Nowell Seaman, manager of risk management and insurance services for the University of Saskatchewan, says the school's focus on IT security is different today than just a few years ago.
“We used to be concerned about system failure and the need for electronic data-processing coverage, but cyber liability has become the top concern,” Seaman says.
The university's general-liability coverage, under a reciprocal owned by Canadian universities, initially covered cyber liability under the general limit. But, with a sublimit for cyber liability placed on the policy within the last few years, the university is now considering going to market for additional cyber coverage.
The challenge for the university is to balance access with protection of private information. “We have a number of groups that use our system—students, faculty, alumni. So we need to provide adequate protection when all those people are using our system,” he says.
Like most universities today, the school's approach to cyber risk includes secure processes, firewalls, virus scanning and detection, user training, IT policies, active investigation of threats and data backups. The elevated risks around cyber security have led to what Seaman characterizes as “considerable” new investments in the past few years, including a director of IT security reporting to the CIO; increased vulnerability scanning of systems and web pages; and increased availability of secured servers for internal users.
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.