Transcript CORPORATE BOARDS - Centre for Secure Information Technologies

DRAFT
Suren Gupta
Allstate Corporation
Executive Vice President
Allstate Technology & Strategic Ventures
Belfast 2015
5th World Cyber Security
Technology Research Summit
1
CORPORATE
CYBERSECURITY
Agenda
CORPORATE
BOARDS
CONSUMERS
AND STAKEHOLDERS
THE CHANGING
LANDSCAPE
THEIR NEW CHALLENGES
AND RESPONSIBILITIES
WHAT WE NEED TO KEEP
THEM INFORMED AND SAFE
2
CORPORATE CYBERSECURITY:
THE CHANGING LANDSCAPE
3
Allstate Corporation at a Glance
#1
16
$34.9
40,200
11,900
1 billion
publicly held personal lines property
and casualty insurer in the U.S. by revenue
million households served
billion revenue in 2014
employees
Exclusive Allstate Agencies
and Financial Specialists
Potentially suspicious cyber
incidents every day
4
The number of confirmed data breaches is increasing
dramatically
1,367
Source: 2014 Verizon Data Breach Investigations Report
5
Consumer trust in companies to secure personal
information is tenuous
Gallup, June 2014
6
Corporate boards are under pressure to take more
accountability for cybersecurity
“A prominent proxy adviser
urged the ouster of most
Target Corp. board members
for failing to manage risks and protect the
company from a massive data breach.”
-- May 28, 2014
7
CEOs are elevating the importance of cybersecurity
CEOs now see cybersecurity technologies as one of the three
most strategically important types of digital technology:
Mobile technologies
for customers
Data mining and
analysis
Cybersecurity
technologies
#1
#2
#3
Source: PwC 18th Annual Global CEO Survey, January 2015
8
The Internet of Things, tech innovation and political
unrest elevate the threat level
50
BILLION
IP devices will be
connected by
2022
NONTECH
POLITICAL
UNREST
Companies are
quickly bringing
consumer
technologies to
market
Drives both statesponsored and
lone-wolf cyber
attacks
Millions of access points + vulnerable technologies + politically-motivated attacks
= perfect storm of corporate risk
9
CORPORATE BOARDS:
THEIR NEW CHALLENGES
AND RESPONSIBILITIES
10
Cyber threats potentially broaden a company’s risks
Internal Risk
- Operational
- Financial
- Reputational
Traditional
External Risk
- Customer
- Shareholder
Systemic Risk
- Markets
- Infrastructure
Cyber
11
What corporate boards need
to mitigate cyber risk
Governance
and Controls
Risk Profile
Assessment
Information
Education
4
3
2
1
12
What corporate boards need
to mitigate cyber risk
Outside advisors
to bring in
world-class best practices,
outside perspective
and broader knowledge
of the changing
threat landscape.
Education
1
13
What corporate boards need
to mitigate cyber risk
Access to the company’s
cybersecurity capabilities
and how management plans
to enhance them.
Information
2
14
What corporate boards need
to mitigate cyber risk
The extent of the risks
the company faces
and how management
is thinking about cybersecurity,
which requires a different type of
management than traditional risk.
Risk Profile
Assessment
3
15
What corporate boards need
to mitigate cyber risk
The governance, controls and
response processes in place or
needed to address a breach and
protect the company's reputation
should a breach occur.
Governance
and Controls
4
16
CONSUMERS AND STAKEHOLDERS:
WHAT WE NEED TO KEEP THEM
INFORMED AND SAFE
17
Adopt the NIST framework internationally
18
Stronger international collaboration needed among
private, government and academic sectors
Universities
Government
Cybersecurity
Business
19
Questions that need urgent answers
Given the increasing threat, do we need a new international
body to bring greater collaboration?
• What would be the mission of such a body?
• Who would govern it?
• How would it be funded?
• What authority would it have?
20
DRAFT
Suren Gupta
Allstate Corporation
Executive Vice President
Allstate Technology & Strategic Ventures
Belfast 2015
5th World Cyber Security
Technology Research Summit
21