Editors' Cuts

Cyber-Risk Mitigation: We Get it

Pat Speer
Insurance Experts' Forum, October 4, 2012

There’s been a lot of talk lately about the role of government in the private business sector, so it’s fitting that, since October is Cyber Security Month, the White House reports President Obama is said to be considering an Executive Order that will ultimately impact both the public and private sectors, including the insurance industry.

As a formal response to stalled cyber security legislation, the order is predicted to include information-sharing measures for infrastructure providers, and will direct federal agencies to develop “voluntary cyber security guidelines” for critical infrastructure owners, such as power and water companies, chemical plants and even financial networks. Currently, say analysts, more than 80 percent of critical infrastructure is owned by the private sector.

While the National Security Agency estimates that the annual rate of cyber attacks on American infrastructure jumped seventeen-fold between 2009 and 2011, the insurance vertical market has not been directly affected. But it would be if our nation’s power grid suffered an outage due to cyber-terrorism, say critics. The idea behind the Executive Order is to prompt the public and private sectors to offer cyber-attack intelligence that will be combined to create a tested path to follow.

Of course, insurance IT personnel have enough to worry about with their own infrastructures—keeping growing data stores safe and secure whether housed in brick and mortar bunkers or in the cloud; and whether transmitted over secure pipes or via encrypted mobile devices. The goal, cyber-resiliency (defined by Jeff Snyder, VP, Cyber Programs, Raytheon Company as “the ability to maintain operations through a cyber attack, recover, and then develop new defense techniques based on previous breaches,” is one shared by all sectors, public and private.

I know I’ve blogged about this in the past, but for our industry in particular, the issue of cyber security is about much more than cyber-resiliency, it’s about risk mitigation for the very sake of our very livelihood. We get it.

Yet apparently other industries need to hear the gospel. Recent criticism by Senate Republicans of the U.S. Homeland Security Department’s ability to take a lead role in protecting the nation’s computer systems has created an additional sense of urgency.

A little known Sept. 24 Reuters report quoted former government Cyber security sources saying the pending order would give government agencies 90 days to propose new regulations and create a new Cyber security council at the Department of Homeland Security with representatives from the Defense Department, Justice Department, Director of National Intelligence and the Department of Commerce.

If it all sounds ominous and overwhelming, it should … but for different reasons. Like many early releases of government-sponsored and promulgated rules, this potential Executive Order has a certain ring of “control” to it that finds itself on a very slippery slope.

With the best of intentions (save the United States of America from possible cyber-Armageddon), the federal government begins its course with the development of “voluntary” guidelines. As stakeholders, the insurance industry shares the ultimate goal and understands that it bears a great portion of the risk, making contributions to voluntary guidelines a slam dunk.

But haven’t we seen similar voluntary guidelines that ultimately become mandatory requirements, i.e., more regulatory compliance?

Pat Speer is an editorial consultant for Insurance Networking News.

Readers are encouraged to respond to Pat by using the “Add Your Comments” box below. Shealso can be reached at patricia.speer@sourcemedia.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Digital Vision vs. Harsh Reality

Much work remains to reconcile insurers' digital vision with the digital reality that seems to be arriving for other industries.

Vendors Embrace Mobile Technology

IT leaders at software firms clearly recognize the importance of mobility to drive their businesses forward. Almost 70 percent see mobility as mission critical or important to their organization today.

Big Data Is Paying Off

Insurers are getting business benefit out of their big data projects, but these projects alone won't grow their business.

What Can Insurers Learn from Home Depot?

The latest cyber-attack highlights the importance of helping policy holders defend themselves.

Not Your Father’s Insurance Company

Carriers need to look at new and impactful ways to be there for their customers.

How to Attract Top Tech Talent

When it comes to rankings of the best places to work, insurers are few and far between. Here’s what those who make the lists do to appeal to IT professionals.