Originally posted on LinkedIn

I was delighted to attend the Net Diligence Cyber Risk Summit in Philadelphia this week. Before jumping in, I must say, many of us love Work From Home, but after my first in-person conference since the pandemic, I’m reminded that there is no substitute for hot ideas over a cold beer. Hat’s off to the @Netdiligence team for putting on such a well-organized, thoughtful event.

Following are my observations on the key industry trends and take-aways from the event.

*        Cyber insurance is at a crossroads. Insurance is about mitigating quantifiable risk. Today’s cyber threat landscape makes that a challenge. Incidents are on the rise and costs are too, both at the policy level and in the cyber reinsurance markets. Risk models require data but in an “emerging” policy area such as cyber, there are fewer data points than we’d like.

*        Cyber regulations are growing. The Biden Administration has made both security and privacy a priority. We remain a ways away from a federal framework but I do see an increase in the number and nature of federal agencies turning a scrutinizing eye towards breaches. At the state level, national organizations must consider 50 state notification laws, an emergence of laws with statutory penalties (Illinois BIPA), and state AGs who are poised to take action. And of course, we can’t forget about GDPR, the baseline for the CPRA which in turn has become the north star for many other states. On the bright side, it does seem as though regulations look to reward cyber compliance investments.

*        Breach litigation landscape is maturing. The plaintiff’s bar has advanced Article 3 standing arguments in many circuits and now has more arrows in its quiver than before. Some even wondered whether certain claims are suitable for resolution on a Motion to Dismiss. From class actions brought by impacted customers to shareholder derivative litigation, there is a significant volume of data management and analysis that is required in the wake of a breach.

*        Ransomware isn’t going anywhere. Ransom payments to cyber criminals are making headline news. It was fascinating to learn about @DigitalMint’s AML/BSA compliant cryptocurrency payment service. Consider also the rise in vulnerabilities attributed to one’s supply chain or enterprise email. That’s why it’s so important to have experience cyber forensic IR teams who can also help you with pre-breach preparedness @SRM

*        AI across the spectrum: Artificial Intelligence is playing an increasingly prominent role in protecting organisations (e.g., endpoint detection and response) and in helping them respond in the event of a breach @Canopy. Through it all, it’s important to bear in mind the helpful luncheon tip that not all AI is created equal – use the right tool for the job!

#CyberRiskSummit #databreach #businessemailcompromise #cybersecurity #cyberrisk #infosec #cybercompliance #morae