Boards Asleep at the Wheel on Cyber-Risk

Emily Holbrook


May 1, 2012

It may seem like the topic of cybercrime is covered extensively (maybe too extensively) in the press. Well, there is good reason for it: the threat is real and growing. And apparently, company directors are either in denial or they believe the hype is larger than the actual possibility. Francis Kean, executive director in insurance broker Willis' financial and executive risks division, agrees.

Speaking at a cyberliability conference in London recently, he warned that boards must understand how exposed their company is to cyberthreats, especially emerging risks. "There is a whole universe of potential cyber-risk not understood at a board level," said Kean.

He stated that directors' fiduciary duties require that they gain some understanding of the cyberthreats faced by their companies and ensure certain measures are adopted to mitigate the consequences of a serious data breach.

Expanding on the threat of cybercrime, Jeremy Smith, Willis' cyberliability practice leader, acknowledged the insurance industry's game of "catch-up" with regard to advanced persistent threats (extended network breaches through which hackers siphon company information for months or even years). "The insurance industry hasn't fully tackled this threat yet, but I hope that brokers and insurers will find a solution together in the future," he said.
Emily Holbrook is the founder of Red Label Writing, LLC, a writing, editing and content strategy firm catering to insurance and risk management businesses and publications, and a former editor of Risk Management.