Silo Busting 49: Lynn Rivenburgh and Sam Rehman on Insurance and Cybersecurity

Insurance and cybersecurity have a lot in common. They are both highly relevant and profoundly misunderstood and need spokespeople who can explain—clearly—how they function. Fortunately, we have two people on this #CybersecurityByDesign episode of *Silo Busting* who understand the worlds very well: Lynn Rivenburgh, VP of Business Consulting at EPAM, and Sam Rehman, EPAM’s Chief Information Security Officer and SVP. “Cyber and insurance are always the same in the sense that people don't care about [them] until something bad happens,” says Rehman. It’s a tricky time for the insurance industry, says Rivenburgh. Rates have increased significantly. “For the top 25% of companies out there, it's been an increase of more than 80% and that's happening regardless of the industry that those companies are in or the size of the organization,” says Rivenburgh. She says that in order to mitigate risk, companies are “putting in place some parameters and preventive measures that if the companies, if their clients don't abide by those, they're going to see premiums in excess of 300%.” But that’s not the only challenge insurers face. There are escalating ransomware attacks and the potential of a recession. Insurance has a lot to protect—and they’re not alone. “We're all relying heavily on digital much more than before, which is great,” says Rehman, adding: “The side effect is that we have a much wider attack surface now.” Rivenburgh says when the insurance industry wrote its initial policies 20 years ago, they weren’t “anticipating some of the activities that we're seeing today.” Soon, she says, “There are gonna be some new regulations, in particular in the EU and UK,” and “companies will be obliged to have independent third-party assessments and infrastructure assessments obtained.” Together they discuss this complex moment, in which insurers are moving toward a more optimized mode and adopting a more conservative outlook on growth, how legislation and regulation will help assess where risk is, and the challenges regarding insurance’s talent pool. Much is said about how partnerships can help companies lower their risk profiles. Rehman says: “Partnership is so important because no one single company can really cover” the multiple aspects of cybersecurity and notes that we’re seeing more cyber-savvy boards. The key is “a defensive culture around security.” If that is a central part of your culture, he says, “then everything else would tend to fall in place.” Want to understand more about the area where insurance and cyber overlap? Listening to *Silo Busting* is the best policy. Host: Alison Kotin Engineer: Kyp Pilalas Producer: Ken Gordon