Zurich conference on cyber risks
Zurich Insurance hosted a panel discussion of cyber security risks for corporations at its annual conference in New Orleans over the past weekend. Headlining the panel was former CIA and National Security Agency director, General Michael Hayden. Hayden outlined global threats of cyber risk for business including disruptions of ecommerce business and theft of intellectual property.
Hayden spoke plainly about the US government activities in cyber security built around protecting national military security. He distinguished US activities from those in other countries, particularly China, that continuously commit economic espionage over the internet. He also cited direct and indirect government sources in Russia and Eastern Europe as sources of electronic espionage, frequently for hire rather than for gain of their own nations.
Hayden said that only a few other countries limited their electronic espionage limited to national security – “all of them English speaking”. He concluded his comments by discussing what he believed would be the true measure of cyber risks in the United States in one word: liability. He elaborated on this theme by outlining the likelihood of increased litigation as defining the limits of corporate and governmental cyber spying. I translate that into an expectation of more litigation until the rules in a free society become more clearly defined.
Consistent with this theme is a description of the use of cyber data in law enforcement, another subject of the panel. Tina Ayiotis, formerly of Computer Sciences Corporation and now a professor at George Washington University, outlined the increasing use of cyber data for routine law enforcement. Today’s Boston Globe outlines a conference sponsored by Massachusetts Attorney General Martha Coakley to discuss the means of using cyber data in law enforcement. For several years now, prosecutors have been gathering evidence from mobile phone companies and social networks about the activities and locations of individuals, all without notifying the subject of the investigation.
The Zurich conference discussed the intersection of individual rights to privacy with the priorities of law enforcement agencies. Again, there was an expectation that corporate collectors of data might be at high risk of liability for their release of data, even if permission was given in one of those ever-present and seldom-read conditions of use that everyone “agrees” to frequently on the internet.
While many corporations purchase cyber risk insurance (Zurich estimated one-third of large companies, our data suggests a lower amount for mid-sized companies), most do so in limited amounts. However, the interest in insurance coverage, both for interruptions to internet services and for loss of data and privacy violations, is growing.
About the Author
Phil Edmundson is the Chairman and CEO of William Gallagher Associates (WGA), insurance brokers and consultants for businesses with over 30 years in the insurance industry. He manages strategy, talent acquisition and development, and management / acquisitions at WGA.
617.646.0229 PEdmundson@wgains.com Connect with Phil on LinkedIn