Matt Cullina, CEO, IDT911
Advisen: What do you see as the greatest cyber risks today?
Matt Cullina: We’re seeing that risk has evolved from being from an employee mistake or internal threat to more targeted attacks of small market companies. It’s no longer just a threat for a large companies, small companies can see DDoS, ransomware attacks, and other tactics. Thieves are not only looking to exploit data including PII, but may also be eyeing company plans and intellectual property.
Advisen: What will the greatest threats be in 5 years’ time?
Matt Cullina: Some businesses are solely worried about intel or data being stolen, but soon risks could start to evolve into businesses facing a shutdown in operations. As these attacks get more sophisticated, the damage could lead to directly impacting operations of business, like shutdown websites, closed business accounts, breached payroll services, breached POS, especially as businesses become more connected online (think Square POS, HR services, etc.). The resulting loss of business and reputational damage can affect the businesses’ viability.
Advisen: Is the insurance industry doing enough to adequately address these risks?
Matt Cullina: Over the last ten years, cyber insurance has been available under the specialty market and now it’s expanding to all businesses. Insurers are offering coverage that includes data breach response to more sophisticated cyber offerings, which is becoming available to businesses of all sizes. Additionally, the risk is being recognized and may be partially covered under more standard businesses insurance.
Similarly, class-action lawsuits resulting from data breaches have only happened to large market companies, but we’re starting to see some examples of class actions targeting SMBs having breaches. For example, PayTime Payroll, Inc., a small payroll processor, recently had a breach exposing 233,000 person’s data in every US state. The first lawsuit was filed mid-June.
Advisen: What keeps you awake at night?
Matt Cullina: Despite more breaches becoming public and a growing awareness of data breach exposures, the average business and consumer has a false sense of security thinking it won’t happen to them, in turn, not taking necessary steps to protect themselves. This creates a lack of action to protect either data or consumers. The insurance industry has become a go-to source for information around data security risk management and companies are asking, “What should I do and how should I manage this risk?” Despite these events, you still see a lack of real action on the business’ part to manage the risk. Companies are only focusing on breach response and avoidance once they have an exposure.
As the insurance industry has expended their breadth and reach of cyber insurance offerings, insurance carriers and service providers like IDT911 have focused on incorporating education and risk management strategies to support businesses in the management of this risk. In addition to coverage, insurance companies recognize the need to cut the awareness gap and are also focusing on education and risk management offerings to policyholders as a complement to coverage.
Advisen: In your opinion, what is the single most important cyber risk development in the past 12 months?
Matt Cullina: The Target breach changed the way businesses look at breaches in that it has a direct financial impact on the business versus just hypothetical. With the Target breach, the conversation is escalated to senior management and even board level; it’s certainly changed the landscape of awareness.
Now that the conversation has escalated, it’s no longer just an option for businesses to take risk management action.
***
Matt Cullina is CEO of IDT911. He has 15 years of insurance industry management, claims and product development experience. He spearheaded MetLife Auto & Home Insurance Co.’s personal product development initiatives, managed complex claims litigation and served as a corporate witness for Travelers Insurance and the Fireman’s Fund Insurance Co.
Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].
