Speakers
Chair
Dr Raveem Ismail
Director, (Re)insurance, QOMPLX: Insurance
Raveem built and led the insurance team at QOMPLEX, and now heads up QOMPLX’s MGA. This is an analytically enabled venture, writing cover for SMEs against disruption from anthropogenic perils such as cyber and terrorism. He was previously Specialty Treaty Underwriter (terror and cyber) at Ariel Re (Bermuda), chair of the Reinsurance Special Interest Group of the EU COST Action IS1304 on Structured Expert Judgement, Terrorism & War Underwriting Analyst at Validus, and terrorism model lead at Aon Benfield’s Impact Forecasting. Raveem is a triple graduate of Oxford University, and constantly strives to raise the bar for scientific and analytical decision making in (re)insurance.
Presentations
Stephen Boyer
CTO and Founder, BitSight
Stephen co-founded BitSight in 2011 and serves as the Chief Technology Officer. Prior to founding BitSight, Stephen was President and Co-Founder of Saperix, a company that was acquired by FireMon in 2011.
While at the MIT Lincoln Laboratory, Stephen was a member of the Cyber Systems and Technology Group where he led R&D programs solving large-scale national cybersecurity problems. Before MIT, he worked at Caldera Systems, an early Linux startup.
Stephen holds a bachelors degree in Computer Science from Brigham Young University and Master of Science in Engineering and Management from the Massachusetts Institute of Technology.
Managing Cyber Risk in Digital Transformation
Digital transformation is disrupting the way the world does business. A convergence of connected technologies is allowing global business to be done at unprecedented speed – in fact, investment in digital transformation is consuming up to 40 per cent of all IT spend. However, as the world becomes more connected, data becomes more vulnerable. Spending on cyber security is not keeping pace with spending on new technologies, putting organisations at risk of more frequent and far-reaching breaches. As organisations look at their digital transformation initiatives, security needs to be a core component of the strategy, instead of an afterthought. Join this session to hear from Stephen Boyer, CTO and Co-Founder of BitSight, as he talks through the challenges and risks of digital transformation, and provides unique insights around mobile security, the latest BlueKeep vulnerability and the future of cyberinsurance.
Professor Mingyan Liu
Chair of Electrical and Computer Engineering, University of Michigan
Mingyan Liu is the Chair of Electrical and Computer Engineering at the University of Michigan, Ann Arbor, where she has been a professor of Electrical Engineering and Computer Science since 2000. She received her MSc degree in systems engineering and PhD degree in electrical engineering from the University of Maryland, College Park, in 1997 and 2000, respectively. Her research interests are in optimal resource allocation, sequential decision theory, incentive design, and performance modelling and analysis, within the context of large-scale networked systems. Her most recent research activities involve online learning, modelling and mining of large scale Internet measurement data and the design of incentive mechanisms for cyber security. She is the recipient of the 2002 NSF CAREER Award, the University of Michigan Elizabeth C. Crosby Research Award in 2003 and 2014, the 2010 EECS Department Outstanding Achievement Award, the 2015 College of Engineering Excellence in Education Award, the 2017 College of Engineering Excellence in Service Award, and the 2018 Distinguished University Innovator Award. She is a Fellow of the IEEE and a member of the ACM.
Cyber Risk Quantification: Risk Dependency and Its Impact on Modeling and Underwriting
Risk dependency induced by complex vendor relationships among businesses is one of the unique features and challenges in quantifying cyber risks. This talk will take a look at two aspects of this challenge, the first on ways of modeling dependent risks, and the second on what impact it has on underwriting cyber-insurance policies. Specifically, using a base rate insurance policy framework, we show that there is an opportunity for an underwriter to better control the risk dependency and the risk spill-over, ultimately resulting in lower overall cyber risks across its portfolio.
Jason Nurse
Assistant Professor in Cyber Security, University of Kent
Dr Jason R.C. Nurse is an Assistant Professor in Cyber Security at the University of Kent. He is also a Visiting Academic at the University of Oxford, a Visiting Fellow in Defence and Security at Cranfield University, and a professional member of various associations relating to cyber security research and practice. His research concentrates on investigating interdisciplinary approaches to enhance and maintain cyber security for organisations, individuals and governments. This considers the full spectrum of technologies in use today and encompasses topics such as human aspects of security, dimensions of cyber crime, identity security in cyberspace, privacy and security in the internet-of-things, and fake news and rumours on social media. Prior to joining Kent in 2018, Dr Nurse was a Research Fellow at the University of Oxford for seven years. For his research into the interdisciplinary aspects of cyber, Dr Nurse was nominated as a Rising Star within the UK’s EPSRC RISE Awards Campaign.
Interdisciplinary Approaches to Cyber Security for Organisations
Cyberspace has had a tremendous impact on society. It has influenced everything from governments and market economies, to global trade, travel, and communications. As organisations have sought to take advantage of the internet and its large-scale connectivity, they have also inadvertently opened themselves to a range of risks, particularly the pervasive nature of cyber risk. In this talk, I discuss the notion of cyber risk and the significant challenges it can pose to organisations. The talk then makes the argument for more interdisciplinary approaches to cyber security, and the value that they can contribute in protecting businesses. To evidence this point, I focus on three examples of interdisciplinary efforts that have led to enhanced security postures. The first considers the persistent issue of corporate insider threat, and seeks to demonstrate how psychology (include aspects of personality and behaviour) can be integrated into detection mechanisms. In the second, I look at why cyber security awareness campaigns fail to reach individuals and change behaviour, and the importance of incorporating cultural and organisational factors. Finally, I explore the new topic of cyber-harm and discuss its value in supporting cyber risk planning within enterprises, and its use for cyber-insurers in better modelling the impacts of cyber-attacks.