2018

Lunch & Registration

Opening Remarks

Data Breach: Still the Goliath

There are lots of shiny new threats out there, with the possibility to trip us up – but don’t forget that privacy and network security are still the main types of loss under cyber insurance policies. Using data from Advisen on cyber loss trends and recent event examples, the panel will explore the magnitude of a data breach event and ask how this has changed in the past year. Panelists will also ask if recent high-profile data breaches will result in increased demand for insurance.

• Aloysius Tan, Product Manager, Advisen (Moderator)
• Michael Bruemmer, Vice President, Data Breach Resolution Group, Experian
• Kirsten Mickelson, Claims Counsel, Hiscox USA
• David Navetta, Partner, Cooley LLP

The Cost to Reputation

Reputation is cited as a major concern for organizations when they suffer a data breach. How impactful is reputational damage to a business? How do you prove that you suffered a loss? This session will look at stock valuation, customer exodus and derivative lawsuits as a basis for establishing reputational harm. The panel will also touch on what insurance cover is available.

• Lauri Floresca, Partner and SVP, Woodruff-Sawyer & Co. (Moderator)
• G. Scott Solomon, Vice President, Charles River Associates
• Elissa Doroff, Vice President, XL Catlin

Afternoon Break

GDPR: All You Need to Know

This session will focus on the obligations of GDPR for international companies: What do you need to know about the legislation? How do you ensure compliance? What new roles do you need to create in your organization?

• Cinthia Motley, Member, Dykema (Moderator)
• Jon Adams, Senior Privacy Counsel, LinkedIn Corporation
• Emy R. Donavan, Global Head and CUO, Tech PI and Cyber, Allianz
• Pascal Millaire, VP & GM, Symantec

Regulation Update

This update will describe the US cyber regulation and litigation landscape and ask how to apply best practices in your organization.

The session includes a discussion on the Equifax loss; How the ruling on Spokeo might change the magnitude of loss and the impact of the DFS ruling in New York in 2017.

This session will also explore how ‘compliance does not equal security’. How do you avoid regulatory ‘box-ticking’ and strive to best protect your business from attack.

• Mark Mao, Partner, Troutman Sanders (Moderator)
• Lara Forde, Vice President, Risk Management, ePlace Solutions
• F. Paul Greene, Chair, Privacy and Data Security Practice Group, Harter Secrest & Emery LLP

Creating the Right Culture: Beyond Technology

Cybersecurity is still considered largely an IT issue in many organizations. To effectively manage cyber risk, it’s important to look beyond technology and towards corporate culture and closing skills and talent gaps that can create vulnerabilities in IT/cyber departments.

This session will address the importance of human capital in your cybersecurity response: how can employee training, creating a cyber-aware culture, employee engagement and finding talent enhance your cybersecurity posture?

Using live examples, this session will offer practical guidance on risk managers can work with HR professionals and CISOs to implement human capital solutions most effectively in your cyber strategy.

• Jeremy Barnett, Senior Vice President, NAS Insurance Services (Moderator)
• Jim Goddard, VP, Chief Information Security Officer, Kaiser Permanente
• Tracey Malcolm, Global Future of Work Leader, Willis Towers Watson
• Denise Stokowski, VP, Solutions – Product Management and Security, Gainsight

Closing Remarks & Reception

Breakfast & Registration

Welcoming Remarks

Opening Remarks by our 2018 Conference Chair

• Maeve Slattery, Director, Head of Global Insurance, eBay Inc.

Keynote Address

• Suzanne Spaulding, Senior Advisor, Homeland Security, Center for Strategic and International Studies

The Buyer’s Perspective

Hear from a panel of senior risk managers to learn about risk strategy and their interaction with the insurance market.

• Christiaan Durdaller, Executive Vice President / Cyber & Tech Team Lead, INSUREtrust (Moderator)
• Katherine Fithen, Managing Principal Consultant, Secureworks
• Jimmy Kirtland, VP, Voya Financial
• David Little, Senior Vice President, Global Risk Management, Las Vegas Sands Corp.

Morning Break

Recent Events: Charting the Physical Shift

This session will outline what happened in 2017 from a threat perspective, describing events such as Reaper, Petya/Not Petya and WannaCry. What happened? How did the events unfold and what’s new about them from a threat point of view? Panelists will discuss how the cyber threat landscape has changed and what types of incidents we should be expecting in the future.

• Prashant Pai, Vice President, Cyber Strategy, Verisk Analytics (Moderator)
• Adam DeMonaco, Senior Director, Kivu Consulting, Inc
• Renee Guttmann-Stark, Board of Directors, Hillside Inc.
• Daron Hartvigsen, Managing Director, Ankura

Malware: Out of Control?

Weaponized malware has created a new set of threats that we are just beginning to understand. While WannaCry and its brethren have had a limited impact, this could have unfolded differently. This session will address the growth of malware as a weapon in cyber crime and ask how it could manifest in future events.

• Florence Levy, Cyber Insurance Adviser (Moderator)
• Kevin Kirst, Principal, Charles River Associates
• Nir Perry, CEO & Founder, Cyberwrite

The Digital Ecosystem: Managing your Supply Chain

In today’s digital age, your supply chain is extremely vulnerable to cyber disruption – and an attack on one of your partners can have devastating effects on your ability to continue to trade. How do you manage your partners, suppliers and service providers? How will your insurance policy respond to a loss? Can you get insurance payout directly from your suppliers?

• Susan Young, Senior Vice President, Marsh (Moderator)
• Kirsten Bay, Chairman, President and CEO, Cyber adAPT
• Michael Phillips, Claims Manager, Beazley

Conference Luncheon

Successful Recovery: Follow the Decision Tree

This session will focus on the first 3-4 critical decisions after an incident that caused business interruption. How can things go well and how can they get off track?

This session will look at what makes a good response to a non-data breach event and how you can change the course of events to manage a more successful response.

Panelists will discuss pre-and post-breach actions, and the importance of getting the right people involved at the right time.

• Kimberly Holmes, Vice President, Health Care, Cyber Liability & Emerging Risks, TDC Specialty Underwriters (Moderator)
  
• Keith Fricke, Partner, Principal Consultant, tw-Security
• Jay Kramer, Partner, Lewis Brisbois Bisgaard & Smith LLP
• Anahi Santiago, Chief Information Security Officer, Christiana Care Health System

Total Cost of a Claim: How to Make the Most of your Recovery

As a buyer, how do you maximize recovery from a non-data breach event? This session will explore how to put together a proof of loss. The session will discuss the role of forensic accountants, and how to measure BI/CBI losses, including the different approaches to waiting periods and time-element claims.

• John J. Soughan, Principal, Dulles Cyber Advisors (Moderator)
• Yelitza Dunham, Partner, Winston & Strawn LLP
• Joe Scarlato, Partner, HSNO

Afternoon Break

Where does Cover Belong? Cyber Gaps and Overlaps

This session will consider the insurance market dynamics for cyber-related physical risks such as business interruption. For any individual risk, what cover is available – including business interruption, third party lawsuits and systems failure – and where?
Panelists will discuss current ambiguity over property covers for cyber-related risks and address possible solutions to clarifying available cover for buyers.

• Garrett Koehn, Regional Director, Western US, CRC Insurance Group (Moderator)
• Cherie Dawson, Cyber Product Leader, AIG
• Nick Graf, Consulting Director of Information Security, CNA
• Shiraz Saeed, National Practice Leader Cyber Risk, Starr Companies

The Cyber Hurricane

As cyber events take different forms and impact business more broadly, insurers are increasingly concerned about the potential impact of a single event that could lead to thousands of simultaneous losses across their portfolios. How are insurers addressing aggregation? This session will give insight into how carriers and reinsurers trying to understand and underwrite to cyber exposure. What is ‘silent cyber’ and what impact might it have on the availability of cyber insurance? Panelists will discuss how the insurance industry is responding to the potential of a ‘cyber hurricane’, looking at capacity, new sources of capital and reinsurance.

• Catherine Mulligan, Managing Director, Head of Cyber, AON Benfield (Moderator)
• Steven Anderson, Vice President, Product Executive – Privacy & Network Security Specialty Insurance, QBE
• Kara Owens, Global Head of Cyber Risk, TransRe
• Scott Stransky, Assistant Vice President & Principal Scientist, AIR Worldwide

Closing Remarks & Reception