On Monday, March 15, NetDiligence® Global Events and Programming kicks off a four-day series targeting Cyber War & Terrorism. Drawing together industry, government, and academic experts, the series promises to be filled with interesting and valuable content.
In anticipation, NetD sat down for a conversation with Matthew Webb, who will speak during the session “Legal Issues, Coverages, and Exclusions” on Wednesday, March 17. Webb is the Line Underwriter for Cyber at Hiscox and the Chair of the Lloyd’s Market Association Cyber Business Panel, which recently proposed a new War exclusion for use by Lloyd’s Managing Agents. He gave us this sneak preview.
NetD: The presenters on your panel represent a vast store of legal expertise, and our audience will undoubtedly benefit from hearing the exchange of ideas between you and your fellow panelists. What points of the upcoming conversation are you looking forward to most?
MW: First of all, the lineup is incredible across all the panels, and I love the mix of expertise you have pulled together. We have the insurance perspective and familiar NetDiligence faces lined up alongside leading academics like John Healey from Colombia University, which will make for a thought-provoking session.
The topic of war is vast and complex and no one industry can solve it alone. As the insurance industry looks to understand and manage the risks, costs, and repercussions of war, it’s important to bring in as much information from the outside world as possible. This is a principle we have used throughout the drafting of the new LMA War exclusion as we lean upon text from the United Nations, Tallinn Manual, US Department of Homeland Security, EU Council Regulations and many other sources.
NetD: Your panel kicks off the Wednesday session on legal issues. Is there any panel during the week that you look forward to attending as an audience member? What people are you interested in hearing from?
MW: I’m really looking forward to hearing from Admiral Mike Rogers during the opening session on March 15. He’s been there on the inside, seeing these attacks unfold, and his insights always put an interesting perspective on how nation states handle these situations and what they are thinking about. I think it’s especially important and timely right now where we have activities amongst nation states changing. In the recent SolarWinds and Microsoft Exchange attacks, the cyber security community and other nation states have been quicker than ever to attribute those activities to Russia and China respectively. Though the SolarWinds attack seemed highly targeted, the Microsoft Exchange situation appears more widespread. I’m interested to hear the Admiral’s perspective on what’s unfolding right now and how it’s different from what we’ve seen before.
NetD: What emergent legal issues did you see in 2020 and the first months of 2021?
MW: We write a global book of cyber insurance and one of the interesting developments has been in the UK. We are seeing the industrialisation of data protection litigation, similar to the class action setup in the US. This group litigation has been on cases where incidents have been notified to the ICO and typically involve high volume, low value claims – driven by costs. It will interesting to see how it develops and what implications it might have on coverage and risk appetite long-term. We’re also watching how statutes which provide stipulated-damage amounts per privacy violation in the US could be a game-changer for our clients’ cyber exposure.
NetD: From your personal place in the industry, what development or trend will you being keeping your eye on this year?
MW: To change the conversation from “Ransomware, Ransomware, Ransomware” (though we will certainly still be watching it closely), we have noticed a trend where small subsidiaries or franchisees of much larger organisations are being targeted. It is a real reminder than an organisation’s cyber security protections are only as strong as their weakest link. We must work with our customers to ensure we are gathering information on their risk management controls across their whole organisation and not just the Group company or a handful of business units. We need this for all entities that make up the company.
NetD: Thank you, Matt, for your time and your insights! We are all looking forward to hearing more from you on March 17, and to checking out the other series topics throughout the week. We also want to thank Hiscox for sponsoring this event.