The State of the Cyber Risk Industry
The opening keynote session at the 2018 NetDiligence® Cyber Risk Summit highlighted the state of the cyber risk industry as we see it today.
Speakers included:
- Josh Shapiro, Attorney General, Commonwealth of Pennsylvania
- Josh Ladeau, Senior Vice President, Head of U.S. Cyber, Aspen Insurance
There has been some interesting commentary in the market regarding cyber being unchartered territory. It is the great unknown. And it is probably going to get worse before it gets better, so this industry will be challenged.
That being said, the concept that “nobody knows what they are doing” is a misconception. This is new, but it is human driven. Because of this, there are patterns that can be uncovered very quickly. Underwriter and industry knowledge and experience is already very good. There is phenomenal talent in the industry and they are working very hard to learn each day to learn the risks from those in the field like Chief Information Security Officers (CISOs).
There are needs, however. Long-term analysis is something that is greatly needed in the market. In order to remain pioneers in the industry, it is critical that the industry continue to drive this charge. In addition, there has been a rapid emergence of vendors in the cyber space. It is important that we do not rely too heavily on them and remain as diligent as possible to mitigate the risk.
Josh Shapiro, Attorney General, explained that cyber crime is a new area for his office, but they are embracing the need to combat cyber issues. It is rapidly becoming a large focus. Their strategy is threefold: enhancing education and prevention, building internal capabilities to deal with cyber threats and creating collaborative partnerships to deal with cyber crime.
Law enforcement is very serious about their responsibility for making sure that people are held accountable when they engage in cyber crime. In Philadelphia, they are getting much more aggressive in their investigations, suing large companies like Uber. They are looking at a $13.5 million fine for failing to disclose knowledge of a data breach in Pennsylvania, alone. The intention is to create a change in the corporate mindset to put a premium on protecting personal information.