CHUBB CEO Details Cyber-Crime Defense
NU Online News Service, Feb. 28, 9:56 a.m. EST?Companies must coordinate their entire organization to sucessfully battle cyber crime, the head of Chubb Corporation told a Washington meeting of technology and insurance officials yesterday.
Dean R. O'Hare, chairman and CEO of Warren, N.J.-based Chubb, also urged businesses not to shy away from reporting technology crime to authorities during a speech at the Bureau of National Affairs' second annual cyber-security summit in Washington, D.C.
Speaking to corporate risk management and information technology officers, he said that technology threats must be addressed throughout a company, across the enterprise, with business partners and with government agencies.
Such perils cannot be managed "within any one silo" of an organization, but must instead be addressed cooperatively across divisions, companies and industries, between the public and private sectors, and around the globe, Mr. O'Hare said.
Mr. O'Hare cautioned against segregating the management of cyber risks in a company's information technology department.
The involvement of all a company's functions is necessary, and can occur only if physical and cyber security, as well as business continuation and disaster recovery, become a core corporate governance issue, he said.
"Cyber security must be an integral part of a company's overall security planning?with support and oversight by the company's most senior management and board of directors," Mr. O'Hare explained.
"Information technology experts cannot do this alone," he said. They must work with "security, human resources, risk management, general counsel and line management across the entire enterprise" to develop the policies and procedures needed to minimize risks.
Mr. O'Hare also told the audience that the interdependent nature of the economy mandates coordination within the business community and between government and private entities.
Cooperation between business and law enforcement authorities is equally critical, Mr. O'Hare noted, even though businesses may fear that reporting a cyber crime could produce negative publicity.
"It is understandable why business leaders are concerned about their corporate reputations," he warned. "There is, perhaps, nothing of greater value to a company, its customers and its shareholders. However, when a company fails to reach out to law enforcement, it leaves itself more vulnerable to future crimes."
Mr. O'Hare advised his audience to become more active in shaping and supporting key legislative and regulatory changes. Those changes, he said, might include revising public disclosure laws that inhibit the sharing of sensitive information and increasing the penalties for committing cyber crimes.
He also emphasized the importance of contingency planning and being prepared for all possible threats. A lack of oversight on such matters by corporate officers "may expose them to personal liability," he said.
According to Mr. O'Hare, Chubb is striving to become a "center of excellence" on cyber-security matters and is introducing products to help companies cover gaps in traditional liability policies.
On the partnership front, he said the company is forging relationships with groups ranging from The Business Roundtable and Financial Services Roundtable to the FBI and International Association of Police Chiefs.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.