eWhite House Watch - Full Article

2018 NetDiligence Cyber Risk Summit Recap

Sponsor Tables Shine at the Cyber Risk Summit In Philly

August 6th, 2018


NetDiligence held its 9th annual Cyber Risk Summit on June 12-14th in Philadelphia.  This year, the conference focused on educating attendees on current breach risk management protocols and practical knowledge for cybersecurity insurance brokers, attorneys and Chief Information Security Officers (CISOs). eWhiteHouseWatch had the privilege to cover the conference in its entirety again this year. A conference regular, Nick Economidis of Crum & Forster noted that “the conference has grown tremendously over the past nine years because it features experts from various disciplines and provides real insights.”


Fernando M. Pinguelo, a trial attorney and partner at Scarinci Hollenbeck LLC and chair of its Cyber Security & Data Protection group, echoed that sentiment, stating: “Here is where I can sit back, compare notes with trusted colleagues from a vast spectrum of cyber-related professions and specialties who hail from across the country and internationally, and share ideas, strategies, and creative approaches as I fine-tune my own practice and build on relationships that often result in working together on future matters.”


Deep thinkers at this annual mega-event gave attendees hands on and cutting edge insights on current data risks.  While the top-notch teaching was beyond par, an additional gem was – quite simply – the sponsor room.  As expected the sponsors engaged and advertised their wares.  But here, the professionals behind the tables were educators as well, as comfortable and conversational in the current subject matter as anyone in the field.  “I learned more about current cyber claims from conversations in this [sponsor] room than at the last three conferences I attended,” said Charles A. Yuen of Scarinci Hollenbeck.  Adam Losey of Losey PLLC captured the essence of the conference too when he said: “NetDiligence hosts a fantastic networking and educational event; it gives a chance to meet and develop relationships in-person with many of the people you work with regularly over the phone and via email if you’re in the space.”


First day of the Summit 


On the first day of the Summit, June 12th, the event began with several pre-conference workshops. These included “Interactive Breach Scenarios” hosted by Matthew Meade from Buchanan Ingersoll & Rooney PC, Tamara Ashjian from NAS, Sam Huxley from LEVICK, Katherine Keefe from Beazley, Greg Bautista from Wilson Elser, Brookes Taney from Epiq, and Billy Evans from Alvarez and Marsal; a roundtable session titled, “Filling the Gap: How to Attract, Train, and Retain Cyber Talent” hosted by Jackie Lee (M) from Validus, Lindsay Cunney, from Chubb, and Gail Audibert from Audibert & Associates, and a Seminar on “Breach Risk Management Methodology” hosted by Dough Howard from RSA, Brian Thornton from ProWriters, and Marc Voses from Kaufman Dolowich & Voluck, LLP.


Second day of the Summit 


Day two of the conference began with opening Keynote, Josh Shapiro, Attorney General, Pennsylvania Office of Attorney General, who emphasized the importance of protecting consumers, particularly those who are most vulnerable – the elderly and children – from the increasing threat and ever-evolving nature of data security risks. He highlighted his Office’s active efforts to enforce consumers’ data security and privacy laws. Shapiro is taking a leading role nationally on data breaches in the midst of a wave of incidents impacting millions of Americans and Pennsylvanians, including leading a national investigation of the massive Equifax data breach.  Attorney General Shapiro’s commentary resonated with Joe Lazzarotti and Jason Gavejian of Jackson Lewis PC and it confirmed some of the trends they are seeing in their data breach response practice. They observed, “businesses may feel as if they are victims of the same attacks that compromise their customers or employees’ personal information, but that may not soften a state agency’s scrutiny of the business and what it was doing prior to the attack to safeguard that data.  AG Shapiro’s comments sharpen the point that businesses should redouble their efforts to maintain and substantiate reasonable data security safeguards.”


The day continued with a discussion of the 2017 NetDiligence Cyber Claims study and a review of the types of claims that were covered as well as their costs.  A major theme of the event was the focus on current regulatory schemes regarding cybersecurity insurance and litigation and the changes that have come into place in recent years as well as those that are set to come into effect in the near future. Panelists discussed current topics such as the GDPR and up and coming block chain technology and decentralized data storage.  Losey moderated a Judicial Roundtable on Cyber Security with The Hon. Jonathan E. Hawley, U.S. Magistrate Judge, Central District of Illinois, The Hon. Anthony Porcelli, U.S. Magistrate Judge, Middle District of Florida, and The Hon. Joy Flowers Conti, Chief Judge, U.S. District Court, Western District of PA.


The Luncheon Keynote, Suzanne Spaulding from the Center for Strategic and International Studies, gave a global perspective on data privacy and cyber security risks, including how foreign governments actively engaged in cyber terrorism – commonly known as “Nation State Actors” –disrupt or compromise other target governments, organizations or individuals to gain access to valuable data or intelligence. Nation State Actors are sometimes part of a semi-hidden ‘cyber army’ or ‘hackers for hire’ for companies that are aligned to the aims of a government or dictatorship.  According to Spaulding, Nation State Actors’ number one priority is to “preserve power,” and she gave specific examples of how China and Russia actively engage in such efforts.


Third day of the Summit 


The summit concluded on day three with a day of panels relating to cyber risk and security solutions.   One common topic of interest that eWhiteHouseWatch heard attendees abuzz about, as they shuffled through the halls of The Bellevue Hotel between programs, was the availability of quality cyber insurance (or the perceived lack thereof) for small to medium enterprises (SMEs).  According to Chris Quirk of ARC MidAtlantic Excess & Surplus, Inc., “it has been our experience that SMEs have been getting cyber coverage included in various package policies, often with their management liability or sometimes with their property policies.  However, quality standalone cyber coverage is widely available to SMEs for minimum premium of around $1,000 and very often offers superior cyber coverage to those found in the package policies that SMEs have tended to favor.”  That issue was front and center during the “SME Pricing and Coverage Issues” program, where panelists echoed Quirk’s opinion that the standalone cyber market for SMEs remains competitive and is “the place to be” for SMEs looking for high quality cyber insurance protection.


At the end of day three, it was clear that the conference was a success.  In fact, depending on who eWhiteHouseWatch asked, everyone seemed to have a different “favorite,” with one attendee rejoicing, “quite frankly, the highlight of my day was the ‘Brokers vs. Underwriters’ program.”  The Summit provided great networking opportunities perfectly paired with enlightening workshops that provided concise updates on today’s cyber risks and developing breach trends.  “There is not another event where this many insurance professionals and subject matter experts gather in the spirit of collaboration to discuss the hot topics for cyber risk,” said John E. Clabby, a cybersecurity attorney at Carlton Fields who traveled from Tampa, Florida, to attend this year’s conference. Clabby added, “what makes NetDiligence unique is that there are no dabblers. Every conversation assumes the shared vocabulary of a cybersecurity professional, and so a lot can get accomplished in three days.”


The Summit’s focus on coverage challenges, claims and losses, and emerging risks allowed the summit to be, yet again, a resounding success.  2018’s Cyber Risk Summit was well worth the time and expense, and so eWhiteHouseWatch blog keenly looks forward to next year’s conference in Bermuda.

Leave a Reply