CHICAGO — Mitigating the spreading threat of cyber crime requires a commitment to cooperation between risk managers, brokers and insurers, speakers said Thursday at the ninth annual Symposium given by Minneapolis-based brokerage Hays Cos. in Chicago.
“Cyber crime is the new normal, and it will continue to evolve,” said Dave Wasson, Chicago-based national cyber liability practice leader for Hays Co.
Drew Olson, Chicago-based senior manager at BDO Consulting, said the well-chronicled theft of consumer credit card information from Target Corp. provided a counterintuitive example. While cyber criminals will study and learn from the data breach, the glut of illicit credit card information now available on the black market makes future credit card thefts less valuable, he said.
“Hackers are watching how Target responds,” he said. “But if they see that there is less money in credit card theft, where do they go next?”
One possibility is targeting a company's industrial control systems, Mr. Wasson said, noting that the manufacturing sector is particularly vulnerable to this threat as it shifts to more robotic manufacturing methods.
Accordingly, risk managers need to ensure that their policies address the broad array of cyber threats, Mr. Olson told the audience of risk managers. “This is an area where you, your broker and your insurer need to be on the same page,” he said.
Mr. Wasson said one area in particular risk managers need to mindful of is the cost of forensic analysis in the wake of a security breach.
“Forensic costs can easily exceed $1 million,” he said, adding that the costs are often subject to tight sublimits on cyber liability policies.
Moreover, Mr. Olson noted that the cost and complexity of forensic analysis and e-discovery efforts are likely to grow as more companies shift their data to cloud computing platforms. For example, to trace a hack to its origins, investigators may need access to data centers around the globe.
“If you have a contract with Amazon Web Service, are you certain they will allow your forensic team access into their data centers?” he said.