The session was opened and moderated by Joaquín Ruiz Echauri, Insurance and Reinsurance partner at Pérez-Llorca. Speakers included Fidel Solera, Delegated Prosecutor of Cybercrime from the Provincial Prosecutor’s Office of Madrid, Adriana de Buerba, White Collar Crime and Investigations partner at Pérez-Llorca, Rafael Fernández, Insurance and Reinsurance counsel at Pérez-Llorca, and Melchor Sanz, cybersecurity expert at HP, IT specialist and professor at the IE Law School.
Joaquín Ruiz Echauri opened the session by analysing the current situation of cyber-risk insurance as a new growing line of business for the insurance sector in the face of the emerging growth of cyberattacks against high-level companies, which include insurance companies as victims.
Fidel Solera then had an interesting discussion with Ruiz Echauri on the Administration of Justice’s actions to pursue cybercrimes. In this respect, Solera noted that the highest crime rate is in the area of corporate cyber fraud related to scams and displacement of assets from different entities or accounts. As such, for Fidel Solera, the 2015 reform of the Spanish Criminal Procedure Act has led to fewer cases being investigated in court, and, in turn, has boosted technological investigation, enabling the blocking and tracking of significant sums of money paid and the recovery of assets, as long as the company reports the matter and acts immediately.
From a compliance point of view, Adriana de Buerba noted the importance of adopting appropriate security measures (both preventative and reactive) in the custody of data, because of the possible liabilities to third parties that may arise for a company which falls victim to a cyberattack, be it for operational damages or for the disclosure of secrets and data leaks. In this context, de Buerba pointed out the need to have a set of actions already in place in the event of a cybersecurity crisis and the importance of receiving advice from insurance companies on sound internal protocols for managing these risks.
In terms of insurance policies for cyber risks, Rafael Fernández explained the process of adapting this product in Spain and highlighted the exponential growth that it has experienced over the last few years. Elsewhere, Fernández analysed the most representative coverages and characteristics of this type of insurance and stressed its importance for protecting policyholders against potential security breaches, including compensation for loss of benefits or costs arising from civil liability claims.
Lastly, Melchor Sanz explained the technical actions to follow before, during and after a cyberattack for the purpose of selecting and adequately measuring the risks to be insured. On this point, Sanz insisted on the need to carry out a self-assessment of how protected companies are against cybercrime, the importance of reviewing the organisation with lessons learned after falling victim to a cyberattack and strengthening collaboration between companies in order to share good practice against such cyberattacks and thus avoid any further occurrences.
The event ended with an interesting Q&A session directed by Joaquín Ruiz Echauri.