Cyber Risk and Insurance

Estimates as to the true cost of cybercrime and cyber espionage vary widely according to which report you read but what is clear is that cyber crimes will often go unreported as companies attempt to conceal losses in order to protect brand and reputation. Conversely, many organisations are being breached on a daily basis and remain blissfully unaware that they have fallen victim to an attack since they have no means to detect them. With a large majority of companies having either insufficient or no cyber insurance in place at all, the risk of catastrophic financial damage to both small and large enterprises alike is extremely high. Yet many organisations are unclear what they are buying with many off-the-shelf cyber insurance policies being a long way off from covering all costs associated with breaches, companies need to understand what an effective policy looks like, what they are covered for and where they are still exposed. Cyber Risk and Insurance – what companies need to know will educate companies on the current cyber threats affecting organisations today and will equip them with the knowledge they need to select the most appropriate policies for protecting their businesses, assets and reputation. It will assist companies in evaluating their own needs by asking such questions as:

• Does your organisation have the people or experience to effectively manage a data breach incident? • How should your organisation decide whether investment in cyber insurance should be part of your security strategy? • Ahead of impending legislation, how can your organisation reduce the significant costs resulting from a data breach incident?

Supported by                                                                                                                                                    Exhibitor

NQA logoPrintsecurity institute logo                                                           Portcullis_logo_-_high_resolution

Click read more for agenda Read more

Peter Warren, Chair, The Cyber Security Research Institute

Peter Warren chairs the Cyber Security Research Institute. He is an award-winning freelance journalist specialising in technology, undercover investigations and science issues. In demand as a speaker and thought leader, he has recently presented a 75-page report on ‘Ethics in the Digital World’ to EU decision-makers in Brussels and given a speech to the French Senate (the upper house of parliament) on the same theme. He has been asked by both the UK Government and Opposition to contribute to cyber security policy. Peter has given academic talks at Oxford University and Royal Holloway, University of London and he is the author of two books on cyberwarfare.

Every week he presents the UK’s only independent live radio talk show devoted to technology in society, PassWord with Peter Warren on Resonance 104.4FM
The former technology editor of Scotland on Sunday and the Sunday Express and an associate producer for BBC2, he has worked across a variety of media, including the Guardian, the Daily Mirror, Evening Standard, the Sunday Times, the Sunday Express, Sunday Business, Channel 4, Sky News, the BBC and specialist magazines. In 1996 Peter was runner-up in the UK Press Gazette Business Awards for Technology Scoop of the Year. He was a guest speaker on Technology Ethics to the European Union’s Information Society Technologies conference in Helsinki, Peter, who lives in Suffolk, is an acknowledged expert on computer security issues.

In 2006, Peter won the BT IT Security News story of the year prize for his work exposing the practice of discarding computer hard drives containing sensitive business and personal data.
In 2007, Peter won the IT Security News story of the year prize again for work done with Future Intelligence showing that Chinese hackers had broken into the UK Houses of Parliament.
In 2008 Peter won the BT Enigma Award for services to technology security journalism.
– See more at:

Laurent Heslault, Chief Security Strategist, Symantec

As Chief security strategist at Symantec, Laurent Heslault is in charge of making the company’s customers, partners and larger audiences aware of the ever-evolving threat landscape, of the consequent cyber risks and of the necessary information protection. As the spokesperson of Symantec at local and international security events and an expert in cyber security, Laurent collaborates on a regular basis with government organizations and trade associations and interacts with the media on all subjects related to cyber threats and cybercrime at large. As such, he also feeds back on cyber trends and participates to internal and external think tanks and prospective groups.

Laurent joined Symantec in 2004 as technical sales manager. After he studied aeronautics and engineering at Estaca College, Laurent started his career in Sema Matra, pursuing it at Computacenter, Lotus and then IBM Software at various technical, sales, marketing and management positions.

Laurent Heslault is certified in CISSP (Certified Information Systems Security Professionnal) and CCSK (Certificate of Cloud Security Knowledge), CISM (Certified Information Security Manager) and as ISO27005 Risk Manager.

John Hurrell, Chief Executive, Airmic

John was appointed as Chief Executive of Airmic in January 2008 following a career of almost 30 years in the Marsh and McLennan Group of Companies.

John was involved in a number of senior management roles at Marsh and, prior to his retirement from the company, was Chief Executive of Marsh’s Risk Consulting business throughout Europe and the Middle East for five years.

During his period at Airmic, he has been involved in extensive research into risk and insurance related issues which has resulted in a number of ground breaking publications from Airmic, including Roads to Ruin and Roads to Resilience.

John is a Fellow of The Chartered Insurance Institute and a Chartered Insurer.

Ollie Whitehouse, Technical Director, NCC Group

Ollie Whitehouse is a Technical Director with NCC Group, where he is responsible for a number of departments and technical innovation across the Security Consulting division.

Prior to this role he was responsible for technical delivery in South of England for NCC Group’s security testing practice for a couple years. Before his role at NCC Group Ollie was Manager for Security Research & Assessment at RIM (BlackBerry) in EMEA for four years. While at RIM he was responsible for establishing and growing the firm’s European software security research team.

Over the past 14 years Ollie has worked a number of multinationals in a variety of cyber security consultancy, research and management roles providing advice on the modern challenges faced by end user organisations, governments, and larger software vendors.

Craig Balding, Managing Director, Group Head of Cyber Security Risk, Barclays

Craig Balding is Managing Director for Group Cyber Risk. As the Key Risk Officer for Cyber, he is responsible for Group wide Cyber Risk Management. This includes understanding the threat landscape, defining the cyber risk control framework, working with business unit leaders to establish risk appetite, owning policy and minimum standards along with actively assessing and challenging global threat management capability. Prior to joining Barclays last April, Craig worked at GE for 17 years – most recently as Red Team Director – in which he led a team of offensive security specialists in delivering a companywide Threat Simulation service.

Craig has 20 years experience in the IT industry. He is co-author of “Maximum Security: A Hackers Guide to Protecting Your Network”, CISSP and formerly CISA certified and British Computing Society Chartered IT Professional (MBCS CITP). He specialises in cyber capability assessment, cloud and mobile security, penetration testing, incident response, forensics, UNIX/Linux and ORACLE security. He has previously presented at Black Hat Europe, eCrime London, the World Cloud Computing Summit, Brucon, RSA Europe and SecureCloud.”

Giles Smith, Deputy Director for Cyber Security and Resilience, Department for Business, Innovation and Skills (BIS)

Giles is the Deputy Director for Cyber Security and Resilience within the Department for Business, Innovation and Skills (BIS). He has responsibility for delivering BIS’ cyber security agenda which includes promoting awareness of cyber risks among businesses of all sizes, encouraging private sector behaviour change to better address cyber risks, boosting cyber skills within the current and future workforce and growing the UK cyber security sector

Raj Samani, VP, CTO, McAfee EMEA

Raj Samani is an active member of the Information Security industry, through involvement with numerous initiatives to improve the awareness and application of security in business and society. He is currently working as the VP, Chief Technical Officer for McAfee EMEA, having previously worked as the Chief Information Security Officer for a large public sector organisation in the UK and inducted into the Infosecurity Europe Hall of Fame (2012).

He previously worked across numerous public sector organisations, in many cyber security and research orientated working groups across Europe. He is also the Syngress books ‘Applied Cyber Security and the Smart Grid’, “CSA Guide to Cloud Computing”, and technical editor “Industrial Network Security (vol2)” and “Cyber Security for decision makers”.

In addition, Raj is currently the Cloud Security Alliance’s Chief Innovation Officer and previously served as Vice President for Communications in the ISSA UK Chapter where he presided over the award of Chapter Communications Programme of the Year 2008 and 2009.  He is also Special Advisor for the European CyberCrime Centre, also on the advisory council for the Infosecurity Europe show, Infosecurity Magazine, and expert on both, and Infosec portal, and regular columnist on Help Net Security. He has had numerous security papers published, and regularly appears on television commenting on computer security issues. He has also provided assistance in the 2006 RSA Wireless Security Survey and part of the consultation committee for the RIPA Bill (Part 3).


Dan Solomon, Director – Cyber Security Services, Optimal Risk

Dan Solomon heads the Cyber Risk and Security Services division at Optimal Risk. He is a leading proponent of a converged approach to security risk. He is an industrial espionage specialist and a cyber risk practitioner of FAIR, and is a prominent advocate of red teaming and cyber war games. Previously he was Consulting Lead for Cisco’s Cyber Security Centre of Excellence and VP at Security Art: a boutique cyber security powerhouse that pioneered red teaming and cyber war game methodology.

Dan Trueman, Head of Cyber, Novae Group

Dan heads up Novae’s Cyber Division. Dan previously worked at ANV as Lead Underwriter for Enterprise Risk. Prior to this he spent 10 years at Kiln, most recently as Active Underwriter of the Enterprise Risk Division of Syndicate 510, a division he formed and which underwent 350% growth in two years. Other roles included developing Kiln’s Cyber and Reputation Risks account and writing Political Risk and Trade Disruption Insurance within the Marine and Special Risks Division. At Novae, Dan is responsible for leading the Cyber Division and overseeing business development for this portfolio.

Lisa Hansford Smith Senior Underwriter, Cyber, Tech & Media, XL Catlin

Before joining XL Group as a Senior Underwriter in 2013, Lisa led Marsh’s professional indemnity and cyber liability team for communications, media and technology, working with international wholesale and retail clients. Lisa also worked with major corporate clients in publishing, technology and telecommunication.

Lisa holds an MBA and is an Associate of the Chartered Insurance Institute.

Richard Hodson, Head of Technology, Arthur J. Gallagher

Richard Hodson is head of technology at Arthur J. Gallagher (GB). With over 15 years experience in the UK regional, London and Australian insurance markets Richard has worked for the international as well as more specialist and regional insurance brokers. He has dealt with a large range of clients from global companies to insurance for new start ups and a variety of risks from property exposures to aviation.

Richard is a regular commentator on the cyber threat and the wide ranging perils facing organizations today, from cybercrime to the risks of social media and how even the smallest of organizations is vulnerable.

Phil Mayes, Head of Technology and Cyber Underwriting, ANV

Phil is the leader for the ANV Technology E&O and Intangible Risk Underwriting team. In this role he is responsible for building and running this division and its underwriting on an ongoing basis in addition to recruiting and managing its underwriters and claims support to assure specific and dedicated levels of service, experience and expertise in these new and emerging areas of risk. His work will focus not only on ANV Syndicate 1861, but also across the larger ANV Group as an added dimension for ANV’s underwriting across all lines of business with technology considerations.

Prior to joining ANV, Phil held senior executive underwriting positions in Digital and Privacy risks for market leaders Lockton, Zurich, CNA and St Paul and brings more than 25 years of underwriting experience to the team.

Rossella Bollini, TMB Underwriter, Beazley

Rossella originally joined Beazley in 2012 as a D&O underwriter, concentrating on large risks International directors and officers liability.
After two years within the Management Liability team, she moved to the Technology, Media and Business Services team in August 2014 with a specific focus on International cyber liability and errors and omissions. She has five years’ experience in the insurance industry.

Rossella speaks Italian, English, Spanish, French and German and currently holds the Dip CII qualification.

Ben Hobby FCA, Dip CII, Director, RGL Forensics

Ben has been involved in Forensic Accounting in London since 2004. Prior to this, he worked extensively in internal audit and investigative roles in industry, where he gained significant experience in the review of operational processes and internal controls.

Ben has handled losses and investigations of various scopes and sizes for insurers and lawyers in the United Kingdom, Europe, the Middle East (including Turkey and Saudi Arabia), Thailand, Russia & the CIS, and South Africa. His insurance expertise focuses on commercial crime, business interruption, loss of profits and product liability in various sectors, including agriculture, construction, manufacturing and retail. In addition, Benhas conducted accounting investigations of reinsurance treaties and binding authorities in the UK, Europe, USA and Australia.

Ben has been quoted in the insurance press on the issues surrounding binding authorities from an accounting perspective.

Jillian Raw, Partner, Kennedys

Jillian Raw is a Partner at Kennedys. Her cyber practice includes cyber coverage under traditional forms of policies and advising in relation to cyber wordings and risks. She has a particular interest and experience in cloud computing, cyber-attacks on software/equipment and cyber hacking cases. Jillian’s other practice areas include engineering, product and property damage claims. Jillian studied law at Cambridge. She writes regularly on cyber issues and was a contributing author to Tolley’s Insurance Handbook 3rd Edition.

Hans Allnutt, Partner, DAC Beachcroft

Hans Allnutt is a partner and head of DAC Beachcroft’s Technology, Media, and Information Risks (TMI) team

Hans is a disputes specialist advising on claims involving financial institutions, professionals and technology companies both nationally and internationally.  Hans’ practice includes litigation in the Courts of England & Wales, arbitration and other forms of ADR.

For insurer clients, Hans regularly advises on the defence and coverage of claims arising under D&O, E&O and PI policies. He is an expert on cyber risk and data breach insurance policies, having advised on policy wordings and claims.  Hans is also instructed by corporate clients on data protection and privacy issues.

Hans is widely published on the topic of cyber risk, data protection and information security. He is regularly invited to speak at industry and client sponsored events.

Hans tweets about cyber risk and privacy issues via @legallnutt.

Sandra Cole, UK & International Claims Counsel, Beazley

Sandra joined Beazley in November 2010 and is responsible for handling large and complex technology/media & business services claims. Sandra is also the Focus Group Leader for Beazley’s Large Risk International brokers’ book.  Sandra’s case load is varied and has experience in managing claims in litigation & arbitration around the world, including the US, UK, Canada & Western Europe.

Brett Warburton-Smith, Partner, Lockton Companies LLP

Brett has 20 years insurance experience. He is a partner at Lockton having joined from Aon and previously Marsh.

Starting his insurance career as a political risk underwriter with Euler Hermes in 1990, Brett moved to Amlin Credit, a Lloyd’s Syndicate, where he was promoted to Board Director and then to Marsh where he led sales in the financial and professional sectors.

Experience in Professional Liability, Directors’ & Officers’, Cyber and Reputational Harm insurance has enabled Brett to really understand the commercial and insurance challenges his clients face in operating their business and achieving their objectives.

Brett’s experience in specialists sectors includes major UK lawyers, private equity houses, investment trusts, surveyors and international creative advertising agencies. He has worked with the Big Four accountants, the largest emerging market Private Equity firm in the world and FTSE 100 investment advisors.

Ilia Kolochenko, CEO, High-Tech Bridge SA

Ilia Kolochenko has a university degree with honors in Mathematics and Computer Science from Geneva, his city of origin. Ilia Kolochenko started his career as a penetration tester, he also was a security expert and team leader working for various financial institutions and large companies in Switzerland and abroad. His military service in artillery troops took place in Frauenfeld, Switzerland. At the end of 2007 he founded High-Tech Bridge, aiming to deliver efficient and effective penetration testing to companies of all sizes. In 2010 Ilia Kolochenko created a concept of hybrid security assessment of web applications, called ImmuniWeb, that was globally launched in 2014. Being web application security expert and chief architect of ImmuniWeb, he is personally involved into ImmuniWeb’s daily operations, implementing new features and functions. Ilia Kolochenko is a contributor to CSO magazine, he is also regularly quoted in various IT security and business journals including Forbes, CNBC, Financial Times, and BBC.

Graeme McGowan, Director, Cyber Risk & Security Services, Optimal Risk Management Ltd

Graeme took early retirement in 2008 after 37 years working for a Government Intelligence Agency. From 2005 to 2008 Graeme was seconded to the Home Office as the first Senior Government Communications Officer and was also responsible for developing the Code of Practice for and enactment of RIPA Part III, which provides Law Enforcement Agencies and Public Authorities the appropriate legal powers to access encrypted data.
Since 2008, as well as providing independent Cyber and Cyber Security/Open Source Intelligence consultancy services to the public and private sector, Graeme has held a number of successful Directorial roles including Client Director for the UK strategic arm of a Swiss Software House, Cyber Advisor to a Global Security Risks Group and Director, Cyber & Cyber Security for a UK-based Security company to develop their Cyber & Cyber Security solutions portfolio. Graeme is currently Associate Director, Cyber & Security Risk for Optimal Risk Management Ltd.