GROWTH STRATEGY REVIEW
Risk management functions involve assessments
of technology, processes and people issues
By G. Edward Kalbaugh
The U.S. Government's recent approval of more than $330 billion for Homeland Defense will fuel unprecedented expenditures in all areas related to security. As one of the most critical areas related to the nation's infrastructure, CyberSecurity will receive a significant portion of these funds.
Federal funding for CyberSecurity is important to insurance agents for a number of reasons. Before discussing these reasons, it is important to understand what the term CyberSecurity means. Essentially, CyberSecurity refers to any product or action that attempts to secure a wired or wireless network. These networks encompass a wide range of communication infrastructures, including wired and wireless internal office networks, external private networks, traditional public networks, the Internet, and the various networks used by local, state and federal governments.
Among the various CyberSecurity products or services, virus protection is the most common product familiar to computer users. But for most commercial and government enterprises, CyberSecurity encompasses much more than virus protection. CyberSecurity involves a complete spectrum of risk identification, mitigation-protection, and recovery requirements of varying degrees of complexity that focus on protecting the assets of the enterprise. And for most of these enterprises, those assets include information about the company and its customers. Insurance agents, through their role in delivering insurance, are in an optimum position to participate with clients to determine how best to protect those assets.
Insurance is only one piece of this protection puzzle. In order to determine what other pieces may be required, the insurance agent and the agency client must apply a Total Risk Management (TRM) approach. TRM is a combination of best-in-class experts, technology, processes, policies and insurance that addresses the full cyber-risk cycle. This cycle includes risk assessment, mitigation-protection, and recovery.
Insurance agents can--and should--participate in the TRM process with their clients, starting with risk assessment. Agents should enlist the help of experts, where the insurance agent lacks knowledge and expertise regarding any aspect of TRM for CyberSecurity. For example, cyber risk assessment must include network vulnerability and intrusion detection technology applied by experts in this field. Some insurance companies offer this service, but a number of network security companies also perform cyber risk assessment.
Once the assessment is completed and all exposures have been identified, the next phase is to implement mitigation-protection measures that reduce or eliminate the risk. Mitigation-protection often includes a combination of technology as well as policy and process measures that address internal people issues more than hardware issues. This is because history demonstrates that insiders execute most security breaches. In any case, insurance agents are now in a position to offer meaningful insurance programs to insure the exposure and mitigate--protect against the risks. The last phase involves recovery or remediation if an exposure cannot be mitigated and the client suffers a loss.
Insurance programs addressing CyberSecurity provide a wide range of coverages but do not offer coverage for every conceivable cyber risk. Agents are cautioned, therefore, to carefully consider all options regarding selecting an insurance company and its attendant cyber risk policies. For example, some company coverages can range from including only Web content liability, to including content liability, professional errors and omissions, network security liability, cyber extortion, network intangible information loss, network business interruption, and funds for cyber-criminals and crisis communication.
Insurance agents need to recognize that the federal government anticipates that cyber attacks in the United States will increase significantly over the next several years and that private and government enterprises must increase measures to protect against such attacks. Therefore, as one line of defense, insurance agents are in a position to assist their clients in this significant effort.
Those agents who learn more about CyberSecurity and establish relationships with network security firms that offer cyber risk assessment and mitigation services will profit from additional fees and enhanced customer relationships. *
The author
G. Edward Kalbaugh is a partner with Allegent Growth Strategies, a full-service consulting firm specializing in services to the insurance industry. Allegent is located at 100 Crossways Park Drive West, Ste. 104, Woodbury, NY 11797. Phone (516) 364-7034, fax (516) 364-7036, e-mail: info@allegentgsi.com, Web site: www.allegentgsi.com