October 17th, 2017

Understanding Systemic Cyber Risk; Insights Through Pandemic Behavior - GC@PCI Commentary

Posted at 11:30 AM ET


Jeremy S. Platt, U.S. Cyber Specialty Practice Leader, Guy Carpenter; Bruce Hamory M.D., Chief Medical Officer for Health and Life Sciences at Oliver Wyman Consulting and Christopher Shafer, Assistant Vice President, Guy Carpenter


  • Jeremy S. Platt is Managing Director and U.S. Cyber Specialty Practice Leader at Guy Carpenter; Bruce Hamory, M.D. is a Partner and Chief Medical Officer for Health and Life Sciences at Oliver Wyman Consulting. They represent operating companies of Marsh & McLennan Companies.

Today, through air travel, a carrier of MERS or Ebola can cross the ocean in less than a day, board a crowded subway train and potentially infect hundreds of people. Containment of a pandemic outbreak begins upon discovery, similar to the way in which forensics and network restoration efforts can begin once a cyber breach is identified. According to Platt, the longer the lag until discovery, the more difficult containment and treatment will be, whether it is a biological or cyber event.

“The speed at which malware, such as Wannacry and Petya, can spread, attacking networks, computers and infrastructure, corresponds with the modern transmission of health pandemics. Response to both of these types of outbreaks requires early detection for effective containment and treatment/restoration,” Platt adds.

The worldwide health community addresses epidemic/pandemic through three areas:

  • Containment: isolate and quarantine
  • Prevention: maintain clean water, sewage treatment, vaccination and elimination of carriers
  • Treatment (early intervention before symptoms worsen)

There are clear parallels in the approach to the response of cyber attacks:

  • Containment: isolate endpoints, sever networks and shut down network entry points
  • Prevention: timely patching of systems and software; deploying security tools such as intrusion detection systems (IDS) and intrusion prevention systems (IPS); user training in identifying suspicious activity; utilizing secure VPNs and multi-factor authentication protocols; and well-designed and internally communicated incident response plans that are regularly rehearsed
  • Treatment: patch, repair and rebuild software and networks and restore customer confidence

“The appearance of a ‘novel agent,’ or never before seen pathogen, increases the potential damage and confounds efforts at containment and treatment,” explains Hamory. “It is far easier to be vigilant in spotting pathogens and diseases that we can identify immediately and are already known.”

“In the world of cyber, detection techniques identify known malware using signature-based techniques. Innovations with behavior-based techniques are improving capabilities in detecting zero-day attacks,” adds Christopher Shafer, Assistant Vice President, Guy Carpenter. “However, these attacks can easily evade detection and spread rapidly through computer networks. Extensive damage can be done before containment and restoration can begin.”

“In the (re)insurance marketplace, the date of occurrence, duration, common source connection, frequency and severity of damage are significant factors in determining how (re)insurance coverages and claims are handled,” Platt continues. “For an insurance company offering network security and privacy liability policies, these attributes are key drivers in understanding and controlling potential exposure. Quantification of loss is further complicated by ’silent’ all-risk policies where cyber is the peril, but no cyber exclusions exist.”

Alternatively, metrics for health epidemic and pandemic incidence are more clearly defined. The medical community has developed rigorous processes and procedures to reduce the impact that pandemics have on the world’s population. “While there have been repeated successes, the possibility of mutations in the viruses and strains of bacteria can create a moving target in treating these outbreaks,” relates Hamory.

Platt concludes, “Threat actors can react and adapt to the changing cybersecurity landscape in order to continually achieve success in their campaigns, increasing the importance of proper risk management. The (re)insurance industry may benefit from examining the similarities between disease spread and cyberattacks by creating more certainty and understanding around this evolving product and peril. Ultimately, this insight will enable Guy Carpenter to structure tailored risk transfer solutions specifically addressing our clients’ unique risk profiles and appetites.”

Click here to register to receive e-mail updates >>

AddThis Feed Button
Bookmark and Share

Related Posts