Transcript Phil-Bell-CRL-Introduction-and-Cyber-Liability-for

County Reinsurance, Limited
A Member-Owned Reinsurance
Company
Background
• A number of County Association Pool Managers
began discussions about forming a national
reinsurance program.
• The National Council of County Association
Executives (NCCAE), through NACo, facilitated
meetings.
• 1994 First Committee Meeting
• 1996 Feasibility Study Completed
• 1997 CRL established as a Vermont Captive with 5
states and 8 pools participating.
• 2014 – 17 years, 17 States, and 25 members
2
CRL Member and Premium Growth
1998 Statistics
• 5 States and 8 Pools.
• Net Revenue: $4 MM
• Assets: $13 MM
2014 Statistics
• 17 States and 25 Pools.
• Net Revenue: $25 MM
• Assets: $196 MM
3
4
What are the Benefits?
• We specialize in Counties and County-related
entities.
• A “Pool” for “Pools”
• Ownership = Control
• Sharing Program Ideas
• Long Term Stability
• Profits and Investment Income belong to Members.
5
Additional Benefits
• Claim Audits. We send independent auditors out to
review your files and test reserves. We share these
results with you.
• Policy Form Reviews. We use a reinsurance /
insurance expert to review your policy forms.
• Underwriting and Claims Management Training for
Members.
6
How Does CRL Operate
• Membership Elects a Board of Directors
• Board hires an Executive Director
• Executive Director implements policies of the Board,
and supervises service providers.
• CRL uses Committees. Current Committees include
Underwriting, Claims, Investment, Audit, and
Personnel. CRL also occasionally uses Ad-Hoc
Committees.
• Most Committee and Board meetings are by
teleconference, but we have at least two face-toface Board Meetings each year.
• Detailed policies and procedures are provided to
the Members.
7
CRL Board of
Directors
Phil Bell
Executive Director
Mary Kay Johnson
Administrative
Assistant
Brent Wells
Senior Reinsurance
Analyst
Johnson Lambert & Co. LLP
CPA and Consultant
Brenda Gibson
Member
Services Manager
Marsh USA, Inc.
Cheryl Jennings
Greg Mann
Lindsay Grimes
Frank Peterson
Regional
Claims Manager
Barrett Evans
Regional
Claims Manager
CS STARS
Workers’ Comp.
Safety National
Casualty Corp
Primmer Piper
Eggleston
& Cramer PC
Morris, Manning
& Martin, LLP
By The Numbers
Actuarial
Consulting
Liability
AIG
Strategic
Asset
Alliance
Property
Various
Companies
National
Association
Of Counties
USA Risk Group
Andy Sargent
Cindy Lyford
8
Cyber Risk
•
•
•
•
•
Key Exposures for Counties
Cyber Liability – Recent Claims
What can be Done?
Cyber Liability Insurance
Risk Control - eRiskHub
9
Key Cyber Exposures for Counties
Computer and internet-based services mean:
 Many organizations will collect/ store/share VAST private data !
• More data often collected than needed
• Data often stored for too long (no records retention limits)

Mishaps (malicious & mistakes) in safeguarding personal info such as:
• Health Records (Jails, Health Departments, Social Services, Mental
Health)
• Financial Transactions
 Vendors will have breaches, very common!
“95% of all network
intrusions could be
avoided by keeping
systems up-to-date”
(CERT)
 Lost Laptops: Left unencrypted with lots of personal info!
 Online based County Services: Websites are very porous & need constant
care (hardening & patching).
 Bad guys still rely on the prevalence of human error
• unchanged default settings
• missing patches
• wide open laptop
• customer records (paper) improperly disposed
• guessable access
10
Cyber Liability – Recent Claims
•
•
•
•
•
(June 2014) After an NBC 6 Investigation reported a data breach among Miami-Dade County
workers last week, officials have started notifying employees about a massive data breach that
is putting the identities of the workers at risk. Sources told the Team 6 investigators the data
breach affected the identities and personal information of hundreds of government workers.
Whoever is responsible for the breach is using the information to file fake unemployment claims
and even open up credit cards.
(May 2014) Hackers breached Wayne County’s payroll processor, potentially gaining access to
hundreds of government employees’ Social Security numbers, home addresses and bank
account information. The County Chief Clerk confirmed the county was notified Tuesday that
Paytime Inc. of Mechanicsburg discovered on April 30 that records of multiple clients were
accessed by online hackers
(March 2014) Skagit County was penalized $215,000 in HIPPA violations by the Department of
Health and Human Services for inadvertently putting protected health information (PHI) on a
public server. The data breach involved 1,581 local patient’s health information, including the
testing and treatment of infectious diseases. This case marks the first HIPPA settlement with a
county government.
(January 2014) The North East King County Regional Public Safety Communication Agency
(NORCOM) has announced it is investigating the security breach of a server that stored records
of an estimated 6,000 medical responses for Duvall Fire District 45, Skykomish Fire Department
and Snoqualmie Pass Fire & Rescue (Fire District 51). "We discovered very recently that a
computer had been hacked by a hacker who had basically broke down a password... a low
level password to one of our stand-alone computers," said Tom Orr, Exec. Director of NORCOM.
Two recent CRL Claims
September 19, 2014
11
Cyber Liability – What can be Done?
• Cyber Liability Insurance
o
o
o
o
o
Coverage for a Cyber Security Event
Coverage for first party privacy response expenses
Coverage for regulatory proceedings and penalties
Coverage for third party liability
Policy limits and sublimits subject to some customization
• Cyber Risk Control:
o eRisk Hub (customized for each CRL Member Pool)
o Awareness Tools: Online Cyber Risk Self-Assessment
o Breach Coach® feature: Post Breach Assistance, coordinated with each
Pool’s claims organization
September 19, 2014
12
+
+
+ YOU
13
+
+
+ YOU
A One-Stop Shop for Pre- and Post-Breach Services
• Homepage gives you a place to speak directly to pool
members
• Incident Roadmap spells out the steps to take in the event of a
breach
• Risk Manager Tools help manage cyber risk more effectively
• eRisk Resources Directory features qualified third-party
providers of breach-related services
• News Center monitors breach events and trends
• Learning Center provides best-practices articles, white papers
& on-demand webinars
• Search makes it easy to find specific information
14
15
16
17
eRisk Hub Tool:
Self-Assessment
Purpose:
Showcase Baseline Safeguards





Raise Awareness
Reaffirm ‘reasonable’ safeguards
Benchmark to Standards
Start a discussion!
Set plan in place for
improvements
18
Questions?
Contact Information
Philip E. Bell, CPCU, ARM, ARe
Executive Director
County Reinsurance, Limited
6201 Towncenter Drive, Suite 240
Clemmons, NC 27012
P: (336) 354-4053
E-mail: [email protected]
20