Editors' Cuts

Cyber-Risk Mitigation: We Get it

Pat Speer
Insurance Experts' Forum, October 4, 2012

There’s been a lot of talk lately about the role of government in the private business sector, so it’s fitting that, since October is Cyber Security Month, the White House reports President Obama is said to be considering an Executive Order that will ultimately impact both the public and private sectors, including the insurance industry.

As a formal response to stalled cyber security legislation, the order is predicted to include information-sharing measures for infrastructure providers, and will direct federal agencies to develop “voluntary cyber security guidelines” for critical infrastructure owners, such as power and water companies, chemical plants and even financial networks. Currently, say analysts, more than 80 percent of critical infrastructure is owned by the private sector.

While the National Security Agency estimates that the annual rate of cyber attacks on American infrastructure jumped seventeen-fold between 2009 and 2011, the insurance vertical market has not been directly affected. But it would be if our nation’s power grid suffered an outage due to cyber-terrorism, say critics. The idea behind the Executive Order is to prompt the public and private sectors to offer cyber-attack intelligence that will be combined to create a tested path to follow.

Of course, insurance IT personnel have enough to worry about with their own infrastructures—keeping growing data stores safe and secure whether housed in brick and mortar bunkers or in the cloud; and whether transmitted over secure pipes or via encrypted mobile devices. The goal, cyber-resiliency (defined by Jeff Snyder, VP, Cyber Programs, Raytheon Company as “the ability to maintain operations through a cyber attack, recover, and then develop new defense techniques based on previous breaches,” is one shared by all sectors, public and private.

I know I’ve blogged about this in the past, but for our industry in particular, the issue of cyber security is about much more than cyber-resiliency, it’s about risk mitigation for the very sake of our very livelihood. We get it.

Yet apparently other industries need to hear the gospel. Recent criticism by Senate Republicans of the U.S. Homeland Security Department’s ability to take a lead role in protecting the nation’s computer systems has created an additional sense of urgency.

A little known Sept. 24 Reuters report quoted former government Cyber security sources saying the pending order would give government agencies 90 days to propose new regulations and create a new Cyber security council at the Department of Homeland Security with representatives from the Defense Department, Justice Department, Director of National Intelligence and the Department of Commerce.

If it all sounds ominous and overwhelming, it should … but for different reasons. Like many early releases of government-sponsored and promulgated rules, this potential Executive Order has a certain ring of “control” to it that finds itself on a very slippery slope.

With the best of intentions (save the United States of America from possible cyber-Armageddon), the federal government begins its course with the development of “voluntary” guidelines. As stakeholders, the insurance industry shares the ultimate goal and understands that it bears a great portion of the risk, making contributions to voluntary guidelines a slam dunk.

But haven’t we seen similar voluntary guidelines that ultimately become mandatory requirements, i.e., more regulatory compliance?

Pat Speer is an editorial consultant for Insurance Networking News.

Readers are encouraged to respond to Pat by using the “Add Your Comments” box below. Shealso can be reached at patricia.speer@sourcemedia.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Too Much Manual Effort is a Show Stopper

Examining the administrative burden of doing business in the E&S market.

The Efficiency CIO vs the Agility CIO

There is a role for both types of CIO, each organization has different priorities whether they’re an insurer, intermediary, vendor, start-up, etc.

Becoming a 24/7 Insurer

Insurers should be in the business of making life safer and better for consumers all the time.

Putting Your Investments Where Your Transformation Is: Part 2: Optimizing Your IT Investments Portfolio

Sam Medina continues a 3-part series on Transforming the IT Investment Budget in order to fund new programs and initiatives without the necessity of additional capital expense.

The Mobile Side of Digital: From OK to Great

What are the mobile leaders, including Allstate, Progressive, State Farm and Geico, doing to go from standard to strong?

Using the Data Deluge to Empower Consumers

Insurers can learn from the use of activity tracking in other fields to help their customers make better decisions.

Advertisement

Advertisement