Modern Insurance Magazine Issue 65

More documents

Recommendations

Info

INSURTECH Google Cloud QMonica, more and more corporations are securing cyber insurance policies in the event of an attack or data breach. While insurance does not eliminate the need for proactive and resilient cyber controls, it does offer a ‘safety net’ for potential financial loss, according to a new report from Google Cloud’s Office of the Chief Information Security Officer (CISO). How is the role of the CISO evolving to address the growing volume of cyberattacks? And what sort of collaboration needs to happen with the Chief Financial Officer in order to mitigate cyber risk? A Cyber-related risk is one of the top concerns facing organizations today, now with frequent board-level engagement on the topic. This rapid shift in awareness around cyber-related risk has encouraged the CISO to evolve from a technical security expert to more of an enterprise risk manager, one that’s responsible for translating cybersecurity threats and vulnerabilities into business-relevant terms for the benefit of executive leadership and the Board of Directors. Historically, the Board are used to understanding risk in terms of dollars, largely due to the role of the Chief Financial Officer (CFO) in relation to how they quantify risk for the organization. While the CISO is primarily responsible for actually mitigating the risks and securing an organization’s environment, a CISO and CFO can collaborate in order to tell a better story together. Leveraging the skills of an actuary or financial analyst can develop a cyber model which can translate risk into dollars, something which is easier for leadership to digest and track over time. Further quantified cyber risk allows organizations to think about their return on investment in security, and translate their risk into risk transfer or insurance discussions. QWhat about Artificial Intelligence? Is it a friend, foe, or both? AI is at an inflection point for digital security, and if leveraged correctly, it can be an incredible A tool to help organizations improve their security posture and reduce toil. That being said, a lot of how AI plays out – with regards to whether it’ll be a friend or foe – depends on how we collectively work together. Security professionals and policymakers must boldly take action to shape the direction of the technology in a way where it tilts the odds in favor of cyber defenders. At Google, we often talk about the Defender’s Dilemma – a challenge in cybersecurity where attackers need just one successful attack to break through the best defenses. Meanwhile, for defenders, there’s no margin for error. Based on Google’s experience deploying AI at scale, we believe that AI can actually reverse this dynamic. This would eventually enable both security professionals and defenders to scale their work in threat detection, malware analysis, vulnerability detection, vulnerability fixes, and incident response. AI can, and is, being leveraged to detect malware in real time. For example, Gmail blocks more than 100 million phishing attempts every day, and a lot of that has been powered by AI for decades. Google Play Protect also scans over 100 billion apps for malware and other issues. We have a number of tools across our product suite, particularly within Google Cloud, that leverages AI to predict where an attacker could strike, what cloud resources would be exposed, and the possible blast radius of a successful attack. This means that cloud customers can better secure weaknesses in their environment. QWhat were some of the top trends to emerge from Google’s recent Cyber Day? We hosted Cyber Day as a way for us to share our cybersecurity investments with the insurance A market. A few key themes emerged that we hope to see as general trends within the technology and insurance space. 1. Secure by Design First, we strive to develop infrastructure and products that are secure by design. Google Cloud puts significant effort into shipping products with secure default configurations out of the box, so customers don’t have to spend as much time reconfiguring for security. We also provide security tools and define blueprints for customers, so that their cloud implementations are secure from the start. This is important to the insurance industry as cyber insurers are often on the hook for a loss, regardless of where the breach occurred. We’re at a time where insurers are starting to look at the investment that technology providers put into security, as they consider whether to differentiate pricing for their policyholders based on which technology provider or software a company is using. 68 | MODERN INSURANCE
INSURTECH 2. Shared Fate We also touched on this idea of Shared Fate, where Google Cloud is going beyond the shared responsibility model which most cloud providers focus on. In the Shared Responsibility Model, a cloud provider is responsible for the security of the infrastructure, while the customer is responsible for maintaining a secure configuration on top of that. While the setup might be technically correct, this can create an ‘Us vs. Them’ model. Alternatively, Google instead wants to partner more deeply with customers, providing more default guidance and ensuring that security is built into our products and not ‘bolted on’. This will help us to tackle the broader cyber risk landscape together, partnering with the insurance industry to provide access to cyber insurance via a program that I oversee called the Risk Protection Program. Shared Fate is now really built into our ethos as a company, and you’ll see it in many things we do. 3. Mandiant Expertise We also had our Mandiant Threat Intelligence and Mandiant Consulting teams speak at Cyber Day, and it’s truly incredible to hear firsthand from leaders on the front line. Mandiant talked through the latest trends in what they’re seeing by way of threat actor activity, and how organizations should best respond. As a Risk Manager, it’s important to work with incident response providers that are experienced in what they do. In insurance terms, this can reduce the frequency of an event by applying their threat intel and suggestions to harden an environment; however, it can also greatly reduce the severity of an event if you work with the right incident response provider from the start. The integration that Mandiant has with the insurance industry, and the impact they have when given the chance to remediate incidents quickly, was truly incredible to see. Q In this era of ‘work from anywhere’, how are providers like Google positioned to stave off cyberattacks that occur in the Cloud? We’ve put some Cloud Security Megatrends principles together, which will form the best general A reference material when it comes to discussing how cloud providers can help drive security. There’s lots of good content in there that speaks to how the divide between security in a cloud environment vs. an on-premise environment will widen over time, simply because these trends will compound. Monica leads business risk and insurance for Google Cloud, including managing insurance product development and partnerships for Google Cloud’s Risk Protection Program. Monica is also the Head of Actuarial, Analytics & Systems for Alphabet’s Business Risk & <strong>Insurance</strong> team. She is passionate about driving innovation in the industry through combining her experience in both tech and insurance. Prior to her current role at Google, she focused on managing new and emerging risks through working closely with Alphabet’s Other Bets. Responding to your question more specifically, there are layers to this. Google focus on developing what security practitioners call a ‘Zero Trust’ approach, which means that from a technical perspective, every network, device, person and service is untrusted until it proves itself. Access decisions consider multiple factors like user identity, device health, and context, making it more difficult for attackers who breach a single device to move with a network. You never trust and always verify, which enhances security and reduces the likelihood that attackers will get in. This is particularly important when your workforce is distributed and there’s no physical boundary to where employees are logging in from. Additionally, we often talk in depth about the importance of defense, which focuses on multiple layers of controls and capabilities to protect against the impact of configuration errors and attacks. This helps with cyberattacks in the sense that it stops them happening in the first place, and prevents attackers from moving laterally. Monica Shokrai, FCAS, MAAA, Head of Business Risk and <strong>Insurance</strong>, Google Cloud MODERN INSURANCE | 69
Page 1 and 2:
ISSUE 65 ISSN 2515-3803 I SPY CYBER
Page 3 and 4:
WELCOME Welcome to Issue 65 of Mode
Page 5 and 6:
8 12 14 17 29 38 44 49 51 53 55 Ins
Page 7 and 8:
EUROPCAR NEW BRAND BLOCK Color grad
Page 9 and 10:
Risk sentiment Hiscox Cyber Readine
Page 11 and 12:
Page 07 Impacts of a cyber attack (
Page 13 and 14:
Q Ken - what’s the appeal for hac
Page 15 and 16:
INTERVIEWS that there aren’t some
Page 17 and 18: EDITORIAL BOARD A Varied Approach t
Page 19 and 20: Consumer Duty Defines the Role EDIT
Page 21 and 22: EDITORIAL BOARD The Vizion Standard
Page 23 and 24: EDITORIAL BOARD Embedding Consumer
Page 25: EDITORIAL BOARD Data Security at ED
Page 28 and 29: BOOKED IT. PACKED IT. WE’RE OFF.
Page 30 and 31: EMPOWERING THE FUTURE OF REPAIR Tec
Page 32 and 33: Straightforward insurance technolog
Page 35 and 36: ASSOCIATIONS ASSEMBLE Fleur Thomas
Page 37 and 38: ASSOCIATIONS ASSEMBLE Sue Brown Tit
Page 39 and 40: COUNTER FRAUD ACTIVITY: UK VS. US T
Page 41 and 42: THE DISTINCT LANDSCAPES OF INSURANC
Page 43 and 44: Jonathan Drake IMPROVING AGILITY, M
Page 45: Keeping insurers fully in the loop
Page 49 and 50: Friction Is the Key to Customer Suc
Page 51 and 52: Put the Sugarin First FEATURES As I
Page 53 and 54: A Total Loss Could Be An Electric G
Page 55: FEATURES THE EVOLVING RISK OF CYBER
Page 58 and 59: A new approach to repair management
Page 60 and 61: Modern Insurance Magazine’s notor
Page 62 and 63: Results INSURER OF THE YEAR WINNER
Page 64 and 65: “The team at Modern Insurance Mag
Page 66 and 67: INSUR. TECH. TALK
Page 70 and 71: INSURTECH Capgemini AXA XL QCaitlin
Page 73 and 74: INSURTECH Munich Re Dikla, what are
Page 75 and 76: INSURTECH Q Is AI a friend, foe, or
Page 77: INSURTECH QWhat are some of the mos
Page 80 and 81: INSURTECH Welcoming… Percayso Inf
Page 83: INSURTECH Strategic Priority: Opera
Page 86 and 87: INSURTECH The Fastest Fish in the O
Page 88: Any me, any place, anywhere... FMG
show all

Modern Insurance Magazine Issue 65

Create successful ePaper yourself

Delete template?

Save as template?