The CU Denver Business School was honored to host a delegation of cybersecurity experts who visited on February 22, Denver through WorldDenver and Denver Sister Cities International. The Indian cybersecurity experts are members of the US Department of State Bureau of Educational and Cultural Affairs International Visitor Leadership Program. The five-member Indian delegation is on a three-week tour of the US, visiting key cyber cities and partners to gain insight and discuss global practices linking digital policy to the emerging global threats of cybercrime, cyber risk, and law enforcement.
The Indian Cybersecurity delegation was particularly interested to hear from Yvette Connor, CU Denver Lecturer of Cyber Risk Management and Cyber Warfare in the Risk Management and Insurance (RMI) program and Managing Director of Risk Management Advisory Services at Alvarez & Marsal, LLC. Connor developed and taught the Cyber Risk Management course for the past two academic years for the RMI program. Connor was invited to participate in the Kaspersky Cyber Warfare Challenge in December 2016. She included four CU Denver graduate students in her global cybersecurity competition team, two of whom, Mitchell Aist and Brian Cleary, participated in the welcome event with the Indian Cybersecurity delegation yesterday.
The cybersecurity group engaged in a lively discussion of cybercrime, cyber warfare, emerging global cyber standards, the balance of innovation, regulation and privacy, threat risk mitigation, and the insurance market’s response with cyber policies, claims documentation, and involvement of global enforcement, such as FBI.
The group discussed the fact that an analysis of cyber risk has not pierced actuarial knowledge. Connor spoke on a difficult conundrum, where cyber modeling approaches are often not aligned with cash flow and financial loss realities experienced by cyber impacted organizations. The discussion also included how the insurance market often evaluates cyber risk through traditional and historically accepted property and casualty underwriting techniques. The markets use long standing actuarial approaches to estimate catastrophic (first party property/supply chain/business interruption) and liability (third party costs and damages) and then apply these techniques to cyber loss estimation. Connor stated, “This cyber loss valuation challenge presents us with an opportunity to deploy an altogether ‘new’ model, one combining the potential for catastrophic cyber impacts with simultaneous, multiple frequency weighted short-tail scenarios. This hybrid approach might also leverage thinking used for pricing and assessing various financial risk exposures like credit and duration risks.”
Further discussion was on how alternate approaches might work, given the fact cybersecurity and risk management thinking reflects a reality, and at any point in time, cyber losses can be severe, frequent, and any combination thereof. Losses may also result from both first and third party actions, occurring with varying degrees of volatility and velocity to cost impacts. Connor stated, “A hybrid financial risk/operational risk model offers an opportunity to merge traditional actuarial approaches with the financial risk assessment approaches required to realistically estimate and price for cyber risk impacts.”
Further, Connor said, “We think of cyber risk much like we might think about tornadoes. On a daily basis, an organization must identify, detect, and respond to variations of externally generated cyber-threats, many occurring simultaneously across wide geographic areas, with an active potential for one or more to ‘hit’ and result in a concerning level of damage.” The group agreed any underwriting approach would need to also be nimble enough to quickly recognize and ideally price for organizational risk mitigation strategies that prevent or reduce cyber loss costs.
As the discussion came to an end, Connor along with her students were grateful for the opportunity to meet with this group of experts. The Business School was pleased to host such an esteemed delegation and looks forward to participating in future such events.
The RMI program appreciated the engagement and success of the Denver Sister Cities International organization, led by Executive Director Beth Hendrix, in coordinating this high level academic and industry discussion. “We are delighted to have the caliber of risk management professional Yvette Connor dedicate her talent and time to educating the next generation of risk and cyber experts within the RMI Program,” said RMI Program Director, Dr. Ajeyo Banerjee.