As Cyber Hacks Multiply, Can Companies Manage the Risks?

Peter D. Hancock

The latest in a series of open lectures on cybersecurity and privacy at the New York University Polytechnic School of Engineering will probe the ways in which corporations are adapting their approach to risk management in the face of unprecedented cyber threats. High on the morning’s agenda: analysis of the role the insurance industry might play in helping companies protect against mounting losses from cyber breaches.

The free seminar, organized in partnership with the Center on Law and Security at NYU School of Law, is entitled “Cyber Insurance and Corporate Governance: Facing New Threats,” and will take place in Downtown Brooklyn on Thursday, April 2, 2015.

Peter D. Hancock, president and CEO of AIG, will lead a discussion of the ways in which the insurance industry is adapting to account for threats to the most valuable—and vulnerable—assets companies around the world possess: intellectual property and, in many cases, the sensitive personal information of millions.

Businesses continue to struggle to build strong corporate governance frameworks to manage such risk. Insurers are in a unique position to actively promote and potentially incentivize the use of best practices to manage cybersecurity risk. Why is cybersecurity no longer solely an IT issue? What is the role senior leadership and corporate boards play in developing an enterprise-wide risk management cybersecurity program? What opportunity exists for the public and private sectors to collaborate closely to strengthen businesses’ protection against cyber incidents?

“Insurers can play a key role in helping companies create a sophisticated cybersecurity risk management framework,” said Hancock. “Cyber risk is emerging as a confidence issue as the seamless transfer of personal data has become an underpinning of the economy. Consumers must be confident when they share their personal data for commerce. They need to be assured that their data is being handled with all possible care. And businesses need to understand the depth of the risk they face in safeguarding this customer information.”

The lecture will be preceded by a welcome from Zachary K. Goldman, the executive director of the center, and opening remarks from Gus Coldebella, the former acting general counsel of the Department of Homeland Security and now at Fish & Richardson.

Following the lecture, a panel discussion will feature Joseph V. DeMarco, partner at DeVore & DeMarco LLP; Tom Finan, senior cybersecurity strategist and counsel at the U.S. Department of Homeland Security; Cameron F. Kerry, senior counsel at Sidley Austin and the Ann R. and Andrew H. Tisch distinguished visiting fellow of governance studies at the Center for Technology Innovation of the Brookings Institution; and Randal S. Milch, executive vice president, strategic policy advisor to the chairman and CEO of Verizon. The panel will be moderated by Judith H. Germano, a senior fellow of the NYU Center on Law and Security and an adjunct professor at the NYU School of Law.

This seminar is the sixth in a series of open lectures on cybersecurity and privacy sponsored by the NYU School of Engineering in alliance with the Alfred P. Sloan Foundation. These events consistently draw high-level representatives of New York’s regional businesses, government agencies, nonprofits, academic institutions, media, and concerned members of the public.

NYU School of Engineering Professor Nasir Memon, a founding director of the university’s Center for Interdisciplinary Studies in Security and Privacy (CRISSP) and chair of the School of Engineering Department of Computer Science and Engineering, will deliver closing remarks. “We are grateful to the Sloan Foundation for making the seminar series possible,” said Memon. “Events like this help keep the School of Engineering at the forefront of cyber technologies and systems, and put the vital issues of security and privacy squarely in the public eye. We are deeply honored to host Peter D. Hancock and our esteemed panelists, whose expertise will undoubtedly make for a lively, engaging discussion on a crucial topic.”

The Center on Law and Security’s Goldman noted that the ability of companies and governments to protect their constituents against cyberattacks in the future will depend upon the adoption of legal and policy frameworks that can accommodate rapidly shifting technologies.  “Effectively preventing and mitigating the damage from cyberattacks is not only about ensuring that a company has state-of-the-art technology, it is also about creating the right response frameworks that can adequately manage the legal, regulatory, compliance, and reputational risks to which companies are subject,” Goldman said.  “We are grateful to have had the opportunity to discuss these issues with the innovative thinkers and practitioners who join us for the NYU/Sloan Lecture.”

Admission to the NYU/Sloan Lecture is free, but space is limited, and registration is required. The lecture will be streamed live at Submit questions for the panelists during the lecture at or @cyberlecture. Join the conversation on Twitter using #ReducingCyberRisk. For more information and to register to attend, please visit

The lecture is made possible in part through the support of AIG; DeVore & Demarco, Attorneys at Law; and Verizon. The Alfred P. Sloan Foundation is the principal sponsor of this lecture and the entire series.

The NYU School of Engineering is an internationally recognized center for cyber security research, education, and policy. It has received all three Center of Excellence designations from the National Security Agency and the United States Cyber Command.  The School of Engineering has joined with other NYU schools to form the Center for Interdisciplinary Studies in Security and Privacy (CRISSP). The consortium researches new approaches to security and privacy by combining security technology, psychology, law, public policy, and business. NYU-ePoly, the school’s online learning unit, delivers 20 online graduate programs worldwide, including the virtual cyber security program, named the nation’s best online program by the Sloan Consortium in 2011.