Risk Insider: Martin Frappolli

Five Essential Cyber Risk Facts

By: | January 14, 2015 • 2 min read
Martin J. Frappolli, CPCU, FIDM, AIC, is Senior Director of Knowledge Resources at The Institutes, and editor of the organization's new “Managing Cyber Risk” textbook. He can be reached at frappolli@TheInstitutes.org.

As businesses struggle with embarrassing data breaches, this new normal is spurring better information protection. Costly intrusions have a long-lasting effect, from customer impact to insurance claims and lawsuit exposure.

Insurance professionals need pragmatic context to prepare insureds to handle a data breach — a roadmap to understanding and mitigating cyber risk exposures.

Start with these five facts:

1. Hackers attack for any reason or no reason.

Organizations fail to manage cyber risk because they believe their data simply isn’t worth stealing. Common vandalism is a frequent reason for a cyber attack. Hackers might penetrate a company’s digital defenses solely for a thrill or ego boost.

You don’t need to have lucrative information to be a target; the only prerequisite is having data in the first place.

2. Internal users can be the weakest link.

The Hollywood version of hacking is a computer whiz sitting in a dark room, furiously typing sophisticated codes. In reality, there’s a much easier way: Ask for the passwords.

A well-known method of data theft is impersonating someone within the company who needs confidential information.

Social engineering ploys can be deceptively simple, such as contacting an employee and claiming to be from IT, then soliciting a user’s account information. Or, call the help desk, claiming to be an executive, and exploit the representative’s good nature to gain system access.

Thieves attack the weakest link; sometimes that’s not the computer, but the person sitting at it.

3. Small businesses aren’t safe.

The public is aware of breaches at big companies like Sony and Target. While attacks on smaller businesses won’t generate headlines, they can potentially be more devastating, because smaller organizations are less able to recover.

It doesn’t take a multinational crime syndicate to steal data. It can be as simple as a disgruntled employee sharing access codes online or leaking sensitive emails.

For a small business, the reputational loss from betraying customer trust can be ruinous. While smaller businesses might not be the biggest targets, they are often the most vulnerable.

4. You don’t have a choice.

Legislators reacted to expanding cyber thefts with regulations requiring organizations to better protect customer data containing personal indentifying information (PII). Congress, state legislatures, and agencies like the SEC have promulgated guidelines on how to protect PII.

Companies should not wait for the various bodies to agree on one standard — they should already be doing everything possible to manage information securely.

5. Cyber risk management is everything.

Cyber risk is not a computer issue only, or merely a customer data concern. Its impact must be evaluated from an enterprise risk management perspective. Like anything that threatens an organization’s long-term viability, cyber risk must be managed.

While a number of cyber risk policies are available, there are many non-transfer strategies for managing cyber threats.

While cyber risk is changing constantly, insurance professionals need a pragmatic perspective to cope effectively. Those who take the time to study this field will better protect their organizations and themselves while earning trust from their clients and managers.

Read all of Martin Frappolli’s Risk Insider contributions.

Share this article:

Risk Insider: Ryan McGuinness

Cyber Liability and ‘The Interview’

By: | January 7, 2015 • 2 min read
Ryan J. McGuinness, M.Ed., ARM, is Senior Director, Risk Management at Rite Aid. He can be reached at rmcguinness@riteaid.com.

In my opinion, cyber risk and liability are the next new frontier for those of us in risk management and the insurance industry today.

We must understand not only the quantitative impact of breaches, but also the breadth of its impact on all of us.

As I look at what’s happened in this space during the last 12 months, I’m reminded of a line in the Grateful Dead song, Truckin': “Lately it occurs to me, what a long strange trip it’s been.”

We are all familiar with seemingly growing list of breaches in 2014. Retailer’s systems are not alone; health care and personal information breaches are on the rise, too.

Having your credit card replaced due to a breach is almost commonplace today; fortunately, there is no financial impact for most people.

Breach response and business resumption plans are being developed alongside natural disaster plans. Data breach tabletop exercises are the call of the day.

Insurers and insureds, however, are trying to monetize the costs of these emerging risks. The insurance market is already reacting: Premium, limits, sublimits, retentions and possibly capacity are all being affected.

In today’s world, risk managers are working swiftly with their IT, security and legal counterparts to sharpen and test risk mitigation strategies in the event of a breach.

Risk avoidance is not an option in today’s world of global commerce. Companies are diligently and proactively working to improve security measures and loss prevention processes.

The rapid growth of cyber security firms to help to identify and contain breaches is happening globally. Cyber security is fast becoming a leading new enterprise within this space.

Breach response and business resumption plans are being developed alongside natural disaster plans. Data breach tabletop exercises are the call of the day.

The ultimate collateral damage is reputational risk and how behaviors can be impacted.

Sony is latest victim of what appears to be yet another massive breach, but this one is different. While having all the hallmarks of a breach, this event went further thanks to a ripple effect that has impacted not only Sony but the general population as well.

“The Interview” may or may be a blockbuster feature. The fact that the entertainment industry had to change how they do business, however, is an example of the cascading effects a breach can cause.

This breach has possibly had a visceral impact on the population greater than most prior breaches where the event focused on the number of records lost.

I am sure Sony and the entertainment industry will recover. The effects of this breach and the resulting decisions about how and when to release the movie have been memorable. It will be a good exercise in years to come for risk managers to analyze the impact and the response to this breach.

What’s certain, in my opinion, is that we are resilient as an industry and we will respond to this quickly emerging risk. Stay tuned as we make our way through what is certain to be an interesting 2015.

Share this article:

Sponsored: Healthcare Solutions

Diversifying Top Management in Workers’ Comp

Inaugural Women in Workers’ Compensation (WiWC) Forum focuses on advancing more women into top leadership roles.
By: | January 7, 2015 • 5 min read

SponsoredContent_HCS
The panel at the inaugural Women in Workers’ Compensation (WiWC) Forum. From left to right: Eileen Ramallo, Elaine Vega, Nina Smith-Garmon, Nancy Hamlet, Michelle Weatherson, Nanette de la Torre, Danielle Lisenbey.

Across the country, the business community is engaged in a robust conversation about women being under-represented among c-level positions.

Why aren’t more women breaking into upper management roles? Does gender bias still exist? And, perhaps more importantly, what can women and men do to add more diversity to top leadership ranks?

Elaine Vega and Nancy Hamlet, of Healthcare Solutions, the Duluth, Ga.-based health services provider to the workers’ compensation and auto liability/PIP markets, have discussed the issue between themselves many times over the years.

The duo agreed that starting an industry-wide conversation would be an effective start to addressing the challenge. After three years of internal discussions, the inaugural Women in Workers’ Compensation (WiWC) Forum became reality. Judging by the attendance, content and feedback, it was an auspicious, very successful, debut.

Nancy Hamlet, Senior Vice President of Marketing, Healthcare Solutions

Nancy Hamlet, Senior Vice President of Marketing, Healthcare Solutions

Specifically, Healthcare Solutions and LRP Publications teamed up at the National Workers’ compensation and Disability Conference (NWCDC), held Nov. 18-21, 2014 in Las Vegas, to present the first WiWC event focused on the development of women as leaders within the industry. The WiWC debut featured a keynote speaker, a panel discussion and a networking cocktail hour.

“We believe this is just the beginning for the WiWC organization,” said Hamlet, senior vice president of marketing, adding that the event’s main theme was the conversation regarding challenges that still exist for women in the workplace is “current, real … and relevant.”

Originally the forum was allocated a room to hold 150 people. Vega and Hamlet worried about the room being too large, so they asked LRP what the contingency would be to make the room smaller if they couldn’t fill it. They needn’t have worried, as more than 400 women, and some men as well, registered and attended, requiring an even larger room.

“Clearly, the topic is relevant and there was plenty to discuss,” said Vega, senior vice president of account management.

Hamlet explained that WiWC was formed to create an open forum to promote a strong sense of community and support for current and future female leaders in the workers’ compensation industry. Going forward, the WiWC forum will provide insight and ideas with opportunities for members to:

  • Engage … with accomplished industry professionals and build lasting relationships.
  • Enrich … their knowledge base with tactical insights from speakers and panelists.
  • Explore … opportunities and challenges facing women leaders today.
  • Encounter … senior executives’ perspectives on leadership.
  • Examine … leadership strategies and how to effectively apply the strategies.
  • Empower … themselves and others to achieve success and groundbreaking results.

At the inaugural event, keynote speaker Peggy Holtman, co-author of “Leading at the Edge: Leadership Lessons from the Extraordinary Saga of Shackleton’s Antarctic Expedition,” discussed how a seemingly unconnected historical event can offer critical lessons on leadership in the workplace, especially for women looking to move into top executive spots.

Elaine Vega, Senior Vice President of Account Management, Healthcare Solutions

Elaine Vega, Senior Vice President of Account Management, Healthcare Solutions

After Holtman’s talk, a panel discussion, moderated by Vega, offered the perspectives of five workers’ compensation industry executives on ways in which women can navigate past the glass ceiling. Panelists included Eileen Ramallo , EVP Healthcare Solutions; Danielle Lisenbey, CEO Broadspire; Nanette de la Torre, VP Zenith; Nina Smith-Garmon, EVP Mitchell International; and Michelle Weatherson, Director, Claims Medical and Regulatory Division, State Fund of Calif.

The panelists discussed a wide range of topics related to women in workers’ compensation. For example, one topic focused on the need to take the big risks when it comes to moving past workplace barriers. Other topics included the importance of women in higher positions serving as sponsors and advocates for younger, less experienced women; and the impact of industry consolidation on women’s careers and how to best manage that change. Another topic was how women could best master conflict and emotions in the workplace.

“What’s clear is conflict has to be managed; it will not go away. It will only get worse,” said Healthcare Solutions’ Ramallo. “It then can create other rifts that won’t necessarily be visible immediately, but can have a very large impact. You have to be able to understand what it is early on from another’s perspective, why the situation exists, and then encourage and try to resolve a conflict situation, whatever may be driving it.”

In the wake of the first WiWC Forum, Hamlet noted that while there are countless general reports showing that women have not yet achieved equal representation in top leadership positions in the workplace, studies deal with averages rather than individual stories. And while women must continue to look at the data and work toward closing the gap, hearing from accomplished women in the workers’ compensation industry at NWCDC drove home critical messages on a person level.

SponsoredContent_HCS

Today, Vega and Hamlet are looking to expand WiWC to make it “truly owned” by the industry. For example, they expect to recruit companies interested in becoming sponsors, forming an advisory council, creating a charter and discussing future possibilities for the organization on both the national and regional levels.

“Much remains to be done, but I have confidence that we will come together and make the organization stronger so that it prospers for years to come,” Hamlet said. “After all, it’s clear that our industry is filled with talented women who can make things happen!”

Vega added that WiWC has already received requests to live stream the event in the future, so it will examine the feasibility of that option in an effort to be even more inclusive.

“We have a shared vision for improving opportunities for current and future women leaders in workers’ compensation,” Vega said. “It doesn’t matter our gender or our title, it’s all about supporting the greater vision. As was said several times at the event, this is just the beginning. We hope more women and men will join us in this continued dialogue.”

For more information about the WiWC, send email to wiwcleadership@healthcaresolutions.com or join our WiWC group on LinkedIn.

SponsoredContent
BrandStudioLogo

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Healthcare Solutions. The editorial staff of Risk & Insurance had no role in its preparation.




Healthcare Solutions serves as a health services company delivering integrated solutions to the property and casualty markets, specializing in workers’ compensation and auto liability/PIP.
Share this article: