RiskUKMarch2018

More documents

Recommendations

Info

Examining The Role of Insurance in Converged Security Solutions “Risk comes from not knowing what you are doing. Price is what you pay. Value is what you get. Someone’s sitting in the shade today because someone planted a tree a long time ago” Warren Buffett’s words are apt in describing today’s security environment. The more that we work together in generating holistic solutions, the better the results in the long term. Rachel Anne Carter focuses on the role of the insurance industry in the delivery of security solutions 38 www.risk-uk.com The security profession as we understand it includes a variety of security generalists and specialists: corporate and commercial security practitioners, police and law enforcement professionals, intelligence operatives and military personnel. However, when thinking more broadly of those who provide solutions to security breaches, we also have insurance providers, lawyers and others whose work directly affects security outcomes or regulates behaviour, and thus brings in different bands of membership from corporates or Government departments. Holistic solutions are essential. When there’s a lack of collaboration and an entrenchment of the silos, there’s a duplication of resources and an escalation in costs. Even worse, there’s the danger that certain threats will fall into the cracks between them. Within the security profession, it’s now being recognised that cyber security should not be regarded as a silo. Rather, it’s everyone’s business. Converged security solutions are necessary. The exact same principle applies to the integration of other specialisms. The insurance industry is one of those sectors resting on the outer edge of the security industry, and not always certain of its place within the security sector. Insurance is, of course, a security measure. Greater knowledge, learning and mutual benefits will emerge from breaking down the existing silos, generating a more communicative experience and achieving holistic security strategies. As a direct result, many insurance companies are now seeking to engage with the security business sector on a somewhat more effective footing. Taking the example of cyber insurance, as we innovate, adapt and develop product and service offerings, we’re seeking to be part of a holistic security experience. Although insurance is critical to the economic security of a company, entity or individual after a cyber attack, we do of course recognise that insurance alone isn’t enough. In order to address cyber risks, we seek to develop a joined-up approach where we can look at the problem of cyber threats and its transformation as a multifaceted issue and then respond accordingly. Understanding and insight Insurers have the best possible understanding and insight into economic protection against business risks. There’s often a convergence of physical and cyber risks. In some cases, the physical risk may be about access to a building or access to computer systems or servers, for example. This requires specialists in both areas to work together, and both types of specialist to have a strong working knowledge of the other’s domain. In the future, the distinction between the two may well disappear entirely. The insurance industry also relies upon technical cyber professionals who have specialist knowledge of IT and cyber infrastructure, vulnerabilities and programming capabilities and who can implement technical solutions. The ability of insurance, physical security and technical cyber experts to work together to generate holistic solutions will be preferable to a pure economic solution. The economic aspect of the solution within a broader security strategy will, however, aid the recovery process and enable a company to have the cashflow required to continue their operations after an event has transpired. Security breaches rarely affect only one part of a business. Rather, they’re more likely to impact several areas and may even affect the overall functionality and operability of a
The Security Institute’s View business (even if only temporarily). On that basis, a solution accounting for the various impacts is key. Generating the required information about the potential impact(s) of security breaches involves intelligence gathering, understanding of technical intricacies and behavioural and other observations. This understanding and holistic approach towards mitigating the threat and any potential implications takes into account minimisation, prevention and recovery from security breaches. Intelligence gathering as well as physical surveillance can monitor individuals, groups, potential state actors or others involved in generating the greatest physical, cyber or other security threats and the broad threat groupings. Law enforcement has a role to play in dealing with criminality, primarily after it happens, and prosecuting where possible those engaged in cyber crime. A joined-up approach will also help facilitate the identification of patterns used by adversaries to carry out attacks and put in place solutions to combat these as well as isolate any potential losses. It’s fair to suggest that collaboration is the strongest force we have available to us. Collaboration is key In addition to enhancing understanding, collaboration facilitates cost and time efficiencies as well as an enhanced likelihood of preventing many more security breaches (physical and/or virtual). Using the same cyber example, a security solution involves taking into account physical risks and ways of minimising these risks, cyber professionals being more prescriptive about what clients and stakeholders must or should do (and regularity) to ensure that systems are as safe as possible and that insurance adapts and optimises its offer while ensuring clarity in existing offerings. The bringing together and selling of such products and services will benefit all and provide far more robust solutions for clients. This will take the stress, time and inconvenience away from clients otherwise having to source their own vendors to meet a variety of different security objectives. For the provision of security and the level of insurance cover offered, it’s likely that a higher degree of security will be afforded and that insurance solutions may have higher limits or more extensive coverage. Optimal solutions protecting against all security eventualities will be provided to companies who understand their risks and vulnerabilities and abide by – or are willing to nurture – a strong security culture. Collaboration will inherently focus on solutions, but it also has an educational element attached to it. The different sectors within the security community can educate each other and also learn from each other. Opening and widening the dialogue between the different sectors is likely to create new business opportunities for all those involved. Whenever a breach of security occurs, whether it manifests itself in a physical, cyber or other medium, it’s in everyone’s best interest that the breach is contained and minimised, with a strategy for resilience and returning to a state of ‘business as normal’ as soon as practicable duly put into operation. Breaking down traditional barriers The breaking down of traditional barriers to promote a joined-up approach sends a very powerful signal to our adversaries. Together, we are stronger. By sharing knowledge, we make it harder for the adversary to exploit the gaps where information doesn’t filter through from one silo to the next. Instead, it provides a stronger position to analyse past events, learn from them and adapt accordingly. Ultimately, if there’s a loss event, it’s best that everyone’s on board from the security sector, as the only winners from these events are the cyber adversaries who’ve been able to exploit our own entrenched silo system to their own advantage. This is a plea to organisations that they ought to take guidance from the words of business magnate Warren Buffet and start to plant the necessary seeds now. All-encompassing profession Security is an all-encompassing profession focusing on the safety of people, business and communities. Insurance is part of the solution, providing an economic and financial buffer. As the year is yet young, let this one stand to be a turning point whereby there’s greater collaboration, adaptation and modernisation of the way in which various security risks are both perceived and then actively remedied. Let us become a united force for the future and a growing seed of resentment for our adversaries who are looking to carry out security breaches. If we grow stronger together, then the cyber attackers will realise they’re faced with a harder task when it comes to conducting their criminal escapades. The Security Institute’s View is compiled and edited by Dr Alison Wakefield FSyI (Chairman of The Security Institute) and Brian Sims BA (Hons) Hon FSyI (Editor of Risk UK) Dr Rachel Anne Carter MSyI: Director of Research and Policy at The Security Institute and Cyber Innovation Lead at AmTrust “Holistic solutions are essential. When there’s a lack of collaboration and entrenchment of the silos, there’s a duplication of resources and an escalation in costs” 39 www.risk-uk.com
Page 1 and 2: March 2018 www.risk-uk.com Security
Page 3 and 4: March 2018 Contents 34 Meet The Sec
Page 5 and 6: Texecom Connect App New smartphone
Page 7 and 8: News Update New technology unveiled
Page 9 and 10: News Analysis: PwC Global Economic
Page 11 and 12: News Special: ASIS European Securit
Page 13 and 14: TCP/IP network PAVIRO Public Addres
Page 15 and 16: Opinion: Security Business Sector I
Page 17 and 18: BSIA Briefing As the deadline for c
Page 19 and 20: Do you know the people in your buil
Page 21 and 22: Risk Predictions for 2018 and the R
Page 23 and 24: Autonomous Vehicles - The Security
Page 25 and 26: Perimeter Protection: Solutions for
Page 27 and 28: Transport Security: Video Surveilla
Page 29 and 30: SECURITY WORKFORCE MANAGEMENT PLATF
Page 31 and 32: We go above and beyond. Axis Securi
Page 33 and 34: Security and Fire Management BE SMA
Page 35 and 36: Meet The Security Company: Risk Man
Page 37: 3 July 2018 Hilton London Canary Wh
Page 41 and 42: In the Spotlight: ASIS Internationa
Page 43 and 44: FIA Technical Briefing: Detecting S
Page 45 and 46: Security Services: Best Practice Ca
Page 47 and 48: Hardware Cyber Security: IP Securit
Page 49 and 50: Training and Career Development eme
Page 51 and 52: Technology in Focus Technology in F
Page 53 and 54: Appointments Andy Neal Cardinus Ris
Page 55 and 56: Vista adds new features and more fu
Page 57 and 58: CCTV CCTV Rapid Deployment Digital
Page 59 and 60: SECURITY ANTI-CLIMB SOLUTIONS & SEC

RiskUKMarch2018

Create successful ePaper yourself

Delete template?

Save as template?