Editors' Cuts

Cyber-Risk Mitigation: We Get it

Pat Speer
Insurance Experts' Forum, October 4, 2012

There’s been a lot of talk lately about the role of government in the private business sector, so it’s fitting that, since October is Cyber Security Month, the White House reports President Obama is said to be considering an Executive Order that will ultimately impact both the public and private sectors, including the insurance industry.

As a formal response to stalled cyber security legislation, the order is predicted to include information-sharing measures for infrastructure providers, and will direct federal agencies to develop “voluntary cyber security guidelines” for critical infrastructure owners, such as power and water companies, chemical plants and even financial networks. Currently, say analysts, more than 80 percent of critical infrastructure is owned by the private sector.

While the National Security Agency estimates that the annual rate of cyber attacks on American infrastructure jumped seventeen-fold between 2009 and 2011, the insurance vertical market has not been directly affected. But it would be if our nation’s power grid suffered an outage due to cyber-terrorism, say critics. The idea behind the Executive Order is to prompt the public and private sectors to offer cyber-attack intelligence that will be combined to create a tested path to follow.

Of course, insurance IT personnel have enough to worry about with their own infrastructures—keeping growing data stores safe and secure whether housed in brick and mortar bunkers or in the cloud; and whether transmitted over secure pipes or via encrypted mobile devices. The goal, cyber-resiliency (defined by Jeff Snyder, VP, Cyber Programs, Raytheon Company as “the ability to maintain operations through a cyber attack, recover, and then develop new defense techniques based on previous breaches,” is one shared by all sectors, public and private.

I know I’ve blogged about this in the past, but for our industry in particular, the issue of cyber security is about much more than cyber-resiliency, it’s about risk mitigation for the very sake of our very livelihood. We get it.

Yet apparently other industries need to hear the gospel. Recent criticism by Senate Republicans of the U.S. Homeland Security Department’s ability to take a lead role in protecting the nation’s computer systems has created an additional sense of urgency.

A little known Sept. 24 Reuters report quoted former government Cyber security sources saying the pending order would give government agencies 90 days to propose new regulations and create a new Cyber security council at the Department of Homeland Security with representatives from the Defense Department, Justice Department, Director of National Intelligence and the Department of Commerce.

If it all sounds ominous and overwhelming, it should … but for different reasons. Like many early releases of government-sponsored and promulgated rules, this potential Executive Order has a certain ring of “control” to it that finds itself on a very slippery slope.

With the best of intentions (save the United States of America from possible cyber-Armageddon), the federal government begins its course with the development of “voluntary” guidelines. As stakeholders, the insurance industry shares the ultimate goal and understands that it bears a great portion of the risk, making contributions to voluntary guidelines a slam dunk.

But haven’t we seen similar voluntary guidelines that ultimately become mandatory requirements, i.e., more regulatory compliance?

Pat Speer is an editorial consultant for Insurance Networking News.

Readers are encouraged to respond to Pat by using the “Add Your Comments” box below. Shealso can be reached at patricia.speer@sourcemedia.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Driving Growth Through Distribution Management

In the current hyper-competitive marketplace, many carriers are focusing on improving their distribution practices as a key technique for driving growth.

Google and Insurance: One Year Later

Google is getting the approval for selling insurance on their compare site in a large number of states via a number of different insurance partners.

How IT Managers Can Get Close to Policyholders

Four steps CIOs need to take to lead insurance organizations to greater “customer obsession.”

Strategic Initiatives for 2015: Making Sense of the Shifts

Insurers must choose between embracing innovation or just continuing with business as usual and run the risk of becoming a casualty in the new competitive battle.

To Stay in the Game, Insurers Must Aggressively Embrace New Consumer Technologies

Emerging technologies displayed at the CES could be some of the greatest change agents since the introduction of the Internet, offering breakthroughs that could challenge many businesses.

Marketing: The Insurer’s Shadow IT Department

Marketing executives continue their march into the insurance data center.