Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Risk managers will face cyber crime, terrorism for generations: Tom Ridge

Reprints
Risk managers will face cyber crime, terrorism for generations: Tom Ridge

NEW YORK — The dual threats of cyber crime and terrorism will continue to challenge risk managers and government officials for generations to come, said Tom Ridge, former secretary of the U.S. Department of Homeland Security, Thursday at Business Insurance's Risk Management Summit in New York.

Delivering the keynote address, Mr. Ridge, currently president and CEO of crisis management advisory firm Ridge Global L.L.C., stressed that risk managers need to adapt to deal with the problems.

“These are two fundamental changes in the world that we will be dealing with in perpetuity,” he said.

Mr. Ridge said that the networked nature of the modern world will continue to expose companies to new vulnerabilities. “The Internet was originally designed by the Department of Defense as a way for a few scientists to communicate,” he said. “It was designed to be open. It was not designed to be the backbone of a post-industrial world.”

Given the inherent vulnerability of networks, risk managers need to engage a broad range of internal constituencies, from the information technology department to top executives. “It's gone from being an IT risk to being a business risk,” Mr. Ridge said. “It has to be a C-suite priority.”

In the case of terrorism risk, risk mangers need to lobby a different constituency — elected officials — Mr. Ridge said, noting that legislation to renew the Terrorism Risk Insurance Act has stalled in the House of Representatives. Since a fully private insurance market for terrorism risk is unlikely, given that modeling for terrorism is not feasible, Mr. Ridge said risk managers and insurance industry associations need to continue to voice their support for TRIA.

%%BREAK%%

“I am a big believer in grass-roots activism,” he said. “TRIA is a good thing. It's an essential part of resiliency.”

Moreover, Mr. Ridge said that the problems of cyber crime and terrorism are not mutually exclusive, noting that there is nothing preventing terrorists and nation states from employing computer viruses such as STUXNET to damage physical infrastructure.

To combat such threats, he called for greater information sharing between the private and public sectors, saying that the “need to know” information policies prevalent since the Cold War are choking the flow of information needed to protect against cyber and terror threats and that new “safe harbor” laws are needed to help encourage companies to share cyber attack information without the fear of regulatory sanction.

“We need 'protected pathways' for private companies to share attack information with government,” he said. “If we are dealing with these two problems, we will also need more information from the federal government.”

Read Next