Cyber Insurance for Irish Asset Management (Ireland)
CURRENT SITUATION – IRELAND
- Online crime rates in Ireland doubled in 2014.
- The Irish Government’s Draft National Risk Assessment 2015 named cyber-security as one of the potential risks for Ireland in 2015.
- The Data Protection Commissioner in Ireland (DPC) has issued a Code of Practice for dealing with Personal Data Security Breach. The Code recommends (except in cases of telcos and ISPs, where it requires) that all incidents in which personal data has been put at risk be reported to the DPC as soon as the data controller becomes aware of the incident. Anyone affected by the incident should also be notified.
- Regulators, particularly in the financial services industry, are increasingly asking whether organizations are ‘cyber-attack’ ready.
- The Central Bank recently commenced cyber-security inspections as part of its enforcement priorities for 2015. Organizations subject to inspection will face questions about their cyber-security risk assessment, business continuity plan, insurance, network controls and so on.
CENTRAL BANK OF IRELAND
- The CBI identified cyber security as one of its key thematic review inspection areas for the 2015 annual term.
- In September of 2015, the CBI issued a review of the management and operation risk around cyber-security with the Investment Firm and Fund Services Industry.
- This document provided a best practice guide addressed specifically to Investment Firms, Fund Service Providers & Stockbrokers.
- The CBI intends to review the resilience of firms’ IT systems in 2016 as referenced in a speech by Philip Lane, Governor of the CBI, in a speech given in Dublin on January 22nd, 2016.
- The CBI is likely to focus on the September 2015 best practice recommendation document which advises for the appointment of a dedicated Chief Information Officer (or equivalent position) and periodic penetration testing of IT systems on an annual basis.
WRC IRELAND CYBER SOLUTION
- Target market will be Investment Firms, Fund Service Providers and Stockbrokers who are regulated by the CBI.
- This product will include a 3 step process:
Step 1 will be a Cyber Insurance policy providing market competitive coverage.
1. First party cover includes:
· Loss or corruption of data through network security breach, unauthorized use of the computer system, computer virus, human error, or accidental damage or destruction of data media
· Business income and extra expense cover, which helps a company to survive the impact of loss of business income through a failure in the computer systems.
· Crisis management and notification costs, with coverage including the cost of hiring expert assistance to mitigate the effect of the incident - and the costs of notifying relevant parties in the event of a data breach.
2. Third party cover includes costs liable to pay to others as a result of trading electronically or of storing or using data electronically, including:
· Damages or costs incurred through disparagement, plagiarism or infringement perpetrated through computer systems or websites
· Liabilities from breach of privacy or confidentiality
· Transmission of virus or a denial of service attack
Step 2 will be a Compliance Assessment including a Penetration Test as administered by Coalfire Systems.
Step 3 will be an the issuance of enhancement endorsement providing specifically tailored coverages not available elsewhere in the market.