Peer Benchmarking & Limit of Liability Analysis

Peer Benchmarking & Limit of Liability Analysis

Mitigating Data Breach Risk through Cyber Insurance What You Need to Know When Buying Cyber Insurance The College of Healthcare and Information Management Executives The Association for Executives in Healthcare Information Security Presentation Date: March 22, 2017 Aon Risk Solutions Professional Risk Solutions Aon Experts Ronald Sung, Esq. Rocco Grillo Assistant Vice President Professional Risk Solutions +1.312.381.3541 [email protected] Global Cyber Resilience Leader Stroz Friedberg an Aon Company +1.212.981.2674 [email protected] Gus Springmann Broker Professional Risk Solutions +1.312.381.7065 [email protected] Aon Risk Solutions | Financial Services Group | Professional Risk Solutions Proprietary & Confidential Top 10 Healthcare Risks Aon Global Risk Management Survey Aon Risk Solutions | Financial Services Group | Professional Risk Solutions Proprietary & Confidential Cyber Liability | Cyber Discovery Understand the top risks to your company and communicate to management the risks that are and are not insurable. If not insurable, then identify alternative options. Legal / Compliance

Senior Management Understand your contracts with your customers. What risks are your company assuming? What insurance are you required to maintain? Risk Management Know and meet regularly with your Information Security / IT Team. Understand incidents or near misses. Information Security Aon Risk Solutions | Financial Services Group | Professional Risk Solutions Proprietary & Confidential Human Resources 4 Implement appropriate employee training to mitigate potential breaches via stolen credentials or social engineering. Optimal Cyber Program Risk Tolerance Maximum Probable Loss Peer Purchasing Data Budget

Scope of Coverage / Control Contractual Requirements Insurable Risks Aon Risk Services | Financial Services Group | Professional Risk Solutions Proprietary & Confidential Optimal Program Market Limitations 5 Agenda Network and Security and Privacy Exposure Trends Regulatory Environment Risk Evaluation and Mitigation Coverage Insurance Marketplace Benchmarks and Insights Claims Advocacy Aon Risk Solutions | Financial Services Group | Professional Risk Solutions Proprietary & Confidential Aons Professional Risk Solutions Group Experienced teams and resources Market impacting solutions

Proprietary data and analytics Industry leading talent Strategic acquisition Over 60 U.S. professionals dedicated to strategy, execution, and service Product and industry expertise - Cyber industry specialists aligned with Aon industry practices Policy Committee focuses on developing policy language with clients and Insurers as well as cyber product development Aon Cyber Enterprise Solution, a first-of-its-kind property / casualty and Internet of Things insurance policy that offers comprehensive and integrated enterprise-wide coverage against cyber risk EU Data Protect Cyber Captive Solution Cyber Insight actuarial review Aon Cyber 360 Suite of Solutions Aon Cyber Impact Analysis / Risk Financing Decision Platform 2016 appointment of James Trainor as Senior Vice President of the Cyber Solutions Group. Mr. Trainor joins Aon after a distinguished career at the FBI, where he most recently led the Cyber Division On November 1, 2016, Aon finalized its acquisition of cyber risk consulting firm Stroz Friedberg Aons union with Stroz Friedberg provides a comprehensive suite of assessment and quantification solutions to support our clients Aon Risk Solutions | Professional Risk Solutions Proprietary & Confidential 7 $400M+ in total premium placed in 2016 60+ Global Professionals

400+ cyber claims managed by Aon since 2012 Aon Cyber Resilience Framework Identify and protect your critical assets and balance sheet by aligning your cyber enterprise risk management strategy with your corporate culture and risk tolerance. Linking Asset and Risk Data Analytics to Lower Total Cost of Risk Aon Risk Solutions | Professional Risk Solutions Proprietary & Confidential 8 Aon Cyber Resilience Framework Need: Identify critical assets, vulnerabilities and risks to assess organizational preparedness Solution: Aon Cyber Diagnostic Tool, Aon Cyber Coverage Gap Analysis, Aon/Stroz Friedberg Cyber 360 Suite of Solutions Need: Uncover, test and remediate application, network and endpoint vulnerabilities Solution: Stroz Friedberg Penetration & Social Engineering Testing, Red Team Testing, Application Testing, Application Code Review, Threat Hunting Need: Prepare, optimize, and enhance security governance and incident detection protocols Solution: Stroz Friedberg Incident Response Retainer, IR Planning & Playbook, Tabletops, CISO/Board Advisory Need: Quantify the financial impact from cyber risks to inform risk reduction and transfer strategies Solution: Aon Cyber Insight, Aon Cyber Impact Analysis, Aon Risk Financing Decision Platform Need: Explore risk transfer solutions to minimize balance sheet risk Solution: Aon Cyber Enterprise Solution, Aon Cyber Captive Solution, Aon Proprietary Peer Benchmarking, Aon Client Treaty, Aon Benfield Reinsurance Capacity Need: Limit business disruption, minimize economic loss, and expedite the claims management process Solution: Stroz Friedberg Incident & Breach Response, Stroz Friedberg Malware Reverse Engineering, Aon Claims Advocacy, Aon Business Interruption Claims Preparation Aon Risk Solutions | Professional Risk Solutions Proprietary & Confidential

9 Level Setting | Data v. Dollars Aon Risk Solutions | Financial Services Group | Professional Risk Solutions Proprietary & Confidential Cyber Risk Impacts All Loss Quadrants 3rd Party Financial 1st Party Any major cyber event will result in PR, response, and continuity costs Immediate and extended revenue loss Restoration expenses Defense costs Tangible Third parties will seek to recover Civil penalties and awards Consequential revenue loss Restoration expenses Cyber Loss Spectrum Physical damage is possible Property damage Bodily injury Physical damage may cascade to others 3rd party property damage 3rd party bodily injury Aon Risk Solutions | Financial Services Group | Professional Risk Solutions Proprietary & Confidential 2017 Cyber Exposure Trends IoT - The Internet of Things Reliance on technology & increasing connectivity Cloud Computing / Big Data Analytics Increased use of technology vendors Social Media Social Engineering

Phishing / Spear Phishing Ransomware / Malware / Cyber Heist / Blockchain U.S. and International Regulatory Environment EU General Data Protection Regulation effective May 25, 2018 Healthcare Mergers and Acquisition Landscape Aon Risk Solutions | Professional Risk Solutions Proprietary & Confidential 12 Top 10 risk for Healthcare Cyber Insurance Information Governance Knowing how much data you have and where that data is located Enterprise Risk Perspective Data and Device Encryption Phishing Training Social Engineering Funds Transfer Prevention/Awareness Sensitive Document Sharing Password Management Solutions for Employees Vendor Management M&A IR/Preparedness/Red-team Scenarios Source: Global Cyber Risk LLC Aon Risk Services | Financial Services Group | Professional Risk Solutions Proprietary & Confidential 13 Top Cyber Risks in 2017 1. Criminals harness IoT devices as botnets to attack infrastructure: In 2017, Stroz Friedberg predicts there will be an increase in IoT devices compromised, harnessed as botnets, and used as launching points for malware propagation, SPAM, DDoS attacks and anonymizing malicious activities. 2. Nation state cyber espionage and information war influences global and political policy: Cyber espionage will continue to influence global politics and will spread to the upcoming elections in Latin America and Europe. Russia, China, Iran, and North Korea will be regions of great concern in 2017, as they continue to develop deep pools of cyber-crime talent.

3. Data integrity attacks rise: Data sabotage as the next big threat will become a reality in 2017. Criminals will seek to sow confusion and doubt over the accuracy and reliability of information, impairing decision-making across the private and public sector. 4. Spear-phishing and social engineering tactics: In 2017, advanced social engineering tactics will become more targeted, cunning, and more effective, exploiting the weakest link employees that organizations always find challenging to safeguard. 5. Red teaming and cybersecurity talent development: Increased pressure from regulators worldwide will push in-house red teaming capabilities to accelerate in 2017. In addition, companies that are not in the cyber business will face a different challenge: recruiting, motivating, and retaining highly technical cyber talent to keep their red teams at the forefront of cybersecurity. 6. Pre-M&A cybersecurity due diligence: The financial services industry will be early-adopters of making cybersecurity due diligence a critical part of the pre-M&A due diligence process. While 2017 will see one to two additional high profile instances that impact the M&A deal process outcome, only the financial services industry will react accordingly and conduct judicious cyber assessments. Aon Risk Solutions | Professional Risk Solutions Proprietary & Confidential 14 2017 Privacy Healthcare Exposure Trends Ransomware Healthcare is at the heart of privacy PHI, PII, FAI Healthcare entities are made to be accessible Highly regulated Massive store of data Personal Health Information is more valuable then Financial Account Information Helps establish an identity Cannot cancel and establish a new medical history like with your credit history harder to remediate Limited coverage GL, Healthcare Professional, Managed Care Professional all are beginning to exclude Cyber risk. GL post 2013 and the professional lines are beginning now. Travelers v. Portal Healthcare Statutory Data Retention Requirements lead to aggregation of data Aon Risk Solutions | Professional Risk Solutions

Proprietary & Confidential 15 2017 Healthcare Cyber Exposure Analysis Common Concerns: Fines by Regulators Damages to your organizations reputation due to a data breach Operational disruptions due to: High dependency on vendors such as: Epic, Cerner, Meditech, Allscripts, etc Integration of technology Dependent on Data to operate Lost or stolen data Violation of privacy regulations Advertising injury PCI Fines and Penalties Small CC loss Large PCI Fine. See P.F. Changs v. Chubb Aon Risk Solutions | Professional Risk Solutions Proprietary & Confidential 16 Healthcare Providers have Witnessed Massive Data Breaches Month/Year Company/Organization affected Country # of Records Breached Type of Breach August 2016 Newkirk Products, Inc. USA 3,466,120 Identity Theft August 2016 Banner Health

USA 3,620,000 Identity Theft March 2016 21st Century Oncology USA 2,213,597 Identity Theft March 2015 Anthem USA 78,800,000 Identity Theft March 2015 Premera Blue Cross USA 11,000,000 Identity Theft March 2015 Excellus Health Plan USA 10,000,000 Identity Theft November 2011

Science Application International USA 4,900,000 Business Associate Identity Theft July - 2015 UCLA Health System USA 4,500,000 Identity Theft August 2014 Community Health Systems USA 4,500,000 Identity Theft August 2014 Advocate USA 4,029,530 Identity Theft Aon Risk Solutions | Professional Risk Solutions Proprietary & Confidential 17 The Insider Threat: Employees Unintentional insider involvement in claims by business sectors Financial

Services; 18.00% Healthcare; 38.00% Technology; 15.00% Others Industries; 29.00% Rogue employee involvement in claims by business sectors Financial Services; 29.00% Hospitality; 12.00% Professional Services; 12.00% Restaurant; 12.00% Others Healthcare; Industries; 29.00% 6.00% More than 67% of the total claims attributable to insiders were unintentional. The remaining 33% of the claims were caused by rogue employees. Healthcare industry witnessed the highest number of claims caused by unintentional insiders followed by financial services and technology industries Healthcare & financial services industries witnessed the highest number of claims caused by rogue employees Aon Risk Solutions | Financial Services Group | Professional Risk Solutions Proprietary & Confidential Fines & penalties for violations of HIPAA regulations Healthcare companies/organizations violating HIPAA regulations/guidelines will be subject to

penalties & fines as given below:\ Enforced by the U.S. Department of Health & Human Services (HHS) part of Office of Civil Rights (OCR) 1. Penalties assessed to Healthcare organizations unaware that they violated HIPAA requirement: $100 to $50,000 per violation. $1,500,000 aggregate for an identical provision. 2. Penalties assessed to Healthcare organizations with a violation of reasonable cause but not willful neglect: $1,000 to $50,000 per violation. $1,500,000 aggregate for an identical provision. Revealing patient information to unauthorized persons. 3. Penalties assessed to Healthcare organizations with a violation deemed as willful neglect but rectified within a reasonable time: $10,000 to $50,000 per violation $1,500,000 aggregate for an identical provision 4. Penalties assessed to Healthcare organizations with a violation deemed as willful neglect and left unresolved: $50,0000 per violation $1,500,000 aggregate for an identical provision. Aon Risk Solutions | Financial Services Group | Professional Risk Solutions Proprietary & Confidential HIPAA obligations for Healthcare providers Health Insurance Portability and Accountability Act (HIPAA) obligates all Healthcare providers to ensure that all mandated physical, network and process security procedures are being observed. Examples of HIPAA violations include: 1. Violations of unwilling negligence including: Improper patient verification. Failure to dispose of patient records securely. Failure to discuss patient information in a private setting. Unintentionally faxing or emailing patient data to an incorrect destination. Inadequately storing and securing patient records. Accessing patient records outside of the approved network. Unintentionally exposing sensitive data to individuals not privy to the information. 2. Violations of willing negligence including: Accessing patient records without proper authorization. Improper use of passwords and user names. Revealing patient information to unauthorized persons. Using unauthorized computers or other equipment within the network. Willingly leave sensitive patient information unsecured. Using patient records for personal benefit. Selling medical information. Purposefully altering or damaging data stored in medical records Aon Risk Solutions | Financial Services Group | Professional Risk Solutions Proprietary & Confidential Other Regulatory Factors

State Privacy Regulation 47 State Breach Laws and Attorney Generals U.S. Federal Regulations are evolving, but no federal privacy regulations in place to date U.S. Federal agencies are active HIPAA, 42 U.S.C. Section 1320d-5/HITECH FTC Act, 15 U.S.C Section 45 (a) FCC GLBA/FINRA SEC EU General Data Protection Regulation effective May 25, 2018 Fines up to 4% of firms' total worldwide annual turnover 72 hour notification of a breach of private information Aon Risk Solutions | Financial Services Group | Professional Risk Solutions Proprietary & Confidential Scope of Cyber Insurance Coverage Defense Costs + Damages + Regulator Fines Insureds Loss Liability Sections First Party Sections Failure of Network Security Failure to Protect / Wrongful Disclosure of Information, including employee information Privacy or Security related regulator investigation Wrongful Collection of Information (some policies)

Media content infringement / defamatory content Aon Risk Solutions | Professional Risk Solutions Proprietary & Confidential Expense / Service Sections Crisis Management Extra Expense System Failure Business Interruption (some policies) Breach-related Legal Advice Call Center Credit Monitoring, Identity Monitoring, ID Theft Insurance Cyber Extortion Payments All of the above when committed by an outsourcer

Network-related Business Interruption Expenses Paid to Vendors Dependent Business Interruption (some policies) Intangible Asset damage 22 Breach Response Timeline Detect Breach Determine extent of breach, number of records lost, type of info lost Review federal and state statutes to determine necessary actions Notification, Credit / ID monitoring, Crisis management Potential regulatory fines A vendor drafts and sends notification letters to all individuals impacted. The

letters include a credit monitoring offering along with call center support. Another vendor is hired to handle a public relations campaign Due to a delay in notifying affected individuals, company receives notice of a formal proceeding relating to the data breach from the FTC. The hired counsel provides defense in the proceeding which is not yet completed Vendor fines and penalties incurred Third party litigation and damages Due to credit card information being compromised, the Payment Card Industry (PCI) levies an assessment against the client and mandates remediative action in the form of an

assessment by a QSA Two weeks after the breach notice went out, a class action suit was filed against the Insured alleging failure to properly protect confidential information. Defense counsel is retained and the outcome is to be determined and penalties incurred How it plays out Hackers attack our clients network and are able to penetrate and move about the network undetected. InfoSec team notices suspicious activity on their network and determines that hacker has compromised their systems IT determines that thousands of customer records within the system are compromised due to a failure of information

security. Data stolen contains name, address, email, credit card and purchase history Legal engages outside counsel specializing in privacy law. Counsel reviews the lost information and determines that notification and monitoring are required in all states Aon Risk Solutions | Financial Services Group | Professional Risk Solutions Proprietary & Confidential Cyber Claims Scenarios Loss Examples Bad Actor gains unauthorized access into ABC Companys network. X amount of PII data is accessed by Bad Actor. Coverage Privacy Liability Privacy Event Expenses Privacy Regulatory Analysis Availability 1st party coverage responds with: forensics to determine the cause and the scope of breach; legal guidance to effect notification; notification; credit monitoring; and call center services. 3rd party responds to privacy regulatory, FTC -, and consumer actions. 3rd party typically available at

full limits. 1st party covers have evolved where full limits are now available, however, premium driven. Bad actor transmits malicious code into ABC Companys network. ABC Companys network then transmits malicious code into 3rd partys network causing failure of 3rd partys network. Network Security Liability Policy will respond to the extent that entitys failure of network security caused loss to third party. Standard Due to internal error, PII is lost. Bad actors defraud banks, create false tax returns, create credit cards of those persons whose information was stolen Privacy Liability Network Security Liability Privacy Event Expenses Regulatory Grey area typically, the credit monitoring offered will bundle identity protection insurance as additional service. Typically, real monies are excluded from cyber policies. Standard Cover 1) Network Business Interruption Typically requires 3rd party malicious attack or employee acting outside the scope of his duties. Waiting period applies. Pays for net income loss and extra expense.

Coverage is sometimes available at full limits, risk by risk. 2) Due to malicious code, ABC Company suffers material interruption leaving entity unable to operate. Rogue Employee contaminates network causing manufacturing processes to slow or stop Aon Risk Solutions | Financial Services Group | Professional Risk Solutions Proprietary & Confidential 24 Cyber Claims Scenarios Loss Examples ABC Company relies on Company X for outsourced IT services (HR or Cloud Computing for example). Company X suffers a network interruption due to malicious code. Coverage Dependent Business Interruption Analysis Availability Event must trigger coverage as if it were first party network business interruption. Coverage will pay for net income loss and extra expense after waiting period. Evolving. Limited Carriers will offer dependent business interruption, limits are typically a portion of the total aggregate. For larger entities, Carriers may request a schedule.

ABC Company upgrades systems in corporate environment. For unknown reason, system fails. System Failure Whereas Network business interruption is due to malicious code, System Failure covers failure of technology. Waiting period applicable Typically sub-limited to 20%25% of the total aggregate, carriers have incomplete information to underwrite the risk. ABC Company held hostage by a hacker who installed ransomware on ABC Company network. Requests X dollars to remove access. Cyber Extortion Cyber policy will respond: forensics to determine legitimacy of threat; respond to the ransom request. Standard Coverage Aon Risk Solutions | Financial Services Group | Professional Risk Solutions Proprietary & Confidential 25 Global Cyber Insurance Marketplace Aon Client Premium Spend 16.66% DOMESTIC 5.39% 77.95% Bermuda Domestic London Aon Risk Solutions | Professional Risk Solutions Proprietary & Confidential

AIG Allianz Arch Argo Aspen AXIS AWAC BCS Beazley Berkshire Hathawa y Chubb CNA CV Starr Enduranc e

Nationwi de Hartford HCC Hiscox Ironshore Liberty Mutual QBE RLI RSUI SCOR Re Swiss Re Travelers XLCatlin Zurich BERMUDA LONDON ANV Ascent Aspen AIG Axis Barbican Beazley Brit CFC Chubb Emergin g Risks

Hannove r Re HCC 26 (Excess only) HDI Gerling Hiscox Kiln Liberty Markel Munich Re Novae Principia Sceimus SCOR Swiss Re Talbot Zurich

AIG Chubb Markel Argo Aspen AWAC AXIS Endurance Iron-Starr XL - Catlin Q1 2017 Market Snapshot Capacity Claims & Losses Coverage Retentions Pricing Capacity is continuing to grow across geographies Coverage continues to evolve and become more valuable Stronger data is being gathered as more breaches are reported Retentions have normalized since 2015 pressures Pricing trends are stable Over 65 Insurers providing E&O / Cyber capacity

Capacity is available in US (primary and excess), London (primary and excess) and Bermuda (excess only, generally excess of $50M) From a primary perspective, there continues to be a growing number of Insurers developing appetites for large, complex risks There is over $500M in theoretical capacity available in the E&O / Cyber market place Coverage breadth and limit availability continues to expand Insurers continue to differentiate their offerings with new or enhanced coverage components Breach response coverage continues to increase and expand to meet Insured's needs Insurers continue to build out pre-breach offerings as part of their policy package Increased ransomware activity and business interruption concerns Complexity of breaches has driven an increase in incident response expenses incurred by Insureds Claims and loss data has expanded coverage offerings and improved actuarial data for loss modeling purposes Increasingly punitive legal

and regulatory environment Plaintiffs bar continues to advance proof of damages theories in security / privacy context Open privacy-related litigation can take years to conclude Retentions of all levels are available in the market, but can vary greatly based on industry class, size and unique exposures Adjusting retentions can lead to increased coverage and / or increase flexibility in limits and pricing Depending on loss history and claims experience, pricing has stabilized and is competitive Renewal premiums are commensurate with exposure and breadth of coverage Excess rate environment is competitive Note: This is a general summary and could vary based on client industry and size Aon Risk Solutions | Professional Risk Solutions Proprietary & Confidential 27 Benchmarking Cyber Healthcare 2017 Information Unlike other lines of coverage where metrics are easily transferable (think D&O or property coverage where market cap or property values provide a rating base), E&O, Security, Privacy, and Media Liability coverage are highly specialized and broad data sets cannot be easily compiled. Additionally, decisions and ability to buy a certain E&O limit or retention could be based on one or more contractual requirements, on prioritizing a specialized component of coverage, or on a certain company's perception of its risk. Finally, because the various coverage modules are offered on an a la carte basis, included coverage and premium may vary significantly even for companies of similar revenue size and business operations. Industry:

Healthcare Revenues: $0 - $50B Sample Size: 200+ Limit Retention Primary Price Per Million 1st Quartile $2,000,000 $25,000 $8,721 Median $5,000,000 $100,000 $12,454 3rd Quartile $10,000,000 $250,000 $18,793 Average $12,739,247 $302,823 $15,325 Max $150,000,000

$10,000,000 $98,200 Aon Risk Solutions | Professional Risk Solutions Proprietary & Confidential 28 Cyber Policies Consistently Inconsistent Consider: What is my primary policy First Party coverage trigger? How does this affect excess coverage? Are all coverages subject to a retroactive date? How many retentions apply to my policy? What is the definition of computer system? Does the policy include regulatory fines & penalties and PCI assessments? Are they sublimited or are full limits available? Notable non-standard exclusions: Unencrypted device exclusions Failure to maintain minimum security standards Unsupported technology exclusion Technology wear and tear exclusions Is there appropriate coverage for: System failure is coverage available? Business / network interruption is there an hourly sublimit? Cyber terrorism is there affirmative coverage or silence? Aon Risk Solutions | Professional Risk Solutions Proprietary & Confidential 29 2017 Purchasing Trends by Industry Limit increases at renewal Companies in a number of industries, including financial institutions, hospitality, healthcare, retail, manufacturing, technology, media and transportation, are seeking higher limits options For other industries, many organizations are still evaluating the purchase of Cyber insurance or use of their captive to provide Cyber cover due to regulatory, contract, D&O, benchmarking / loss information and financial statement pressures, among other reasons More new buyers

Manufacturing, critical infrastructure, pharmaceutical / life sciences, industrials & materials / automotive, public sector, energy / power and utilities, higher education, real estate / construction, agribusiness and transportation / logistics industries saw the biggest uptick in new cyber insurance purchases in 2016 Major concern in these industries is business interruption loss and reliance on technology Shifting focus on cyber risk exposures In prior years, organizations primary cyber concern was related to privacy breaches In 2016, more clients across all industries have focused on business interruption coverage, including systems failure cover, cyber extortion and digital asset restoration Cyber insurance cases where courts upheld denial of coverage demonstrate the critical importance of matching customized policy wording to specific insured cyber exposures Aon Risk Solutions | Professional Risk Solutions Proprietary & Confidential 30 Differentiating Our Clients The key to a successful go to market strategy is to differentiate our clients. We do this by executing on the following: Placement strategy discussion Submission creation Coverage priority matrix Underwriting meeting preparation Market meeting or conference call Worldwide market access Aon Risk Solutions | Professional Risk Solutions | Professional Risk Solutions

Proprietary & Confidential 31 Aon Professional Risk Solutions Group Legal & Claims Practice Powerfully relevant and the best in the business Handled Handled 154 789 Cyber claims in 2016 E&O claims in 2016 $474M+ Insurance Recoveries in 2016 rom Cyber and E&O Carriers Dedicated expertise in Cyber and Errors & Omissions claims E&O Filed Claims Totals Since 2011 18 Dedicated Attorneys Claims Advocates 6 37 Assistants Total Staff

Your advocate during the claims process 4,016 Cyber (Total) 361 Media 238 Network Security 192 Security Breach 112 Aon Risk Solutions | Professional Risk Solutions | Professional Risk Solutions Proprietary & Confidential 13 Aon Integrated Legal & Claims Practice CLAIM EVENT PRE-INCEPTION Our Philosophy The Policy Must Perform A fully integrated approach to contract performance is critical. Our legal and claims experts are integrated into the broking team and are involved in both preinception discussions with clients and carriers and claim negotiation. We have resolved over $3.5 billion in claims and have active involvement in an additional $6 billion of pending litigation. Contractual Leverage Aon Risk Solutions | Financial Services Group | Professional Risk Solutions Proprietary & Confidential

Client advocate and advisory role Trend analysis Utilize claims leverage with insurers THE CONTRACT MUST PERFORM Negotiate claims and defense costs resolutions Track insurer performance Manage claims process Business Leverage 33 Monitor regulatory and case law developments Policy language drafting, review, and negotiation Contract Performance Thank You Three Bullets Left Right Source/Footnote: Arial, 8 pt Aon Risk Solutions | Financial Services Group | Professional Risk Solutions Proprietary & Confidential Professional Liability / Cyber Coverage Summary First Party

Breach Event Expenses Triggered by discovery of a privacy incident Reimbursement coverage for the insureds costs to respond to a data privacy or security incident. Policy triggers may vary but typically are based upon discovery of such an event, or a statutory obligation to notify consumers of such an event. Covered expenses can include computer forensics expenses, legal expenses, costs for a public relations firm and related advertising to restore your reputation, consumer notification, and consumer credit monitoring services. First Party Coverage Parts Triggered by a network security failure, unless system failure coverage provided Business Interruption Reimbursement coverage for the insured for actual lost net income caused by a network security failure, as well as associated extra expense. The greater of a dollar amount retention or waiting period retention of between 6 to 12 hours applies (the hour waiting period varies). Dependent Business Interruption Reimbursement coverage for the insured for actual lost income caused by a network security failure of a business on which the insured is dependent, as well as associated extra expense. The greater of a dollar amount retention or waiting period retention of between 8 to 12 hours applies. System Failure Business Interruption Expands coverage trigger for business interruption beyond computer network security failure to include any system failure. Digital Asset Protection Reimbursement coverage for the insured for costs incurred to restore, recollect, or recreate intangible, non-physical assets (software or data) that are corrupted, destroyed or deleted due to a network security failure. Cyber Extortion Triggered by a threat to cause a security failure or privacy breach Reimbursement coverage for the insured for expenses incurred in the investigation of a threat and any extortion payments made to prevent or resolve the threat. Aon Risk Solutions | Financial Services Group | Professional Risk Solutions Proprietary & Confidential Professional Liability / Cyber Coverage Summary Third Party (triggered by a third party demand or suit) Technology Errors and Omissions Liability coverage for defense costs and damages suffered by others resulting from any actual or alleged act, error, or omission committed in the conduct of the performance of a Technology Product or Technology Service. Miscellaneous Professional Liability Liability coverage for damages and defense costs for actual or alleged negligent act, error, omission, breach of duty or misstatement committed or omitted in the performance of your Professional Services as defined in the policy. Media Liability Coverage Liability coverage for defense costs and damages suffered by others for content-based injuries such as libel, slander, defamation, copyright infringement, trademark infringement, or invasion of privacy. The scope of covered media is variable and can range from the insureds website only to all content in any medium. Security Liability Liability coverage for defense costs and damages suffered by others resulting from a failure of computer security, including liability caused

by theft or disclosure of confidential information, unauthorized access, unauthorized use, denial of service attack or transmission of a computer virus. Privacy Liability Liability coverage for defense costs and damages suffered by others for any failure to protect personally identifiable or confidential third-party corporate information, whether or not due to a failure of network security. Coverage may include: unintentional violations of the insureds privacy policy, actions of rogue employees, and alleged wrongful collection of confidential information. Regulatory Proceedings Liability coverage for defense costs for proceedings brought by a governmental agency in connection with a failure to protect private information and/ or a failure of network security. Coverage is typically sub-limited and includes coverage for fines and penalties to the extent insurable by law. Compensatory damages, i.e. amounts the insured is required by a regulator to deposit into a consumer redress fund, may be covered. Payment Card Industry Data Security Standards (PCI-DSS) Coverage for a monetary assessment (including a contractual fine or penalty) from a Payment Card Association (e.g., MasterCard, Visa, American Express) or bank processing payment card transactions (i.e., an Acquiring Bank) in connection with an Insureds non-compliance with PCI Data Security Standards. Aon Risk Solutions | Financial Services Group | Professional Risk Solutions Proprietary & Confidential

Recently Viewed Presentations

  • Practical DSGE modelling

    Practical DSGE modelling

    Arial Times New Roman Wingdings Network Microsoft Equation 3.0 Microsoft Graph Chart Simulation techniques Baseline DSGE model Numerical simulations Stylised facts Recursive simulation Recursive simulation Variances Correlations Autocorrelations Cross-correlations Impulse response functions Impulse response functions Response to vt shock ...
  • Data Intensive Clouds Tools and Applications May 2,

    Data Intensive Clouds Tools and Applications May 2,

    M. Isard, M. Budiu, Y. Yu, A. Birrell, D. Fetterly, Dryad: Distributed data-parallel programs from sequential building blocks, in: ACM SIGOPS Operating Systems Review, ACM Press, 2007, pp. 59-72 ... (Jim Gray on data intensive computing) Research from advance in...
  • Introduction - courses.cs.washington.edu

    Introduction - courses.cs.washington.edu

    Reorder Buffer: register renaming and in-order completion Use of a reorder buffer Reorder buffer = circular queue with head and tail pointers At issue (renaming time), an instruction is assigned an entry at the tail of the reorder buffer (ROB)...
  • How to Lie with Statistics Edward H. Freeman

    How to Lie with Statistics Edward H. Freeman

    He uses statistics as a drunken man uses lampposts ... - "clerks, mechanics, tramps, unemployed alcoholics, barely surviving writers and artists…people of whom it would take half a dozen or more to add up to an income of $25,111." ......
  • Learning from Observations - Donald Bren School of ...

    Learning from Observations - Donald Bren School of ...

    Learning from Observations Chapter 18 Section 1 - 4 Outline Learning agents Inductive learning Nearest Neighbors Learning agents Learning element Design of a learning element is affected by Which components of the performance element are to be learned (e.g. learn...
  • Issues with creating Genome Browsers for Whole Genome

    Issues with creating Genome Browsers for Whole Genome

    Nucleotide sequence in FASTA format. faa. Protein sequence in FASTA format. gbff. GenBank flat file format. gff. General Feature Format Version 3. ... Use EBI SRA to transfer fastq files to Galaxy. Use different approaches to identify repetitive sequences in...
  • Fair and Useful Accountability Data in Grades 2-12

    Fair and Useful Accountability Data in Grades 2-12

    California's Academic Performance Index (API) is too complex a measurement to adequately communicate school progress. ... (ACLE) scores are average scores on a subject matter CST test (e.g., Algebra II) for which the California School Characteristics Index ... Fair and...
  • Issue Y2K The Great War for Talent!

    Issue Y2K The Great War for Talent!

    26.3 "Knowledge becomes obsolete incredibly fast. The continuing professional education of adults is the No. 1 industry in the next 30 years … mostly on line." —Peter Druc