Posted April 9th, 2015
“Cyber security is a team sport,” speaker Gus Coldebella said to the audience at the sixth Sloan Cyber Security Lecture at the NYU Polytechnic School of Engineering. “And the team members must now include not only the computer scientists in the server room but the executives in the board room.” Coldebella, a lawyer specializing in cyber security, litigation, and government investigations and a former deputy general counsel for the Department of Homeland Security, was on hand to introduce the event’s keynote speaker, Peter D. Hancock, the president and CEO of insurance giant AIG.
Hancock was in Brooklyn to speak about the importance of building adequate corporate governance frameworks to manage risk in the face of today’s all-too-frequent cyber breaches and of creating a robust cyber insurance market.
But first, as a self-proclaimed “insurance geek,” he recalled a recent trip to Italy, where he had visited the Mansutti Foundation’s Center for the History of Insurance, which houses some 2,500 policies, some dating back to the 16th century. He had been impressed, in particular, by a 1670 document insuring marine cargo against piracy. “The purpose of insurance is to reduce fear,” he explained, “In the case of that historic policy, it was fear of piracy. And piracy still exists in many forms. Modern cyber piracy can make us fear embracing the big-data revolution because of threats to our customer information and intellectual property.” That fear, he continued, can inhibit growth, making it imperative that CEOs understand the cyber security challenges they might face—and that technologically savvy IT personnel understand the challenges facing those at the helm of their firms.
Provocatively, Hancock broached the topic of whether or not cyber insurance should be mandatory in order to do business, in much the same way Americans cannot drive a car or purchase a home without obtaining the proper insurance.
In addition to the crowd packed into Pfizer auditorium, more than 200 viewers streamed the event live, and after Hancock’s entertaining talk, they were treated to a panel discussion moderated by Judith H. Germano, a senior fellow at NYU’s Center on Law and Security, which co-hosted this installment of the lecture series. (Zachary K. Goldman, the Center’s executive director, had delivered welcoming remarks.)
The high-powered panel included Joseph V. DeMarco, a lawyer specializing in counseling clients on complex issues involving information privacy, security and intellectual property; Tom Finan, a senior cyber security strategist and counsel with the U.S. Department of Homeland Security’s National Protection and Programs Directorate (NPPD); Cameron Kerry, a former general counsel and acting secretary of the U.S. Department of Commerce; and Randal S. Milch, the executive vice president and strategic policy advisor to Verizon’s chairman and CEO. The group stressed to its audience that cyber security must be a part of the conversation when risk management is discussed in the boardroom and that CISOs (chief information security officers) must make their voices heard.
Nasir Memon, head of the Department of Computer Science and Engineering and cofounder of NYU’s Center for Interdisciplinary Studies in Security and Privacy, gave the closing remarks, thanking the Sloan Foundation and other sponsors and expressing pride that banners from both the School of Engineering and the Center on Law and Security graced the stage. “This highlights the multidisciplinary nature of cyber security,” he said. “It’s a technical issue, a business issue, a policy, legal, and human behavioral issue.” Thanks to Hancock and the other speakers, even the laypeople in attendance now know that it’s a pressing insurance issue as well.