RiskUKMarch2018
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Examining The Role of Insurance in<br />
Converged Security Solutions<br />
“Risk comes from not<br />
knowing what you are<br />
doing. Price is what<br />
you pay. Value is what<br />
you get. Someone’s<br />
sitting in the shade<br />
today because<br />
someone planted a<br />
tree a long time ago”<br />
Warren Buffett’s<br />
words are apt in<br />
describing today’s<br />
security environment.<br />
The more that we work<br />
together in generating<br />
holistic solutions, the<br />
better the results in<br />
the long term. Rachel<br />
Anne Carter focuses<br />
on the role of the<br />
insurance industry in<br />
the delivery of security<br />
solutions<br />
38<br />
www.risk-uk.com<br />
The security profession as we understand it<br />
includes a variety of security generalists<br />
and specialists: corporate and commercial<br />
security practitioners, police and law<br />
enforcement professionals, intelligence<br />
operatives and military personnel. However,<br />
when thinking more broadly of those who<br />
provide solutions to security breaches, we also<br />
have insurance providers, lawyers and others<br />
whose work directly affects security outcomes<br />
or regulates behaviour, and thus brings in<br />
different bands of membership from corporates<br />
or Government departments.<br />
Holistic solutions are essential. When there’s<br />
a lack of collaboration and an entrenchment of<br />
the silos, there’s a duplication of resources and<br />
an escalation in costs. Even worse, there’s the<br />
danger that certain threats will fall into the<br />
cracks between them.<br />
Within the security profession, it’s now being<br />
recognised that cyber security should not be<br />
regarded as a silo. Rather, it’s everyone’s<br />
business. Converged security solutions are<br />
necessary. The exact same principle applies to<br />
the integration of other specialisms.<br />
The insurance industry is one of those<br />
sectors resting on the outer edge of the<br />
security industry, and not always certain of its<br />
place within the security sector. Insurance is, of<br />
course, a security measure. Greater knowledge,<br />
learning and mutual benefits will emerge from<br />
breaking down the existing silos, generating a<br />
more communicative experience and achieving<br />
holistic security strategies. As a direct result,<br />
many insurance companies are now seeking to<br />
engage with the security business sector on a<br />
somewhat more effective footing.<br />
Taking the example of cyber insurance, as we<br />
innovate, adapt and develop product and<br />
service offerings, we’re seeking to be part of a<br />
holistic security experience. Although insurance<br />
is critical to the economic security of a<br />
company, entity or individual after a cyber<br />
attack, we do of course recognise that<br />
insurance alone isn’t enough.<br />
In order to address cyber risks, we seek to<br />
develop a joined-up approach where we can<br />
look at the problem of cyber threats and its<br />
transformation as a multifaceted issue and then<br />
respond accordingly.<br />
Understanding and insight<br />
Insurers have the best possible understanding<br />
and insight into economic protection against<br />
business risks. There’s often a convergence of<br />
physical and cyber risks. In some cases, the<br />
physical risk may be about access to a building<br />
or access to computer systems or servers, for<br />
example. This requires specialists in both areas<br />
to work together, and both types of specialist to<br />
have a strong working knowledge of the other’s<br />
domain. In the future, the distinction between<br />
the two may well disappear entirely.<br />
The insurance industry also relies upon<br />
technical cyber professionals who have<br />
specialist knowledge of IT and cyber<br />
infrastructure, vulnerabilities and programming<br />
capabilities and who can implement technical<br />
solutions. The ability of insurance, physical<br />
security and technical cyber experts to work<br />
together to generate holistic solutions will be<br />
preferable to a pure economic solution.<br />
The economic aspect of the solution within a<br />
broader security strategy will, however, aid the<br />
recovery process and enable a company to have<br />
the cashflow required to continue their<br />
operations after an event has transpired.<br />
Security breaches rarely affect only one part<br />
of a business. Rather, they’re more likely to<br />
impact several areas and may even affect the<br />
overall functionality and operability of a