Cyber Security. Activities of an national insurance association based on the example of VVO

Transcription

1 Cyber Security Activities of an national insurance association based on the example of VVO Michael Brandstetter EU and International Affairs Austrian Insurance Association (VVO) IIF Insurance in the Digital World Conference Vienna 14 November 2017

2 Digitalisation and insurance Erxamples of relevant topics / discussions Competition Fragmented value chain Cost savings Blockchain Bitcoin Big data Google Peer2Peer Insurance Crouwdinsurance Digital identification / signature Omni-channel experience Online sales Comparison websites Fraud detection Data protection Data security Cyber security Ethics Insurance community Indvidual risk Autonomous driving Pay as / how you drive Etc. Claims handeling and assistance Ownership of data (my car my data!) Drones Smart home Internet of things Chronical disease management Monitoring individual health New coverage Exclusion of risks and people 24/7 availability of services Effects on employment Social fragmentation Technological neutral legislation Level playing field Consumer protection

3 Agenda 1. Cyber security and Austria 2. Activities on EU-level 3

4 Cyber security: Dimensions for insurers (1) Awareness raising Increase in cyber attacks (global damage 261 bn Euro) Information campaigns Insurers work with governments (e.g. critical infrastructures) Prevention Internal (insurers are potential target) and external (clients) dimension Help clients to achieve highest possible level of cyber resiliance Certfication Risk management practices (e.g. risk audits) 4

5 Cyber security: Dimensions for insurers (2) Cyber insurance product Risk transfer mechanism Hotline and service Business disruption, data asset protection, cyber fraud, theft of intellectual property, third party liability 5

6 Cyber insurance product First party losses Business interruption Data asset protection Cyber fraud Theft on intellectual property Third party losses Privacy liability Network security liability Stand alone product and included in traditional policies Individual choice of companies to measure risks 6

7 Challenges for insurance companies Lack of available data on cyber incidents Lack of awareness of the importance of cyber security 7

8 Cyber security in Austria Implementation of EU Network Information Security Directive (NIS) until May 2018 Cyber security platform (cooperation between public institutions and business community) Cybercrime-Competence-Center of Ministry of Interior Suplier of aircraft manufaturers FACC: CEO fraud with 50 Mio. Euro damage 8

9 Cyber security in Austria: Numbers 2016: complaints (+30%) 2016: appx. 1 Mio. victims of cyber crime Fastast growing complaints: damage of data, functionning of IT-systems, hacker attacks, cybermobbing New dimension: 72% of victims suffer phsychological damages (mobbing, theft of identity) Financial loss due to theft of identity: 1,200 Euro / person Financial loss due to internet fraud: 480 Euro / person Businesses (SMEs) increasingly target No.1 9

10 10

11 Survey among Austrian enterprises (n=84) 92%...cyber security no hype but daily reality 49%...already victim 60%...cannot measure consequences of cyber attacks 16%...belive to have sufficiently protected their assets 71%...believe not being able to avoid cyber attacks 18%...can react effectively to cyber attacks 45%...no specialized cyber security employees 11

12 VVO s activities (1) Working group Cyber Development of non-binding sample insurance terms and conditions Risk questionnaire Possible assistance services to cyber insurance product Access to statistics Cooperation with German Insurance Association (GDV) D-A-CH cooperation on prevention, risk management and claims assistance 12

13 VVO s activities (2) Awareness raising and prevention Cooperation with experts from the Austrian Road Safety Board (Kuratoriunm für Verkehrssicherheit KFV) to map cyber crime in Austria Press conference in March 2017 Recommendationas on measures individuals can take to protect themselves against cyber attacks 13

14 VVO s activities (3) Awareness raising and prevention Cooperation with Austrian Federal Economic Chamber (WKO) Roadshow in all Austrian provinces to raise awareness Online test and check lists for SMEs on level of ITsecurity IT-security handbook 14

15 Agenda 1. Cyber security and Austria 2. Activities on EU-level 15

16 Activities on EU level (1) Insurance Europe: Internal Working Group and several activities October 2017 Cyber security month Awareness raising Event of Insurance Europe on 18 October 2017 Events accross the EU 16

17 Activities on EU-level (2) Review of EU-Cyber Security Strategy (presented in September 2017 by EC) Network Information Security Directive (NIS): security standards Cyber security standards: EC will develop certification initiatives until end of 2017 Implementation of General Data Protection Regulation (GDPR) as of May 2018 European Network Information Security Agency (ENISA) Stakeholder workshops (incl. Insurance Europe) Study on Cyber insurance (presented in October 2017) EU wide crisis trainings (every 2 years) 17

18 W W W. V V O. AT