Modern Insurance Magazine Issue 65
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
INSURTECH<br />
QWhat are some of the most pressing cybersecurity<br />
issues facing the insurance industry in particular? How<br />
often should insurance companies conduct security<br />
assessments and vulnerability testing?<br />
For insurance incumbents and insurtechs alike,<br />
there is no ‘one size fits all’ answer, as it depends<br />
A on various factors such as the size of the company,<br />
the complexity of its IT infrastructure, regulatory<br />
requirements, and the evolving threat landscape. Security<br />
assessments and vulnerability testing should be done on<br />
a defined regular basis, and augmented whenever there<br />
are emerging threats, or significant changes to the IT<br />
environment.<br />
Some of the most omnipresent issues include ransomware<br />
attacks, which have become increasingly common in<br />
recent years. Cybercriminals have been known to target<br />
organizations of all sizes, including insurance companies.<br />
The FBI advises companies not to pay ransoms. Nearly<br />
30% of victims did so last year, which is down 72% from<br />
four years earlier. According to The Wall Street Journal,<br />
the average ransom is $569,000 USD.<br />
<strong>Insurance</strong> companies are also subject to various<br />
regulations regarding data protection and privacy, such as<br />
GDPR, CCPA, and HIPAA in the United States. All of these<br />
can be compromised.<br />
Finally, third party risk via third-party vendors and<br />
partners increases the risk of a supply chain attack.<br />
KPMG completed a study where 75% of the respondents<br />
experienced a major business disruption because of a<br />
third party in the last three years.<br />
Lisa Pollina is a business executive who has<br />
negotiated over $50 Billion in corporate development<br />
deals throughout her career. She provides private<br />
equity investment advisory for alternative asset<br />
manager Ares Management (NYSE: ARES) on<br />
both Growth and Special Opportunities portfolio<br />
investments worldwide. She also serves on the<br />
Board of Directors for Munich RE (FRA: MUNV2),<br />
representing the Americas.<br />
Pollina has had global Profit & Loss responsibility for<br />
over 20 years. She is the past<br />
Vice Chairman for RBC Capital Markets, an $8 Billion<br />
division of the Royal Bank of Canada (NYSE: RY),<br />
where she grew revenues by 27% during her tenure,<br />
and the Global Financial Institutions (FIG) Executive<br />
for Bank of America Securities (NYSE: BAC). Under<br />
her leadership there, profitable revenues grew over<br />
18%.<br />
Named one of the ‘Top 25 Most Powerful Women<br />
in Finance’ by American Banker magazine, she has<br />
been a seven-year appointee to the Federal Reserve<br />
Bank of the United States’ Working Group on Global<br />
Markets, providing perspectives on macro trends<br />
worldwide.<br />
Ms. Pollina is an MBA graduate from the Yale School<br />
of Management. She has taught strategy at Yale<br />
University and corporate finance at the University<br />
of Chicago. She has been published via such media<br />
outlets as Forbes, Bloomberg and Morningstar<br />
magazines.<br />
In 2021, during the tenure of Pope Francis, Pollina was<br />
made a Dame in the Sovereign Military Order of St.<br />
John of Jerusalem, of Rhodes, and of Malta.<br />
QWhat advice do you have for the C-suite and Boards<br />
of Directors when it comes to working together and<br />
collaborating against mounting cybersecurity risk?<br />
A<br />
Establish a Cybersecurity Governance Structure that<br />
clearly delineates how the duty of care in this area<br />
will be deployed by implementing clear roles and<br />
responsibilities for the C-suite and the Board regarding<br />
cybersecurity oversight.<br />
Facilitate open and transparent communication<br />
channels between the C-suite and the Board regarding<br />
cybersecurity matters. Provide regular updates on<br />
cybersecurity incidents through audits to the Board and<br />
Audit Committee.<br />
<strong>Insurance</strong> is in the business of risk. Ensure that<br />
cybersecurity initiatives are aligned with your firm’s risk<br />
appetite, goals, and priorities. Collaborate on identifying<br />
and prioritizing cybersecurity risks based on their<br />
potential impact on the business.<br />
Invest in cybersecurity resilience by allocating adequate<br />
resources and budget to cybersecurity initiatives,<br />
including technology investments, training, and third-party<br />
experts in emerging cybersecurity areas.<br />
Lisa Pollina<br />
MODERN INSURANCE | 77