2:30-4:30 PM | Pre-Conference Boot Camp

  • An understanding of a more recent, and prevalent, cyber security threat.
  • An overview of legal, compliance and response obligations.
  • Strategies on dealing with hackers and media during a breach.
  • How to mount a response and what services and products to include.

David Navetta, Norton Rose Fulbright
Lisa Larson, AllClear ID
Leigh Nakanishi, Edelman
Neeraj Sahni, Willis Towers Watson
Kris Kleiner, Norton Rose Fulbright
Marc Brawner, Kroll

5:00-7:00 PM | Opening Reception
Sponsored by Mullen Coughlin, AllClear ID and NetDiligence

8:15-8:40 AM | Opening Remarks

Tom Hagy, Managing Director, HB
Mark Greisiger,
President, NetDiligence
Josh Ladeau, Aspen Insurance

8:45-9:45 AM | Cyber Claims & Loss Updates

  • A Review of the 2016 NetDiligence Claims Study and Early Returns on 2017 Data.
  • Types of Claims Being Covered.
  • Examination of Cost.
  • Claims Notice and Claims Handling.

Blaine Kimrey, Vedder Price, moderator
Mark Greisiger, NetDiligence
Brian Robb, CNA
Richard Sheridan, Berkley Cyber Risk Solutions
Chris Novak, Verizon
Sara Trokan, Chubb

9:45-10:00 AM | Travel Time

10:00-11:00 AM | Breakout Sessions A-C

Breakout Session A
Claims Walk Through Process from the Policyholder View

  • Notice Issues.
  • Application of Sublimits.
  • Retroactive Dates and Multiple Events.
  • Panel Counsel Selection.
  • Vendor Selection.
  • “Voluntary” notification.
  • Failure to Maintain Security Exclusions.
  • Overlapping Coverage.

Scott Godes, Barnes & Thornburg, moderator
Shannon Groeber, JLTS
Tamara Ashjian, NAS Insurance
Laura Rieben, Independence Blue Cross
Carrie Parikh, Wyndham Hotel Group

Breakout Sessions B
Broker Perspective on Gaps and Overlaps

  • Gap and Cross-Over Analysis.
  • How do you align policies?
  • How and what policies do you use to fill the Gaps?
  • Exclusions for clarity.
  • Avoiding Overlaps and Doubling Up.

Eva Fenaroli, PHLY, moderator
Meredith Schnur, Wells Fargo
Scott Kannry, Axio Global
Adam Cottini, AJ Gallagher
Jill Salmon, Berkshire Hathaway
Rick Bortnick, Traub Lieberman Straus & Shrewsberry

Breakout Session C
Cyber Impact in Media Policies

  • How are traditional Media Policies impacted by Cyber Events?

Chris Keegan, Beecher Carlson, moderator
Dan DeLoof, Allianz
Chad Milton, Media Risk Consultants
Joseph Sano, Prince Lobel

11:00-11:30 | Break Sponsored by Markel

11:30-12:30 | Breakout Sessions A-C

Breakout Session A
State of Litigation

  • Recent Court Decisions in Class Action Suits.
    • Litigation Against Credit Card Companies—Jetro Holdings LLC.
    • Wrongful Use of Data.
  • Expected Trends.

Ernest Koschineg, Cipriani & Werner, moderator
Doug Meal, Ropes & Gray LLP
Chris Dore, Edelson
Lindsay Nickle, Wilson & Elser
John Yanchunis, Morgan & Morgan

Breakout Session B
Is International Compliance Illusory?

  • What are the implications from the perspective of the insurance market in the EU / US?
  • Any considerations regarding policy language and/or coverage issues relating to GDPR audits without a data breach and exposure to fines?
  • How are these new requirements viewed as impacting EU companies? US companies?
  • What are the key provisions of the GDPR (global view against Privacy Shield as one of its components)?
  • What is the current enforcement landscape and what thoughts regarding the impact GDPR will have on EU companies? What about Brexit? Data residency requirements? Risk Assessments?

Ted Augustinos, Locke Lord, moderator
Mike Bruemmer, Experian
Meghan Hannes, Axis Capital
Dan Trueman, Novae
Patrick Hill , DAC Beachcroft

Breakout Session C
The Future of Cyber Insurance: Where will we be in 2025? 

  • What difference will claims make, particularly a Black Swan event?
  • How will Technology shape future policies?
  • How will competitive forces—reinsurance, carriers in the marketplace, rates—shape policies?

Tracey Vispoli, Berkley Cyber Risk Solutions,W.R. Berkley company, moderator
John Coletti, XL Catlin
Catherine Mulligan, Zurich
Tim Marlin, The Hartford
Tracie GrellaAIG

12:30-1:45| Lunch Sponsored by Travelers

Keynote Address

Large Enterprise Cyber Risk:
Building a Strategy Based on Feasibility, Acceptability, Suitability and Affordability

Brigadier General (retired) Gregory J. Touhill was the first Federal Chief Information Security Officer (CISO) for the United States in the Executive Office of the President (EOP). As the first Federal CISO, General Touhill drove cybersecurity policy, planning, and implementation across the Federal Government.

Prior to OMB, General Touhill was the Deputy Assistant Secretary for Cybersecurity and Communications (CS&C) within the National Protections and Programs Directorate (NPPD) of the Department of Homeland Security (DHS). In July 2013, General Touhill retired from the United States Air Force after a distinguished career culminating as the Chief Information Officer and Director of Command, Control, Communications, and Cyber Systems at U.S. Transportation Command—one of the nation’s 10 combatant commands.

General Touhill is a graduate of the Squadron Officer School, Air Command and Staff College, and the Advanced Communications Officer Training school, where he received the Webb Award. He also is a graduate of the Air War College, the Armed Forces Staff College, the Harvard University John F. Kennedy School of Government Senior Executive Fellows program, and the University of North Carolina’s Logistics and Technology Program for Executives.

General Touhill maintains the Certified Information Systems Security Professional (CISSP), Certified Acquisition Professional in Information Technology and Program Management, and the American College of Corporate Directors Master Professional Director certifications.

He is the author of  Cybersecurity for Executives: A Practical Guide.

Touhill was appointed as the first Federal CISO by President Obama in September 2016. He stepped down on Jan. 17, 2017.

1:45-2:45 | Geopolitics, Cyber Risk and Insurance

  • Cyber Attacks by Nations, Affiliated Groups and Terrorists
  • Government Responses
  • Attribution
  • Data and Network Distruction
  • Underwriting to Reduce Vulnerabilites
  • War and Terrorism Exclusions

Vince Vitkowsky, Seiger Gfeller Laurie LLP, moderator
Josh Ladeau, Aspen Insurance
Bob Anderson, Navigant
Jeffrey Batt, Marsh
Daniel Wagner, Risk Cooperative

2:45-3:15 | Break Sponsored by Allianz

3:15-4:15 | Breakout Sessions A-C

Breakout Session A
Cross-Sector Cascading Effects Caused by Cyber Events in the Power and Energy Sectors

  • Vulnerability of the Power Grid.
  • Cybersecurity Risk Information Sharing Program (CRISP).
  • Insurance Implications for Businesses Affected by Power Outage Due to Cyber Attack.
  • Aggregation Concerns and Cascading Implications Across Industries.

Brad Gow, Sompo International, moderator
John Farley, Hub International
Mary Guzman, McGriff
Jonathon Monken, PJM Interconnection
Catherine Rudow, PartnerRe

Breakout Session B
Managing a Ransomware Attack and Extortion

  • What are the loss concerns of ransomware? Privacy breach, network damage, business continuity?
  • When should you pay a ransom?
  • Is the traditional insurance vendor panel the right way to respond to the immediate nature of ransomware?
  • Are ransomware claims going to grow in 2017? In frequency or individual size of loss?

Winston Krone, KIVU, moderator
John Mullen, Mullen Coughlin
Kimberly Horn, Beazley Claims
Ben Stone, FBI
Jeremy Batterman, Navigant

Breakout Session C
Professional Services Breach: Law Firms

  • Rise of the frequency, severity and publicity of incidents.
  • The relationship between professional malpractice and cyber risk.
  • Nature of data handled by law firms.
  • Breach Response—Special Considerations.
  • Technology failures.

Bill Hardin, Charles River
Rob Rosenzweig, Risk Strategies Company
Jeremy Gittler, XL Catlin
Simon White, Liberty International Underwriters
Joe Lazzarotti, Jackson Lewis

4:15-4:30| Travel Time

4:30-5:30 | Aggregation and Modeling

  • How models can be used to assess cyber exposures.
  • Consideration of the value of assessment tools that can be utilized to assess an insured’s (and carrier’s) overall data aggregation exposure.
  • What tools and benchmarks underwriters utilize for when evaluating a risk for cyber insurance coverage.

Jason Glasgow, AWAC, moderator
Sandra DeSilvaNova
Jon Laux, Aon
Oliver Brew, Aspen Insurance
Jay Jacobs, Bitsight
Ashwin Kashyap, Symantec

5:30 PM | Cocktail Reception Sponsored by Beazley

8:00-8:50 | Standard of Care 

  • Why is the standard of care important?
  • What makes up the standard of care for cyber security?
  • Do existing “standards” provide an auditable baseline or is sound security entirely subjective? What is the value and limits of certifying against standards such as NIST or CIS 20?
  • Does having a certification provide any safety from lawsuits or regulatory investigation?
  • What are the best practices in light of the existing regulatory and legal framework?
  • In an underwriting situation, how do you determine what controls are reasonable or not?
  • Resolving conflicts between regulatory bodies’ Standard of Care.

Ron Raether, Troutman Sanders, moderator
Laura Foggan, Crowell & Moring
Jeffrey Lipson, Layer8
Barbara Holland, Department of Health and Human Services

8:50-9:05 | Travel Time

 9:05-10:00 | Breakout Sessions A-C

Breakout Session A
Strategic Cyber Intelligence from a Board and C-suite Perspective

  • Cyber Risk as an integral part of risk management governance.
  • Where does insurance fit into risk management?
  • Collaboration between ITsec and Finance on cyber risk mitigation.
  • Rationalizing cyber risk mitigation spend–quantification of risk, ROI, compliance, etc.

Peter Foster, Willis, moderator
Ann Barry, Juniper
Mike Brown, RSA
Matt Todd, Poisinelli
Philip Kibler, AIG

Breakout Session B
Cloud Data and Storage

  • Failure of Hypervisers
  • Segmenting your cloud data from other cloud tenants
  • General redundancy of cloud to mitigate Black Sky events

Patrick Thielen, Chubb, moderator
Shawn Carey, Keystone NAP
Taiye Lambo, eFortresses
Omri Moyal, Minerva Labs
Ted Theisen, Ankura Consulting

Breakout Session C

  • What do insurance carriers look for in a reinsurer?
  • What do reinsurers look for in a carrier?
  • What are some of the concerns of reinsurers?
  • What is the best approach to move forward?

Rich DePiero, SwissRe, moderator
Jackie Lee, Validus
Kara Owens, TransRe
Laurie Kamaiko, Sedgwick LLP
Vlad Polyakov, CapsicumRe
Daniel Burke, Hiscox

10:00-10:15 | Travel Time

10:15- 11:05 | Breakout Sessions A-B

Breakout Session A
Evolution of Breach Communications and the Media

  • The evolution of reporting on data breaches over the last decade
  • How breaches in different industries are covered differently
  • What readers/customers want to hear following a breach and how this has changed
  • Which industries and sectors haven’t been fatigued yet and which targets remain soft
  • How corporate victims of breaches are responding differently regarding the information they provide the media
  • How/if threat actors use information reported on in the media to affect their strategies

Zach Olsen, Infinite Global, moderator
Nicole Hong, Wall Street Journal
Jim Giszczak, McDonald Hopkins
Brookes Taney, Epiq
TBD, In House Communications
TBD, Security Trade Publication

Breakout Session B
Security Monitoring Failures

  • How security monitoring works
  • Why most companies fail to detect breaches
  • Benefits and challenges of security monitoring
  • How to determine if your client is on the ball or just ticking the box
  • Vetting what clients are telling you, i.e. what’s valuable, what’s not
  • Focusing on the right activity, i.e. what you should monitor
  • Logs: Forget volume, what are the logs telling you?
  • How existing solutions are being applied in new ways

Steve Anderson, QBE, moderator
Daimon Geopfert, RSM
Jason Rebholz, Crypsis
Douglas Clare, FICO
Matthew H. Meade, Buchanan Ingersoll & Rooney PC

11:05- 11:30 | Refreshment Break

11:30- 12:30 | Cyber Physical Perils

  • Definitions
  • How are cyber-physical risks viewed in the insurance buyer’s mind?
  • How are cyber perils currently treated by other insurances?
  • How does a cyber policy handle physical risks?
  • What are the measures to address the exposures?
  • What are the implications of the internet of things in this?
  • How should regulators and industry respond?

Tim Francis, Travelers, moderator
Eric Seyfried, Aon
Garrett Droege, Tech Assure
Pascal Millaire, Symantec
Scott Culler, Markel
Kurt SuhsIronshore

12:30 | Adjourn