Q&A: Kristen Peed, CBIZ Inc.Reprints
Kristen Peed is the Cleveland-based director of corporate risk management and cyber security expert for CBIZ Inc. Ms. Peed discussed the landscape of cyber risk today, as well as what to expect in the future, with Business Insurance Staff Reporter Donna Mahoney. Edited excerpts follow.
Q: Are there any companies that are more at risk of a cyber attack?
A: I feel smaller companies seem to be targeted more these days. I think they are perceived as easier targets for the hackers, because they may not have the latest technology or the resources to update their software and train their employees.
Q: What new methods have hackers used?
A: Social engineering is still a big threat as more of our own daily life is up for display on different social media channels. Hackers are able to consolidate the information that they learn about us from these sites to craft targeted communication that is meant to circumvent procedures. … Also, hackers are using viruses with increasing frequency, such as CryptoLocker, which extorts a ransom from companies to regain access to their own data.
Q: What do you recommend companies do to protect themselves from cyber attacks?
A: One way is to hire an outside company to do penetration testing and try to hack into their systems. This will allow a company to see where they are most vulnerable and the best place to deploy assets. Companies should review their cyber coverage to see whether their insurance carrier offers these services at a discount. Often, insurance carriers have partnered with outside companies offering mitigation services to policyholders at a reduced cost.
Q: What else should employers do to protect themselves from cyber attacks?
A: Employee education is vital. Employees must understand the scams being directed at them. At a minimum, annual training should be mandatory to help employees identify different types of cyber attacks that could occur to the company system.
Q: What kind of changes are you seeing in insurance coverage for cyber?
A: Many now view a cyber attack as not an “if” but a “when,” so the planning for the response is more important than the purchase of insurance.
Thus, coverages such as the crisis response component of many of the insurance policies may be the most important. With some of these attacks, the most vulnerable asset of a company may be its reputation, so the manner in which it responds can be critical to its survival.
Q: What challenges and opportunities do you see in 2016?
A: From a cyber perspective, I think the C-suite and board of directors understand the risk that is a potential for their companies. … As we are seeing more claims, there is more data to analyze and utilize in decision making. This allows risk managers to more accurately depict to senior management the threats to their company. As the cyber insurance market is growing fast, there is a great deal of premium that can be invested back into the market to help prevent and better mitigate these risks.
Q: How does your background help you with your career?
A: I actually started off as a broker on the agency side and worked with all types of businesses. ... When I decided to make the change to the buying side, I realized that I understood what types of risks the insurance carriers were looking for and how the broker wanted to present them. … I feel that it is important that risk managers have their own relationships developed with the management of the insurance carriers. If they trust your reputation, it can really go a long way with getting the improbable accomplished.