Insurance Industry To Bring Stability To Cyber Security?
'TF7 Radio' Looks At IP, The Rise Of Cyber InsuranceAdd bookmark
This week’s “Task Force 7 Radio” show shifted between intellectual property (IP) and a quasi-feud with China, and the emergence of cyber insurance.
Guest John Frazzini, President and CEO of Secure Systems Innovation Corporation (SSIC), used anecdotal and historical evidence to show how cyber insurance will transform the way organizations handle financial risk. He also predicted that it will bring stability to an industry that, in his opinion, is stuck in a bubble not dissimilar to the 2008 housing crisis.
Frazzini said that cyber insurance will also alter the day-to-day output of chief information security officers (CISO), and the role of the technologist.
IP Across Borders
Rettas began the show by discussing recent developments with IP theft. Rettas took listeners back to September 2015, when President Barack Obama announced to the world, in a joint news conference with China, that the two world powers had agreed not to support or conduct cyber-enabled theft of IP.
Rettas said that in the cyber community, the sentiment was met with a roar of laughter, as it has become China’s national strategy to leverage American ingenuity for their own competitive edge. The “TF7 Radio” host said the problem has become so pervasive, and yet no one “seems to care.”
Doing the math, Rettas said China has likely lifted something close to $4 trillion from the U.S. in the last 10 years. He says it’s something Americans appear to have “selective amnesia” about.
Twenty Years Of ‘Growth’
In the show’s next segment, Frazzini joined the “TF7 Radio” host to discuss the evolution of cyber security since the mid- to late-1990s, and the catalyzing effect of cyber insurance.
Frazzini said that in the 1990s, security was viewed as a problem – in a need of a “silver bullet.” The mindset was: If you have a silver bullet, widespread cyber fear dissolves. He said 20 years later, there is no silver bullet, nor has the “issue” been resolved.
The “TF7 Radio” guest likened much of today’s industry activity to “blocking and tackling,” but without a game plan and (universal) strategy. He said the industry cannot get a “broad consensus from a strategic level on what needs to be done beyond that.”
This discussion then segued into today’s CISO, which according to Frazzini has taken an interesting turn since the 1990s. He called “lowercase-C” CISOs folks who are technologists who are seeking better technological performance. Then, there’s the “capital-C” CISO, who is more executive-minded and is trying to intersect technical components and business discourse. The capital-C folks, he said, are looking for true cost reduction, and aligning security with the business.
Frazzini said the reliance on technology “has peaked,” and now “it’s time for folks in security to connect with the business.”
Yet, can security be effective across sectors? Frazzini said that because of an “inside-out” view of the world that permeates within the government, innovation and game-planning comes largely from the private sector. He called for more cooperation and information sharing, to help mend the glaring disconnect between sectors.
Cyber As Apolitical?
On the dissolution of the cyber czar with the National Security Council (NSC), Frazzini said that while the optics may be bad, the Office of Management and Budget (OMB) is taking strides at bringing effective measurement to cyber security – and understanding ROI and improvements from a business perspective. Frazzini said that endeavor should not be diminished because an NSC position goes unfilled.
Again, the “TF7 Radio” guest called for more cooperation, and perhaps a consortium of leading cyber professionals, to come up with the much-needed “game plan.”
It’s here where Frazzini then compared today’s cyber situation to the 2008 housing crisis. He said cyber – in a proverbial arms race and exorbitant spending – will eventually need to have risk and financial stability baked into it.
Insurance As A Lifeline?
The latter half of the show then dealt with cyber insurance – and its formation in the enterprise. Frazzini said the emergence of cyber insurance really goes back to the late-1990s, when a presidential directive from Bill Clinton first said that information systems present national security challenges. This gave way to information-sharing groups and forums attended by insurance representatives.
Frazzini said insurance as an industry has long been a part of stabilizing society: from auto to housing and medical. He said that while insurance may be a dry topic to some, it has long provided resiliency and stability.
He also predicted that with the proliferation of cyber insurance, market efficiencies will be brought forward, and organizations will be able to pinpoint financial risk more easily.
“The industry is evolving, it’s in its infancy now,” Frazzini said. “But it will be a transformational shift.”
The “TF7 Radio” guest then outlined the history of insurance, and ways in which it has stabilized fledgling industries for centuries. References included the 1666 Great Fire of London and the emergence of property insurance. Then, in the 1680s, Edward Lloyd (“Lloyd’s of London”) founded an insurance mechanism in a coffeehouse that stabilized merchant shipping. About a century later, the radio show guest said, Benjamin Franklin’s Philadelphia Contributorship for Insurance of Houses from Loss by Fire pioneered home insurance by refusing to cover homes built with wood.
The way it comes full circle, he said, is that the cyber insurance market is attempting to do just that – underwrite financial stakes and be a stabilizing force for the space.
“The ability of the insurance industry (carriers, brokers) to help organizations understand financial exposure (is) permeating corporate America…” he added.
The "Task Force 7 Radio" recap is a weekly feature on the Cyber Security Hub.
To listen to this and past episodes of "Task Force 7 Radio," click here.
Be sure to connect with Frazzini, here.
Be Sure To Check Out: The Many 'Arms' Of Today's Cyber Security Team: An Inside Look