Chubb CEO Urges Businesses to Take Holistic Approach to Combating Attacks On Critical Technology Infrastructure.Business Editors WASHINGTON--(BUSINESS WIRE)--Feb. 27, 2002 O'Hare Advocates Raising Cyber Risk Management to Corporate Governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. Level And Supporting Legislation, Regulation & Partnerships that Encourage Information Sharing See data conferencing. In a special address to corporate risk management and information technology officers, the chief executive of a major U.S. insurance company stressed that technology threats cannot be managed "within any one silo" of an organization but must instead be addressed cooperatively across divisions, companies and industries, between the public and private sectors and around the globe. Speaking before the Bureau of National Affairs' (BNA BNA Bureau of National Affairs, Inc. BNA Birds of North America BNA block numbering area (US Census) BNA British North America BNA Banco Nacional de Angola (National Bank of Angola) ) second annual cybersecurity summit, Dean R. O'Hare, chairman and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of The Chubb Corporation, cautioned against segregating the management of cyber risks in a company's IT department. The involvement of all functions is necessary, he noted, and can occur only if physical and cyber security, as well as business continuation and disaster recovery, become a core corporate governance issue. "It is increasingly clear that we cannot manage these risks within any one silo. Cybersecurity must be an integral part of a company's overall security planning - with support and oversight by the company's most senior management and board of directors," he said. "Information technology experts cannot do this alone. They must work with security, human resources The fancy word for "people." The human resources department within an organization, years ago known as the "personnel department," manages the administrative aspects of the employees. , risk management, general counsel and line management across the entire enterprise to develop policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental to minimize risks." Taking that collaborative approach several steps further, Mr. O'Hare told the audience that the interdependent nature of the economy mandates coordination within the business community and between government and private entities. As examples of how this is already being implemented, he cited: BITS, the technology group for The Financial Services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. Roundtable, which was formed by CEOs of the largest bank-holding institutions in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. as a strategic "brain trust" for the financial services industry in the e-commerce arena; the National Association of Manufacturers' Homeland Security Noun 1. Homeland Security - the federal department that administers all matters relating to homeland security Department of Homeland Security executive department - a federal department in the executive branch of the government of the United States Committee, which was recently formed to help member companies understand key operational and policy issues, including cyber security; and the Critical Infrastructure Protection Department of Defense (DOD) program to identify and protect assets critical to the Defense Transportation System. Loss of a critical asset would result in failure to support the mission of a combatant commander. Board formed by President Bush's chief cyber security adviser, Richard Clarke Richard Clarke may be
Cooperation between business and law enforcement authorities is equally critical, Mr. O'Hare noted, even as many businesses continue to fear that reporting a cyber crime may rouse negative publicity and alarm various constituencies. Only 36 percent of those that experience an electronic intrusion report it to authorities, according to the Computer Security Institute. "It is understandable why business leaders are concerned about their corporate reputations. There is, perhaps, nothing of greater value to a company, its customers and its shareholders. However, when a company fails to reach out to law enforcement, it leaves itself more vulnerable to future crimes," he warned. "Law enforcement also needs to establish relationships of greater trust with private industry. Investigators need to seek out companies when they have leads on a crime. And they need to play a greater role in concert with the private sector in helping to prevent as well as solve these kinds of crimes." To ensure that federal, state and local law enforcement agencies A law enforcement agency (LEA) is a term used to describe any agency which enforces the law. This may be a local or state police, federal agencies such as the Federal Bureau of Investigation (FBI) or the Drug Enforcement Administration (DEA). have the tools necessary to battle cyber-age criminals and terrorists - and to ensure that the sharing of vital security information between public and private organizations is encouraged and systematized - Mr. O'Hare told his audience to become more active in shaping and supporting key legislative and regulatory changes. Those changes might include revising public disclosure laws that inhibit the sharing of sensitive information and increasing the penalties for committing cyber crimes. Mr. O'Hare also emphasized the importance of contingency planning and how CEOs and directors must ensure that their firms are prepared for all possible threats. "A lack of oversight on their part may expose them to personal liability. Shareholders and their attorneys may try to prove that the chief executives and board members were negligent in their management and hold them responsible for stock losses. Or, business customers may hold the CEOs and board members responsible for revenues lost when the company fails to provide the product or service they need to continue their own operations," he said. Mr. O'Hare closed by describing how Chubb is striving to become a "center of excellence" on cybersecurity matters and introducing products that help companies cover gaps in traditional liability policies. On the partnership front, the company is also forging relationships with groups ranging from The Business Roundtable Business Roundtable (BRT), an association consisting of the chief executive officers of major U.S. corporations that was founded in 1972 through the merger of the three preexisting business organizations. and Financial Services Roundtable to the FBI and International Association of Police Chiefs. Chubb also is involved in trying to break down the barriers that prevent partnerships between business and government. Prior to BNA's summit, Chubb hosted a discussion forum between risk management experts from financial institutions and John Tritak, director of the Critical Infrastructure Assurance Office, and Patrick M. Ford, Internet fraud A crime in which the perpetrator develops a scheme using one or more elements of the Internet to deprive a person of property or any interest, estate, or right by a false representation of a matter of fact, whether by providing misleading information or by concealment of expert with the Federal Bureau of Investigation Federal Bureau of Investigation (FBI), division of the U.S. Dept. of Justice charged with investigating all violations of federal laws except those assigned to some other federal agency. . "To defeat cyber terrorism and crime, the emphasis must be placed on teamwork among business, government and law enforcement. That cooperation must exist both within, and beyond, the borders of any single country," he concluded. "I ask you to join us and get involved in similar private-public partnerships both here and elsewhere around the world. Now more than ever, it's time for all of us to take up arms Verb 1. take up arms - commence hostilities go to war, take arms war - make or wage war together in the war against cyber crime." With more than $25 billion in assets, The Chubb Corporation is a holding company for a family of property and casualty insurance companies known informally as the Chubb Group of Insurance Companies. The member insurers of the Chubb Group of Insurance Companies form a multi-billion dollar organization providing property and casualty insurance for personal and commercial customers worldwide through 5,000 independent agents and brokers. Chubb's global network includes branches and affiliates throughout North America, Europe, Latin America, Asia and Australia. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion