National Underwriter - February 13, 2012

AS DETAILS OF the hacking of Veri- Sign unfold, government entities and corporations of all sizes are becoming more aware of their own vulnerabilities, according to one technology expert.

That VeriSign—seen as the Fort Knox of security for .com, .net and .gov Web addresses—doesn’t seem to be aware of the extent of the hacking is a major concern, says Matthew Norris, global head of technology, media and telecommunications for specialist insurer/reinsurer Hiscox.

The VeriSign attacks were revealed in a quarterly U.S. Securities and Exchange Commission filing in October, following new guidelines requiring the reporting of security breaches to investors.

“Their security is amazing,” Norris says of VeriSign, a site trusted by the U.S. government and huge organizations. “They are really well funded, their business is security, they’ve been around for ages. So if they’ve had a problem, it makes you think the old adage is true: It’s not so much

WITH BOTH public- and private-sector organizations reeling in the wake of the hacking of VeriSign and other security companies, risk managers are more aware than ever of cyber risk and the need for best practices in managing it, according to the Risk and Insurance Management Society (RIMS).

ACCORDING TO the report “ERM Best Practices in the Cyber World,” released jointly by RIMS, Identity Theft 911 and USLaw Network, risk managers should consider three reasons to use enterprise risk management to improve their company’s position with digital risk:

J Data risks may hold unrecognized
implications for the organization’s strategy.
J Unifying the organization’s internal functions
in a comprehensive data-risk and controls-
gap assessment creates efficiencies and
protects the findings.
J Managing data risk well gives an advantage
over competitors that do not and protects the
organization’s standing within its market.

what you do, it’s how determined the
person is to cause your problem.”
Norris tells NU there are two reasons
VeriSign might have been hacked: One
is because the security of the company
is so good that the hacker might have
been driven to embarrass them. The
other is that someone is trying to steal
information and misuse it.

here in 50 years?” he said.

The forum convened this year in Miami, the site of the costliest disaster in U.S. history. The great Miami hurricane

BY MARK E. RUQUET

IN AN environment ofrapidlyevolving risks, merely anticipating risk is not enough: Organizations also need to focus on building resilience to effectively manage risk and to position themselves for long-term sustainability, says the chief executive of Willis Group Holdings.

Speaking at the 2012

World Captive Forum, Willis Chairman/CEO Joe Plumeri said hallmarks of a resilient organization include acknowledging the difficulty of predicting so-called “black swan” events. Organizations need to operate in a dynamic fashion to make adjustments in real time when a catastrophe strikes while simultaneously preparing for the future, he noted.

“In order for companies to build resilience, they need to ask themselves: Will we be here in 10 years? Will we be

“Traditional P&C risks endure, but the nature of risk is changing,” he said. The top risks on the minds of business leaders today are not easily solved by purchasing insurance, The captive-insurance industry, he noted, was born out of the insurance-liability crisis of the 1980s and began as an “exercise in anticipation” as risk managers needed solutions when they found the insurance marketplace unreliable.

Now, captives stand as a testament
to resilience, Plumeri said: “The captive-
insurance industry has evolved and now
offers a robust and effective approach to
help firms become resilient in the face of
unpredictable risks. Captives play a key
role in the insurance industry, offering
creative solutions for critical risks.” NU
As the risk landscape evolves and includes both
natural and man-made catastrophes, organizations
need to build resilience against the unpredictable.
Insurance serves as a powerful ally for organizations to
tackle these new risks—and in many ways, insurance is
the bridge between anticipation and resilience.”

of 1926 resulted in severe loss of life and steep economic losses, which, adjusted for 2010 inflation, would total $169 billion, according to data released by the National Oceanic & Atmospheric Administration.

A leading catastrophe modeler estimated that this storm today would cause an estimated $101 billion in insured losses, drawing down a significant portion of the global-insurance capacity, said Plumeri.