Cyber Risk at the ERM Symposium
Laura Maxwell

Cyber Risk at the ERM Symposium

Laura Maxwell April 19, 2016 Posted in: Blog Posts, Cyber, Insurance / Insurers
The Enterprise Risk Management (ERM) Symposium, presented by the Casualty Actuarial Society (CAS), Canadian Institute of Actuaries (CIA) and Society of Actuaries (SOA), was held April 6-8 in Arlington, Virginia. I attended two sessions on cyber risk and the speakers expressed some common themes. One stated that there were two kinds of companies: those that have had a data breach and those that are not aware they have had a data breach. More than 1,868 breaches were reported in the United States in 2014. Some examples of cyber-attacks on the insurance industry include:
  • Anthem Blue Cross Blue Shield – breach through compromised database administrator credentials
  • Premera Blue Cross – breach through malware on employee-end devices
  • Aussie Travel Cover – breach through web portal vulnerability
Companies are encouraged to test their own security, and one speaker discussed his organization’s approach to testing its employees. His company dropped USB drives in the parking lot, then tracked how many staff used those drives in their office computers. The enterprise also sent phishing emails and a number of staff members clicked on their links. Companies must additionally be vigilant in detecting leaked user credentials and malware, and in staying current on potential cyber threats.
Once a breach has occurred, ERM can help a company effectively manage the incident, and an organization needs to have plans for handling these issues quickly and responsibly. Consumers are well aware that breaches occur, but denying or underestimating their impact can seriously damage a company’s reputation and retention. Data breach costs may include notification, credit monitoring, legal services, public relations, business interruption and regulatory fines and penalties. The number of insurance providers now offering some type of cyber security coverage continues to grow, and this coverage merits serious consideration in order to effectively manage a company’s cyber risk.


Laura Maxwell is a Consulting Actuary with Pinnacle in our San Francisco, California office. She holds a Bachelor of Science degree in Mathematics from Moravian College. Laura has more than 25 years of actuarial experience in the property/casualty insurance industry and has provided consulting services since 2003. Ms. Maxwell is a Fellow of the Casualty Actuarial Society and a Member of the American Academy of Actuaries. She currently serves the Casualty Actuarial Society as a member of the Examination Committee and Chair of the Webinar Committee. Ms. Maxwell is a SAS® Certified Predictive Modeler Using SAS™ Enterprise Miner™ 5.
«July 2018»