In the CFO article, “In the Trenches of the Cyber War,” David M. Katz details the risks and challenges finance chiefs face in protecting their data against a sea of cyber invasions. The story begins with a quote from Protegrity CEO Suni Munshani:
“The first thing the CFO should do is not speak to Tom Ridge,” Suni Munshani advises.
Referring to the former director of the Department of Homeland Security, who launched a cyber-insurance firm in October, Munshani is making the point that finance chiefs should immerse themselves in the details of their companies’ information systems and develop a loss-control plan long before even thinking about buying insurance.
Faced with the rapidly advancing techniques of hackers and fraudsters, senior corporate executives have tended to “upstream” cyber-risk management to insurance companies rather than do the hard work of developing a strong defense against data breaches, according to Munshani, who is CEO of Protegrity, a firm that encrypts corporate data in an attempt to foil hackers.
To be sure, advocating for such a strategy is very much in Munshani’s self-interest. Yet even those who feel that cyber insurance can play a significant part in loss control agree that its role should be limited. “The transference element of risk management can only be effective when there is an appropriate risk mitigation approach in place,” says Dan Schroeder, a partner in charge of information assurance services at Habif, Arogeti & Wynne, an accounting firm.
The complete article can be found here.