Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Q&A: Leslie Lamb, Cisco Systems

Reprints
Q&A: Leslie Lamb, Cisco Systems

Leslie Lamb is director of global risk and resiliency management at San Jose, California-based Cisco Systems Inc. She recently spoke with Business Insurance Editor Gavin Souter about the role of risk managers in managing cyber risk, and about Cisco’s recently announced partnership with Apple Inc., Aon P.L.C. and Allianz S.E., which offers enhanced cyber coverage in conjunction with secure technology components and a cyber resilience evaluation. Edited excerpts follow.

Q: How do you think the perception of cyber risk has changed over the past few years?

A: If you look back five to 10 years, the perception has changed dramatically. In today’s world, cyber risk is a real and pervasive issue for companies and the community because of the interconnected nature of the risk. These risks are more and more prevalent, and really they are a daily occurrence now, which means that risk managers must better understand the risks, including third-party risk, that their company faces.

There needs to be a strong connection between the risk manager and the IT department, and an ongoing strategy that systematically improves the risk posture of their company.

Q: Do you need to be an information technology expert to be able to manage cyber risk effectively?

A: The short answer to that is “no” — there’s so much more than IT. To effectively manage cyber risk, companies really need to look at all the elements: quantifying the risk, financing it, mitigating it. Really, there’s no one-size-fits-all for any organization. It’s critical that cyber insurance is discussed cross-functionally. The connection points among people across the organization, no matter what the reporting structure is, are what can really give an edge to how the risk is handled, and I think the role of the risk manager is expanding beyond just being an insurance buyer. The role of the risk manager is to understand the risk, not necessarily to become an IT expert or HR expert or an expert in any other part of the business. In today’s world, the role of the risk manager is to be a key business partner to incorporate the perspectives from all those different areas.

Q: What are the key contributors that risk managers can make on cyber security?

A: There are so many contributions. As the first step, they need to understand and address cyber risk just as they do any other critical risk. It’s critical to ask the right questions of the right people to uncover the issues. For example, in my team we do what we call deep dives with business units so that we can better understand certain types of risk that we face, and there’s no better way to do that than to get into it at the business level. To fully address cyber security and resilience, you need a combination of people, process and technology. This idea of addressing both the technical and business challenge is at the heart of the recent partnership we announced with Apple, Aon and Allianz. This solution has the fingerprints of the risk manager all over it. We feel it offers a holistic framework to decisively act on cyber risk, giving organizations streamlined access to the right tools to strengthen security and reduce cyber risk.

Q: Do you think the market is meeting the needs of policyholders?

A: I think there’s a ways to go still. I think managing cyber risk is difficult for a number of reasons related to talent, technology and threat. Some examples include losses from cyber threats are outpaced by key security investments, low adoption rates of cyber insurance, active adversaries, a fragmented security technology market and a security skills shortage. For the market to provide the right solutions, it needs to look holistically at all of these elements.

Read Next

  • Insurers, brokers adjust to stem Brexit losses

    SAN ANTONIO — Britain’s decision to exit the European Union will change how London market insurers and brokers service EU policyholders, but many firms have established separate entities to ensure they will still be able to write the business, a Lloyd’s of London executive said.