Beware of data integrity key and rogue software when tackling cyber risk
In addressing cyber risk it is important to understand the difference between encryption and data integrity, David Piesse chief risk officer, Guardtime, said in a panel discussion at the EAIC conference.
“Many executives believe that because their data is encrypted, they are secure,” he said. “They also believe that their IT department has control of that, when in fact this is not the case.”
He explained that the issue of data provenance can be overlooked.
“How do you know an individual piece of data – its origin, lifecycle, who has accessed it in its lifecycle, and whether it has been tampered with? You cannot do that with encryption on its own, so we need to look at the data provenance.”
He gave as an example the network of delivery vehicles in New York, which have telematics devices in them feeding put data into a big data store - a health and safety data exchange which is sold to insurers.
“If those telematics devices have data integrity in them at the point of origin of the data, the insurance companies will have warranty of that provenance right from the point where they buy that data to write their policies on.”
The internet of things generates similar useful information for factories and power stations – but, he said, you have to be able to be sure that no rogue software has got into them.
Discussing the potential of the capital markets entering this field, he highlighted a further problem around data.
“I see a potential threat from the capital markets because you don’t need too many data points to start up a cat model or a benchmark. There is no cyber index, there are some data points out there, and people do want to create ILS products from cyber.
“That could need to a large investment of non-correlated portfolio funds into a cyber index. The big problem we have at the moment is that it’s difficult to tell the difference between a cyber-attack and change management carried out by IT on a Saturday morning – and that potentially could trigger a claim on an ILS.
“Once that is sorted out maybe the ILS market will enter. Hopefully the insurance industry will really start to get to grips with in the next couple of years.”
Already registered?
Login to your account
If you don't have a login or your access has expired, you will need to purchase a subscription to gain access to this article, including all our online content.
For more information on individual annual subscriptions for full paid access and corporate subscription options please contact us.
To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.
For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk
Editor's picks
Editor's picks
Copyright © intelligentinsurer.com 2024 | Headless Content Management with Blaze