SlideShare a Scribd company logo

INFOSEK 2016 Slovenia - Cyber Risk Insurance - Scenario and Evaluation

Luca Moroni ✔✔
Luca Moroni ✔✔

Too many incidents related to "ransomware" in North East of Itally. Companies needs to understand how to protect themselves and ensure continued access to the digital data. The damage of a cyber incidents exceed the threshold of US $ 25mil. Safe rating of Intangible Assets of a company need enhancement of the cyber risks insurance market. But a weak competence require clarification on this topic. The research intent was to identify the real risks and digital vulnerabilities in companies. We have done an evaluation of typical insurance products on IT risk and we have made a CIO/CISO Survey. The final scope was a guideline for approacing the problem of outsourcing Cyber ​​Risk Protection.

Technology
1 of 24
Vaš partner za varovanje informacij Kliknite, če želite urediti slog Cybersecurity Risk Insurance Luca Moroni – Via Virtuosa INFOSEK 2016 - Nova Goriza – 1/12/2016
ISACA VENICE research team coordinator ✔ Research n.1: Vulnerability and Penetration Test. User’s guidelines about third party penetration test. 
 ✔ Research n.5: Cyber Security Awareness of N/E Italian Critical Infrastructures: Scenarios and Guidelines for self-assessment Member of ISACA VENICE Chapter Translation team ✔ Securing Mobile Devices – ITA Research team coordinator Cybersecurity Risk Insurance Geaduation in Computer Science (1989. Milan), CISA e ITIL V3 certified and other tech certifications Focused on Cybersecurity since 2000 and lecturer in some seminars about this topic Founder of the innovative company Via Virtuosa, which focuses on scouting and promotion of expertises in Cybersecurity and IT governance in NE of Italy. Luca Moroni Who am I
Cesare Burei and Debora Casalini – Margas Srl Ettore Guarnaccia - Banca Popolare di Vicenza Spa Marco Cozzi – Hypo Alpe Bank Spa Andrea Cobelli – Azienda Trasporti Verona Srl Luigi Gregori – Cogitoweb Srl Thanks to a great team in this Research
Cyber Incident = Loss of Money
Cyber Risk Allianz Risk Barometer 2016
Cyber Risk Zone Level The Global Risks Report 2016 11th Edition by the World Economic Forum
• Understand CIO awareness of cyber insurance • Scenario analysis of cyber exposure • For what is a Cyber Insurance useful • Italian market of cyber insurance • CIO testimonials with 3 business cases • Q&A between CIO and Cyber Insurer • Suggest rules for Cyber Insurance requests White Paper objectives … having a Risk Management Approach…
Cyber insurance is a single policy or a group of insurance policies that should cover residual Cyber & Cyber related risks What is a Cyber Risk Insurance Cyber Insurance: Recent Advances, Good Practices and Challenges ENISA November 2016
I know about new dangerous problems! I Have a full portfolio of new products! MORE INTERESTED IN CYBERSECURITY MORE INTERESTED IN COUNTER RESIDUAL RISK Paul Steven Comunication protocol: Insurer vs CIO PROBLEM!
Yes No Did you ever asked, if existing policies are covering/excluding cyber risks? White Paper 2016 Via Virtuosa Srls COPYRIGHT protected Cybersecurity Risk Insurance Survey on 63 companies
Who is asking you to provide Cybersecurity? White Paper 2016 Via Virtuosa Srls COPYRIGHT protected Cybersecurity Risk Insurance Survey on 63 companies
Yes No Have you registered cyber incidents involving your organization in the last five years? White Paper 2016 Via Virtuosa Srls COPYRIGHT protected Cybersecurity Risk Insurance Survey on 63 companies
Cause of Loss Cyber Insurance: Recent Advances, Good Practices and Challenges ENISA November 2016
Adopting standards and measures Check Controls 27002:2013 About 90% of vulnerabilities highlighted in a Gap Analysis 27001 are not residual risk
Cyber Risk Exposure in NE of Italy Sample of 70 Companies ranked using “Determining Your Organization’s Information Risk Assessment and Management” – ENISA Methodology Impact Probabilityof occurrence avoid the risk 30%
Ask me only about ICT please. I’m not CISO or a RM Start assessing your situation Paul Steven What's the state of the art ? 1. Dedicated Resources 2. Policies and Procedures 3. Employee Awareness 4. Incident Response 5. Security Measures 6. Vendor Management 7. Board Oversight Cyber Insurance: Recent Advances, Good Practices and Challenges ENISA November 2016
I analyse and know the problems together with the cyber risk owners You know your situation. GREAT! Paul Steven What's the state of the art 1. Dedicated Resources 2. Policies and Procedures 3. Employee Awareness 4. Incident Response 5. Security Measures 6. Vendor Management 7. Board Oversight Cyber Insurance: Recent Advances, Good Practices and Challenges ENISA November 2016
How is your situation. Ask me your question. Let me try to explain Cesare Andrea Business Case Ettore Marco 18 Questions answered
How and what you can cover? The Insurable risks Damages Business Interruption Costs Third Party requests Paul Steven Some questions
IT theft means any kind of intrusion from any third party into the company IT system, which will bring to the fraudulent and non authorized removal or alteration of data contained in the company IT system itself. Loss from IT theft means the founds illegitimately or erroneously paid by the insured as a direct consequence of an IT theft that are not retrievable or - even though they are juridically retrievable - cannot be retrieved because of an insolvency of the recipient, an impossibility of an effective operation or any other similar reason. Un example of real coverage
Expertise Cyber Insurance: Recent Advances, Good Practices and Challenges ENISA November 2016
Security is not an investment that provides profit but loss prevention • First step is understand the situation • Define a protocols for measure, mitigate and manage cyber risk • About 10% of vulnerabilities highlighted in a Cyber Security Gap Analysis are residual risk • Some critical sectors (eg. Banks) are mature for Cyber Insurance •Also SMB needs to have a financial parachute •Manage Cybersecurity Life cycle reduces residual risk Conclusions
Questions?
Thanks! l.moroni@viavirtuosa.it

Recommended

Infosek Luca Moroni Nova Gorica (SLO)
Infosek Luca Moroni Nova Gorica (SLO)Infosek Luca Moroni Nova Gorica (SLO)
Infosek Luca Moroni Nova Gorica (SLO)
Luca_Moroni
 
SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
South Tyrol Free Software Conference
 
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
Luca Moroni ✔✔
 
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Luca Moroni ✔✔
 
Presentazione Security Challenga 12/9/16 Bologna
Presentazione Security Challenga 12/9/16 BolognaPresentazione Security Challenga 12/9/16 Bologna
Presentazione Security Challenga 12/9/16 Bologna
Luca Moroni ✔✔
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
PECB
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB
 
Turgay dereli 283286 software eng. ass 2-
Turgay dereli 283286 software eng. ass 2-Turgay dereli 283286 software eng. ass 2-
Turgay dereli 283286 software eng. ass 2-
Turgay Dereli
 

Recommended

Infosek Luca Moroni Nova Gorica (SLO)
Infosek Luca Moroni Nova Gorica (SLO)Infosek Luca Moroni Nova Gorica (SLO)
Infosek Luca Moroni Nova Gorica (SLO)
Luca_Moroni
 
SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
SFScon17 - Luca Moroni: "Outsourcing Cyber Risks"
South Tyrol Free Software Conference
 
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - LubianaISACA SLOVENIA CHAPTER October 2016 - Lubiana
ISACA SLOVENIA CHAPTER October 2016 - Lubiana
Luca Moroni ✔✔
 
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Cyber Security Awareness of Critical Infrastructures in North East of Italy S...
Luca Moroni ✔✔
 
Presentazione Security Challenga 12/9/16 Bologna
Presentazione Security Challenga 12/9/16 BolognaPresentazione Security Challenga 12/9/16 Bologna
Presentazione Security Challenga 12/9/16 Bologna
Luca Moroni ✔✔
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
PECB
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB
 
Turgay dereli 283286 software eng. ass 2-
Turgay dereli 283286 software eng. ass 2-Turgay dereli 283286 software eng. ass 2-
Turgay dereli 283286 software eng. ass 2-
Turgay Dereli
 
Embracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud ComputingEmbracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud Computing
PECB
 
Smart Cities – The Security Aspects
Smart Cities – The Security AspectsSmart Cities – The Security Aspects
Smart Cities – The Security Aspects
PECB
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
PECB
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
Mart Rovers
 
netwealth and Sense Of Security webinar: What you need to know about cyber se...
netwealth and Sense Of Security webinar: What you need to know about cyber se...netwealth and Sense Of Security webinar: What you need to know about cyber se...
netwealth and Sense Of Security webinar: What you need to know about cyber se...
netwealthInvest
 
Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017
japijapi
 
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_aprSarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015
Hildebrand Technology
 
Enisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of thingsEnisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of things
najascj
 
ITrust Company Overview EN
ITrust Company Overview ENITrust Company Overview EN
ITrust Company Overview EN
ITrust - Cybersecurity as a Service
 
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και ΝαυτιλίαMaritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Papadakis K.-Cyber-Information Warfare Analyst & Cyber Defense/Security Consultant-Hellenic MoD
 
Ivanti Insights Podcast - FireEye Breach
Ivanti Insights Podcast - FireEye BreachIvanti Insights Podcast - FireEye Breach
Ivanti Insights Podcast - FireEye Breach
Ivanti
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
PECB
 
Cy Cops Company Presentation
Cy Cops Company PresentationCy Cops Company Presentation
Cy Cops Company Presentation
ChaitanyaS
 
Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)
Ollie Whitehouse
 
Challenges of doing security in uncharted territory
Challenges of doing security in uncharted territoryChallenges of doing security in uncharted territory
Challenges of doing security in uncharted territory
PECB
 
Web applications: How Penetration Tests can improve your Risk Assessment
Web applications: How Penetration Tests can improve your Risk AssessmentWeb applications: How Penetration Tests can improve your Risk Assessment
Web applications: How Penetration Tests can improve your Risk Assessment
PECB
 
DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)
DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)
DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)
Andris Soroka
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
Southern Cross Group Services
 
Showreel ICSA Technology Conference
Showreel ICSA Technology ConferenceShowreel ICSA Technology Conference
Showreel ICSA Technology Conference
Institute of Chartered Secretaries and Administrators
 
Metrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in CommunicationMetrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in Communication
Chris Ross
 

More Related Content

What's hot

Embracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud ComputingEmbracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud Computing
PECB
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
PECB
 
Enisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of thingsEnisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of things
najascj
 
Web applications: How Penetration Tests can improve your Risk Assessment
Web applications: How Penetration Tests can improve your Risk AssessmentWeb applications: How Penetration Tests can improve your Risk Assessment
Web applications: How Penetration Tests can improve your Risk Assessment
PECB
 

What's hot (20)

Embracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud ComputingEmbracing Cybersecurity on Cloud Computing
Embracing Cybersecurity on Cloud Computing
 
Smart Cities – The Security Aspects
Smart Cities – The Security AspectsSmart Cities – The Security Aspects
Smart Cities – The Security Aspects
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
The difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information SecurityThe difference between Cybersecurity and Information Security
The difference between Cybersecurity and Information Security
 
Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
 
netwealth and Sense Of Security webinar: What you need to know about cyber se...
netwealth and Sense Of Security webinar: What you need to know about cyber se...netwealth and Sense Of Security webinar: What you need to know about cyber se...
netwealth and Sense Of Security webinar: What you need to know about cyber se...
 
Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017
 
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_aprSarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
Sarwono sutikno its 17 maret 2016 dari public-isaca csx-update-18_apr
 
IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015IoT: Security & Privacy at IGNITE 2015
IoT: Security & Privacy at IGNITE 2015
 
Enisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of thingsEnisa report guidelines for securing the internet of things
Enisa report guidelines for securing the internet of things
 
ITrust Company Overview EN
ITrust Company Overview ENITrust Company Overview EN
ITrust Company Overview EN
 
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και ΝαυτιλίαMaritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
Maritime Cyber Security-Κυβερνοασφάλεια και Ναυτιλία
 
Ivanti Insights Podcast - FireEye Breach
Ivanti Insights Podcast - FireEye BreachIvanti Insights Podcast - FireEye Breach
Ivanti Insights Podcast - FireEye Breach
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
 
Cy Cops Company Presentation
Cy Cops Company PresentationCy Cops Company Presentation
Cy Cops Company Presentation
 
Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)Securing your supply chain & vicarious liability (cyber security)
Securing your supply chain & vicarious liability (cyber security)
 
Challenges of doing security in uncharted territory
Challenges of doing security in uncharted territoryChallenges of doing security in uncharted territory
Challenges of doing security in uncharted territory
 
Web applications: How Penetration Tests can improve your Risk Assessment
Web applications: How Penetration Tests can improve your Risk AssessmentWeb applications: How Penetration Tests can improve your Risk Assessment
Web applications: How Penetration Tests can improve your Risk Assessment
 
DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)
DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)
DSS.LV @ IBM and ALSO Tech Workshop in Riga, Latvia (May, 2016)
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
 

Similar to INFOSEK 2016 Slovenia - Cyber Risk Insurance - Scenario and Evaluation

A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
Daren Dunkel
 
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
Neil Curran MSc CISSP CRISC CGEIT CISM CISA
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
Livingstone Advisory
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
Sarah Jarvis
 
Cyber crime liability report
Cyber crime liability reportCyber crime liability report
Cyber crime liability report
Sayali Sawant
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
Rahul Tyagi
 

Similar to INFOSEK 2016 Slovenia - Cyber Risk Insurance - Scenario and Evaluation (20)

Showreel ICSA Technology Conference
Showreel ICSA Technology ConferenceShowreel ICSA Technology Conference
Showreel ICSA Technology Conference
 
Metrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in CommunicationMetrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in Communication
 
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldKey Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
 
Cisco Yıllık Güvenlik Raporu 2015
Cisco Yıllık Güvenlik Raporu 2015Cisco Yıllık Güvenlik Raporu 2015
Cisco Yıllık Güvenlik Raporu 2015
 
Addressing cyber risk managment from SME perspective
Addressing cyber risk managment from SME perspectiveAddressing cyber risk managment from SME perspective
Addressing cyber risk managment from SME perspective
 
Financier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual reviewFinancier Worldwide - Cyber Security annual review
Financier Worldwide - Cyber Security annual review
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
A Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate PerspectiveA Look at Cyber Insurance -- A Corporate Perspective
A Look at Cyber Insurance -- A Corporate Perspective
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdf
 
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
2015 Conference Brochure - Trust Security Agility - Businesses Better Prepare...
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network
 
Netwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital worldNetwealth educational webinar: Peace of mind in a digital world
Netwealth educational webinar: Peace of mind in a digital world
 
Pitss
PitssPitss
Pitss
 
Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...Current enterprise information security measures continue to fail us. Why is ...
Current enterprise information security measures continue to fail us. Why is ...
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
Cyber crime liability report
Cyber crime liability reportCyber crime liability report
Cyber crime liability report
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook Security
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 

More from Luca Moroni ✔✔

Generazione Z di Ettore Guarnaccia - Evento Bersaglio Mobile Breton Spa
Generazione Z di Ettore Guarnaccia - Evento Bersaglio Mobile Breton SpaGenerazione Z di Ettore Guarnaccia - Evento Bersaglio Mobile Breton Spa
Generazione Z di Ettore Guarnaccia - Evento Bersaglio Mobile Breton Spa
Luca Moroni ✔✔
 
Etel - L’utilizzo dell’aspetto ludico per aumentare la consapevolezza riguard...
Etel - L’utilizzo dell’aspetto ludico per aumentare la consapevolezza riguard...Etel - L’utilizzo dell’aspetto ludico per aumentare la consapevolezza riguard...
Etel - L’utilizzo dell’aspetto ludico per aumentare la consapevolezza riguard...
Luca Moroni ✔✔
 
Talk "Come Costruire un firewall Umano" Italian Hacker Camp 2018
Talk "Come Costruire un firewall Umano" Italian Hacker Camp 2018Talk "Come Costruire un firewall Umano" Italian Hacker Camp 2018
Talk "Come Costruire un firewall Umano" Italian Hacker Camp 2018
Luca Moroni ✔✔
 

More from Luca Moroni ✔✔ (20)

Generazione Z di Ettore Guarnaccia - Evento Bersaglio Mobile Breton Spa
Generazione Z di Ettore Guarnaccia - Evento Bersaglio Mobile Breton SpaGenerazione Z di Ettore Guarnaccia - Evento Bersaglio Mobile Breton Spa
Generazione Z di Ettore Guarnaccia - Evento Bersaglio Mobile Breton Spa
 
50 Anni Liceo Tron Schio. Cos'è la Cyber Security e perchè è così importante
50 Anni Liceo Tron Schio. Cos'è la Cyber Security e perchè è così importante50 Anni Liceo Tron Schio. Cos'è la Cyber Security e perchè è così importante
50 Anni Liceo Tron Schio. Cos'è la Cyber Security e perchè è così importante
 
Etel - L’utilizzo dell’aspetto ludico per aumentare la consapevolezza riguard...
Etel - L’utilizzo dell’aspetto ludico per aumentare la consapevolezza riguard...Etel - L’utilizzo dell’aspetto ludico per aumentare la consapevolezza riguard...
Etel - L’utilizzo dell’aspetto ludico per aumentare la consapevolezza riguard...
 
Talk "Come Costruire un firewall Umano" Italian Hacker Camp 2018
Talk "Come Costruire un firewall Umano" Italian Hacker Camp 2018Talk "Come Costruire un firewall Umano" Italian Hacker Camp 2018
Talk "Come Costruire un firewall Umano" Italian Hacker Camp 2018
 
Articolo Via Virtuosa Sole 24 ore
Articolo Via Virtuosa Sole 24 oreArticolo Via Virtuosa Sole 24 ore
Articolo Via Virtuosa Sole 24 ore
 
IoT: utile di sicuro. Ma sicuro?
IoT: utile di sicuro. Ma sicuro?IoT: utile di sicuro. Ma sicuro?
IoT: utile di sicuro. Ma sicuro?
 
Strumenti ISACA a supporto della conformità con il GDPR
Strumenti ISACA a supporto della conformità con il GDPRStrumenti ISACA a supporto della conformità con il GDPR
Strumenti ISACA a supporto della conformità con il GDPR
 
Scegliere i servizi Cloud: il metodo di approccio e il rischio Cloud
Scegliere i servizi Cloud: il metodo di approccio e il rischio CloudScegliere i servizi Cloud: il metodo di approccio e il rischio Cloud
Scegliere i servizi Cloud: il metodo di approccio e il rischio Cloud
 
Caso ip mosaic 2007
Caso ip mosaic 2007Caso ip mosaic 2007
Caso ip mosaic 2007
 
Confindustria udine sicurezza in produzione 2014
Confindustria udine sicurezza in produzione 2014Confindustria udine sicurezza in produzione 2014
Confindustria udine sicurezza in produzione 2014
 
Aziende poco pronte alla cyber insurance
Aziende poco pronte alla cyber insuranceAziende poco pronte alla cyber insurance
Aziende poco pronte alla cyber insurance
 
Frequently Asked Questions sulla Cyber Risk Insurance
Frequently Asked Questions sulla Cyber Risk InsuranceFrequently Asked Questions sulla Cyber Risk Insurance
Frequently Asked Questions sulla Cyber Risk Insurance
 
Un Volo Sulla Cybersecurity
Un Volo Sulla CybersecurityUn Volo Sulla Cybersecurity
Un Volo Sulla Cybersecurity
 
Proteggere i dispositivi mobili
Proteggere i dispositivi mobiliProteggere i dispositivi mobili
Proteggere i dispositivi mobili
 
Articolo aprile 2013 ict security
Articolo aprile 2013 ict securityArticolo aprile 2013 ict security
Articolo aprile 2013 ict security
 
Articolo Information Security 17 gen feb 2013 pp 42-45
Articolo Information Security 17 gen feb 2013 pp 42-45Articolo Information Security 17 gen feb 2013 pp 42-45
Articolo Information Security 17 gen feb 2013 pp 42-45
 
Aricolo realtà industriale dic 2016 sulle polizze cyber
Aricolo realtà industriale dic 2016 sulle polizze cyberAricolo realtà industriale dic 2016 sulle polizze cyber
Aricolo realtà industriale dic 2016 sulle polizze cyber
 
Realtà industriale 01 2015
Realtà industriale 01 2015Realtà industriale 01 2015
Realtà industriale 01 2015
 
Convegno Università di Trento Sicurezza nei settori critici
Convegno Università di Trento Sicurezza nei settori criticiConvegno Università di Trento Sicurezza nei settori critici
Convegno Università di Trento Sicurezza nei settori critici
 
Seminario Fondazione Centro Produttivita' Veneto - Vicenza 24 Ottobre 2013
Seminario Fondazione Centro Produttivita' Veneto - Vicenza 24 Ottobre 2013Seminario Fondazione Centro Produttivita' Veneto - Vicenza 24 Ottobre 2013
Seminario Fondazione Centro Produttivita' Veneto - Vicenza 24 Ottobre 2013
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

Recently uploaded (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

INFOSEK 2016 Slovenia - Cyber Risk Insurance - Scenario and Evaluation

  • 1. Vaš partner za varovanje informacij Kliknite, če želite urediti slog Cybersecurity Risk Insurance Luca Moroni – Via Virtuosa INFOSEK 2016 - Nova Goriza – 1/12/2016
  • 2. ISACA VENICE research team coordinator ✔ Research n.1: Vulnerability and Penetration Test. User’s guidelines about third party penetration test. 
 ✔ Research n.5: Cyber Security Awareness of N/E Italian Critical Infrastructures: Scenarios and Guidelines for self-assessment Member of ISACA VENICE Chapter Translation team ✔ Securing Mobile Devices – ITA Research team coordinator Cybersecurity Risk Insurance Geaduation in Computer Science (1989. Milan), CISA e ITIL V3 certified and other tech certifications Focused on Cybersecurity since 2000 and lecturer in some seminars about this topic Founder of the innovative company Via Virtuosa, which focuses on scouting and promotion of expertises in Cybersecurity and IT governance in NE of Italy. Luca Moroni Who am I
  • 3. Cesare Burei and Debora Casalini – Margas Srl Ettore Guarnaccia - Banca Popolare di Vicenza Spa Marco Cozzi – Hypo Alpe Bank Spa Andrea Cobelli – Azienda Trasporti Verona Srl Luigi Gregori – Cogitoweb Srl Thanks to a great team in this Research
  • 4. Cyber Incident = Loss of Money
  • 5. Cyber Risk Allianz Risk Barometer 2016
  • 6. Cyber Risk Zone Level The Global Risks Report 2016 11th Edition by the World Economic Forum
  • 7. • Understand CIO awareness of cyber insurance • Scenario analysis of cyber exposure • For what is a Cyber Insurance useful • Italian market of cyber insurance • CIO testimonials with 3 business cases • Q&A between CIO and Cyber Insurer • Suggest rules for Cyber Insurance requests White Paper objectives … having a Risk Management Approach…
  • 8. Cyber insurance is a single policy or a group of insurance policies that should cover residual Cyber & Cyber related risks What is a Cyber Risk Insurance Cyber Insurance: Recent Advances, Good Practices and Challenges ENISA November 2016
  • 9. I know about new dangerous problems! I Have a full portfolio of new products! MORE INTERESTED IN CYBERSECURITY MORE INTERESTED IN COUNTER RESIDUAL RISK Paul Steven Comunication protocol: Insurer vs CIO PROBLEM!
  • 10. Yes No Did you ever asked, if existing policies are covering/excluding cyber risks? White Paper 2016 Via Virtuosa Srls COPYRIGHT protected Cybersecurity Risk Insurance Survey on 63 companies
  • 11. Who is asking you to provide Cybersecurity? White Paper 2016 Via Virtuosa Srls COPYRIGHT protected Cybersecurity Risk Insurance Survey on 63 companies
  • 12. Yes No Have you registered cyber incidents involving your organization in the last five years? White Paper 2016 Via Virtuosa Srls COPYRIGHT protected Cybersecurity Risk Insurance Survey on 63 companies
  • 13. Cause of Loss Cyber Insurance: Recent Advances, Good Practices and Challenges ENISA November 2016
  • 14. Adopting standards and measures Check Controls 27002:2013 About 90% of vulnerabilities highlighted in a Gap Analysis 27001 are not residual risk
  • 15. Cyber Risk Exposure in NE of Italy Sample of 70 Companies ranked using “Determining Your Organization’s Information Risk Assessment and Management” – ENISA Methodology Impact Probabilityof occurrence avoid the risk 30%
  • 16. Ask me only about ICT please. I’m not CISO or a RM Start assessing your situation Paul Steven What's the state of the art ? 1. Dedicated Resources 2. Policies and Procedures 3. Employee Awareness 4. Incident Response 5. Security Measures 6. Vendor Management 7. Board Oversight Cyber Insurance: Recent Advances, Good Practices and Challenges ENISA November 2016
  • 17. I analyse and know the problems together with the cyber risk owners You know your situation. GREAT! Paul Steven What's the state of the art 1. Dedicated Resources 2. Policies and Procedures 3. Employee Awareness 4. Incident Response 5. Security Measures 6. Vendor Management 7. Board Oversight Cyber Insurance: Recent Advances, Good Practices and Challenges ENISA November 2016
  • 18. How is your situation. Ask me your question. Let me try to explain Cesare Andrea Business Case Ettore Marco 18 Questions answered
  • 19. How and what you can cover? The Insurable risks Damages Business Interruption Costs Third Party requests Paul Steven Some questions
  • 20. IT theft means any kind of intrusion from any third party into the company IT system, which will bring to the fraudulent and non authorized removal or alteration of data contained in the company IT system itself. Loss from IT theft means the founds illegitimately or erroneously paid by the insured as a direct consequence of an IT theft that are not retrievable or - even though they are juridically retrievable - cannot be retrieved because of an insolvency of the recipient, an impossibility of an effective operation or any other similar reason. Un example of real coverage
  • 21. Expertise Cyber Insurance: Recent Advances, Good Practices and Challenges ENISA November 2016
  • 22. Security is not an investment that provides profit but loss prevention • First step is understand the situation • Define a protocols for measure, mitigate and manage cyber risk • About 10% of vulnerabilities highlighted in a Cyber Security Gap Analysis are residual risk • Some critical sectors (eg. Banks) are mature for Cyber Insurance •Also SMB needs to have a financial parachute •Manage Cybersecurity Life cycle reduces residual risk Conclusions