Phil Kibler, Partner, Global Security Services Competency Leader, IBM, gave a talk on "The business risk from cyber and the increasing involvement of the CRO" at the Expert Forum on Cyber Risk at the Swiss Re Centre for Global Dialogue. Find out more here: https://cgd.swissre.com/events/Expert_Forum_Cyber_Risk_2016.html#tab_2
I think where data is located and what companies are doing with that data has become a real challenge for them. In past years, it was much easier. It was always on site. It was always controlled by them, and categorization of that data was easy. Now, it's in the cloud. Now, what data is even considered from a privacy standpoint? What do I have out in the public domain? What do I have in the private domain? Frankly has made that much more challenging for companies in trying to figure out exactly what is data and what is private and how to protect that data from being discovered.
I think with the proliferation of data and the types of data that people have; it's in the cloud, it's structured, it's unstructured within their own environment. I think those are the real challenges. I think companies today have a much tougher time knowing where all their data is, and being able to categorize their data to be able to meet the regulatory requirements that are present in today's world.
I'm actually surprised given the nature of the cyber risk that's out there that cyber insurance is not more on the uptake. I think the biggest challenge that insurance carriers face is a getting the knowledge out there of what that product actually does versus what people may perceive that it does, and I think the other challenge is making sure that they are perceived as "value add". Not something that is just a necessary thing that people do, but that it actually brings real value to the discussion of risk mitigation, and how they can be present in helping to mitigate cyber threats that companies face.