6th Annual Cyber Liability Insurance ExecuSummit
Is There a Black Swan Hiding in Your Back Yard?
Staring Down Cyber Accumulation Risk with Eyes Wide Shut
Founder and Chief Executive Officer
4A Security & Compliance
TI was the hot acronym of 2016. The increasing usage of Threat Intelligence encapsulates the broader efforts of industry trying to get (and stay!) ahead of that runaway freight train sometimes referred to as the “rapidly shifting threat landscape.” But the clockwork reality of “another day, another breach” (or ten) continues to rock organizations around the world with no end in sight. Meanwhile, cyber insurers have been following closely behind the headlines, focused primarily on privacy breaches with attention increasingly being paid to individual losses associated with whaling and wire fraud as well as availability attacks like ransomware and DDoS. So far, so good, (kind of).
These individual events, however, aren’t the real concern; the internet is a dynamic system of systems, and the associated, complex interdependencies across virtually all organizations brings with it the risk of a single event affecting a vast number of independently insured entities. The current insurance industry risk modelling has a long way to go before it can accurately assess the likelihood or value of such an event. Those who’ve been following things like the September Mirai bontnet incident know that such recent attacks are only a small down payment on what’s to come. By the time this keynote rolls around, a new - and no doubt more destructive – “Target-level” event will make internet history and usher in a whole new chapter on cyber risk (and a new set of sublimits).
From this late 2016 vantage point, few people have their eye on these looming threats that are literally staring us in the face, and even fewer have answers. Mr. Goodman’s keynote will explore the following questions:
• How should we interpret the tectonic shifts that are occurring as enterprise IT and threat actors evolve?
• Have the clouds really obscured our ability to see the massive exposures being created?
• How many of these risks are under-insured? How many have we already insured without adequately understanding
and pricing them?
• How can you tell if there's a black swan hiding in your back yard and what can you do about it?
Ben Goodman is the founder and CEO of 4A Security & Compliance, a firm that helps strengthen clients’ information security while managing cyber risk and meeting their compliance requirements. He is also the owner of Enterprise Risk Associates, a commercial insurance agency. With over 25 years of experience in information technology, technology strategy and risk management, he is dedicated to strengthening the cyber defenses and resiliency of US organizations, institutions and critical infrastructure. He is the recipient of ISACA’s CRISC, Worldwide Achievement Award.
Mr. Goodman co-authored and was awarded a grant from the Casualty Actuarial Society in conjunction with Drexel University and law enforcement regarding Common Point of Purchase-type Analysis of Healthcare Data Breaches. He is a member of the Society of Actuaries Project Oversight Group on “Cybersecurity Insurance: Modeling and Pricing” research project.
Mr. Goodman has consulted C-level leadership teams at organizations ranging from fortune 100 companies to tech start-ups. Over the course of his career, Mr. Goodman has consulted clients ranging from American Express, Cablevision, GE Capital, Allied World Insurance Company and W.R. Berkley, to public hospitals, energy companies, UNICEF, private medical practices, cloud service providers, mobile app developers, educational institutions, non-profit organizations and start-ups.
Having founded a Silicon Alley tech firm that raised private investment and formed an international tri-venture with two Japanese Fortune 500 corporations, he has also served as Operations Director of a Managing General Underwriter and CEO of a commercial insurance agency. At 4A, his work is focused at the intersection of IT and cyber risk management.
He is a member of the faculty at Drexel University LeBow College of Business, Corporate and Executive Education where he has lectured on HIPAA Breach Response, Cyber Risk Management and Breach Response for Directors, Corporate Officers and Senior Management, and where he has organized and lead several symposia with leaders from the Department of Health and Human Services, Office for Civil Rights, the Federal Trade Commission, the Food and Drug Administration, the National Institute for Standards and Technology (NIST) and the Federal Bureau of Investigation as well as privacy, risk managers, legal and healthcare industry experts on the topic of Healthcare Data Security and Privacy. He has also spoken at Pace University’s Seidenberg School of Computer Science in New York, the 24th National HIPAA Summit, the Casualty Actuarial Society’s Enterprise Risk Management Symposium, the Cyber Liability ExecuSummit and several other conferences, panels and events.
4A Security & Compliance provides pre- and post-breach cyber risk management tools and services including information security and privacy risk assessments, training and compliance management. 4A also provides post-breach services with forensics specialists to investigate security incidents and data breaches and provides guidance to strengthen client organizations’ security and compliance posture. Mr. Goodman has provided expert witness services in legal matters concerning data breaches, security and compliance. Mr. Goodman has lead 4A’s development of online security risk assessment tools and authored online Cybersecurity and Privacy Compliance Training Courses.
Mr. Goodman is a member of the Casualty Actuarial Society’s Cyber Risk Task Force. He is also a cybersecurity advisor to the Steering Committee for the Greater Philadelphia Healthcare Innovation Taskforce and the Philadelphia Chapter of Infragard. Mr. Goodman maintains an insurance license as well as the CRISC designation (Certified in Risk and Information Systems Control).
Mr. Goodman is a frequent speaker on the topics of cyber risk management and cybersecurity, healthcare data security and privacy issues, and has been interviewed and quoted in several industry publications on issues regarding cybersecurity, compliance and risk transfer. Mr. Goodman received his Bachelors of Arts Degree from Columbia College, Columbia University in New York and studied Educational Technology at Teachers College, Columbia University.
 ISACA, previously known as Information Systems Audit and Control Association, is an industry leading non-profit global association serving IT governance, risk, security and audit professionals in 180 countries.
To Request the Complete Agenda for this Summit.
Agenda includes all topics, presenters, hotel, and registration information.