CISO Summit No. 8: Cybersecurity as part of integral corporate security

Keynote 1: Protecting the enterprise: IT risk and security in the overall corporate context

Speaker: Domenico Salvati

How does information technology contribute to the protection of the enterprise? What is its role in the overall corporate security context? Domenico Salvati highlights the context in which corporate boards perceive cyber security. While the important role of cyber security is unquestioned today, IT risk and security experts tend to overlook the fact that it is (only) one piece of the overall security puzzle. To further advance cyber security, the CISO needs to position it within a corporate security framework.
To sharpen the role of cyber security in the corporate context, Domenico merges the Governance, Risk and Compliance (GRC) and the Three Lines of Defense models and positions cybersecurity within this comprehensive view of the enterprise. A third concept rests on terminology and is concerned with “events” and (security) “measures”. As will be shown, the aforementioned concepts underlying information technology are also suited to position other corporate risk and compliance functions in a corporate context (cybersecurity being one of them). In conse- quence, this view of the overall corporate security context yields the opportunity to create a well-tuned reporting system including other functions such as compliance management or data protection to name a few.

For over ten years Domenico Salvati has worked in positions such as “IT Risk Response & Mitigation”, “IT Risk Compliance and Oversight” and “Operational IT Security” most of these for a large Swiss bank. During this period, he also researched the “Management of Information System Risks” at the Swiss Federal Institute of Tech- nology in Zurich (ETHZ) for which he gained his PhD. Since 2010 he holds the position of Enterprise Risk Manager for a large health insurer in Switzerland. With the change from information security to enterprise risk management, Domenico gained a new view on cyber and IT security and will share this with the audience.

Keynote 2: Cyber insurance: What is the scope and by when insurance option is a valuable option?

Speaker: Willi Stössel, Swiss Re Corporate Solutions

Cyber insurance has emerged from data risks and business continuity risk coverage to holistic approaches in order to help enterprises dealing with residual risk. Insurance is the last line of defense for many enterprises before self-carrying the nancial loss of risks. Bruce Schneier introduced the following philosophical concept cybersecurity measures are good to reduce the insurance fee, but there are little arguments only to stretch this border. In the presentation Willy Stössel, a senior experts from SwissRe provides insights on expected corporate cybersecurity measures and their impacts as well as dependencies when offering insurance contracts.

Willy Stössel, is Head of Cyber, Technology & Construction at Swiss Re Corporate Solutions 2007 on-going. The team is responsible for writing primary and excess liability covers for large industrial companies on a worldwide basis. Willy has been instrumental in launching Swiss Re‘s Cyber Liability products and building a large worldwide portfolio of Technology E&O related risks. Prior to this role, he was responsible for the underwriting various other industry segments including heavy machinery, utilities and pharmaceutical companies. He has close to 20 years of experience in the insurance industry and has been always focused on risk transfer of large cooperations.