Chapter 10

Question 1

Define cyber risk

Answer 1

Any risk of financial loss, disruption of business, or damage to an organization’s reputation due to a failure of its information technology systems

Question 2

What seems to increase as businesses rely on technology, information systems, and the internet of their daily operations?

Answer 2

Organizations are increasingly vulnerable to financial loss when the systems fail. Cyber risk threatens an organizations ability to operate, its profitability, and its reputation.

Question 3

List three categories of cyber attack risks

Answer 3

1. Deliberate and unauthorized breaches of security in order to access information systems for the purposes of espionage, extortion, or embarrassment of an organization, such as ransomware to lock businesses out of their system until they pay rent them, malware including viruses, worms, or spyware, and online phishing scams
2. Unintentional or accidental security breaches, as losing a memory stick or a laptop
3. Operational it risks, such as failing to install firewalls, keep security software up to date, or select passwords that are unique and difficult to decode

Question 4

List six situations that create a cyber risk for an organization

Answer 4

1. A rapidly spreading virus is released on the internet and infects an organization system when an employee clicks on the link to the site
2. An employee’s laptop is stolen from his or her vehicle
3. Ransomware is embedded in the organization’s network, which shuts down access until a ransom is paid
4. Hackers set up a program to randomly check the organization’s network security and crack employee passwords, which allows them full access to the company system
5. A fake email is sent to employees asking them to send the CEO all the research on new technology the organization is developing
6. An email is sent to a company asking to pay a fake invoice. And employee pays the invoice to an untraceable account and the monies are gone

Question 5

List four direct losses in organization can face

Answer 5

1. Costs to fix and restore systems duplicate data, and reinstall software
2. Ransom or extortion payments
3. Funds directly lost due to fraud
4. Costs to defend and settle a lawsuits

Question 6

List five indirect losses that result from direct damage the incident causes, for an organization

Answer 6

1. Extra expenses - to manage the crisis, such as communications and public relations cost
2. Accounting in other professional fees- to determine the extent of the loss
3. Loss of competitiveness - if intellectual property like trade secrets are stolen and the organization cannot realize the profits it expected in the time period predicted
4. Loss of business - if customers feel they can’t trust the organization to hold their personal information securely, causing them to move their business to other firms, if financial markets don’t believe the organization is well managed, the organization share value May decline
5. Loss of opportunity - if the organization has to change its strategic plan, plans to grow or expand maybe delayed or canceled, or key employee resources may have to be redeployed to manage the crisis

Question 7

Organizations need to integrate cyber risk management into their overall Enterprise risk management strategy. What two key areas need to be addressed?

Answer 7

1. Behavior management

Cyber criminals manipulate individuals to open a door into a system by variety of methods such as fishing, or sending emails asking individuals to click on a link, embedding a virus or spyware in email attachments, spearfishing or sending targeted emails that appear to be a legitimate source, and setting up fake websites or infecting real websites that employees or individuals are likely to visit

2. Systems and technology management

Every technology and system has weaknesses, cybercriminal setup programs to detect such weaknesses. For example, they use denial of service attacks, where Network or server is flooded with traffic to make it unavailable to users. Worms and viruses are used to take control of computers, generate money, steal sensitive information, or disable a computer or Network

Question 8

A number of insurers have developed cyber risk and turns package policies that include coverage for the following perils

List 5 perils

Answer 8

1. Third party liability
2. Cybercrime
3. Extra expense
4. Business interruption losses resulting from a cyber attack or data breach
5. Crisis Dash management counseling services. To guide the organization on how to manage communications after a loss

Question 9

List additional perils that can be insured under cyber risk policies

Answer 9

1. Theft of data resulting in a privacy breach
2. Unintentional transmission of a computer virus
3. Network systems that become unavailable to third parties due to a failure in security
4. Allegations of copyright or trademark infringement, libel, slender, defamation, or various social media activities

Question 10

List four optional cyber liability coverages

Answer 10

1. Regulatory defense expense
2. Punitive damages
3. Arbitration expenses
4. Criminal rewards for information leading to the arrest and conviction of the cyber criminal responsible for the loss

Question 11

List exclusions to cyber risk insurance

Answer 11

Cyber risk insurance typically excludes hard to quantify losses, such as

1. reputation damage,
2. loss intellectual property
3. some class action lawsuits
4. future losses, such as a loss of competitiveness

Question 12

True or false cyber risk policies typically cover damage to electronic equipment and lost data from certain perils, such as lightning

Answer 12

True

Question 13

What does cyber risk policies coverage usually entail under property insurance forms

Answer 13

Coverage usually includes the cost of restoring or replacing data that were destroyed or damaged in the same event. Coverage may also extend to cover lost data from malware, either as part of a business package policy or under a standalone policy. Availability for coverage depends on technology organizations use and their level of exposure.

Question 14

List 7 specialized coverage available to cover exposures such as extortion or fraud, damage to the systems are software, or an interruption in their operations as a result of a cyber attack.

Answer 14

1. Lost - corruption of data Dash covers the cost to replace lost or damage data caused by viruses, malicious code, or spyware
2. Business interruption - covers losses that occur when an organization’s network is attacked and the organization is unable to or has limited ability to conduct business including businesses income, extra expenses, forensic expenses, and contingent business interruption
3. Cyber extortion Dash covers payment or settlement of an extortion threat against an organization’s Network and the cost of hiring investigators to track down and negotiate with blackmailers
4. Crisis management Dash covers the cost of notifying consumers of a release of private information, providing credit - monitoring and other remediation services in the event of a covered incident, and hiring specialty public relations assistance or advertising to rebuild the organization’s reputation following an incident
5. Data reach Dash covers expenses and legal liability from a data breach, including access to services to support business owners and complying with regulatory requirements and addressing customer concerns
6. identity theft covers cost of setting up a call center to specifically address customer or employee concerns when personal information of customers or employees is stolen
7. Social media/networking - covers some social media liability exposures, such as online defamation, advertising, liebl, and slander

Question 15

What are 5 factors to consider when recommending cyber insurance

Answer 15

1. What security is already in place
   2 what security needs to be in place
   3 where are their Cloud accounts located
   4 which risk can be avoid, retained, or controlled
   5 which risks need to be insured or transferred
   6 what kind of personal information is being stored
   7 how many records with sensitive information can be accessed
   8 do clients rely on third-party services or provide services to others
   9 what are the possible outcomes of a data breach is not detected immediately

Question 16

Define sharing economy

Answer 16

A collaborative system where participants share access to services and products rather than owning them individually, generally facilitated through an online platform

Question 17

Define ride-sharing

Answer 17

An arrangement set up by means of a website or mobile app in which a passenger travels in a private vehicle driven by its owner, for free or for a fee

Question 18

Define car sharing

Answer 18

An arrangement set up by means of a website or mobile app that links renters and car owners. Sometimes called vehicle sharing or peer-to-peer car rental services

Question 19

List three products and services that are commonly shared in a sharing economy

Answer 19

1. Automobile and transportation sharing
   2 accommodation sharing
   3 household item sharing

Question 20

Define transportation Network

Answer 20

An online enabled application or website used by persons to prearrange the transportation of passengers for compensation by a transportation Network driver. Also cause riding services

Question 21

What are the three commercial activity periods In ridesharing

Answer 21

Period 1 - all the driver is accessing the rideshare app in the vehicle, but has not yet selected a ride

Period 2 after a ride is accepted and while the drivers on the way to pick up the passenger

Period 3 for carrying the passenger from pickup to drop off

Question 22

Insurers and regulatory have been working to develop solutions to the growing risk of uninsured drivers. To be effective, a solution must encompass four of the following list them

Answer 22

1. A rating structure that charges rideshare or drivers a fair rate based on their use
2. Premium is that cover claims so that personal use policyholders do not subsidize ride sharing drivers
3. Market availability for ride-sharing drivers
4. Premiums that are reasonably affordable

Question 23

Right trying endorsements are not stand alone to driver has to be insured with a specific insurer that offers the ride trying endorsement and meet the eligibility criteria to get coverage. What is the criteria? List three points

Answer 23

1. They must be contracted with a TNC
2. They must not exceed the maximum number of driving hours
3. They must meet minimum licensing and driver experience guidelines

Question 24

Define accommodation sharing

Answer 24

An arrangement set up by means of a website or mobile app in which a property primarily occupied by its owner is rented for a short period to a third party

Question 25

Accommodation sharing creates risk exposures and potential insurance coverage gap for both hosts and guests whom is the forms basis for this discussion?

Answer 25

The Insurance bureau of Canada homeowners forms are the basis for this discussion, with the understanding that policy wordings and specifics of exclusions can vary among insurers. It is also important to note that some seasonal dwelling forms permit occasional rental, usually with a maximum number of rentals and a maximum number of rental days, but others May not.

Question 26

List two property damage exclusions

Answer 26

1. Damage to the dwelling and contents of hosts

2. Damage to the property of guests

Question 27

Theft exclusions under homeowners forms

Answer 27

Homeowners forms exclude loss or damage due to theft or attempted theft from the part of the dwelling rented to others, such as if gas break into a locked room while renting a home and steal the host’s valuables. The host insurers wouldn’t cover the claim.

This exclusion depends on some extent on the terms of the rental agreement. If the entire home is rented, it seems clear that theft of any property is excluded. If a single room is rented, the property stolen from other parts of the home could be covered. Due to the wording of this exclusion, it can apply to the thefts that are not committed by a guest or deaths that occur well the home is not rented by a guest

Question 28

Liability exclusions under personal liability coverage under homeowners forms

Answer 28

Contains two key exclusions related to accommodation sharing activities.

1. Homeowners forms specifically exclude business pursuits conducted by the insured or business use of the premises that are not stated on the policy.

The insurer may agree to extend liability to certain business pursuits, but must be specifically stated in the policy.

If this exclusion applies, the host may lose the right to a defense under the policy, since the duty to defend applies only to insured claims. And insurer would have to show that a host has clearly breached a policy condition to avoid this duty

2. The exclusion applies to personal actions of the host if they relate to the business. Consider a host who is meeting a guest at another location to hand over keys or host bringing in a cleaning service after a guest leaves. A claim for injury or property damage from these activities could be excluded if they are related to the business of hosting.
3. There is also no coverage if the host is sued for damages by a guest for defamation or because the host invaded the guest privacy during the rental period

Question 29

Guests liability

Answer 29

The guest may be liable for causing damage to the host property. When a guest is insured under a personal liability policy, there is an exclusion for property in the care, custody, and control of the insured. It would limit coverage to accidental damage only, and only for a limited number of perils such as fire. The gas would be personally liable to a host for any other damage.

Question 30

List some issues with airbnb

Answer 30

Airbnb is clearly embraced by users, it is not been universally accepted. As expected, hoteliers feel threatened by it in much the way taxi services feel about uber. Some municipalities also have expressed concerns over airbnb in terms of loss of revenue, such as terrorism taxes and licensing or business permits. Safety of hosts and gas, the loss of affordable long-term rentals, and the possibility of abuse of rental control laws.

Question 31

What are some insurance issues related to hosting?

Answer 31

There hasn’t been a lot of movement in the insurance industry about covered specific to people hosting on airbnb.

The New York based insurance information institute has written about the issue, especially in the context of people renting their homes during major sporting events, like the super bowl weekend. It describes airbnb as a peer-to-peer home rental or appear to peer financial agreement, which is a concept familiar to some insurers providing coverage with respect to car sharing. The insurance information institute discusses the issue in a very general terms, urging people who are considering providing accommodation to speak with their insurer before they rent out their home.

The insurance information institute notes that if person plans to regularly provide short-term rentals, standard homeowner policies do not provide any coverage for business activities conducted in the home, and in such a situation it suggests a business policy covering a hotel or bed and breakfast would be required

Question 32

Assuming that potential insurds disclose their intention to provide short-term accommodation, what information would an underwriter like to consider?

Answer 32

1. How often the person has guests - for example, if it is strictly a seasonal thing
2. How many rooms are being rented
3. The number of guests the hotel rents to at one time
4. Whether the host is normally there when guests are present
5. Weather information is provided about safety and security measures, smoke detectors, fire extinguishers or sprinklers, clearly marked exits, handrails on staircases, and so on
6. Whether there is a pool
7. Whether the host allow guests to use on-site laundry facilities

Question 33

What is the insurers view on vehicle automation

Answer 33

Vehicle automation is good for society, with a significant reduction in traffic fatalities and serious injuries expected over the next 10 years as driver assistance technology is introduced into new vehicles in canada. The benefits from the reduction in collision will increase over time as more vehicles include new safety technology and systems, such as Ford collision avoidance, and become more widely adopted. As the capability of equipment improves, the societal benefits are likely to increase as well

Question 34

Who will be responsible for collision if the vehicle is automated?

Answer 34

Responsibility for collisions will begin to shift from driver to vehicles, part manufacturers, and software and sensor providers. Over the next 10 years, the roads will be shared by fully human driven vehicles, semi-autonomous vehicles with driver assistance systems, and the first self-driving vehicles. As on board computers begin to make driving decisions, responsibility for collisions will be Beyond human drivers to include automakers, software developers, and maintenance professionals. There will be a shift from personal liability for collisions involving conventional vehicles to shared liability for semi-autonomous vehicles, and predominantly product liability for self-driving vehicles

Question 35

List the levels of automation

Answer 35

0 - no automation
1 - driver assistance: the driving mode - specific performance by a driver assistance system of either steering or acceleration/ deceleration using information about the driving environment and with the expectation that the human driver performs all remaining aspects of dynamic driving task

2 - partial automation: the driving mode specific performance by one or more driver assistance systems of both steering and acceleration / deceleration, using information about the driving environment and with the expectation that the human driver performs all remaining aspects of dynamic driving

3- conditional automation: the driving mode specific performance by an automated driving system of all aspects of the dynamic driving task, with the expectation of the human driver will respond appropriately to a request to intervene

4- high automation: the driving mode specific performance by an automated driving system of all aspects of the dynamic driving test, even if a human driver does not respond appropriately to a request to intervene

5 - full automation: the full time performance by an automated driving system of all aspects of the dynamic driving task under all roadway and environmental conditions that can be managed by a human driver

Question 36

List 5 questions about semi-autonomous vehicles that are emerging for the insurance industry

Answer 36

1. How can the insurance industry secure timely information about the collision experience and repair costs for send me autonomous vehicles?
2. Well automakers install a black box to record when driver assistant features are engaged?
3. Will insurance companies be allowed to access this data?
4. What safety technology will be required by regulation in New vehicles?
5. Will the coverage offered needed to be redesigned?

Question 37

List six questions for the industry about self-driving vehicles

Answer 37

1. Well the insurance coverage for the first self-driving vehicle be modeled on the product liability coverage currently in place for aircraft, ships, and trains with substantial automation?
2. What incremental coverage will be offered to drivers who will have the option to take control of self-driving vehicles?
3. Will auto rate regulation apply to product liability coverage for the first self-driving vehicle?
4. Will insurance cover a variety of vehicle ownership alternatives like personal ownership, car sharing, ride sharing, ride hailing, and pooled a ride hailing
5. Is the current construction of insurance coverage appropriate for vehicles with automation?
6. What decisions will manufacturers and regulator’s make over the next decade that could determine the nature of connected vehicles over the long term?