Four insurance firms — Travelers, Coalition, Resilience Cyber Solutions and Vantage Group— were among the participants in the White House summit on cybersecurity along with giant technology firms and Biden Administration officials.
“The federal government can’t meet this challenge alone,” President Joe Biden told the executives. “You have the power, the capacity and the responsibility, I believe, to raise the bar on cybersecurity.”
Here’s what the insurance firms said after the meeting about the role of the insurance industry and their own company’s commitment to cybersecurity:
Alan Schnitzer, chairman and chief executive officer, The Travelers Companies:
“Cybersecurity is one of the most pressing issues of our time, and we applaud President Biden for bringing experts and industry leaders together to address this growing threat. We are proud to join this critical discussion alongside our partners in government, technology, financial services and education, among others.
“According to the Travelers Risk Index, which surveys U.S. business leaders, cyber risk is the number one concern across companies of all sizes. At Travelers, we see firsthand the devastating effects that a breach can have on a business, and we understand that even small changes can have a big impact on data security. For instance, research suggests that implementing affordable mitigation controls, such as multifactor authentication, could prevent the vast majority of ransomware attacks. Adopting best practices for cyber hygiene will make our businesses – and our country – safer.
“At the White House, I highlighted the critical role that the insurance industry plays in strengthening America’s cybersecurity. Insurers help organizations manage cyber risk efficiently and effectively, including by conducting cyber risk assessments, advising on hardening cyber defenses and providing ongoing monitoring of cyber vulnerability. After a breach has occurred, insurers provide technical expertise and financial support to facilitate recovery. Working together, the industry can also identify and share trends in the cyber risk environment and promote the adoption of cybersecurity best practices.
“I also announced Travelers’ participation in the National Institute of Standards and Technology’s initiative to develop a new framework for public and private entities to improve the security and integrity of the technology supply chain. It’s an important step in enhancing the nation’s overall cybersecurity.
“Ultimately, the victims of cybercrime are people – employees, customers and owners of businesses small and large, in every corner of the nation. Protecting their interests must be a priority, and I look forward to continuing to partner with the Administration and my colleagues who gathered today to do just that. From preparation and prevention to mitigation and recovery, Travelers is committed to helping individuals and businesses safely navigate the rapidly evolving cyber landscape.”
Joshua Motta, CEO and co-founder of Coalition, cyber insurance and security provider:
Coalition discussed how cyber insurance can help solve the nation’s cybersecurity challenges by incentivizing the controls that reduce the likelihood or success of a cyber attack and providing a lifeline to those organizations that have had to file a claim. Motta said:
“We’re honored to work with President Biden, the government, and other private sector leaders to tackle our nation’s cybersecurity challenges head on. As the threats from ransomware and other cyber crimes accelerate, small and midsize businesses can’t be left to fend for themselves. It takes a broad combination of accessible technology and aligned incentives to keep these companies safe.”
Coalition also made a public commitment to offer its policyholder risk management platform, Coalition Control, to any business at no cost, effective immediately. The platform includes continuous attack surface monitoring, recommendations on how to close security vulnerabilities, and a downloadable risk assessment to help organizations control their cyber risk exposure. Coalition is making this risk management platform available at: coalitioninc.com/securityforall
Vishaal Hariprasad, CEO, Resilience Cyber Insurance Solutions and Resilience:
“I share the goal of driving security standards up, but I also worry about withdrawing protection for victims who would otherwise externalize their crisis to the public, their employees, and their customers. When insurance is at its best, it is doing two things: it is paying covered claims, whether it is health, auto, or cyber insurance; and, it is pointing the way to those actions or steps that make bad things less likely to happen – whether that be quitting smoking, wearing a seat belt, or deploying MFA. Our obligation is to do both.
Resilience offered four key areas where industry and government can work together:
- Prioritize cyber hygiene – Use the bully pulpit to encourage industry collaboration in raising awareness of its importance for general safety.
- Encourage more information sharing – Both from industry to government and back from government to industry.
- Collaborate with the insurance industry – To set minimum cybersecurity standards for critical infrastructure companies.
- Empower our industry with legal resources – To go after cyber attackers.
“The insurance industry has historically been able to put incentives in place to change human behavior for the better. We saw this with fire, auto, and healthcare insurance. This is the role cyber insurance should play in security,” Hariprasad said.
Resilience made the following commitment in the federal government’s mission to mitigate cyberthreats:
“Resilience, a cyber insurance provider, will require policyholders to meet a threshold of cybersecurity best practice as a condition of receiving coverage.”
“The insurance industry is uniquely positioned to have a mutual stake in the fight against ransomware. We want our companies to be stronger, more cyber resilient, when partnered with us. If our clients get hit, the insurance pays that loss. Our client’s cyber risk is our cyber risk.”
“Simply put, Resilience believes that placing capital at risk without requiring action on behalf of the insured is a kind of moral hazard.”
Greg Hendrick, CEO, Vantage Group Holdings Ltd., a re/insurance firm:
“By tackling current issues that disrupt businesses and place assets at increased risk, leaders can better understand the potential impact of those risks. There is opportunity in proactively understanding and identifying ways to mitigate the outcomes of threats such as cyber security breaches. By broadly sharing data about those efforts in a consistent, organized way, we can gain valuable insights to help mitigate and avoid these risks. The team at Vantage approaches complex issues such as this with relentless curiosity and creativity. We are pleased to share perspectives through private/public partnerships like this that can accelerate improvements and achieve broad national impact.
“The insurance industry can play a vital role by bringing a more risk-based approach to providing coverage and pricing of cyber insurance. We need to be prepared and mitigate what has yet to be seen; a true catastrophic scenario where an attack is able to impact thousands of companies. While the federal government is prioritizing and elevating cybersecurity like never before, the private sector should be taking the same approach. Turning all the stones over and working together to help solve this complex, growing international threat is undoubtedly the best way forward.”
*This story ran previously at our sister publication Insurance Journal.