Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Cyber security must breach the boardroom to mitigate risks

Reprints
Cyber security must breach the boardroom to mitigate risks

NEW YORK — Cyber security must move out of the tech realm and into the boardroom, a panel of experts said Thursday during an event in New York sponsored by JLT Specialty USA.

The discussion was moderated by Reid Sawyer, senior vice president of JLT Specialty USA, a unit of Jardine Lloyd Thompson Group P.L.C., who noted that cyber risk has been the topic of much discussion over the years.

“As much as we’ve been going close to a decade now talking about this topic, it seems we’re not any closer to the answer, and I think that’s partially because there’s a lot of noise in these discussions, a lot of people are talking to themselves and not asking the hard questions,” Mr. Sawyer said.

Mr. Sawyer cited a recent survey by Harvard Business Review Analytic Services, sponsored by JLT, that found only 23% of respondents have adopted a formal strategic plan to address business risks from cyber attacks. However, 85% said that they expect the financial impact of cyber attacks and breaches to increase over the next two years.

“I still think that a lot of organizations still have their heads-in-the-sand mindset,” said Mark Sutton, vice president and chief information security officer at Bain Capital L.P. in Boston. “‘It’s never going to happen to us, it never happened in the past, why should I care?’ I’m on the practitioner side, we’re in the trenches trying to drive this. I think it’s on us to change the narrative.”

Mr. Sutton called for moving cyber security from the IT back office and bringing it to the boardroom to the people who are making the senior business decisions. Many CISOs, he said, “come from a very technical world and may not have the soft skills to get in that room, get a seat at that table.”

“A lot of companies have developed in their understanding of cyber risk, but it’s still all over the map in terms of the level of seriousness they give it,” said Judith Germano, senior fellow at the New York University Law School Center on Law and Security.

Companies in the financial sector or companies that have suffered a breach tend to be ahead of other companies in terms of cyber security, Ms. Germano said. She added that many companies have come to the conclusion that cyber breaches are huge reputational and economic risks.

Shannon Groeber, senior vice president for JLT’s cyber/errors and omissions practice and one of Business Insurance’s 2017 Women to Watch, said once companies start to realize that cyber threats are not going to go away and take a layered approach, “we get to a point where we’ll have a much more candid conversation about risk.”

“So much of this is a cultural issue,” she said. “It has to start at the top.”

 

 

 

 

 

 

Read Next