Lord Levene in San Francisco
Thu 02 Dec 2010
Share
Lord Levene, Chairman of Lloyd’s speaks at the Lloyd's 360 Event on digital risks in San Francisco on 1 December 2010
Ladies and gentlemen,
Thank you very much for coming to our seminar today. Lloyd’s, as many of you will know, is the world’s oldest insurance market. We have been underwriting risks for over three hundred years now, and the abiding challenge for our organisation over the centuries has been to understand the new threats which face our clients.
So, each year, we typically hold three events on emerging risk. One in London, where we are based, another in the US, where most of our business comes from and a third in Asia, where we are expanding our reach.
This year, when we decided to cover digital risk, and publish this report with Hewlett Packard, I suggested that we hold the event here in San Francisco rather than in New York. It was the obvious place. California is the home not just to giants like Google, Apple and Cisco but also to thousands of IT start ups. The Golden State could be renamed the Cyber State.
Indeed, If there is one scenario which keeps Lloyd’s executives awake at night, it is probably the prospect of Silicon Valley sliding into the San Andreas fault.
But today, we are looking at some of the new risks which the growth of digital technology has brought to business.
Last year, I hosted a joint conference in London with the Secretary General of NATO. We focussed on three big risks facing the world. One was the digital threat to national security.
Last week, the new Chief of the British Defence Staff spoke to highlight the gravity of the cyber threat. Indeed, the UK Government see the need to develop cyber defences as so pressing, that they have allocated a $1 billion budget to this work. Which, given the straightened times in which we live, is a major indication of the threat level. And of course, the leak of thousands of Embassy cables this week demonstrates the difficulty of protecting documents in the digital age.
Today we are looking at a wide range of cyber threats which businesses face. They can range from a highly professional attack targeting millions of dollars to a disgruntled employee posting libellous comments about a business on a social network site.
The kind of risks which we see in cyber territory are not, in essence, much different from those which we experience in the physical space. Criminals who ten years ago may have broken into houses or offices, now break into websites and Blackberries. Floods which devastated low lying warehouses can now destroy data storage centres. It is no surprise to me, given the litigious society we live in, that one of the most popular insurance products in this area is for liability cover.
However, in terms of risk mitigation, there is a fundamental difference between the physical and cyber realms. Cyberspace is, to some extent, the new frontier, and just like California during the Gold Rush of 1849, it is a lawless world.
At present, we lack consistent standards and uniform legislation for dealing with digital crimes. I know that the US Government has warned of the dangers of international cyber sanctuaries, where legislation is thin or non existent. I very much support attempts by national legislators and the international community to start closing the gaps. We need to see more successful prosecutions against cyber crime, but I fear that because of the speed with which the industry is evolving, that it will be difficult to keep up.
However, this report in many ways makes encouraging reading and it recommends some actions which businesses can take to protect themselves better against digital threats. We want to see IT security become a board level concern and risk managers get involved in IT governance. This is plain common sense. The head of digital security is tasked to keep data safe. This person is unlikely to report flaws in his security system to seniors. It is a bit like the well planned “surprise” fire drill taking place every year. But risk managers have a different mandate. They are tasked to discover the pressure points in a company. And one of the largest, scariest pressure points for any business is IT security.
Fear of a breach can result in knee jerk safety measures. I remember ten years ago, when the answer to the early viruses, I love you and the like was to switch off the email systems.
It would be a terrible pity if the risk mitigation response to digital innovation was simply to unplug the PC and throw away the i-pad. The digital revolution has brought massive and enduring benefits to our communities and large efficiency savings to our businesses. We simply need to become more sophisticated in meeting the inevitable downside.
Today I hope that we will all improve our understanding of cyber risk and particularly how the insurance industry can develop products to help businesses mitigate risks arising in the digital domain. This is still a relatively new area. Digital policies are worth about $600 million to the industry, but this figure is growing fast, at 15-25%. And developing innovative new policies is an area in which Lloyd’s excels. In 1907, we offered American drivers their first automobile policies in 1907. After the World Trade Center tragedy, Lloyd’s was one of only two insurers to quote a policy for the Golden Gate Bridge which did not exclude terrorism.
We understand that risk is not bad, it just needs to be managed. This very beautiful city is a case in point. It is built on a delicate network of fault lines. But San Francisco has always survived the disasters which periodically befall it. Lloyd’s is very proud to have helped the city to rebuild in both 1906 and in 1989. The fact that over the last few decades, this area has become the centre of the fast growing, highly innovative, global IT industry is no surprise. These digital entrepreneurs are the heirs of the 49ers, pioneers who are grasping the opportunities of the day.
However, innovative industries always needs support from insurance, because new activities are inherently more risky than the tried and tested. Insurance has supported most major inventions as they travel from the drawing board to the market. I hope that today, we can look at how insurance can help businesses to manage their digital risks.
We are delighted to have a very distinguished and knowledgeable group of experts on cyber security and risks here to speak to you today. I would particularly like to thank Jenny Menna for taking time out of her busy schedule to provide an insight into how the US national cyber security division is tackling this issue of critical importance. And there should be no person better qualified than the Chief Information Security Officer of Intel – Malcolm Harkins - to provide guidance to business on how to tackle this growing digital threat.
We’re also very pleased to have Prith Banerjee, the senior vice-president for research at Hewlett Packard to provide an overview of the key findings from our joint report published today. And thanks to all our panel speakers who will get to grips with how practically companies can begin to tackle these threats.
I would now like to hand over to Thomas Goetz, who has very kindly agreed to chair our conference. As executive editor of WIRED Magazine, Thomas is ideally placed to lead discussions today and seek answers from our speakers on how to manage digital risks.
