Modern Insurance Magazine Issue 65
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
INSURTECH<br />
Google<br />
Cloud<br />
QMonica, more and more corporations are securing<br />
cyber insurance policies in the event of an attack or<br />
data breach. While insurance does not eliminate the<br />
need for proactive and resilient cyber controls, it does offer<br />
a ‘safety net’ for potential financial loss, according to a new<br />
report from Google Cloud’s Office of the Chief Information<br />
Security Officer (CISO).<br />
How is the role of the CISO evolving to address the growing<br />
volume of cyberattacks? And what sort of collaboration<br />
needs to happen with the Chief Financial Officer in order to<br />
mitigate cyber risk?<br />
A<br />
Cyber-related risk is one of the top concerns<br />
facing organizations today, now with frequent<br />
board-level engagement on the topic. This<br />
rapid shift in awareness around cyber-related risk<br />
has encouraged the CISO to evolve from a technical<br />
security expert to more of an enterprise risk manager,<br />
one that’s responsible for translating cybersecurity<br />
threats and vulnerabilities into business-relevant terms<br />
for the benefit of executive leadership and the Board of<br />
Directors.<br />
Historically, the Board are used to understanding risk<br />
in terms of dollars, largely due to the role of the Chief<br />
Financial Officer (CFO) in relation to how they quantify<br />
risk for the organization. While the CISO is primarily<br />
responsible for actually mitigating the risks and securing<br />
an organization’s environment, a CISO and CFO can<br />
collaborate in order to tell a better story together.<br />
Leveraging the skills of an actuary or financial analyst<br />
can develop a cyber model which can translate risk<br />
into dollars, something which is easier for leadership<br />
to digest and track over time. Further quantified cyber<br />
risk allows organizations to think about their return on<br />
investment in security, and translate their risk into risk<br />
transfer or insurance discussions.<br />
QWhat about Artificial Intelligence? Is it a friend, foe, or<br />
both?<br />
AI is at an inflection point for digital security,<br />
and if leveraged correctly, it can be an incredible<br />
A tool to help organizations improve their security<br />
posture and reduce toil. That being said, a lot of how<br />
AI plays out – with regards to whether it’ll be a friend<br />
or foe – depends on how we collectively work together.<br />
Security professionals and policymakers must boldly<br />
take action to shape the direction of the technology in a<br />
way where it tilts the odds in favor of cyber defenders.<br />
At Google, we often talk about the Defender’s Dilemma<br />
– a challenge in cybersecurity where attackers need just<br />
one successful attack to break through the best defenses.<br />
Meanwhile, for defenders, there’s no margin for error.<br />
Based on Google’s experience deploying AI at scale, we<br />
believe that AI can actually reverse this dynamic. This<br />
would eventually enable both security professionals and<br />
defenders to scale their work in threat detection, malware<br />
analysis, vulnerability detection, vulnerability fixes, and<br />
incident response.<br />
AI can, and is, being leveraged to detect malware in<br />
real time. For example, Gmail blocks more than 100<br />
million phishing attempts every day, and a lot of that has<br />
been powered by AI for decades. Google Play Protect<br />
also scans over 100 billion apps for malware and other<br />
issues. We have a number of tools across our product<br />
suite, particularly within Google Cloud, that leverages<br />
AI to predict where an attacker could strike, what cloud<br />
resources would be exposed, and the possible blast radius<br />
of a successful attack. This means that cloud customers<br />
can better secure weaknesses in their environment.<br />
QWhat were some of the top trends to emerge from<br />
Google’s recent Cyber Day?<br />
We hosted Cyber Day as a way for us to share<br />
our cybersecurity investments with the insurance<br />
A market. A few key themes emerged that we hope to<br />
see as general trends within the technology and insurance<br />
space.<br />
1. Secure by Design<br />
First, we strive to develop infrastructure and products that<br />
are secure by design. Google Cloud puts significant effort<br />
into shipping products with secure default configurations<br />
out of the box, so customers don’t have to spend as much<br />
time reconfiguring for security. We also provide security<br />
tools and define blueprints for customers, so that their<br />
cloud implementations are secure from the start.<br />
This is important to the insurance industry as cyber<br />
insurers are often on the hook for a loss, regardless of<br />
where the breach occurred. We’re at a time where insurers<br />
are starting to look at the investment that technology<br />
providers put into security, as they consider whether<br />
to differentiate pricing for their policyholders based on<br />
which technology provider or software a company is<br />
using.<br />
68 | MODERN INSURANCE