scott-field-duck-creek-jenna-mcgrath-cybercube-ian-simmons-charterd-insurance-institute
Scott Field, Duck Creek; Jenna McGrath, CyberCube; Ian Simmons, Charterd Insurance Institute
7 October 2021Insurance

Should governments get involved with cyber protection?

Just two days after the Colonial Pipeline attack on May 7, 2021, US President Joseph Biden signed an executive order aimed at improving the country’s cybersecurity. The order, which had been months in the making, is aimed at improving the federal government’s efforts to identify, deter, protect against, detect, and respond to these actions and actors.

Collaboration with the private sector and removing contractual barriers so that IT and operational technology service providers can share their knowledge of threats with agencies are high on the agenda.

For Jenna McGrath, senior cyber economist at CyberCube, government involvement on cyber protection is a good idea.

Speaking during a Re/insurance Lounge panel, Intelligent Insurer’s digital hub for interviews, debates and panel discussions, she said: “Imagine a situation where utilities or oil and gas are sharing past attack threats where they’ve come in. It’s a centralised database to learn from what has happened to peers in past, and what to be on the lookout for going forward.”

“There are a lot of soft measures that the government, and regulators as an extension, can take.” Ian Simons, Chartered Insurance Institute

McGrath is confident that being able to provide cyber risks with a central sharing agency within the government is an important piece of the cyber puzzle.

“A lot of different US agencies have started taking this approach because it’s becoming clearer and clearer over the past couple of years that agencies and critical infrastructure are at risk of specific kinds of cyber attacks. It’s important to start reporting this to a government body to keep track of how severe the attacks are,” she added.

However, fellow panellist Scott Field, head of international product strategy at Duck Creek, believes that the government facilitating knowledge-sharing and data transfer is an optimistic scenario.

“If the government starts to regulate what questions can be asked to underwrite a cyber policy or starts to restrict somehow the innovation on the private sector side, that would be more of a negative outcome,” he warned.

Field added that when looking at massive cyber events, he’s unsure how proactive governments would be, but “they’ve certainly shown a willingness to step into the private sector when certain institutions that are deemed too big to fail are at risk”.

“If something major happens the governments would step in again and prioritise the economy over anything else and keep those things moving.”

A government’s involvement in cyber protection does not need to stop at information gathering.

Ian Simons, marketing director at the Chartered Insurance Institute, believes there are a lot of soft measures that the “government, and regulators as an extension, can take that support the sector and business in engaging this”.

Simons noted that collaborating on data, while engaging in education and driving up awareness can help companies build up their protections.

“It’s not just about saying what the government needs to do to force the private sector and insurance to come up with solutions, but how it can create an environment where customers are thinking about cyber breaches—not just malicious attacks but loss of data, employee breaches, etc. It’s all vital to the overall approach,” he said.

Simons thinks that where firms are being fined for breaches of data, the fines can be highlighted instead of being hidden away, which “forces awareness”.

“In 2019, BA was fined £184 million for a data breach. This caught attention and made sure other organisations started to look at what practices they put in place to avoid those things happening,” he added.

For more content like this visit the Reinsurance Lounge


“There’s never going to be one easy answer or one standardised form to get people protected.” Jenna McGrath, CyberCube

Solving the data problem

“I’d be surprised if many boards aren’t thinking about what the next big shock could be, but there’s no magic bullet,” Field said. Despite boards thinking about risk, he said, there is a protection gap and an awareness gap.

“We need to make sure people understand to what extent they can risk manage their own cyber,” Simons explained. He believes a lot of the groundwork can be done by better education, in terms of people within the insurance sector and in terms of customers.

McGrath advised that companies need to put in a place a contingency plan for cyber attacks, because the “range of the possibility of business interruptions are just so vast”.

“Threat actors evolve and change their methodology, they choose different targets to attack. The reality is that this cyber situation is complex and there’s never going to be one easy answer or one standardised form to get people protected and insured against it.”

“Insurers need to get a lot better at using the data they collect.” Scott Field, Duck Creek

Importantly, said Field, insurers need to get a lot better at using the data they collect to be able to understand the risks.

“In all lines of business, insurers are investing a lot of money and have been for a long time, but they still haven’t solved that data challenge,” he warned, adding that the industry needs to find a way to use data to work with companies to spot risk and prevent some of those claims.

“There needs to be continued investment in data infrastructure so that the industry can get smarter, so that we can have more standardisation and easier-to-understand products.

“The rate of change can’t keep up forever because we will then have confused brokers and consumers and the courts ultimately having to step in and settle some of the disputes,” he concluded.

To view the full Re/insurance Lounge session click here 

Already registered?

Login to your account

To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.

Two Weeks Free Trial

For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk


More on this story

Insurance
25 August 2021   An important skill has been identified alongside knowledge and behaviours that people entering the profession need to have.
Insurance
23 June 2021   It’s an interesting time to be in the cyber insurance market. The opportunity is huge, with a current market size of $8 billion and growing to around $20 billion by 2025. At the same time, challenges are real and dynamic. Threat actors continue to develop tactics to automate and scale operations to achieve their goals, monetary or otherwise.