EXCLUSIVE: New risk forum kicks off with cyber storm

The 2014 Strategic Risk Forum is now on, with more than 180 risk professionals and specialist brokers gathering in Singapore today to explore current and emerging trends in key risks affecting APAC companies.

UK-based StrategicRISK editor Mike Jones started off the first panel discussion of the day with the suggestion that the word ‘cyber’ was often misused or perhaps even misunderstood.

“The risks and indeed the opportunities (and we must not forget this aspect) associated with the term “cyber” very much depend on what people perceive the meaning of the word to be,” he said.

Jones suggested that we are looking at a risk that really cannot be compartmentalised and certainly not seen in isolation.

“There is a clear and definite interconnectedness around these risks which I suppose are perhaps better described as intangibles – non physical risks,” he said.

“Cyber is just one of a growing number of risks which sit within the intangible spectrum – alongside intellectual property, content, branding and ultimately reputation, perhaps the most overarching risk of them all.

“None of these risks exist in isolation, all are interconnected.”

The panel went on to examine how companies were identifying and prioritising the cyber/data risks that they faced, sharing some practical ways to deal with what are considered to be cyber issues.

Insurance solutions

Panellists also suggested what an effective cyber risk programme should look like. An issue that was central to the discussion was what companies were doing to incorporate internal stakeholders in their cyber risk programme.

A contentious topic was whether insurance solutions failed to take account of the interconnectedness of risks in this area, and if it was reasonable to expect that they should by seeking coverage that has an approach of ‘wholeness’.

It was suggested that there was sometimes a disconnection between boards and the risk function in terms of general knowledge of the risks associated with cyber. Jones asked whether this was true of the businesses represented by the panel and how important it was to have a board that could demonstrate awareness of this subject.

It was generally agreed that while cyber risk was well understood by risk managers in terms of a global perspective, it was not considered a strategic risk locally. Furthermore, C-suite understanding of risk exposure was lacking in many instances.

Different cultures

Microsoft’s chief security officer in Asia Pierre Noel, who took part in this session, told SR recently that it was important to realise that Asia is made of a wide mix of countries presenting different cultures and sophistications when it comes to addressing cyber risk issues.

“Some countries, such as Australia, New Zealand and Singapore are at the leading edge in understanding and addressing cyber risks,” he said.

“Whereas many other countries do not have a nationwide cyber security framework, a functioning Central Emergency Response Team (CERT), or are fighting more pressing issues and are therefore unable to effectively handle attacks against governments or critical infrastructure organisations, such as finance, transport, utilities and others.”

Noel said that some countries are subject to more cyber warfare than others due to their “culture, geo location or history”. “One of the most obvious examples is South Korea, [which is] almost continuously subject to malicious cyber warfare attacks from North Korea,” he said. “But this is far from being the only country subject to this type of risk.”

Furthermore, Noel added, almost every country is subject to financially motivated attacks, “where the bad guys will seek to steal personal information from internet users, and sell these in their very flourishing black market”. “Bank account, credit card and even address book information has a market value,” he said.

Nat cat, borders, regulations and people

The remainder of the day will feature discussions about learning lessons learned from real and recent natural catastrophe events; managing the risks of operating across international borders; coping with regulatory change; and identifying and managing people risk.

Strategic Risk Forum 2014 partner sponsors are AIG, Marsh, Swiss Re Corporate Solutions and Zurich; associate sponsors are ACE Group and XL Group.

The event is supported by the Risk and Insurance Management Association of Singapore (RIMAS) and the Pan-Asia Risk & Insurance Management Association (PARIMA).