AS DETAILS OF the hacking of Veri- Sign unfold, government entities and corporations of all sizes are becoming
more aware of their own vulnerabilities,
according to one technology expert.
That VeriSign—seen as the Fort Knox
of security for .com, .net and .gov Web
addresses—doesn’t seem to be aware of the
extent of the hacking is a major concern,
says Matthew Norris, global head of
technology, media and telecommunications
for specialist insurer/reinsurer Hiscox.
The VeriSign attacks were revealed in
a quarterly U.S. Securities and Exchange
Commission filing in October, following
new guidelines requiring the reporting of
security breaches to investors.
“Their security is amazing,” Norris
says of VeriSign, a site trusted by the
U.S. government and huge organizations.
“They are really well funded, their business
is security, they’ve been around for ages. So
if they’ve had a problem, it makes you
think the old adage is true: It’s not so much
WITH BOTH public- and private-sector
organizations reeling in the wake of the hacking
of VeriSign and other security companies,
risk managers are more aware than ever of
cyber risk and the need for best practices
in managing it, according to the Risk and
Insurance Management Society (RIMS).
ACCORDING TO the report “ERM Best Practices
in the Cyber World,” released jointly by RIMS,
Identity Theft 911 and USLaw Network, risk
managers should consider three reasons to use
enterprise risk management to improve their
company’s position with digital risk:
J Data risks may hold unrecognized
implications for the organization’s strategy.
J Unifying the organization’s internal functions
in a comprehensive data-risk and controls-
gap assessment creates efficiencies and
protects the findings.
J Managing data risk well gives an advantage
over competitors that do not and protects the
organization’s standing within its market.
what you do, it’s how determined the
person is to cause your problem.”
Norris tells NU there are two reasons
VeriSign might have been hacked: One
is because the security of the company
is so good that the hacker might have
been driven to embarrass them. The
other is that someone is trying to steal
information and misuse it.
here in 50 years?” he said.
The forum convened this year in
Miami, the site of the costliest disaster in
U.S. history. The great Miami hurricane
BY MARK E. RUQUET
IN AN environment ofrapidlyevolving risks, merely anticipating risk is not enough: Organizations also need to
focus on building resilience
to effectively manage risk and
to position themselves for
long-term sustainability, says
the chief executive of Willis
Speaking at the 2012
World Captive Forum, Willis
Chairman/CEO Joe Plumeri
said hallmarks of a resilient
organization include acknowledging
the difficulty of predicting so-called
“black swan” events. Organizations
need to operate in a dynamic fashion to
make adjustments in real time when a
catastrophe strikes while simultaneously
preparing for the future, he noted.
“In order for companies to build
resilience, they need to ask themselves:
Will we be here in 10 years? Will we be
“Traditional P&C risks endure, but the
nature of risk is changing,” he said. The top
risks on the minds of business leaders today
are not easily solved by purchasing insurance,
industry, he noted, was
born out of the insurance-liability crisis of the 1980s
and began as an “exercise in
anticipation” as risk managers
needed solutions when they found the
insurance marketplace unreliable.
Now, captives stand as a testament
to resilience, Plumeri said: “The captive-
insurance industry has evolved and now
offers a robust and effective approach to
help firms become resilient in the face of
unpredictable risks. Captives play a key
role in the insurance industry, offering
creative solutions for critical risks.” NU
As the risk landscape evolves and includes both
natural and man-made catastrophes, organizations
need to build resilience against the unpredictable.
Insurance serves as a powerful ally for organizations to
tackle these new risks—and in many ways, insurance is
the bridge between anticipation and resilience.”
of 1926 resulted in severe loss of life and
steep economic losses, which, adjusted for
2010 inflation, would total $169 billion,
according to data released by the National
Oceanic & Atmospheric Administration.
A leading catastrophe modeler estimated
that this storm today would cause an
estimated $101 billion in insured losses,
drawing down a significant portion of the
global-insurance capacity, said Plumeri.
February 13, 2012 | National Underwriter Property & Casualty | 15