draft 1 belfast 2015 5 th world cyber security technology research summit suren gupta allstate...
TRANSCRIPT
1
DRAFT
Belfast 20155th World Cyber Security
Technology Research Summit
Suren GuptaAllstate Corporation
Executive Vice President Allstate Technology & Strategic Ventures
2
THE CHANGING LANDSCAPE
THEIR NEW CHALLENGESAND RESPONSIBILITIES
CONSUMERS AND STAKEHOLDERS
WHAT WE NEED TO KEEP THEM INFORMED AND SAFE
CORPORATE BOARDS
CORPORATECYBERSECURITY
Agenda
3
CORPORATE CYBERSECURITY:THE CHANGING LANDSCAPE
Allstate Corporation at a Glance
publicly held personal lines property and casualty insurer in the U.S. by revenue
million households served
billion revenue in 2014
employees
Exclusive Allstate Agencies and Financial Specialists
Potentially suspicious cyber incidents every day 4
#1
16$34.9
40,20011,900
1 billion
5
The number of confirmed data breaches is increasing dramatically
Source: 2014 Verizon Data Breach Investigations Report
1,367
6
Consumer trust in companies to secure personal information is tenuous
Gallup, June 2014
7
Corporate boards are under pressure to take more accountability for cybersecurity
“A prominent proxy adviser urged the ouster of most
Target Corp. board members for failing to manage risks and protect the company from a massive data breach.”
-- May 28, 2014
8
CEOs are elevating the importance of cybersecurity
CEOs now see cybersecurity technologies as one of the three most strategically important types of digital technology:
#1
Mobile technologies for customers
#2
Data mining and analysis
#3
Cybersecurity technologies
Source: PwC 18th Annual Global CEO Survey, January 2015
9
The Internet of Things, tech innovation and political unrest elevate the threat level
50BILLION
IP devices will be connected by
2022
NON-TECH
Companies are quickly bringing
consumer technologies to
market
POLITICAL UNREST
Drives both state-sponsored and lone-wolf cyber
attacks
Millions of access points + vulnerable technologies + politically-motivated attacks= perfect storm of corporate risk
10
CORPORATE BOARDS:THEIR NEW CHALLENGES AND RESPONSIBILITIES
11
Cyber threats potentially broaden a company’s risks
Internal Risk- Operational- Financial- Reputational
External Risk- Customer- Shareholder
Systemic Risk- Markets- Infrastructure
Traditional
Cyber
12
What corporate boards need to mitigate cyber risk
Education
Information
Risk Profile Assessment
Governance and Controls
1
2
3
4
13
What corporate boards need to mitigate cyber risk
Outside advisors to bring in
world-class best practices, outside perspective
and broader knowledge of the changing
threat landscape.
Education
1
14
What corporate boards need to mitigate cyber risk
Access to the company’s cybersecurity capabilities
and how management plans to enhance them.
Information
2
15
What corporate boards need to mitigate cyber risk
The extent of the risks the company faces
and how management is thinking about cybersecurity,
which requires a different type of management than traditional risk.
Risk Profile Assessment
3
16
What corporate boards need to mitigate cyber risk
The governance, controls and response processes in place or needed to address a breach and protect the company's reputation
should a breach occur.
Governance and Controls
4
17
CONSUMERS AND STAKEHOLDERS:WHAT WE NEED TO KEEP THEM INFORMED AND SAFE
18
Adopt the NIST framework internationally
19
Stronger international collaboration needed among private, government and academic sectors
Cybersecurity
Universities Government
Business
20
Questions that need urgent answers
Given the increasing threat, do we need a new international body to bring greater collaboration?
• What would be the mission of such a body?
• Who would govern it?
• How would it be funded?
• What authority would it have?
21
DRAFT
Belfast 20155th World Cyber Security
Technology Research Summit
Suren GuptaAllstate Corporation
Executive Vice President Allstate Technology & Strategic Ventures