlson
Blaine Kimrey, Shareholder, Vedder Price
Tracey Vispoli, President, Berkley Cyber Risk Solutions

2:30-4:30 PM | Pre-Conference Boot Camp

During an engaging breach simulation our participants will decide how our fictional company deals with a data breach. (Session capacity: 50)

  • An understanding of a more recent, and prevalent, cyber security threat.
  • An overview of legal, compliance and response obligations.
  • Strategies on dealing with hackers and media during a breach.
  • How to mount a response and what services and products to include.

David Navetta, Norton Rose Fulbright
Lisa Larson, AllClear ID
Andrew Liuzzi, Edelman
Neeraj Sahni, Willis Towers Watson
Kris Kleiner, Norton Rose Fulbright
Marc Brawner, Kroll

3:30-4:30 PM | Cyber Security & Higher Education

Join Drexel University College of Computing & Informatics Dean Yi Deng and Thomas R. Kline School of Law Dean Daniel M. Filler for a round table discussion on the training necessary to support continued education for insurance, legal, and security professionals on the current Cyber Security landscape.

  • Quality and quantity. Who is the potential student and what is the forecasted demand? What are the opportunities for research and practical hands-on learning?
  • Industry Perspective. What skills, knowledge and qualifications would be useful for students to gain through this program, and how would it positively impact their future careers?
  • Potential Partnerships. What potential partnerships opportunities exist in the design of a comprehensive and relevant curriculum?

5:00-7:00 PM | Opening Reception
Sponsored by Mullen Coughlin, AllClear ID and NetDiligence

7:00 AM | Registration

Breakfast Sponsored by Argo Insurance & Equifax

Coffee Bar Sponsored by Experian (runs all day both days)

8:15-8:40 AM | Opening Remarks

Tom Hagy, Managing Director, HB
Mark Greisiger,
President, NetDiligence
Josh Ladeau, Aspen Insurance
Mike Smith, AIG (ret.)

8:45-9:45 AM | Cyber Claims & Loss Updates

  • A Review of the 2016 NetDiligence Claims Study and Early Returns on 2017 Data.
  • Types of Claims Being Covered.
  • Examination of Cost.
  • Claims Notice and Claims Handling.

Blaine Kimrey, Vedder Price, moderator
Mark Greisiger, NetDiligence
Brian Robb, CNA
Richard Sheridan, Berkley Cyber Risk Solutions
Chris Novak, Verizon
Sara Trokan, Chubb

9:45-10:00 AM | Travel Time

10:00-11:00 AM | Breakout Sessions A-C

Breakout Sessions A: Ballroom
Broker Perspective on Gaps and Overlaps

  • Gap and Cross-Over Analysis.
  • How do you align policies?
  • How and what policies do you use to fill the Gaps?
  • Exclusions for clarity.
  • Avoiding Overlaps and Doubling Up.

Evan Fenaroli, Philadelphia Insurance Companies, moderator
Meredith Schnur, Wells Fargo
Scott Kannry, Axio Global
Adam Cottini, AJ Gallagher
Jill Salmon, Berkshire Hathaway
Rick Bortnick, Traub Lieberman Straus & Shrewsberry

Breakout Session B: Rose Garden
Cyber Impact in Media Policies

  • How are traditional Media Policies impacted by Cyber Events?

Chris Keegan, Beecher Carlson, moderator
Dan DeLoof, Allianz
Chad Milton, Media Risk Consultants
Joseph Sano, Prince Lobel

Breakout Session C: Cliveden
Claims Walk-Through Process from the Policyholder View
Note: This breakout is oversold. Please arrive early as we have a strict limit on room occupancy. Sorry for the inconvenience!

  • Notice Issues.
  • Application of Sublimits.
  • Retroactive Dates and Multiple Events.
  • Panel Counsel Selection.
  • Vendor Selection.
  • “Voluntary” notification.
  • Failure to Maintain Security Exclusions.
  • Overlapping Coverage.

Scott Godes, Barnes & Thornburg, moderator
Shannon Groeber, JLTS
Tamara Ashjian, NAS Insurance
Laura Rieben, Independence Blue Cross
Carrie Parikh, Wyndham Hotel Group

11:00-11:30 | Break Sponsored by Markel

11:30-12:30 | Breakout Sessions A-C

Breakout Session A: Ballroom
The Future of Cyber Insurance: Where will we be in 2025? 

  • What difference will claims make, particularly a Black Swan event?
  • How will Technology shape future policies?
  • How will competitive forces—reinsurance, carriers in the marketplace, rates—shape policies?

Tracey Vispoli, Berkley Cyber Risk Solutions,W.R. Berkley company, moderator
John Coletti, XL Catlin
Catherine Mulligan, Zurich
Tim Marlin, The Hartford
Tracie GrellaAIG

Breakout Session B: Rose Garden
State of Litigation

  • Recent Court Decisions in Class Action Suits.
    • Litigation Against Credit Card Companies—Jetro Holdings LLC.
    • Wrongful Use of Data.
  • Expected Trends.

Ernest Koschineg, Cipriani & Werner, moderator
Doug Meal, Ropes & Gray LLP
Chris Dore, Edelson
Lindsay Nickle, Wilson & Elser
John Yanchunis, Morgan & Morgan

Breakout Session C: Cliveden
Is International Compliance Illusory?

  • What are the implications from the perspective of the insurance market in the EU / US?
  • Any considerations regarding policy language and/or coverage issues relating to GDPR audits without a data breach and exposure to fines?
  • How are these new requirements viewed as impacting EU companies? US companies?
  • What are the key provisions of the GDPR (global view against Privacy Shield as one of its components)?
  • What is the current enforcement landscape and what thoughts regarding the impact GDPR will have on EU companies? What about Brexit? Data residency requirements? Risk Assessments?

Ted Augustinos, Locke Lord, moderator
Mike Bruemmer, Experian
Meghan Hannes, Axis Capital
Dan Trueman, Novae
Patrick Hill , DAC Beachcroft

12:30-1:45| Lunch Sponsored by Travelers

Keynote Address

Large Enterprise Cyber Risk:
Building a Strategy Based on Feasibility, Acceptability, Suitability and Affordability

Brigadier General (retired) Gregory J. Touhill was the first Federal Chief Information Security Officer (CISO) for the United States in the Executive Office of the President (EOP). As the first Federal CISO, General Touhill drove cybersecurity policy, planning, and implementation across the Federal Government.

Prior to OMB, General Touhill was the Deputy Assistant Secretary for Cybersecurity and Communications (CS&C) within the National Protections and Programs Directorate (NPPD) of the Department of Homeland Security (DHS). In July 2013, General Touhill retired from the United States Air Force after a distinguished career culminating as the Chief Information Officer and Director of Command, Control, Communications, and Cyber Systems at U.S. Transportation Command—one of the nation’s 10 combatant commands.

General Touhill is a graduate of the Squadron Officer School, Air Command and Staff College, and the Advanced Communications Officer Training school, where he received the Webb Award. He also is a graduate of the Air War College, the Armed Forces Staff College, the Harvard University John F. Kennedy School of Government Senior Executive Fellows program, and the University of North Carolina’s Logistics and Technology Program for Executives.

General Touhill maintains the Certified Information Systems Security Professional (CISSP), Certified Acquisition Professional in Information Technology and Program Management, and the American College of Corporate Directors Master Professional Director certifications.

He is the author of  Cybersecurity for Executives: A Practical Guide.

Touhill was appointed as the first Federal CISO by President Obama in September 2016. He stepped down on Jan. 17, 2017.

1:45-2:45 | Geopolitics, Cyber Risk and Insurance

  • Cyber Attacks by Nations, Affiliated Groups and Terrorists
  • Government Responses
  • Attribution
  • Data and Network Distruction
  • Underwriting to Reduce Vulnerabilites
  • War and Terrorism Exclusions

Vince Vitkowsky, Seiger Gfeller Laurie LLP, moderator
Josh Ladeau, Aspen Insurance
Bob Anderson, Navigant
Jeffrey Batt, Marsh
Daniel Wagner, Risk Cooperative

2:45-3:15 | Break Sponsored by Allianz

3:15-4:15 | Breakout Sessions A-C

Breakout Session A: Ballroom
Managing a Ransomware Attack and Extortion

  • What are the loss concerns of ransomware? Privacy breach, network damage, business continuity?
  • When should you pay a ransom?
  • Is the traditional insurance vendor panel the right way to respond to the immediate nature of ransomware?
  • Are ransomware claims going to grow in 2017? In frequency or individual size of loss?

Winston Krone, KIVU, moderator
John Mullen, Mullen Coughlin
Kimberly Horn, Beazley Claims
Ben Stone, FBI
Jeremy Batterman, Navigant

Breakout Session B: Rose Garden Now in Cliveden (19th Floor)
Cross-Sector Cascading Effects Caused by Cyber Events in the Power and Energy Sectors

  • Vulnerability of the Power Grid.
  • Cybersecurity Risk Information Sharing Program (CRISP).
  • Insurance Implications for Businesses Affected by Power Outage Due to Cyber Attack.
  • Aggregation Concerns and Cascading Implications Across Industries.

Brad Gow, Sompo International, moderator
John Farley, Hub International, check out his new book
Mary Guzman, McGriff, Siebels & Williams
Jonathon Monken, PJM Interconnection
Catherine Rudow, PartnerRe

Breakout Session C: Cliveden Now in Rose Garden (19th Floor)
Professional Services Breach: Law Firms

  • Rise of the frequency, severity and publicity of incidents.
  • The relationship between professional malpractice and cyber risk.
  • Nature of data handled by law firms.
  • Breach Response—Special Considerations.
  • Technology failures.

Bill Hardin, Charles River
Rob Rosenzweig, Risk Strategies Company
Jeremy Gittler, XL Catlin
Simon White, Liberty International Underwriters
Joe Lazzarotti, Jackson Lewis

4:15-4:30| Travel Time

4:30-5:30 | Aggregation and Modeling

  • How models can be used to assess cyber exposures.
  • Consideration of the value of assessment tools that can be utilized to assess an insured’s (and carrier’s) overall data aggregation exposure.
  • What tools and benchmarks underwriters utilize for when evaluating a risk for cyber insurance coverage.

Jason Glasgow, AWAC, moderator
Sandra DeSilvaNova
Jon Laux, Aon
Oliver Brew, Aspen Insurance
Jay Jacobs, Bitsight
Ashwin Kashyap, Symantec

5:30 PM | Cocktail Reception Sponsored by Beazley

7:00-11:00 AM | Experian Coffee Bar Open

8:00-8:50 | Standard of Care 

  • Why is the standard of care important?
  • What makes up the standard of care for cyber security?
  • Do existing “standards” provide an auditable baseline or is sound security entirely subjective? What is the value and limits of certifying against standards such as NIST or CIS 20?
  • Does having a certification provide any safety from lawsuits or regulatory investigation?
  • What are the best practices in light of the existing regulatory and legal framework?
  • In an underwriting situation, how do you determine what controls are reasonable or not?
  • Resolving conflicts between regulatory bodies’ Standard of Care.

Ron Raether, Troutman Sanders, moderator
Laura Foggan, Crowell & Moring
Jeffrey Lipson, Layer8
Barbara Holland, Department of Health and Human Services
Kurt SuhsIronshore

8:50-9:05 | Travel Time

 9:05-10:00 | Breakout Sessions A-C

Breakout Session A: Ballroom
Strategic Cyber Intelligence from a Board and C-suite Perspective

  • Cyber Risk as an integral part of risk management governance.
  • Where does insurance fit into risk management?
  • Collaboration between ITsec and Finance on cyber risk mitigation.
  • Rationalizing cyber risk mitigation spend–quantification of risk, ROI, compliance, etc.

Peter Foster, Willis, moderator
Ann Barry, Juniper Networks
Mike Brown, RSA
Matt Todd, Poisinelli
Philip Kibler, AIG

Breakout Session B: Rose Garden

  • What do insurance carriers look for in a reinsurer?
  • What do reinsurers look for in a carrier?
  • What are some of the concerns of reinsurers?
  • What is the best approach to move forward?

Rich DePiero, SwissRe, moderator
Jackie Lee, Validus
Kara Owens, TransRe
Laurie Kamaiko, Sedgwick LLP
Vlad Polyakov, CapsicumRe
Chris Lewis, Hiscox

Breakout Session C: Cliveden
Cloud Data and Storage

  • Failure of Hypervisers
  • Segmenting your cloud data from other cloud tenants
  • General redundancy of cloud to mitigate Black Sky events
  • Ransomware in the cloud and in Virtual Desktop Infrastructure environments
  • Shared responsibility model for your data

Patrick Thielen, Chubb, moderator
Shawn Carey, Keystone NAP
Taiye Lambo, eFortresses
Omri Moyal, Minerva Labs
Ted Theisen, Ankura Consulting

10:00-10:15 | Travel Time

10:15- 11:05 | Breakout Sessions A-B

Breakout Session A: Ballroom
Evolution of Breach Communications and the Media

  • The evolution of reporting on data breaches over the last decade
  • How breaches in different industries are covered differently
  • What readers/customers want to hear following a breach and how this has changed
  • Which industries and sectors haven’t been fatigued yet and which targets remain soft
  • How corporate victims of breaches are responding differently regarding the information they provide the media
  • How/if threat actors use information reported on in the media to affect their strategies

Zach Olsen, Infinite Global, moderator
Jim Giszczak, McDonald Hopkins
Brookes Taney, Epiq
Megan Gates, ASIS International
Greg Otto, Cyber Scoop
Allison Grande, Law360
TBD, In House Communications
TBD, Security Trade Publication

Breakout Session B: Rose Garden
Security Monitoring Failures

  • How security monitoring works
  • Why most companies fail to detect breaches
  • Benefits and challenges of security monitoring
  • How to determine if your client is on the ball or just ticking the box
  • Vetting what clients are telling you, i.e. what’s valuable, what’s not
  • Focusing on the right activity, i.e. what you should monitor
  • Logs: Forget volume, what are the logs telling you?
  • How existing solutions are being applied in new ways

Steve Anderson, QBE, moderator
Daimon Geopfert, RSM
Jason Rebholz, Crypsis
Douglas Clare, FICO
Matthew H. Meade, Buchanan Ingersoll & Rooney PC

11:05- 11:30 | Refreshment Break

11:30- 12:30 | Cyber Physical Perils

  • Definitions
  • How are cyber-physical risks viewed in the insurance buyer’s mind?
  • How are cyber perils currently treated by other insurances?
  • How does a cyber policy handle physical risks?
  • What are the measures to address the exposures?
  • What are the implications of the internet of things in this?
  • How should regulators and industry respond?

Tim Francis, Travelers, moderator
Eric Seyfried, Aon
Garrett Droege, Tech Assure
Pascal Millaire, Symantec
Scott Culler, Markel

12:30 | Adjourn