AGENDA

VetDiligence is an opportunity to network and provide mutual support among active and former military, intelligence community, security services, law enforcement, and members of the legal community who are continuing the mission through cybersecurity. Friends and allies are welcome! 

Join us for our keynote address by Admiral Michael Rogers, Former Director of the NSA & Commander of US Cyber Command.

Sponsored by Buchanan Ingersoll & Rooney, PC; Barricade Cyber Solutions; CyberCube; and SureFire Cyber. 

1. Admiral Michael Rogers, Former Director of the NSA & Commander of US Cyber Command

Understanding current cyber claims trends can help guide the assessment of cyber risk of the potential policyholder. This session will examine claims and losses from cyber events. Data from the most recent NetDiligence Cyber Claims Study will be shared and discussed. Claims professionals will provide examples of incidents reported and claims processed.

1. Alyssa Watzman (M), Constangy, Brooks, Smith & Prophete, LLP
2. Tamara Ashjian, Tokio Marine HCC-CPLG
3. Patrick Bourk, NetDiligence
4. Jennifer Coughlin, Mullen Coughlin LLC
5. Mark Giacopelli, Nationwide

As we head into spring renewals, this panel will discuss the impact of new entrants and facilities, stainable pricing strategies, stability and scope of the coverage offered, and how effective expectation management and understanding the policyholder perspective are crucial for maintaining a balanced and resilient market.

1. Lisa Phillips (M), Marsh
2. Erica Davis, Guy Carpenter
3. Jeremy Huang, Amwins
4. Safeer Mohammed, Crum & Forster
5. Desirée Spain, QBE

Defending data breach class actions involves understanding key strategies and trends that can effectively mitigate exposure. Additionally, practical considerations regarding damages and settlement dynamics are essential for navigating these complex cases. Join our panel as they share their insights on the current legal landscape and how to prepare for anticipated trends.

1. Katherine Heaton (M), Beazley
2. Casie Collignon, BakerHostetler
3. Bruce Friedman, JAMS
4. Michael McClain, The Benson Firm
5. Al Saikali, Shook, Hardy & Bacon LLP

Learn about the evolving ransomware landscape and attack vectors/methods. Come away from this session with current sector intelligence to help develop effective policy coverage strategies and tactical policyholder due-diligence requirements in order to make cost-effective, ransomware-specific cyber insurance products available to the policyholders.

1. William Gadzinski (M), Pondurance
2. Chris Brewer, MOXFIVE
3. Zack Doyle, Arctic Wolf
4. Ryan Rowbottom, PCS CIRT
5. Kellyn Wagner Ramsdell, Arete

Third-party risk management is increasingly critical as intrusion vectors through managed service providers (MSPs), managed security service providers (MSSPs), vendors, and contractors become more prevalent. Additionally, threat actors are increasingly targeting data aggregators, leading to higher extortion payments and systemic vendor events. Effective negotiations with vendors and a comprehensive risk management perspective from the insured are essential. Additionally, understanding these risks is crucial for intelligent cyber underwriting and placement, as well as successful claims management.

1. Michael McLaughlin (M), Buchanan Ingersoll & Rooney, PC
2. Ben Beeson, Galahad Risk Solutions LLC
3. Amanda Graham Brazinski, Atheria Law
4. Paul Caron, S-RM
5. Richard Sheridan, Berkley Cyber Risk Solutions

Privacy litigation is experiencing significant developments across various statutes and regulations. The California Invasion of Privacy Act (CIPA) has seen increased application in session replay cases, highlighting the importance of consent in digital interactions. The Biometric Information Privacy Act (BIPA) has undergone amendments in 2024, which limit liability and clarify electronic consent requirements. The Genetic Information Privacy Act (GIPA) is witnessing a surge in claims, particularly against employers who request genetic information during hiring processes. Additionally, new applications for the Video Privacy Protection Act (VPPA) are emerging, especially in the context of online video streaming and tracking technologies. Coverage considerations are crucial as companies navigate these evolving legal landscapes, ensuring they have adequate cyber insurance to mitigate risks associated with privacy violations.

1. David Cole (M), Freeman Mathis & Gary, LLP
2. Jean Lawler, Lawler ADR Services, LLC
3. Michael Phillips, CFC
4. Melissa Siebert, Cozen O'Connor
5. Lauren Zimmer, Sompo

Accurate financial assessment in large and complex losses begins with clear definitions of what constitutes a "large loss" and a "complex loss." Engagement with the DFIR vendor is crucial, and decisions about sharing information with them must be carefully considered. Aligning expectations and understanding the scope of the loss are essential steps in the loss review process. An early review of all policies in the insurance tower helps identify coverage terms, conditions, and potential gaps. Addressing disputes or differences in the interpretation of coverage terms is also vital to ensure a comprehensive and accurate financial assessment.

1. Simon Oddy (M), Baker Tilly
2. Liam Cattermole-Ward, Munich Re
3. Caitlin Ewing, Allianz Commercial
4. Laurie Kamaiko, Saul Ewing LLP
5. Meredith Ponce, Lockton

Cyber insureds must carefully consider the intent and purpose behind their data collection efforts, as well as how they monitor and monetize this data. Balancing safety concerns with the drive to monetize data is crucial. Companies must ensure that their data collection practices do not compromise individual privacy or security. The role of data brokers, such as Atlas, in privacy litigation highlights the challenges and legal battles surrounding the sale and distribution of personal information.

1. F. Paul Greene (M), Harter Secrest & Emery LLP
2. Scott Lyons, Intact Insurance
3. Timothy St. George, Troutman Pepper Locke
4. Jamie Tolles, IDX

The emergence of artificial intelligence (AI) has introduced new cyber risks that are not explicitly covered or excluded in traditional cyber insurance policies. These "silent cyber" risks can lead to significant financial losses if not properly addressed. Assessing and mitigating these risks is complex. In response to these risks, some insurers are responding by updating policy language; including exclusions; and developing new products to address these emerging risks.

1. Stephanie Snyder Frenier (M), Gallagher
2. Steven Anderson, Safety National
3. John Coletti, Coalition Inc.
4. Hannah Hoeflinger, Marsh McLennan Agency

The future of cyber attacks is shifting beyond traditional malware, with threat actors increasingly intruding without using malicious code. These attackers often dwell in the outer ring of security, exploiting vulnerabilities in the cloud, email systems, and unmonitored endpoints. They frequently use legitimate software like TeamViewer and other free tools to avoid detection. This evolution in attack methods impacts insurance triggers and claims, as traditional policies may not cover these sophisticated intrusions. Preventative measures, such as robust monitoring and advanced threat detection, are essential to mitigate these risks. 

1. Billy Gouveia (M), Surefire Cyber
2. Devon Ackerman, Cybereason
3. Savanna Boyles, Mosaic Insurance
4. Aaron Casey, Woodruff Sawyer

Achieving better outcomes BEC claim resolution and recovery involves a multifaceted approach encompassing resolution, recovery, and prevention strategies. Improving board governance and operational preparedness is crucial, ensuring that organizations are equipped to handle BEC incidents effectively. Adhering to a "reasonable duty of care" standard helps in mitigating risks and demonstrating due diligence. Understanding and fulfilling contractual obligations is essential to avoid potential legal pitfalls. Additionally, subrogation and the recovery of funds play a vital role in minimizing financial losses.

1. Kelly Garrison (M), Pierson Ferdinand LLP
2. Laura Nielsen, Ankura
3. Robert Walker, Lewis Brisbois
4. Eric Wedin, Kroll
5. Melanie Witte, Crum & Forster

Mass arbitrations began as a response to the limitations imposed by arbitration clauses that prevent class actions. Today, social media and AI are amplifying this trend, making it easier for claimants to organize and file collective claims. While mass arbitrations can be a powerful tool, they also create challenges such as increased administrative burdens and potential procedural complexities. Handling parallel claims in litigation and mass arbitration requires strategic coordination to avoid conflicting decisions. This panel will dive into these issues and the future of mass arbitration, as well as provide insight into best practices in the management of these claims.

1. Joan D'Ambrosio (M), Atheria Law
2. Kristy McAlister Brown, Alston Bird
3. Elizabeth Carter, JAMS
4. Mark Mao, Boies Schiller Flexner LLP
5. Joe Niemczyk, Markel

Cyber and Tech E&O insurance solutions are being tailored for payments and supply chain transactions on decentralized networks. Trustless transactions and asset tokenization, which operate without centralized intermediaries, are becoming more prevalent. Additionally, protocol differentiators are creating layered security measures to protect against sophisticated cyber threats; and ongoing audits provide assurance on the integrity of smart contracts. Data aggregation with AI is being utilized to develop accurate models, improving risk assessment and decision-making. Additionally, changes in the regulatory landscape are supporting this evolution, providing a framework that balances innovation with compliance. 

1. Neeraj Sahni (M), Aon
2. Meredith Challender, Kissel Straton & Wilmer LLP
3. Charlotte Goldman, Proof Insurance
4. Andrew Podgorny, Relm Insurance
5. Oren Wortman, Sygnia

Effective inventory and asset management involves tracking both monitorable and non-monitorable assets to ensure comprehensive oversight. Managing assets inside and outside the perimeter presents challenges, particularly with the limitations of patching, which may not fully address vulnerabilities. Threats to the digital supply chain, such as supply chain attacks targeting software vendors and open-source solutions, highlight the importance of robust security measures. Maintaining compliance with regulatory standards is essential to avoid penalties and ensure operational efficiency. 

1. Dominik Cvitanovic (M), Wilson Elser
2. Tom Bouathong, Trend Micro
3. Dave Cunningham, Alvaka
4. Shelly Thomas, Marsh
5. Corey White, Cyvatar.ai

The public entity sector has unique abilities to risk transfer in various parts of the supply chain. In this session we are going to explore key areas of risk transfer for public entities, including self-insurance, pooling and traditional standalone insurance. Topics such as benefits and drawbacks of each area of risk transfer, unique aspects of claims in each area, as well as cyber risk management priorities which traverses all aspects of risk transfer will be covered.

1. Susan Leung (M), Brown & Brown
2. Heather Burgess, NLC Mutual Insurance Company
3. Scott Koller, Clark Hill
4. Stacie Lilien, Silverfort
5. Nick Milne, Hamilton Insurance Group

We explore the significant implications catastrophic cloud failures pose for cyber insurers and risk managers. Quantifying the risk of catastrophic cloud downtime is crucial for understanding its impact on cyber insurance portfolios, as downtime can lead to substantial financial losses. While historically, modeling these risks has been challenging due to the unpredictable nature of cloud outages and the limitations of traditional modeling techniques, recent developments in cloud monitoring technology, particularly AI-driven solutions, are enhancing the ability to detect and mitigate these risks. This panel will also share insights into solutions and alternative risk financing, such as parametric insurance products, as ways to manage exposure to systemic risks associated with cloud outages. 

1. Brian Robb (M), Berkshire Hathaway Specialty Insurance
2. Brett Nakano, Swiss Re
3. Jonas Schwade, cysmo
4. Emma Werth, Cowbell

This panel will delve into the pressing issues affecting minors in the digital age. We will explore the Children's Online Privacy Protection Act (COPPA) and its implications for protecting children's data online, as well as state-specific privacy laws. We will also address the growing concern of AI on cyberbullying and sextortion, addiction to social media and gaming, and policyholder exposures related to these issues. The session will examine the role of EdTech platforms like PowerSchool in managing PII, PHI, and Mental Health PHI, emphasizing the importance of data security., focusing on the unique challenges in insurance and legal contexts. 

1. Ryan Steidl (M), Constangy Cyber
2. Greg Chambers, AXA XL
3. Steve Gemperle, Magnet Forensics
4. Kristen Meringolo, Liberty Mutual Insurance
5. Angelo Stio III, Troutman Pepper Locke

This panel will explore the growing use of dark web data in breach response and the associated risks. As organizations increasingly rely on dark web intelligence to understand and mitigate breaches, they face significant liability risks, including legal and regulatory exposures from trusting threat actors. Accessing dark web data also presents legal and technical risks, as well as potential reputational damage. The discussion will cover best practices to mitigate these risks, such as thorough verification processes, secure handling of sensitive information, and appropriate insurance coverage. 

1. Blair Dawson (M), McDonald Hopkins LLP
2. James Allman-Talbot, Quorum Cyber
3. Daniel Haier, Cipriani & Werner PC
4. Michael Sarlo, HaystackID
5. Don Wyper, DigitalMint Cyber

This panel will provide a comprehensive overview of new and notable activities and changes, highlighting key legislative and regulatory updates. Highlights from various states will be covered, as well as changes in the federal approach, focusing on trends in regulatory consolidation and harmonization. The panel will also address impactful international activities, examining global trends and their implications for domestic and international companies. 

1. Michael Bruemmer (M), Experian
2. Davis Hake, Venable LLP
3. Edward Lewis, CyXcel
4. Ellie Ludlam, Pinsent Masons LLP

Enjoy all morning breakfast sponsored by Asceris & ACTFORE while conducting meetings in the Exhibit Hall and terrace.