Rick Davis ensures that Internet integration won't be a liability for your company
At the relatively young age of 30, Rick Davis has just had reconstructive knee surgery and expects to have no less than three similar operations in the coming years, including both ankles and the other knee. Yet Davis could be considered healthy and in great shape. So why the surgeries? "I don't want to be 40 years old with aches, pains and nagging injuries slowing me down," says the former Stanford University football player. Such preemptive surgery could almost be considered a representation of his current profession--risk management.
Davis is the co-founder and strategic marketing and corporate development officer of Insuretrust.com, an Atlanta-based e-business risk management firm that focuses on companies whose operations rely on internal and external computer networks. "We have created a new space that combines the best elements of information security, consulting, risk management and insurance," explains Davis. "By combining these disciplines into a unified e-business approach, we effectively address all the critical exposures that affect e-business, the Internet and networked computer environments."
The very same electronic connections that allow us to conduct business and communicate with business partners can be compromised by hackers or unscrupulous employees. Insuretrust conducts full-scale analyses that identify the areas of risk in your business and helps to protect them. Surprisingly, even with the myriad technologies and points of entry that comprise most corporate networks, Davis says the most common security risks are related to human error and miscommunication. However, the risk of a security breach could be reduced if upper management paid careful attention to security issues. Here are the top three problems Insuretrust routinely addresses:
* Lack of a companywide security policy. Many companies don't tell users how to protect their information and how to use networked resources accordingly. This is an accident waiting to happen.
* Lack of executive sponsorship of security initiatives. Senior executives need to be an integral part of the security solution, which should also be a line item in the budget.
* Lack of integration between business decisions and IT decisions. In the e-business environment it is imperative that decisions are made based on both business and IT considerations. For example, if the marketing department wants to create a shared network with its business partner, it is essential to have an IT perspective to make sure all security and infrastructure considerations are addressed from the beginning.
Although internal breaches of security are still the most common type, there has been a dramatic rise in the number of successful "attacks" from the outside. Earlier this year Information Security magazine conducted a survey of over 700 companies that revealed a 91.6% increase in the number of companies suffering unauthorized access (hacking/cracking) intrusion between 1998 and 1999. "Companies conducting e-commerce suffer more frequent attacks than those that don't," says Andy Briney, editor in chief of Information Security. Fewer than 100 of the companies that suffered these invasions attributed a dollar amount to the attack--yet the total exceeded $23 million.
"Traditional insurance companies insure property losses and liabilities but not those that arise from e-commerce," says Davis, whose family has run Davis Insurance Agency for three generations. Ironically, he only joined the family business three years ago--when he stumbled upon this new industry. At the time, the Omaha, Nebraska, native was employed as a computer security and systems integration consultant. "One of my customers asked me who was responsible if the security safeguards I'd installed failed to stop an attack. I told him he was," recalls Davis.
At the customer's request Davis contacted the family firm to find out if there was an insurance policy that could cover this type of loss. The answer was no. By early 1997 Davis launched the Information Risk Management unit of the Davis Insurance Agency to capitalize on the opportunity. "Rick realized the opportunity a couple of years ago and the rest of the industry is only just catching on," says Kevin Field, a technology risk specialist with London-based Willis, a worldwide risk management firm. However, there was at least one other person in the country who was as far ahead of the crowd as Davis--Steve Haase. Haase, a 20-year insurance industry veteran, actually beat Davis to the punch by selling the first e-business security policy in 1997.
"As soon as I heard about that policy I gave Steve a call," says Davis, who contacted Atlanta-based Network Risk Management Services to discuss a possible partnership combining Davis' technical, Internet and underwriting experience with Haase's insurance policy expertise. "We were developing a new area and didn't have anyone from the technology field working with us," recalls Haase. "Rick calls me up out of nowhere and understands the whole market and was able to fill in the void in our planning and strategy."
No comments:
Post a Comment