Advisen’s Cyber Risk Conference is taking place on Thursday, October 24th at the Grand Hyatt in New York. The all-day event is the world’s largest cyber risk event for risk management and insurance professionals. Risk managers and buyers of insurance can attend free of charge.
I am honored to be among the 35 confirmed speakers for the day. Adam Sedgewick, Senior Information Technology Policy Advisor for the National Institute of Standards and Technology will give the morning keynote.
During my presentation, I will focus on why cyber risks now sit firmly in the boardroom. Drivers include:
- SEC guidance regarding cyber risk identification and disclosure
- Greater federal government scrutiny and focus on defending industry against cyber attacks
- Trend towards greater privacy regulation and legislation (as seen recently in the widening of personal data definition in California)
Learn more and register for the event: http://events.Signup4.com/AdvisenCyberInsights2013
In this article
from Singapore Business Review Lockton Singapore’s Angel Kuan looks at the increasingly complex risks relating to corporate and government cyber security. Recent events have made cyber attacks more than just an IT department problem. Businesses now need to consider how a successful cyber attack on their systems, or even their suppliers’, might impact director and executive liability, brand risk, and supply chain integrity.
As part of an initiative to develop a national cybersecurity framework, Lockton experts participated in a discussion on cybersecurity on August 26, 2013. Ari Schwartz, a Director for Cybersecurity Privacy, Civil Liberties, and Policy on the White House National Security Staff, invited select members of the insurance brokerage community to meet at the White House. Michael Born, Laurie Schwarz, and I were honored to represent Lockton.
In February 2013, President Obama issued an executive order outlining steps to protect critical U.S. infrastructure from cybersecurity threats. This effort will result in a voluntary cybersecurity framework outlining standards, procedures, and processes to address cybersecurity risks while balancing policy, business, and technological concerns.
At the meeting, Lockton’s Michael Born led a discussion about how the insurance industry could help develop the framework and how the government agencies could help the insurance industry and our clients with cybersecurity issues.
Some government officials perceive that the cyber insurance market is largely commoditized, like auto insurance. For some, the view is, “adopt the framework and lose 10% from your premium.”
We explained that it’s not that easy. But the cybersecurity framework can be a roadmap to help broaden coverage and capacity. It may also help us address cyber risks that are uninsurable today. That’s what makes the discussion and effort exciting for us and beneficial for our clients, ultimately.
The White House is not proposing legislation mandating cybersecurity standards, but is trying to get broad support in the private sector generally and specifically with insurers and brokers.
Additional topics of discussion included:
- Should cybersecurity insurance be required in order to comply with the framework?
- What incentives could be in place to encourage adoption of the framework?
- Does there need to be a Federal backstop or reinsurance program to encourage more insurance companies to offer coverage?
- What types of cybersecurity coverage are missing or are in short supply and how can we increase capacity?
- How can we encourage insurance companies to share loss and threat information to provide more actuarial data and help focus prevention and coverage where the risk is greatest?
- How can the cybersecurity insurance industry help develop standards for the five top-level cybersecurity functions – identify, protect, detect, respond and recover?
- What are other sources of information that can be tapped to increase threat awareness?
What do you think about these ideas? How can and should the private sector and government officials work together on this cybersecurity framework? I’d welcome your thoughts.
Read the draft of the framework.
Companies with cyber exposure are are characterized as having data exposure from a network security and privacy liability standpoint either as data owners or data vendors with a service offering in connection with the exposure. In this special report, I cover the issues involving companies that have a predominantly cyber exposure but also have media and technology exposure as well.
The US property and casualty insurance industry experienced a sharp uptick in profitability for the first quarter of 2013. With the release of these numbers, Lockton experts weigh in on current P&C market trends as well as specific pockets of shifts in pricing and capacity that affect insurance buyers.
This update also includes an in-depth Cyber Security Market Update special report from Laurie Schwarz, SVP, Lockton Global Technology and Privacy Practice.