Day 1 - Monday, March 23, 2015

7:10
The Fundamentals of Cyber and Data Risk Coverage
8:00
Main Conference Registration & Continental Breakfast
8:25
Co-Chairs’ Welcome
8:30
Federal Regulatory, Legislative, Enforcement and Investigation Landscape: Changes on the Horizon and Integrating New and Anticipated Initiatives Into Your Practice
10:00
Morning Break
10:05
View from the States: Emerging Regulatory and Enforcement Activities and the Growing Authority of the State AG Offices for Breaches and Failure to Notify
11:45
State of the Market for First- and Third-Party Coverage and Losses: New Underwriting Issues in a Connected World and With Highly Exposed Industries, Today’s Key Considerations for Brokers and Carriers, and
12:55
Networking Lunch for Attendees and Speakers
1:55
Selling and Marketing Cyber Policies for the Small and Middle Markets
3:05
Afternoon Break
3:10
Credit/Debit/Payment Card Security and the Insurability of Large Retailers: Credit Card Exploitation; Security Procedures to Prevent/Mitigate Hacking, Theft, and Security Breaches; Chip and Pin Technology; and Issues Associated with PCI Compliance
4:00
Spotlight on Financial Institution Data Breaches
4:50
Emerging Perils, New Risks and Cyber Crime Eclipsing Terrorism as the Principal Domestic Threat
5:45
Doing Business Abroad: Conflicting Security and Compliance Obligations in and Across Varying Jurisdictions, Trends in International Claims for Cyber Attacks and Breaches, and Market Conditions and Cyber Insurance Product Availability Outside of the U.S.
6:45
Conference Adjourns

Day 2 - Tuesday, March 24, 2015

7:30
Continental Breakfast
8:00
Healthcare Provider/Health Insurer Data Breaches and Liability Implications of a Loss of Protected Health Information: Coverage Issues Including First- and Third-Party Costs, Underwriting Healthcare Companies,
9:15
Morning Break
9:20
Cyber Liability Class Actions & Litigation and Their Impact on Assessing What Breaches and Resulting Claims Are Worth: Latest on Standing; Recovery of Costs for Breach Recovery Efforts and
10:25
The Whole Company Approach: Working With Your IT Department to Safeguard Networks, Data and Information
11:20
A Case Study on the Proper Handling of a High-Profile Breach: From the Time the Company is Aware of the Breach, Implementation of Incident Response Plan/Procedure, Forensic Analysis, Notification and More
12:15
Conference Ends; Lunch for Workshop B Attendees
1:15
Negotiating and Drafting Cyber Risk Provisions and Policies

Day 1 - Monday, March 23, 2015

7:10
The Fundamentals of Cyber and Data Risk Coverage

Suhey Nevarez Esq.
Counsel, Professional Risk – E&O/Cyber
Chubb

T. Thomas Kang CIPP/US
Cyber Product Manager
Hartford Financial Products

Kelli Artin
Vice President Professional, Privacy and Technology Liability
Liberty International Underwriters

David J. Rock Esq.
Assistant Vice President, Errors and Omissions Claims
Allied World Insurance Company

Gregg C. Rentko CPCU, AU, MSIM
Second Vice President, Brokerage-Professional
Western World Insurance

Mario G. Paez RPLU
Vice President Professional Risk Group
Wells Fargo Insurance Services USA, Inc.

  • What is cyber insurance? And why isn’t my current insurance enough?
    • Why traditional insurance policies such as CGL don’t work
    • Why your current property insurance may not cover the direct costs of the data breach
  • How cyber and data risk insurance really works
    • Basics of cyber insurance policies
      • What should they expect to see (first and third party coverages)
      • What common limitations/exclusions are found
  • Understanding the language used in the policies to better communicate to your clients
    • Key provisions to look for (coverage, definitions and exclusions)
  • Overview on guidance from claim to post-breach costs
    • Types of damages a company may face – direct and indirect
    • Differences in costs, loss mitigation, etc. when a plan is in place to handle a breach event versus no plan
  • Answers to your basic coverage questions: Why this coverage is important, even if you are not selling anything over the internet or actively collecting data over the internet
  • Coverage options, claim trends and evaluating risk
  • Pricing and selling and what policyholders should now be looking for in a policy

7:10 a.m. – 8:25 a.m. (registration opens at 7 a.m.)

8:00
Main Conference Registration & Continental Breakfast
8:25
Co-Chairs’ Welcome

Richard J. Bortnick
Senior Counsel
Traub Lieberman Straus & Shrewsberry LLP

Kirstin Simonson CPCU, ARM, AU, ASLI
2VP, Cyber Lead – Global Technology
Travelers Global Technology

8:30
Federal Regulatory, Legislative, Enforcement and Investigation Landscape: Changes on the Horizon and Integrating New and Anticipated Initiatives Into Your Practice

James J. Giszczak
Member
McDonald Hopkins PLC

Wesley L. Hsu
Assistant United States Attorney Chief, Cyber and Intellectual Property Crimes Section
U.S. Attorney’s Office for the Central District of California

Thomas J. Smedinghoff
Partner
Edwards Wildman Palmer LLP

Peter M. Angelini
Assistant Special Agent in Charge
The Federal Bureau of Investigation – Chicago

Matthew A. Parrella
Chief, Computer Hacking/Intellectual Property (CHIP) Unit
United States Attorney’s Office, Northern District of California

Eric Shiffman
Supervisory Special Agent
The Federal Bureau of Investigation – Chicago

Aaron Burstein
Attorney Advisor
Federal Trade Commission

David Glockner
Regional Director, Chicago Regional Office
U.S. Securities and Exchange Commission

  • What should firms be thinking about with respect to cybersecurity and compliance?
  • Plans this year with respect to technology & cybersecurity?
  • When does a public company need to disclose a cybersecurity incident or risk?
  • Impact the Cybersecurity Framework will have on the cybersecurity insurance market
  • Lessons learned from recent data breaches
  • Recent trends in money mule networks
  • How can businesses best work with law enforcement to increase the likelihood of a successful prosecution with regards to criminal computer intrusions?
  • What are the trends you see in enforcement?
  • What steps can future victims take to raise possibility that their case can be successfully investigated and prosecuted by federal law enforcement?
  • Data collection – should the federal government create a data repository of information from insurance companies?

10:00
Morning Break
10:05
View from the States: Emerging Regulatory and Enforcement Activities and the Growing Authority of the State AG Offices for Breaches and Failure to Notify

Patrice Malloy
Chief, Multi-State and Privacy Bureau Sr. Assistant Attorney General
Florida Office of the Attorney General

Nicole R. Beck
Deputy Attorney General
Pennsylvania Office of the Attorney General Bureau of Consumer Protection

Joanne McNabb
Director of Privacy Education and Policy
Office of the Attorney General, California Department of Justice

Joyce Yeager Esq. CIPP/US, CIPM
Assistant Attorney General
Missouri Attorney General’s Office

Matthew F. Fitzsimmons
Assistant Attorney General
Connecticut Attorney General’s Office

Jim Hood
Attorney General
State of Mississippi

Gene Fishel
Sr. Asst. AG
Virginia AG Office

Barbara Anthony
Undersecretary Office of Consumer Affairs and Business Regulation
Commonwealth of Massachusetts

Paul Singer
Deputy Chief - Consumer Protection Division
Office of the Texas Attorney General

Co-Moderators:

Alfred J. Saikali
Partner
Shook, Hardy & Bacon, LLP

Matthew H. Meade
Shareholder
Buchanan Ingersoll Rooney PC

  • Balancing state breach notification requirements with responsibilities arising under other federal and state laws
  • Notification guidelines: how soon a company is required to inform customers of a data breach
  • Civil or criminal penalties for failure to disclose, or for security/privacy failures discovered as a result of disclosing
  • Private right of action: whether this option exists: are plaintiffs succeeding in this area?
  • What kinds of breaches, if any, are exempt from reporting
  • Using insurance effectively to assist with related cost

11:45
State of the Market for First- and Third-Party Coverage and Losses: New Underwriting Issues in a Connected World and With Highly Exposed Industries, Today’s Key Considerations for Brokers and Carriers, and

René L. Siemens
Partner
Covington & Burling LLP

Laura Johnson
Senior Vice President, Underwriting
Hudson Insurance Company

Erica Davis
Vice President Underwriting Manager
Zurich North America, Specialty E&O

Mario G. Paez RPLU
Vice President Professional Risk Group
Wells Fargo Insurance Services USA, Inc.

Becky Swanson
Managing Director, Misc. Professional Lines – E&O, Technology & Cyber
Markel – Product Line Leadership

Moderator:

Harry A. Valetk
Of Counsel
Baker & McKenzie LLP

  • Reviewing the underwriting process – key considerations, policy language, and processes
    • Underwriting application, pricing, auditing
  • Underwriting
    • first party similar to contingent business interruption
    • third party side: computer virus of global nature, denial of services, etc.
  • Key considerations for cyber liability coverage
  • New coverage options and issues including:
    • PCI-DSS
    • Operational risk
    • Reputational harm
    • Business interruption
    • Property damage
  • Trends in language
  • What are the policy provisions that will be litigated on the coverage side?
    • What is the definition of the loss in a policy and does this include statutory liability?
    • Penalties for failure to notify

the Latest on Coverage Arising Out of Sensitive Data Breaches, New Technologies and More

12:55
Networking Lunch for Attendees and Speakers
1:55
Selling and Marketing Cyber Policies for the Small and Middle Markets

Adam Kopcio
Vice President
Endurance Professional

Laura Zaroski J.D.
V.P. Management, Professional & Cyber Liability
Socius Insurance

Eric C. Cernak
Vice President Munich Re US Cyber and Privacy Risk Practice Leader
The Hartford Steam Boiler Inspection and Insurance Company

Arturo Perez-Reyes
Cyber and Technology Leader Senior Vice President
HUB International

Gregg C. Rentko CPCU, AU, MSIM
Second Vice President, Brokerage-Professional
Western World Insurance

Tyler O’Connor
Cyber & Privacy Broker
CRC Insurance Services, Inc.

  • High limit policies for the large market
  • Addressing the significant growth in cyber and privacy endorsement – different ways insurance products offered (cyber stand alone policies v. endorsements)
  • Cyber policies for small business – lower costs, issuing a stand alone v. an endorsement, and considerations for the amount of data at risk
  • Shifting and buying patterns of the cyber product
    • What are the brokers seeing? What products are selling?
    • What are the new products in development? What are the trends in cyber products?

3:05
Afternoon Break
3:10
Credit/Debit/Payment Card Security and the Insurability of Large Retailers: Credit Card Exploitation; Security Procedures to Prevent/Mitigate Hacking, Theft, and Security Breaches; Chip and Pin Technology; and Issues Associated with PCI Compliance

Michael Carr ARM
Senior Vice President, E&O Underwriting
Argo Pro

Matthew Prevost RPLU
Vice President, Professional Risk
ACE USA

Christopher Novak
Global Managing Principal, Investigative Response
Verizon RISK Team

  • Point of sale exposure for companies that accept credit cards (Target, Home Depot, etc)
  • How are the major credit card brands dealing with increased fraud?
  • How are payment processing companies dealing with fraud and managing relationship with merchants?
  • Role of the credit card brand and role of the merchant
  • PCI-DSS: implementing security procedures to reduce/prevent/mitigate hacking, theft, security breaches
  • Threats with new chip and pin technology

4:00
Spotlight on Financial Institution Data Breaches

George N. Allport
Vice President & Financial Fidelity Product Manager
Chubb Group of Insurance Companies

Christopher Liu
Head Cyber Specialist – Financial Institutions
AIG

Carl E. Metzger
Partner
Goodwin Procter LLP

  • How cyber policies interact with the actual theft of money
  • Partnership with crime underwriters
  • Risk management issues

4:50
Emerging Perils, New Risks and Cyber Crime Eclipsing Terrorism as the Principal Domestic Threat

Kirstin Simonson CPCU, ARM, AU, ASLI
2VP, Cyber Lead – Global Technology
Travelers Global Technology

Lance Albright
Vice President Claims Relationship Management
QBE North America

John S. Wurzler
President
OneBeacon Technology Insurance

Elizabeth Rogers
Shareholder
Greenberg Traurig, LLP

  • New threats and what clients need to anticipate
  • Corporate espionage and theft of intellectual property
  • Employee hack-backs and sextortion
  • Ransomware and the growing cyber component to traditional crimes
  • Phishing and Spear Phishing; “Doxing” and “Swatting”; DDoS

5:45
Doing Business Abroad: Conflicting Security and Compliance Obligations in and Across Varying Jurisdictions, Trends in International Claims for Cyber Attacks and Breaches, and Market Conditions and Cyber Insurance Product Availability Outside of the U.S.

Marcello Antonucci
Claims Manager
Beazley

Norma M. Krayem
Principal Global Co-Chair, Data Protection and Cybersecurity
Squire Patton Boggs (US) LLP

Robert A. Parisi Jr.
Managing Director
Marsh FINPRO

Dawn Simmons
National Practice Leader for Cyber | Professional Risk Division
Crum & Forster

  • Globalization and implications for data privacy & security
  • Impact of the Snowden revelations abroad
  • Overview of privacy regulation in key foreign markets
  • Existing EU data protection regime
  • Draft EU Regulation – status
  • Expanded extraterritorial effect and increased fines
  • New privacy rights and damage claims
  • New data breach notification obligations
  • Anatomy of a data breach affecting multiple jurisdictions
  • Special concerns regarding compliance and liability for companies with overseas operations
  • Managing multinational data breach incident response
  • Geographic scope of cyber coverage for US-based companies
  • Availability of cyber insurance policies outside the US
  • Forecast for first & third-party cyber risk coverage abroad

6:45
Conference Adjourns

Day 2 - Tuesday, March 24, 2015

7:30
Continental Breakfast
8:00
Healthcare Provider/Health Insurer Data Breaches and Liability Implications of a Loss of Protected Health Information: Coverage Issues Including First- and Third-Party Costs, Underwriting Healthcare Companies,

Meghan M. Hannes
Vice President
AXIS Insurance

David J. Rock Esq.
Assistant Vice President, Errors and Omissions Claims
Allied World Insurance Company

Kelli Artin
Vice President Professional, Privacy and Technology Liability
Liberty International Underwriters

Brian J. Dusek
Partner
McCullough, Campbell & Lane LLP

Marc S. Voses
Partner, Co-Chair of KDV’s Data Privacy Liability and Technology Services Practice Group
Kaufman Dolowich & Voluck, LLP

Moderator:

Stuart A. Panensky
Partner
Traub Lieberman Straus & Shrewsberry LLP

  • Regulatory issues: Common HIPAA, HITECH compliance issues, HHS HIPAA compliance resources, OCR Enforcement Update
  • How to safeguard PHI depending on how it is maintained: Hardcopy records v. mobile records (e.g., mobile storage device) v. server v. cloud, The importance of encryption
  • Insurance coverage available: Cyber/privacy v. CGL v. professional liability
  • Preparing for a breach: Who is your breach response team?
  • Have you run mock data breach response scenarios?
  • Vendor indemnification issues: What is the value of contractual indemnification? Can you be named as an additional insured?
  • Post-breach management: How will a breach affect your reputation? Recovering lost information

Healthcare Provider Purchase of Data Breach Coverage, and the Latest Activity by OCR, State AGs and the Plaintiffs’ Bar

9:15
Morning Break
9:20
Cyber Liability Class Actions & Litigation and Their Impact on Assessing What Breaches and Resulting Claims Are Worth: Latest on Standing; Recovery of Costs for Breach Recovery Efforts and

David T. Vanalek
Claims Manager, Global Management Liability
Markel Corp.

Salvatore Sama
Head Professional Underwriting Desk
Swiss Re

Cathleen Kelly Rebar
Partner
Stewart Bernstiel Rebar Smith

David J. Shannon Esq.
Chair, Privacy and Data Security Practice Group
Marshall Dennehey Warner Coleman & Goggin

James H. Kallianis Jr.
Partner
Hinshaw & Culbertson LLP

  • Latest plaintiff theories and laws advanced in cyber filings
  • How to use recent cases and class action claims to assess breaches and resulting claims are worth
  • FTC actions
  • Class action trends
    • What defense strategies worked in class actions and how were class actions defeated?
    • What are the specific strategies used in particular to data breach class actions?
  • Lawsuits involving credit/payment card security and unencrypted files

Coverage for Costs to Investigate/Defend/ Settle Fines and Penalties; Shareholder Derivative Actions for Cybersecurity Preparedness; Unfair or Deceptive Action Allegations;​ and Suits Against Vendors for Inadequate Cyber Insurance

10:25
The Whole Company Approach: Working With Your IT Department to Safeguard Networks, Data and Information

Ronald I. Raether
Partner
Troutman Sanders LLP

Kevin C. Boyle
Partner
Latham & Watkins LLP

Additional speaker to be announced
Please check AmericanConference.com/CyberRisk for this and other exciting speakers being added

  • Ensuring that you have senior support & authority to implement necessary policies, procedures & safeguards
  • Implementing the whole-company approach to cyber security and prevention of data attacks
  • Sharing the responsibility for cyber security (not just IT)
  • Best practices for blocking cyber attacks, mitigating harms and recovering from a data breach

11:20
A Case Study on the Proper Handling of a High-Profile Breach: From the Time the Company is Aware of the Breach, Implementation of Incident Response Plan/Procedure, Forensic Analysis, Notification and More

Richard J. Sheridan
Vice President – Claims
AXIS Pro

David J. Molitano
Senior Vice President
OneBeacon Technology Insurance

Richard J. Bortnick
Senior Counsel
Traub Lieberman Straus & Shrewsberry LLP

  • What we can learn from high profile breaches
  • What action to take as soon you are aware of breach
  • What is the incident response plan/procedure?
  • Forensic analysis
  • What role does the carrier/broker play in the incident response?
  • Notification

12:15
Conference Ends; Lunch for Workshop B Attendees
1:15
Negotiating and Drafting Cyber Risk Provisions and Policies

Robert A. Parisi Jr.
Managing Director
Marsh FINPRO

Arturo Perez-Reyes
Cyber and Technology Leader Senior Vice President
HUB International

James J. Giszczak
Member
McDonald Hopkins PLC

  • Determining the scope of coverage: 1st v. 3rd party coverage and loss
  • Trigger for 1st party and 3rd party notification and loss
  • Claims made and reported for privacy and information breaches
  • Detecting – and clarifying uncertainties in the contract language
  • Defining key terms: which are most problematic later
  • Key clauses and considerations
  • Significant exclusions – and how to word them
  • Using clear language that addresses unusual or high risk situations and avoiding ambiguity
  • Manuscript policy/customization/interpretive letters: appropriate use

​1:15 p.m.–3:15 p.m. (registration opens at 12:50 p.m.)