For more than 20 years, Mary Jane Wilson-Bilik, partner at Sutherland Asbill & Brennan LLP, has helped insurance company clients comply with the fast-changing requirements of state and federal regulators and successfully respond to state unclaimed property and market conduct examinations and changes in U.S. Securities and Exchange Commission (SEC) regulations, with a particular focus on cybersecurity.
What do you see as the greatest cyber risks today?
The interconnectedness among financial services companies invites cybercriminals to exploit the weakest line in the chain. So it’s important to monitor your own and your vendors’ cyber preparedness and revise your vendor agreements to require evidence of preparedness, to establish liability for breaches and to require adequate indemnifications for damages.
What will the greatest threats be in five years’ time? What do you see as the emerging issues?
Organized crime and state-sponsored criminal gangs are already in the picture and aiming to take top executives and key systems hostage. We saw a preview with the Sony breach.
Is the insurance industry doing enough to adequately address these risks?
The nature and severity of threats are multiplying so fast that no one feels they are doing enough. But regulators, including the SEC, FINRA, the NAIC and New York Department of Financial Services are starting to elaborate on what a “reasonable” insurer should be doing and the industry should be paying attention.
What keeps you awake at night?
I worry about safeguarding our critical infrastructure that we take for granted. I’d like to see national standards on cybersecurity preparedness across industries, on breach notifications and on information sharing. The current patchwork of state and federal regulation is not reassuring.
In your opinion, what is the single most important cyber risk development in the past 12 months?
The focus of boards and senior management on the NIST Framework has given us a uniform language to use in discussing cyber issues. This is very helpful.