{"id":6371,"date":"2023-12-14T08:12:22","date_gmt":"2023-12-14T08:12:22","guid":{"rendered":"httpss:\/\/www.advantagego.com\/?p=6371"},"modified":"2025-04-04T05:33:14","modified_gmt":"2025-04-04T05:33:14","slug":"new-podcast-with-james-burns-head-of-cyber-strategy-at-cfc","status":"publish","type":"post","link":"https:\/\/www.advantagego.com\/en-us\/content\/new-podcast-with-james-burns-head-of-cyber-strategy-at-cfc\/","title":{"rendered":"Classifying cyber risks"},"content":{"rendered":"\n<p><iframe title=\"Ep192 James Burns CFC: Classifying Cyber\" allowtransparency=\"true\" height=\"150\" width=\"100%\" style=\"border: none; min-width: min(100%, 430px);height:150px;\" scrolling=\"no\" data-name=\"pb-iframe-player\" src=\"https:\/\/www.podbean.com\/player-v2\/?from=embed&amp;i=82utm-1520c42-pb&amp;share=0&amp;download=1&amp;fonts=Tahoma&amp;skin=3267a3&amp;font-color=&amp;rtl=0&amp;logo_link=&amp;btn-skin=1b1b1b&amp;size=150\" loading=\"lazy\"><\/iframe><\/p>\n\n\n\n<p><strong>A commonly understood classification system can provide a mechanism for insurers to deal with systemic cyber risk. That is the focus of James Burns, head of cyber strategy at CFC, the latest guest to feature on Mark Geoghegan\u2019s podcast, The Voice of Insurance.<\/strong><\/p>\n\n\n\n<p>The cyber world and its insurers need be able to classify the severity of the systemic loss events to continue to grow and fulfil the needs of customers and society as a whole.<\/p>\n\n\n\n<p>The industry does this for more traditional risks, especially natural perils, such as earthquake, floods or wind risks. Everyone who underwrites Florida property catastrophe, for example, knows the difference between storm categories, all the way from damp squibs in reinsurance terms to the most intense and market-turning hurricanes.<\/p>\n\n\n\n<p>The same cannot be said, at present, for cyber risks \u2013 even the phrase is so broad as to be relatively meaningless \u2013 given that the threats range from malware that slows down laptops and frustrates SMEs or individuals on a daily basis, to specific ransomware attacks that can cost an individual firm dearly, to the kind of macro-level systemic risk attack that gets talked about as \u201ccyber cat\u201d or \u201ccyber warfare\u201d that could cripple an entire economy.<\/p>\n\n\n\n<p>James Burns, head of cyber strategy at CFC, a London market cyber specialist MGA, is on the ground floor, as Mark put it, of ambitious but highly necessary efforts to create a new institution for the insurance industry. The Cyber Monitoring Centre\u2019s founders want it to function as a pan-industry body with a mission to work in the best interests of the market and society at large.<\/p>\n\n\n\n<p>\u201cMajor cyber events threaten society and the economy more now than at any point in history. Yet we still don&#8217;t have a commonly agreed upon and understood system for classifying them objectively and consistently,\u201d Burns told host Mark Geoghegan.<\/p>\n\n\n\n<p>The Cyber Monitoring Centre aims to be reflective of the new world and the new threats that cyber brings, he explained.<\/p>\n\n\n\n<p>\u201cThe core mission of this body is to bring transparency, and clarity to a world which I think is otherwise quite chaotic and confusing, opaque and obfuscated \u2013 the world of major cyber events,\u201d Burns said.<\/p>\n\n\n\n<p>Without classification efforts, analysing data to determine trends, will be much more difficult for insurance companies and other cyber security stakeholders, he emphasised.<\/p>\n\n\n\n<p>\u201cAll the time, I&#8217;m seeing confusion and conflation between events \u2013 real events that have actually occurred \u2013 and the discovery of new vulnerabilities. Those are two completely different things, with different implications, but they get confused and conflated and reported as if they&#8217;re exactly the same,\u201d he added.<\/p>\n\n\n\n<p>The lexicon of technology and cyber can be confusing for anyone who doesn\u2019t make it their area of focus, he suggested. WannaCry and NotPetya, for example, are seen as \u201ctwo rock stars\u201d of the cyber insurance loss world, Mark quipped, but few people could tell you their characteristics or the key differences between them.<\/p>\n\n\n\n<p>\u201cThey were actually very different events in terms of what they cost, who they impacted, and where they had impact,\u201d Burns said. \u201cIt&#8217;s quite worrying, because this is one of the biggest threats facing us today, particularly facing businesses and organisations, and it&#8217;s so poorly defined and so poorly understood.\u201d<\/p>\n\n\n\n<p>For now, the Cyber Monitoring Centre is a UK-focused endeavour, and Burns defines it as responsible for identifying two core metrics in relation to any specific <a href=\"https:\/\/www.advantagego.com\/en-us\/lines-of-business\/cyber\/\" target=\"_blank\" rel=\"noreferrer noopener\">cyber events<\/a> in the UK, then combining them to provide a severity rating.<\/p>\n\n\n\n<p>\u201cThose metrics will be one how widespread an event is, so what proportion of UK organisations are being impacted by an event. Secondly, what the economic impact and\/or financial impact of that event is, so how much is this event costing those affected organisations,\u201d he said.<\/p>\n\n\n\n<p>At the lowest end of the scale, like a category one storm, Burns suggested, a not-very-severe event could impact less than 0.1% of UK organisations and cost less than \u00a320m in economic cost.<\/p>\n\n\n\n<p>\u201cAt the other end of the scale, a much bigger event might impact more than 5% of organisations in the UK, costing more than \u00a35bn in economic damages. That might be a Category Five cyber event,\u201d he added.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A commonly understood classification system can provide a mechanism for insurers to deal with systemic cyber risk. That is the focus of James Burns, head of cyber strategy at CFC, the latest guest to feature on Mark Geoghegan\u2019s podcast, The Voice of Insurance. The cyber world and its insurers need be able to classify the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":6594,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"footnotes":""},"categories":[19,26],"tags":[14],"line-of-business":[24],"class_list":["post-6371","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-podcasts","category-latest-insights","tag-underwriting-workbench","line-of-business-cyber"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/posts\/6371","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/comments?post=6371"}],"version-history":[{"count":0,"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/posts\/6371\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/media\/6594"}],"wp:attachment":[{"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/media?parent=6371"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/categories?post=6371"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/tags?post=6371"},{"taxonomy":"line-of-business","embeddable":true,"href":"https:\/\/www.advantagego.com\/en-us\/wp-json\/wp\/v2\/line-of-business?post=6371"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}