On Tuesday, June 13th Lloyd had the privilege to co-host our first Thought Leadership event of the year with our partners Tannenbaum Helpern Syracuse & Hirschtritt, LLP, a full-service commercial law firm, and Marsh, a global leader in insurance broking and risk management. The audience consisted of a group of about 30 individuals from the Lloyd community including potential and existing Lloyd clients, Lloydians, and our partnering teams at Tannenbaum Helpern and Marsh.
The topic of the evening was “Proactive Measures to Eliminate Your Cyber Risks.” Bill Goldin, Lloyd’s Security Manager, Michael Riela, Partner at Tannenbaum Helpern, and Keith D. Bergin, Vice President of QSG Cyber/E&O at Marsh, all spoke on a panel discussing how to proactively eliminate cyber risks.
Cyber Security | Law Perspective
To begin the panel, Michael Riela presented on the three main reasons why hacks occur, which include outside sources, internal sources such as employees neglectingly clicking on something or employees acting maliciously, and a company’s own vendors who may have access to their systems.
Michael went on to describe the legality behind hacking and how it is the Federal Trade Commission’s responsibility to monitor and control all forms of cyber security. Michael also explained what an effective data breach plan looks like. Some priority items for the plan include:
- Identify the persons responsible for caring for the plan
- Make sure that the system is secure to prevent data loss and notify any carriers if one has cyber insurance
- Contact law enforcement if deemed necessary
- Dedicate a team to communications. These persons are responsible for keeping other employees, the public, law enforcement, and any other parties informed. They will also need to be responsible for documenting all occurrences during the process. Documentation is especially useful for future occurrences so companies can learn how to effectively act and respond when an attack occurs again.
Cyber Security | Technology Perspective
Lloyd’s Security Manager, Bill Goldin, discussed the importance of a layered approach to security using the National Institute of Standards and Technology (NIST) Framework for Cybersecurity. The framework incorporates business practices into technology policy and procedure, ensuring preparedness for the eventual cyber-attack from all angles. The NIST Framework includes:
- Ensure proper documentation and planning is in place, such as asset management, governance, risk assessment, risk management strategy, and business environment.
- Access controls, awareness and training, data security, information protection, maintenance, and proactive technologies.
- Anomalies, security monitoring, and detection processes.
- Response planning, communications, analysis, mitigation, and improvements.
- Recovery planning, improvements, and communications.
An important take away from Bill’s presentation was that cyber security can’t be treated as a one-time project. Due to the ever-changing nature of cyber-attacks, it’s important to consider cyber security a recurring investment, and budget for it appropriately. A recent study conducted by KPMG found that 4% of one’s IT budget should be directly dedicated to security.
Cyber Security | Insurance Perspective
Finally, Keith Bergin discussed Cyber Liability Insurance and why it such an important investment. Before receiving the insurance, a company goes through a four-step assessment process:
- The company profile is identified to show how vulnerable a company is.
- Taken from an outsider’s perspective as if it were a hacker to see how likely one is to be hacked.
- Education/Preparation. Each company must be educated on security based on its industry. They will also receive tests such as mock breaches, and education tools such as posters or fake fishing emails to teach employees what not to click on.
- Risk Transfer. Who is going to pay for the loss? Your carrier will pay for it with the help of your policy.
Questions from the Event
- If Your System Is Hit with Ransomware, Can You Restore from That Machine? The safest thing to do in this case is to take the computer offline, wipe it completely clean, and rebuild it. If information has been backed-up to the cloud, that information can be redownloaded once the machine is clean. However, the information must be safe itself so any information prior to the attack must be checked.
- Can You Talk More About Detection, since 90% Of Attacks Go Unnoticed? Having event logging in place and some type of detection system is important. As an example, Lloyd often pulls logs from servers and firewalls. There are types of Artificial Intelligence systems that properly monitor and log actions so when something happens, an alert is sent out, and all those actions have been logged and are there to refer to when investigating.