In collaboration with the law firm Newmeyer & Dillion, the UCI Cybersecurity and Research Institute (CPRI) brought together a panel of experts to discuss the increasing need for cyber risk insurance as cyber attacks increase globally. Topics included the impact on the insurance industry from cyber attacks pertaining to case law and coverage gaps, academic institution risks and coverage, and how to structure risk coverage for individuals. The event also touched upon staying accountable and protecting both data and property through insurance — drawing analogies between things that people already secure on a daily basis.
“Flip your thinking about the threat of cybersecurity,” said Shauhin Talesh, UCI professor of law. “Think about how much time you think about locking your car and keeping your home safe. You’re more likely to get hacked or breached [online] and we are so flippant about how we behave with our phones and computers.”
Bryan Cunningham, Esq., executive director, UCI CPRI, served as moderator for the evening and kicked off the panel with a question about the importance of cyber insurance. Cunningham stressed that the audience should be prepared and informed about the changing landscape for cyberattacks in relation to insurance. He explained that most techniques employed by hackers are not targeted, but instead meant to identify security vulnerabilities, which a hacker will exploit and attack. Stressing the scale of the potential problem, he shared that according to some estimates, by 2025, there will be 1 trillion devices connected to the internet worldwide.
Addressing a major issue with current approaches to cyber insurance coverage, Wesley G. Hampton, president of Narver Insurance, added his perspective, clarifying that third-party vendors are often the source of many breaches.
“One of the biggest problems with cyber insurance is that there are so many providers and yet the coverage is, in most cases, inadequate to cover all the risks,” Hampton said.
Hampton informed attendees not to assume they are covered for third parties with their existing policies.
From an employer perspective, Cunningham advised that the best way to protect against liability with cyberattacks is to restrict employees from connecting personal devices to the organization network.
“The biggest cybersecurity threat in the world right now, and has been for 10 years, is business email compromise,” Cunningham said.
Common breaches occur when fake emails are sent to business accounts with the fake message linking to a virus or other potential breach point. Cunningham emphasized that key employees of any organization, such as executive management, whether it be private or public, should be held to a higher standard and scrutiny as they are likely targets of hacking via this channel. Hampton also added that employees should be educated on what is at stake with cyber attacks, such as their jobs and personal information.
Concluding the event, panelists provided takeaways for the audience to consider. Jeffrey Dennis, managing partner at Newmeyer & Dillion LLP, encouraged attendees to consider the need for cyber insurance, among other things, to safeguard private and sensitive information.
“We need to view cyber risk insurance for what it is,” Dennis said. “It’s a safety net. It does not and should not replace a very robust internal cybersecurity system. It shouldn’t be seen as a replacement. You need to take real actionable steps to improve your internal cybersecurity system and use cyber insurance when all else fails.”
To learn more about the UCI Cybersecurity Policy and Research Institute, visit https://cpri.uci.edu/.