Overview
The digital revolution will continue to play out across many industries, with disruptive entrants and technology-driven change. How might businesses anticipate and react to these changes over the next ten years? What might the future hold for cyber risk, trends in surveillance capitalism, use of ever-growing volumes of data, and advances in artificial intelligence? This track explores the issues of preparing businesses for the risks of the 4th Industrial Revolution.
At a Glance: The Decade in Technology Risk
2010: The Stuxnet worm causes substantial damage to Iran’s burgeoning nuclear programme.
2013: Hackers steal credit and debit information from 41 million shoppers after reaching Target’s databases through its HVAC vendor.
2015: A cyber attack successfully hits Ukraine’s power grid, causing hours of blackout for 230,000 people.
2016: Domain name system provider Dyn suffers that largest distributed denial-of-service attack in history, taking down services in Europe and the United States.
2017: Equifax announces a massive data breach of 145 million US consumers’ private information.
2017: The ransomware WannaCry locks vulnerable computers across 150 countries and causes $4 billion in economic damage.
2017: The destructive malware NotPetya affects the Ukraine and spreads across Europe and the world, causes $10 billion in economic damage – the costliest cyber attack to date.
2018: It is announced that malicious malware has been discovered in industrial plants in Saudi Arabia, affecting Triconex safety systems.
2018: The General Data Protection Regulation law comes into effect in the European Union.
Speakers
Chair
Simon Ruffle
Director of Research & Innovation, Cambridge Centre for Risk Studies
Simon Ruffle is a member of the Executive Team and is responsible for the overall research framework of the Centre. He is researching into innovative sourcing of business economic data and is leading the cyber threat research track. He has a background in natural hazards and the insurance industry.
Discussant
John Low
Head of Risk, Game Retail
John Low heads up all risk function teams for the national high street chain Game Retail Ltd along with the Player 1 Events and the Belong brands where over the last 11 years he has held risk management and senior operational positions. His wide-ranging responsibilities include Enterprise Risk Management (ERM), internal audit (UK and Spain), insurance, information security, loss prevention, multi-channel fraud payments and health & safety.
John has a strong and diverse retail background having previously worked for a number of UK big retail brands including the Co-operative Group (food) in senior operational roles and the retail management section of Bass. He is also currently a member of the Institute of Risk management (IRM) and the serving chairperson of the omni channel ORIS forum committee that has extensive retail high street representation.
He has previously provided voluntary service to influential groups and forums having worked with the National Police Chiefs Council (NPCC) and the Home Office on the roundtable “tackling the market for stolen goods” and on two working groups for the prevention of acquisitive crime.
Presentations
Kelly Quantrill
Cyber Risk Researcher, Cambridge Centre for Risk Studies
Kelly supports research in multi-line insurance exposure, cyber risk, and Project Pandora, which models the risks of multiple threats to global and city-level economies. Her primary interests are in data management, catastrophic planning, and the risk management of natural hazards.
Technology Risks – CCRS Risk Outlook
An overview of the research work carried out by Cambridge Centre for Risk Studies for the risk class of Technology Risks, and description of a possible landscape of the risk over the next decade.
Olivia White
Partner, McKinsey and Company
Olivia is a Partner in McKinsey’s San Francisco office. She advises banks and other financial institutions on a wide range of topics across strategy, organisation, risk management and operations. She has led transformative impact for many global financial institutions and corporate business functions. She also has worked extensively on financial inclusion and broader economic development, with primary focus in emerging markets. Along with her expertise in risk and financial inclusion, Olivia has led projects focused on foundation portfolio construction, customer experience, digital payments, operational improvement, and organisational design. Olivia publishes frequently on topics related to risk and financial inclusion, most notably through the McKinsey Global Institute (MGI) and McKinsey on Risk. Most recently, she co-authored an MGI report, “Digital identification: A key to inclusive growth.” In addition to her publishing efforts, she speaks regularly at large industry events and convenes executives in smaller roundtable formats to push the latest thinking in the industry. Prior to joining McKinsey & Company, Olivia was a Pappalardo Fellow in Physics at MIT, where she conducted research both in physics and in neuroscience. She holds a PhD in Physics from Harvard, an MSc in Mathematics from Oxford University where she was a Rhodes Scholar, and a BA in Physics and Mathematics from Stanford University.
Digital identification: Understanding the Opportunity and Risks
New research by the McKinsey Global Institute (MGI) shows how good digital identification (digital ID) is a new frontier in value creation for individuals and institutions around the world. Nearly one billion people globally lack a legally recognized form of identification. The rest of the world’s 6.6 billion people either have some form of identification but limited access to services that increasingly are being provided online, or they are active online but struggle to keep track of their digital footprint securely and efficiently.
Individuals can use digital identification, or “digital ID,” to be verified unambiguously through a digital channel, unlocking access to banking, government benefits, education, and many other critical services. The research finds that countries implementing digital ID could unlock value equivalent to 3 to 13% of GDP by 2030. The magnitude of this opportunity heightens the imperative for understanding and managing the very real risks and potential for misuse of digital ID. Olivia White, a Partner in McKinsey & Company’s San Francisco office and co-author of the recent MGI report Digital identification: A key to inclusive growth will talk about the enormous potential of digital identification and how careful system design and well-considered government policies are needed to promote adoption and manage associated risks.
Christos Mitas
Vice President of Model Development, Risk Management Solutions
Based in London, Christos leads RMS’ Climate Hazards-Dry and Cyber Risk modelling teams researching and developing modelling frameworks and solutions for the reinsurance industry.
He has worked at RMS since 2006 developing mathematical models of catastrophic risk from natural and man-made perils, including the Cyber Accumulation Management System (2016, 2017), Cyber Solutions (2018), typhoon models for South Korea and Taiwan (2016), probabilistic flood maps for Taiwan (2015) and South Korea (2014), the European wind storm model (2011), and the North America winter storm model (2008). He has also researched and developed efficient and scalable computational modelling frameworks.
Before joining RMS, Christos worked as a post-doctoral Associate and an Assistant Scientist at the University of Miami’s Rosenstiel School of Marine and Atmospheric Science (RSMAS) from 2003 to 2006. He holds a PhD in Atmospheric Sciences from the Dept. of Atmospheric Sciences of the University of Illinois at Urbana-Champaign. He earned a MSc degree from the Dept. of Atmospheric Sciences of the University of Wyoming. Christos’ Bachelor’s degree is in Mathematics from the Aristotle University of Thessaloniki, Greece.
The Future of Cyber Risk
Cyber risk is changing all the time. Recent years have seen shifts in the business models and techniques of cyber criminals – putting more of their efforts into ransomware attacks than stealing personal data – as well as changes in the security technology available, a growing political dimension to cyber attacks by one country on another, and legal and regulatory framework changes that make it more expensive for organisations to deal with their cyber events.
To help organisations manage their risk in this changing landscape, RMS updates its cyber risk model each year, with reparameterisations to incorporate new trends.
Business executives however need to plan for multiyear investments, returns on capital, and longer-term assessments of risks to their business strategies. Assessing how cyber risk will change over the next five to ten years is a challenge, but one that can be planned for and that should underpin enterprise risk management. A strategy that plans for a continuation of the current trends is likely to experience strategic surprise – a sudden change in the risk landscape for which the business will be unprepared.
Strategic surprise in cyber risk could occur with a sudden increase in the number of threat actors, or a rapid advance in their capabilities. It could occur with major technology advances such as artificial intelligence or quantum computing, rendering encryption obsolete. New methods of monetising information could be discovered by hackers, just as new businesses are trying to do in the legitimate economy. State-sponsored cyber teams could change their rules of engagement to focus on commercial targets.
A range of different possibilities needs to be considered to enable organisations to manage their cyber risk in a changing threat environment over the next decade.