60 seconds with ... Emily Freeman

Lloyds.com speaks to Emily Freeman, executive director for technology and media risks at Lloyd's broker Lockton, on cyber risk, mobile technology and Bach.

You work in such a fast moving sector, how do you keep up?
I get different perspectives on privacy, regulatory and security matters from daily email newsfeeds. On the cyber side, the web site of The International Society of Privacy Professionals is a good source. My clients are really a great source of information on risk exposures and technology innovation such as smart phones and cloud computing.

What’s been keeping your clients awake at night?
Cyber war and organised cyber criminals are big issues for my clients right now. There has been a lot of news surrounding stealing corporate trade secrets or government secrets through hacking. The perpetrators can be lone individuals, criminal gangs, or state sponsored.  There is also the continuing worry around identity theft and the increasing sophistication of malware developed by criminals for that purpose.
 
What are the emerging cyber/technology risks for businesses?
Cloud computing is an interesting opportunity and also an interesting problem. But what does the move to virtual servers mean for people and businesses in terms of performance and security? The potential financial benefits of outsourcing are clear: you may outsource the function but not outsource the risk.

What other tech developments are on your radar?
Mobile technology. As more applications are added to mobile devices, there are certainly risks associated with the security of information.  As I see it, developments in technology often seem to move faster than the developments to secure that technology. Getting innovative products to market first is a priority for tech products and the security may lag behind.

What’s the most audacious scam you ever heard of?
There was one in Eastern Europe where the fraudsters charged a dollar to over one million credit cards. It ultimately was detected but the idea was that individual customers would not challenge small charges on their credit card statements. Then there are on-going phishing scams that prey on individuals’ fear of identity theft, like the advertised antidote to a well publicised virus that was itself a means of infecting a home computer to access credentials.

We hear about cyber terrorism, but realistically what’s the worst that can happen?
This goes back to what I said about cyber “war” and shutting down critical infrastructure. Imagine a situation where the impact of a terrorist attack is intensified by disabling the emergency services networks. It is a real concern that a serious physical terrorist attack could be attempted in tandem with a cyber attack on critical infrastructure systems.

What effect has the economic downturn had on cyber risk?
The downturn has increased the “people risk”. Recession means more stressed employees and potential layoffs. Disgruntled or unhappy individuals may have a work problem - or they have a personal problem (like excessive debt) that tempts people to commit a fraudulent act. The criminal fraternity is out to recruit them in the same way as drug traffickers recruit mules.

Can companies always get the insurance cover they need?
There is broad coverage and growing capacity for the liability side. There are improving products to cover non-physical business interruption – but more capacity is needed in this area. At Lockton, we’re working with underwriters to address the reputational aspects of cyber risk. The tangible financial exposures are easily identified but the reputational damage can be even more expensive. If you are in a business where reputation is important and the customer has choice, reputation poses a significant risk. But in either case, insurance is not a substitute for making security a priority.

Outside work, are you a geek? Do you have all the latest stuff?
I’m a classical musician so I play Bach, rather than play with gadgets.