Insurance Governance Leadership Network, April 2014
“We know we are not bulletproof. Our thinking has gone from ‘if’ to ‘when.’ We are just trying to ensure we are staying on top of new developments.”
Cybersecurity has frequently come up as a risk topic within the Insurance Governance Leadership Network (IGLN) since the network’s inception in 2012. As the economic and reputational damage caused by security breaches has grown, the IGLN’s discussions—which have included security experts and guests from supervisory and regulatory authorities—have grown more intense.
By most accounts, cybersecurity continues to ascend board agendas, though opinions differ as to the magnitude of the risk. Some insurance leaders and experts warn that attacks could represent a threat to a company’s survival, while others assign a much lower importance to the threat. Although IGLN participants hold a range of views on the severity and immediacy of the risk, almost all agreed that cybersecurity is a matter for the boardroom and that insurers urgently need to catch up with other industries in monitoring and managing cybersecurity risks.
On March 4 and 20, 2014, IGLN participants gathered in London and New York, respectively, to discuss cybersecurity. Dialogue centered on the evolving threat, the risks posed to individual firms, the possible systemic risk, and how boards can best address cybersecurity issues. Participants also discussed innovative tactics for improving insurer defenses. For a list of participants, see Appendix 1, on page 13.
This ViewPoints captures the essence of those conversations, centering on six key themes:
Understanding the risks
Establishing protective measures for internal systems
Focusing on people, not just technology
Moving beyond prevention to response
Strengthening risk governance