
Risks and Rewards in a Digital World


Dominic Casserley, President and Deputy CEO, Willis Towers Watson
Coordinated Response to Combat Digital Threats:
A coordinated response is necessary to combat threats arising from the digital revolution. This year is the 350th anniversary of the Great Fire of London, one of the largest urban fires in history. Caused by a flying spark in a bakery, the fire destroyed a third of the city, and made 100,000 people homeless.
Increased risk of fire was one of the significant negative consequences of urbanization, arriving alongside, a set of new economic and social opportunities enabled by the growth of cities.The risks that came with urban expansion were serious, but did not dissuade people from city living. Instead, society captured the massive benefits through risk mitigation, including insurance.
When it came to urban fire, our response was multi-faceted. Every intervention we made was necessary, and none was sufficient on its own. For example, governments required building in brick and stone, not wood, with other building codes following. Local authorities established fire brigades. People stopped heating with open fires in their homes. We developed fire insurance.
Deployed in combination, these moves allowed cities to thrive, while fire risk declined dramatically. Indeed, our joined-up response to urban fire offers a parallel solution for how we might address one of today’s most pressing issues: the cyber opportunities and threats arising from the digital revolution.
By 2026, five billion people will be connected through four billion smartphones and 50 billion connected devices. Our connectivity has created an explosion in digital data–2.5 quintillion bytes every day, on social media, email, online purchasing, browsing, and by machines talking to machines in the Internet of Things. Connectivity is driving social progress. Businesses are mining new seams of innovation. The possibilities seem limitless. But with transformation, new opportunities are balanced by new risks.
A cyber strategy should be led from the ‘C-Suite’. It needs to be managed on a whole-enterprise basis, with collaboration across corporate functions
Governments and cities fear cyber attacks could disable critical infrastructure, imperil national security and threaten the economy. Intangible digital assets are at risk from economic espionage, while privacy breaches, cost money and loss of business. On top of the commercial consequences, cyber attacks damage a company’s reputation and leadership. No wonder that our clients tell us that cybersecurity is at the top of their agendas.
So how do we manage these risks to unlock the full benefits of digitization? The answer is to adopt an integrated approach for building cyber security, one in which organizations in the public, private and social sectors adopt a package of risk mitigation measures–a truly joined-up response to the growing cyber threats.
Priority Cyber Risk Check-list:
To respond to the risks inherent in our interconnected world, businesses must be both preventive and protective. Six priorities should be on every company’s integrated “cyber risk check-list”:
• Ensure enterprise-wide governance is in place.
• Assume hackers are already inside.
• Invest in making your whole workforce cyber-smart.
• Consider technology one of several lines of defense.
• Insure for cyber threats that you can’t mitigate.
• Allocate enough capital to the right cyber defenses–protect your crown jewels.
Enterprise-Wide Governance:
A cyber strategy should be led from the ‘C-Suite’. It needs to be managed on a whole-enterprise basis, with collaboration across corporate functions. The senior executive who orchestrates a cyber strategy should combine commercial nous and the relevant understanding of IT, HR, legal and reputational issues.
Assume Hackers, Already Inside:
We need to assume not only those hackers are trying to get in, but they are already inside our companies’ data. Tackling the enemy within requires different measures from trying to keep them out. Organizations should initiate regular stress-testing of data to improve detection, and invest in measures to make it less financially rewarding and more time-consuming for hackers to attack in the first place.
Invest in Making the Workforce Cyber-Smart:
Investing in enterprise-wide cyber-security training is expensive, but a vigilant workforce is a vital protection. It means offering a combination of rewards and disincentives, encourages a culture supportive to cyber security. Not all training will deliver 100 Percent perfection, but it can improve prevention.
See Technology as One of Several Lines of Defense:
IT solutions are often the first port of call for organizations looking at cyber defense. It’s important to understand that technological defenses are critical, but not sufficient response on their own.
Insure for Cyber Threats We Cannot Mitigate:
While insurance is an old and experienced industry, the cyber risk market is young and because these risks are hard to quantify, insurance companies’ willingness to put capital at risk is currently constrained. No doubt the market will broaden and deepen over time, but we have to become better at understanding and quantifying cyber risk, its financial and non-financial impact.
Allocate Enough Capital to the Right Cyber Defenses:
Companies need to understand, quantify and provide for their greatest cyber exposures. This starts with identifying critical assets to create a critical digital asset register. These are assets which impact on financial stability, customer relationships, and regulatory compliance and trust. They might include infrastructure, data, applications, or services supplied by third parties. We are in the middle of a technological revolution in the way we live and do business. It’s a very young revolution, with amazing opportunities and substantial risks. Some argue that the solution lies in technology, and the others in institutions, human behavior and insurance. We think it’s all of those things coming together. By bringing together institutional responses and technological solutions, by influencing human behavior, and developing the insurance market, we can distribute cyber risk and enjoy the promise of a connected future.
Featured Vendors
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
The Intelligent Legal Department
Data Protection Trends - GDPR as a forthcoming global privacy benchmark
The 5 questions you should be asking about legal tech
Technology as a Tool to Aid the Legal Function
Building On Your Legal Tech Journey
Enhancing Productivity of Lawyers with Technology
