Economic uncertainty, cyber risk top of list for execs: Weil’s Ferrillo

By Cate Chapman on September 30, 2015

The Executive Risk Network recently caught up with Paul Ferrillo, counsel in Weil’s Litigation Department, and part of its Cybersecurity, Data Privacy & Information Management practice.

What do you see as the greatest risks facing executives?

Having been through turbulent economic times before, I think the greatest risk to executives are those driven by an uncertain economy that is allegedly “recovering,” missed earnings expectations, and political change.  All three of these factors created stock market fluctuations, changes in investment decisions and potential regulatory risk. And unexpected stock-price fluctuations cause securities-law risk. I see this as the major risk facing executives today.

What do you think will be the next emerging executive risk?

I see that the potential failure to understand technological and information management risks as the next big emerging risk. Despite two years of major data breach headlines, there seems to be no abatement of cybersecurity breaches, as well as constant new forms of attack vectors popping up every day. Unless on top of this emerging risk profile, and guiding their companies accordingly, executives can find themselves outgunned by the attackers trying to seize their valuable customer, IP and financial data. Discussion needs to flow from top down, and from IT executives upward to the board on how to properly secure the company’s data. If they don’t, potential damages to investors, customers and to the company’s reputation will likely be the result.

From your perspective does regulation, litigation, legislation or a combination drive these risks?

With respect to technological and information management risks, all three points can certainly drive risk from potentially manageable to catastrophic depending upon severity. Given the spectre of continued data breaches, especially in the financial services sector, regulators are likely going to be more active then ever  in their oversight of cybersecurity best practices, policies and procedures.

Is the insurance industry doing enough to adequately quantify and address these risks?

The insurance sector is most certainly addressing these major risks. Uniform underwriting guidelines, along with “good practice” credits will certainly enhance the buying process. Additional capacity in the cybersecurity space will undoubtedly allow companies to manage and transfer some of their risk to insurers. But at the end of the day, it will be the companies themselves who will determine whether there is enough cost-effective coverage to manage their risk.

What keeps you awake at night?  (Is there a looming, underestimated risk to executives or one known that has yet to truly impact?)

Another downturn in the economy that will drive business, litigation and regulatory risk for US companies.