Risk managers have plenty on their plates as 2014 begins.Cyber risk is front and center after the recent data breachesexperienced by retailers, most notably Target. The possibleexpiration of the U.S. government's terrorism backstop at the endof this year is another concern.

|

“This breach at Target, I think, is a wake-up call and should bea wake-up call for individuals as well as organizations,” said AlGorski, chief risk officer for the Orange County TransportationAuthority in Southern California and a board director at RIMS.

|

Gorski said a 2012 data breach at the South Caroline Departmentof Revenue “pushed security and privacy risks higher on my list.”He notes that the South Carolina incident also involved a lot ofdata—it exposed sensitive information from almost 4 milliontaxpayers and 700,000 businesses.

|

Insurance Only Part of the Solution

|

The Orange County Transportation Authority, which deals witheverything from buses and paratransit routes to toll roads, hasthree types of information to protect, Gorski said: that ofconsumers who use their accounts to pay for buses or tolls,information about the agency's employees, and data related to itsbusiness partners. “As a public agency, we want to make sure we'reconcerned with the public,” he said.

|

The authority has been buying cyber insurance for the last fewyears, since before the South Carolina cyber breach, but cyberinsurance is only part of the solution, Gorski said.

|

“We have to look at other things—the security of the premises,password control,” he said. “We have lots of exposure we didn'thave, say, five years ago, with smartphones and things likethat.”

|

Al Gorksi, Orange County Transportation AuthorityTheauthority has responded by working to improve security, saidGorski, pictured at left. “We've tightened down the securityinternally. We've tightened down the security dealing with laptops,the information provided on laptops, the access to our system fromoutside the organization— say , people accessing business information for business purposesfromtheir homes .

|

“According to the manager of the information technologydepartment, there's lots of knocks on our door every day fromcyber,” he added.

|

Gorski said the decaying U.S. infrastructure is another of hiskey concerns. “One of the things I think risk managers are notthinking about is our infrastructure is getting older, and theamount of money from gas taxes is not meeting the need ofmaintaining that infrastructure.”

|

He noted the role the nation's roads play in companies' supplychains. “Forty percent of all goods coming into this country comein through Los Angeles and Long Beach ports,” Gorski said. “We haveto maintain those roads for those goods to be moved.”

|

Catastrophes andCompliance

|

Leslie Lamb of Cisco SystemsLeslie Lamb, director ofglobal risk management for Cisco Systems and also a RIMS boarddirector, said cyber issues are a big concern for many companies,as are natural catastrophes. And catastrophes can result inbusiness interruptions, another topic that risk managers arelooking at these days, she said.

|

Lamb also cited compliance concerns and noted that for companiesdoing business around the world, that includes the challenge ofensuring they have the correct policies and limits in place in eachcountry. “In some countries, you're required to carry certain typesof insurance, and if you don't, there are stiff penalties,” shesaid.

|

Insurance brokers can provide information on what's needed ineach country, Lamb said, but there are gray areas: “If you talk to10 different people about what's required and what are theramifications, you might get at least seven or eight differentanswers.

|


Terrorism Risk

|

Lori Seidenberg of Centerline CapitalLori Seidenberg, aRIMS board director and senior vice president of enterprise riskmanagement for Centerline Capital Group, a real estate investmentand finance company, cited “grave concern” in the real estateindustry about whether Congress will renew the terrorism backstop.That facility, the Terrorism Risk Insurance Program ReauthorizationAct (TRIPRA), will expire on Dec. 31; it was enacted in 2007 tosucceed the original backstop, the Terrorism Risk Insurance Act(TRIA).

|

Seidenberg noted the likelihood that the backstop's renewal will“come down to the wire” given the many other issues Congress has todeal with. In addition, she said, “there are a lot of newcongressmen and women who were not around the last time thishappened. They don't understand what terrorism [insurance]is expected to cover and the consequences of not renewing [the backstop] .

|

“There is concern that it's very possible it is going to sunset,just because of those factors,” she said.

|

“There's a consensus in Congress that terrorism [insurance]is readily available on the regular market,” Seidenberg said, butshe argued that that is true only for organizations located ingeographies where the risk of terrorism is not great. “If you're inNew York, two blocks from the Freedom Tower, it's hard to findcoverage.”

|

Given the possibility the backstop will expire at year-end,insurers renewing policies this year will attach sunset clausessaying that if the terrorism backstop sunsets, the policy'sterrorism coverage will end as well on Dec. 31, she said.

Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.

  • Critical Treasury & Risk information including in-depth analysis of treasury and finance best practices, case studies with corporate innovators, informative newsletters, educational webcasts and videos, and resources from industry leaders.
  • Exclusive discounts on ALM and Treasury & Risk events.
  • Access to other award-winning ALM websites including PropertyCasualty360.com and Law.com.
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Susan Kelly

Susan Kelly is a business journalist who has written for Treasury & Risk, FierceCFO, Global Finance, Financial Week, Bridge News and The Bond Buyer.