1

DRAFT

Belfast 20155th World Cyber Security

Technology Research Summit

Suren GuptaAllstate Corporation

Executive Vice President Allstate Technology & Strategic Ventures

2

THE CHANGING LANDSCAPE

THEIR NEW CHALLENGESAND RESPONSIBILITIES

CONSUMERS AND STAKEHOLDERS

WHAT WE NEED TO KEEP THEM INFORMED AND SAFE

CORPORATE BOARDS

CORPORATECYBERSECURITY

Agenda

3

CORPORATE CYBERSECURITY:THE CHANGING LANDSCAPE

Allstate Corporation at a Glance

publicly held personal lines property and casualty insurer in the U.S. by revenue

million households served

billion revenue in 2014

employees

Exclusive Allstate Agencies and Financial Specialists

Potentially suspicious cyber incidents every day 4

#1

16$34.9

40,20011,900

1 billion

5

The number of confirmed data breaches is increasing dramatically

Source: 2014 Verizon Data Breach Investigations Report

1,367

6

Consumer trust in companies to secure personal information is tenuous

Gallup, June 2014

7

Corporate boards are under pressure to take more accountability for cybersecurity

“A prominent proxy adviser urged the ouster of most

Target Corp. board members for failing to manage risks and protect the company from a massive data breach.”

-- May 28, 2014

8

CEOs are elevating the importance of cybersecurity

CEOs now see cybersecurity technologies as one of the three most strategically important types of digital technology:

#1

Mobile technologies for customers

#2

Data mining and analysis

#3

Cybersecurity technologies

Source: PwC 18th Annual Global CEO Survey, January 2015

9

The Internet of Things, tech innovation and political unrest elevate the threat level

50BILLION

IP devices will be connected by

2022

NON-TECH

Companies are quickly bringing

consumer technologies to

market

POLITICAL UNREST

Drives both state-sponsored and lone-wolf cyber

attacks

Millions of access points + vulnerable technologies + politically-motivated attacks= perfect storm of corporate risk

10

CORPORATE BOARDS:THEIR NEW CHALLENGES AND RESPONSIBILITIES

11

Cyber threats potentially broaden a company’s risks

Internal Risk- Operational- Financial- Reputational

External Risk- Customer- Shareholder

Systemic Risk- Markets- Infrastructure

Traditional

Cyber

12

What corporate boards need to mitigate cyber risk

Education

Information

Risk Profile Assessment

Governance and Controls

1

2

3

4

13

What corporate boards need to mitigate cyber risk

Outside advisors to bring in

world-class best practices, outside perspective

and broader knowledge of the changing

threat landscape.

Education

1

14

What corporate boards need to mitigate cyber risk

Access to the company’s cybersecurity capabilities

and how management plans to enhance them.

Information

2

15

What corporate boards need to mitigate cyber risk

The extent of the risks the company faces

and how management is thinking about cybersecurity,

which requires a different type of management than traditional risk.

Risk Profile Assessment

3

16

What corporate boards need to mitigate cyber risk

The governance, controls and response processes in place or needed to address a breach and protect the company's reputation

should a breach occur.

Governance and Controls

4

17

CONSUMERS AND STAKEHOLDERS:WHAT WE NEED TO KEEP THEM INFORMED AND SAFE

18

Adopt the NIST framework internationally

19

Stronger international collaboration needed among private, government and academic sectors

Cybersecurity

Universities Government

Business

20

Questions that need urgent answers

Given the increasing threat, do we need a new international body to bring greater collaboration?

• What would be the mission of such a body?

• Who would govern it?

• How would it be funded?

• What authority would it have?

21

DRAFT

Belfast 20155th World Cyber Security

Technology Research Summit

Suren GuptaAllstate Corporation

Executive Vice President Allstate Technology & Strategic Ventures