Jake Kouns
Advisen: What do you see as the greatest cyber risks today?
Jake Kouns: The greatest cyber risks have yet to truly reveal themselves. Most organizations continue to struggle with basic information security controls and we continue to see data breaches occur due to not having a fundamental security program in place. The greatest current risk might just be companies keep doing what they are doing in terms of cyber security, which is not enough.
Advisen: What will the greatest threats be in 5 years’ time?
Kouns: Software is continuing to push its way further and further into our daily lives and we now rely on software functioning properly for many of our basic human needs. Software is only going to become more important as it is a critical part of our medical devices and treatment, and is embedded in our cars and home. We are going to see a whole new class of threats and exposures emerging due to cyber risks. Traditional products as we know them already rely on software, but moving forward they are going to have even more massive software components as part of the final product. I believe that we have the potential to see substantial changes in both regulatory requirements and the market as the expectations of truly secure software is currently non-existent.
Advisen: Is the insurance industry doing enough to adequately address these risks?
Kouns: The insurance industry is in an amazing and unique position to really help companies address their cyber risks, but unfortunately, currently falls short. Brokers and carriers have trusted relationships with many organizations and should serve in a much greater advisory role when it comes to cyber security risks, pre-breach. In recent months, the discussion around services and not just coverage after a breach has started to happen more and it is pointing to a very positive future.
Advisen: What keeps you awake at night?
Kouns: I stay awake most nights thinking about how the software we use to run our businesses, power our homes and rely on for our daily lives is riddled with basic security problems. It is a serious problem that currently does not seem to have a solution as there is little indication we are getting better at producing secure software. We need to ensure software providers have a focus on building security into their products, and not just the latest and greatest new features.
Advisen: In your opinion, what is the single most important cyber risk development in the past 12 months?
Kouns: The education and awareness that the cyber liability insurance industry has provided to business owners has been amazing and should be commended. Several years ago, very few people would have understood the cyber exposures their businesses face. Now, due in large part to the insurance industry,they are becoming much more aware of the risks and also are being provided affordable solutions to protect their organizations.
About Jake Kouns, Director, Cyber Security and Technology Risks Underwriting, Markel Corporation
Jake Kouns is a business-focused technology and information security executive with extensive knowledge in the Cyber Liability insurance industry. He holds both a Bachelor of Business Administration and a Master of Business Administration with a concentration in Information Security from James Madison University. Mr. Kouns has presented at many well-known security conferences including RSA, DEF CON, CISO Executive Summit, EntNet IEEE GlobeCom, CanSecWest, SOURCE and SyScan. He is the co-author of the book Security in an IPv6 Environment, Francis and Taylor, 2009, Information Technology Risk Management in Enterprise Environments, Wiley, 2010 and The Chief Information Security Officer, IT Governance, 2011. He has also been interviewed as an expert in the security industry by Information Week, eWeek, Processor.com, Federal Computer Week, Government Computer News and SC Magazine. He was featured on the cover of the April 2010 Issue of SCMagazine and holds a number of certifications including ISC2’s CISSP, and ISACA’s CISM, CISA and CGEIT. Mr. Kouns is also the CISO of Risk Based Security and the CEO of the Open Security Foundation who runs DataLossDB.org.
Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].
