Cyber Threats

Heading Off ‘Cybergeddon’

Cyber experts say resistance is futile, but resilience is paramount.
By: | May 8, 2014 • 3 min read
Cyber dragon

In April’s R&I cover story, Cyber: The New CAT, experts called catastrophic cyber attacks “inevitable” and the prevailing attitude in the C-Suite “denial.”

Jason Healey, director, Atlantic Council’s Cyber Statecraft Initiative, says that in order for organizations to weather the inevitable attacks, the key will be resiliency. “The organizations that fare best,” he said, “will be those that have the size, agility and resilience to bounce back as quickly as possible.” Healey is also author of Beyond Data Breaches: Global Interconnections of Cyber Risk, commissioned by Zurich Insurance Company Ltd. and published in April 2014.

Advertisement




Developing resilience would include conducting exercises, developing response playbooks, increasing funding and grants for large-scale crisis management and developing redundant data storage in case one is compromised.

The tangle of Internet information that companies and countries depend on to function is now so complex, Healey said, that companies and governments can’t manage the risk from within their own four walls. Beyond Data Breaches notes that Internet failures could cascade directly to Internet-connected banks, water systems, cars, medical devices, hydroelectric dams, transformers and power stations.

Like superstorms such as Hurricane Sandy, cyber risks are inevitable and unstoppable, and like the financial crisis of 2008, they can’t be contained, because of organizations’ interconnection and interdependency. The worst-case scenario, stemming from the principle that everything is connected to the Internet and everything connected to the Internet can be hacked, is “Cybergeddon,” where attackers have an overwhelming, dominant and lasting advantage over defenders.

Even now, Healey said, attackers have the advantage. The Internet’s original weakness — that it was built for trust, not security — perpetuates defenders’ vulnerability. “Some ‘serious’ thinkers suggest we should start over” rather than try to retrofit an Internet so flawed by weak security as to threaten every user, he said, despite the impracticality of a do-over.

Second, Healey said, defenders have to be right every time, and attackers have to be right only once.

Third, technology evolves very quickly, and most people don’t understand it well enough to lock out intruders. “Every time we figure out what we’re supposed to be doing right, the technology has moved on and once again we don’t know how to properly secure our data,” Healey said.

Software is still poorly written and so insecure that “a couple of kids in a garage” can hack into corporate and government systems just for a naughty thrill. “Bad guys” with theft or sabotage on their minds can work their mischief behind a veil of anonymity. “The Internet almost encourages bad behavior because of the anonymity involved,” Healey said.

Companies, governments and risk managers should shift the drumbeat from resistance to resilience, and to expand cyber risk management from individual organizations to a resilient and responsive Internet system, Healey said. For systemic risk management, Beyond Data Breaches recommends:

  • Putting the private sector at the center, not the periphery, of cyber risk efforts, since they have the advantage in agility and subject matter expertise.
  • Advertisement




  • Using monetary or in-kind grants to fund effective but underfunded non-government groups already involved in minimizing the frequency and intensity of attacks. Governments and others with system-wide concerns (such as internet service providers and software and hardware vendors) should advocate for this research.
  • Borrowing ideas from the finance sector. This could include examination of “too big to fail” issues of governance and recognition of global significantly important internet organizations.
Susannah Levine writes about health care, education and technology. She can be reached at riskletters@lrp.com.
Share this article:

2015 Most Dangerous Emerging Risks

Most Dangerous Emerging Risks: A Look Back

Each year since 2011, we identified and reported on the Most Dangerous Emerging Risks. Here’s how we did on some of them.
By: | April 8, 2015 • 4 min read
04012015_01_CS_superbugs700x525

Each year since 2011, Risk & Insurance® identified and reported on the Most Dangerous Emerging Risks. Here’s how we did on some of them.

2011: Rising Sea Levels
04012015_01_CS_floodsIn 2011, our sources talked about the threat of rising sea levels, combined with land subsidence in major urban areas. Our reporting postulated that investment in infrastructure was not keeping pace with the risk.

Outcome: Elevated sea levels lift a Category One tropical storm, Superstorm Sandy, on Oct. 29, 2012 and enable it to inundate New Jersey and New York, resulting in $25 billion in insured losses and the deaths of 285 people.

2011: Political Revolutionary Risk
In 2011, we described a scenario in which the head of a fictional country, Yberra, nationalized all privately held assets. In the scenario, mining operations and fruit-exporting companies with substantial holdings in Yberra suffered large losses. Risk managers for those companies were sent scurrying to examine their business interruption and political risk coverages.

Outcome: Tunisia, Egypt (twice), Libya, Ukraine and Kyrgyz all saw the removal of their heads of state in the aftermath of the Arab Spring. Ongoing pressure from Islamic militants and national governments threaten to redraw boundaries throughout the Middle East in 2015 and beyond.

2011: Toxic Water
04012015_01_CS_toxicH2OIn 2011, Risk & Insurance® described a fictional Category 2 hurricane, Hurricane Lucy, that dropped so much water on North Carolina that it caused the walls of a massive agricultural manure lagoon to burst. The resulting environmental damage resulted in the closure of hundreds of thousands of acres of commercial fisheries. Cryptosporidium infected hundreds, killing 142.

Outcome: In February 2015, Duke Energy was getting set to agree to a $100 million payment and five years’ probation in response to criminal charges after it spilled 40,000 tons of coal ash riddled with arsenic, lead and selenium into the Dan River in February 2014.

In January 2014, a chemical spill by Freedom Industries resulted in the loss of drinkable water for 300,000 residents near Charleston, W. Va. Schools and businesses where shut down by the event. The Freedom spill was the third chemical spill in that area in the last five years, following spills at Bayer and DuPont facilities.

2011, 2012, 2013 and 2014: Cyber attacks
04012015_01_CS_cyberLeaksOur reporting in 2011 and beyond described a range of cyber events, from the leaking of sensitive information to state-sponsored cyber attacks on our energy infrastructure and cloud-based data storehouses.

Outcome: NSA contractor Edward Snowden released thousands of classified documents to journalists in June 2013. Major hacks that have taken place since 2011 have impacted Target, Home Depot, Sony, the U.S. military, AOL, Adobe, Anthem and eBay with economic damages in the hundreds of millions of dollars.

2013: NFL Concussions
New England linebacker Seau is seen before the start of the NFL's Super Bowl XLII football game in GlendaleThe tragic deaths of beloved NFL stars such as Junior Seau and “Iron” Mike Webster related to degenerative brain disease from repeated blows to the head signaled a wave of liability headed not just at the NFL but at other high-contact professional sports leagues such as the NHL. The long history of the NFL coupled with the number of former players possibly impacted added up to a heavy financial penalty.

Outcome: A final ruling from a federal court judge in Philadelphia is expected to produce a settlement in excess of $1 billion in a case brought by ex-NFL players that alleges that the NFL not only knew about the dangers of the game but hid that knowledge from players.

In February, a group of NHL players including Stanley Cup winners Eddie Westfall and Butch Goring filed a lawsuit against that league, alleging that the NHL failed to offer adequate education and protection against brain injury to players.

2012: Typhoons in Areas of Recently Increased Business Density
04012015_01_CS_typhoonIn 2012, a fictional typhoon, Typhoon Tsuguko, a Category Four, slammed into Taiwan, killing hundreds and wiping out one-third of the world’s semi-conductor manufacturing capacity.

Outcome: The 2013 Pacific typhoon season, responsible for 6,287 deaths, was the deadliest season since 1975. Overall economic damages from Pacific typhoons in 2013 came to some $22.8 billion.
In July 2014, Typhoon Rammasun caused economic damages in excess of $6.5 billion in China, Vietnam and the Philippines.

2012: Protest 2.0; The Use of Social Media in Protests
04012015_01_CS_riotsIn a 2012 scenario, a fictional protester, Joshua Shane, sparked a national reaction when a protest he organized against a local foreclosure went viral, sparking sister protests in a number of cities. The fictional Twitter tag #RiseUp served as fuel for the fire.

Outcome: More than 500,000 Twitter postings following the shooting death of Michael Brown in Ferguson, Mo., ignited protests around the world from August through December 2014. In addition to riots that destroyed businesses and homes in Ferguson and St. Louis, riots sparked with the Twitter tag #HandsUp shut down commerce and traffic in Oakland, Calif., and London, among other locations.

2013: The Antibiotic Void; The Rise of Drug-Resistant Superbugs
04012015_01_CS_superbugsIn 2013, our scenario described an “antibiotic void,” a world in which antibiotic-resistant “superbugs” wreaked havoc in hospitals and in society at large.

Outcome: An antibiotic-resistant strain of Salmonella broke out in the summer and fall of 2013 and hospitalized 278 people in 18 states.

An antibiotic-resistant “superbug” — CRE — spread by an unapproved medical device, sickened some patients and killed others at Los Angeles area hospitals in late 2014 and early 2015. The same superbug is thought to have hit a hospital in Wisconsin in 2013.

BlackBar

 

Complete coverage of 2015’s Most Dangerous Emerging Risks:

Corporate Privacy: Nowhere to Hide. Rapid advances in technology are ushering in an era of hyper-transparency.

04012015_04B_implant_devices_150px_mainImplantable Devices: Medical Devices Open to Cyber Threats. The threat of hacking implantable defibrillators and other devices is growing.

04012015_03_concussions_150px_mainAthletic Head Injuries: An Increasing Liability. Liability for brain injury and disease isn’t limited to professional sports organizations.

04012015_04_vaping_150px_mainVaping: Smoking Gun. As e-cigarette usage rises, danger lies in the lack of regulations and unknown long-term health effects.

04012015_05_aquifer_depletion_150px_mainAquifer: Nothing in the Bank. Once we deplete our aquifers, there is nothing helping us get through extended droughts.

04012015_01_CS_superbugs50x50

Most Dangerous Emerging Risks: A Look Back. Each year since 2011, we identified and reported on the Most Dangerous Emerging Risks. Here’s how we did on some of them.

Dan Reynolds is editor-in-chief of Risk & Insurance. He can be reached at dreynolds@lrp.com.
Share this article:

Sponsored: Berkshire Hathaway Specialty Insurance

Healthcare: The Hardest Job in Risk Management

Do you have the support needed to successfully navigate healthcare challenges?
By: | April 1, 2015 • 4 min read

BrandedContent_BHSIThe Affordable Care Act.

Large-scale consolidation.

Radically changing cost and reimbursement models.

Rapidly evolving service delivery approaches.

It is difficult to imagine an industry more complex and uncertain than healthcare. Providers are being forced to lower costs and improve efficiencies on a scale that is almost beyond imagination. At the same time, quality of care must remain high.

After all, this is more than just a business.

The pressure on risk managers, brokers and CFOs is intense. If navigating these challenges wasn’t stress inducing enough, these professionals also need to ensure continued profitability.

Leo Carroll, Senior Vice President, Healthcare Professional Liability, Berkshire Hathaway Specialty Insurance

Leo Carroll, Senior Vice President, Healthcare Professional Liability, Berkshire Hathaway Specialty Insurance

“Healthcare companies don’t hide the fact that they’re looking to reduce costs and improve efficiencies in practically every facet of their business. Insurance purchasing and financing are high on that list,” said Leo Carroll, who heads the healthcare professional liability underwriting unit for Berkshire Hathaway Specialty Insurance.

But it’s about a lot more than just price. The complexity of the healthcare system and unique footprint of each provider requires customized solutions that can reduce risk, minimize losses and improve efficiencies.

“Each provider is faced with a different set of challenges. Therefore, our approach is to carefully listen to the needs of each client and respond with a creative proposal that often requires great flexibility on the part of our team,” explained Carroll.

Creativity? Flexibility? Those are not terms often used to describe an insurance carrier. But BHSI Healthcare is a new type of insurer.

The Foundation: Financial Strength

BrandedContent_BHSIBerkshire Hathaway is synonymous with financial strength. Leveraging the company’s well-capitalized balance sheet provides BHSI with unmatched capabilities to take on substantial risks in a sustainable way.

For one, BHSI is the highest rated paper available to healthcare providers. Given the severity of risks faced by the industry, this is a very important attribute.

But BHSI operationalizes its balance sheet in many ways beyond just strong financial ratings.

For example, BHSI has never relied on reinsurance. Without the need to manage those relationships, BHSI is able to eliminate a significant amount of overhead. The result is an industry leading expense ratio and the ability to pass on savings to clients.

“The impact of operationalizing our balance sheet is remarkable. We don’t impose our business needs on our clients. Our financial strength provides us the freedom to genuinely listen to our clients and propose unique, creative solutions,” Carroll said.

Keeping Things Simple

BrandedContent_BHSIHealthcare professional liability policy language is often bloated and difficult to decipher. Insurers are attempting to tackle complex, evolving issues and account for a broad range of scenarios and contingencies. The result often confuses and contradicts.

Carroll said BHSI strives to be as simple and straightforward as possible with policy language across all lines of business. It comes down to making it easy and transparent to do business with BHSI.

“Our goal is to be as straightforward as we can and at the same time provide coverage that’s meaningful and addresses the exposures our customers need addressed,” Carroll said.

Claims: More Than an After Thought

Complex litigation is an unfortunate fact of life for large healthcare customers. Carroll, who began his insurance career in medical claims management, understands how important complex claims management is to the BHSI value proposition.

In fact, “claims management is so critical to customers, that BHSI Claims contributes to all aspects of its operations – from product development through risk analysis, servicing and claims resolution,” said Robert Romeo, head of Healthcare and Casualty Claims.

And as part of the focus on building long-term relationships, BHSI has made it a priority to introduce customers to the claims team as early as possible and before a claim is made on a policy.

“Being so closely aligned automatically delivers efficiency and simplicity in the way we work,” explained Carroll. “We have a common understanding of our forms, endorsements and coverage, so there is less opportunity for disagreement or misunderstanding between what our underwriters wrote and how our claims professionals interpret it.”

Responding To Ebola: Creativity + Flexibility

BrandedContent_BHSIThe recent Ebola outbreak provided a prime example of BHSI Healthcare’s customer-centric approach in action.

Almost immediately, many healthcare systems recognized the need to improve their infectious disease management protocols. The urgency intensified after several nurses who treated Ebola patients were themselves infected.

BHSI Healthcare was uniquely positioned to rapidly respond. Carroll and his team approached several of their clients who were widely recognized as the leading infectious disease management institutions. With the help of these institutions, BHSI was able to compile tools, checklists, libraries and other materials.

These best practices were immediately made available to all BHSI Healthcare clients who leveraged the information to improve their operations.

At the same time, healthcare providers were at risk of multiple exposures associated with the evolving Ebola situation. Carroll and his Healthcare team worked with clients from a professional liability and general liability perspective. Concurrently, other BHSI groups worked with the same clients on offerings for business interruption, disinfection and cleaning costs.

David Fields, Executive Vice President, Underwriting, Actuarial, Finance and Reinsurance

David Fields, Executive Vice President, Underwriting, Actuarial, Finance and Reinsurance, Berkshire Hathaway Specialty Insurance

Ever vigilant, the BHSI chief underwriting officer, David Fields, created a point of central command to monitor the situation, field client requests and execute the company’s response. The results were highly customized packages designed specifically for several clients. On some programs, net limits exceeded $100 million and covered many exposures underwritten by multiple BHSI groups.

“At the height of the outbreak, there was a lot of fear and panic in the healthcare industry. Our team responded not by pulling back but by leaning in. We demonstrated that we are risk seekers and as an organization we can deploy our substantial resources in times of crisis. The results were creative solutions and very substantial coverage options for our clients,” said Carroll.

It turns out that creativity and flexibly requires both significant financial resources and passionate professionals. That is why no other insurer can match Berkshire Hathaway Specialty Insurance.

To learn more about BHSI Healthcare, please visit www.bhspecialty.com.

Berkshire Hathaway Specialty Insurance (www.bhspecialty.com) provides commercial property, casualty, healthcare professional liability, executive and professional lines, surety, travel, programs, and homeowners insurance. It underwrites on the paper of Berkshire Hathaway’s National Indemnity group of insurance companies, which hold financial strength ratings of A++ from AM Best and AA+ from Standard & Poor’s. Based in Boston, Berkshire Hathaway Specialty Insurance has regional underwriting offices in Atlanta, Boston, Chicago, Los Angeles, New York, San Francisco, Toronto, Hong Kong, Singapore and New Zealand. For more information, contact info@bhspecialty.com.

The information contained herein is for general informational purposes only and does not constitute an offer to sell or a solicitation of an offer to buy any product or service. Any description set forth herein does not include all policy terms, conditions and exclusions. Please refer to the actual policy for complete details of coverage and exclusions.

SponsoredContent

BrandStudioLogo

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Berkshire Hathaway Specialty Insurance. The editorial staff of Risk & Insurance had no role in its preparation.




Berkshire Hathaway Specialty Insurance (www.bhspecialty.com) provides commercial property, casualty, healthcare professional liability, executive and professional lines, surety, travel, programs, and homeowners insurance.
Share this article: