The Cyber Insurance Academy recently selected Keely Wilkins, Security Engineer & Evangelist at the Office of the CTO at Check Point, to lead some initiatives related to cyber insurance education and cyber risk management for our Community. Keely is a seasoned cyber security expert and has over 25 years of experience in running training and thought leadership events in this space. Keely recently presented an Email Security Masterclass to our Community of cyber insurance professionals, a recording of which can be accessed here.
We interviewed Keely on her role in the cybersecurity and cyber insurance sectors and how she goes about alleviating the lack of confidence that so many insurance professionals have when it comes to the complex, fast-paced world of cyber security.
How would you define a cybersecurity evangelist, and what does your role entail?
My role as a Cybersecurity Evangelist with the Office of the CTO is my passion. Our team of Evangelists is worldwide and growing. Our objective is to promote cybersecurity thought leadership across all industries. Each of us have extensive experience, training, and education in technology and security. We collaborate on emerging technologies and bring that information to organizations and individuals as we present at conferences, webinars, appear in the media, write articles or White Papers, and guest speak on podcasts.
What motivates you to continue educating others about cybersecurity, even when faced with resistance or skepticism?
I’ve been in the technology industry for over twenty-five years. I’ve been in the first-responder seat for cyber-attacks and have seen the damage that successful attacks cause to the organization and its staff. Identifying and responding to an active attack is draining – emotionally, physically, mentally. The details of those jobs are confidential. We cannot tell you the details of what we did or for whom. It’s a heavy burden to carry. Advocating for my fellow security practitioners is my motivation. Educating other industries, like Insurance, on the importance of Cybersecurity Strategies, Business Continuity Plans, Incident Response Planning, and Cyber Risk Management is my way of helping to shed light on the pain points I have experienced across industries. Better planning results in fewer breaches.
There have been skeptics along the way and there has been resistance. I see it now with the push and pull over protecting privacy versus trading it for the perceived convenience of a smartphone app that requires invasive permissions to work or a “like” or repost on social media. Not acknowledging the value of security and privacy erodes that which we hold most dear, our worth as individuals and our safety.
The term “Surveillance Economy” popped up in my research recently. It is the perfect characterization of what we experience in our current technology-driven lives. It’s unavoidable. This motivates me to learn more, share more, and to help those struggling with technology to make it work for them instead of against them.
What is the biggest challenge in educating cyber insurance professionals about cybersecurity and how have you overcome this?
Cyber Insurance and Cybersecurity are two sides of the same coin. Both aim to help targeted organizations minimize the impact of a cyber incident. Cyber Insurance does this as a limited financial compensating control while Cybersecurity aims to prevent the attacks from happening.
My biggest challenge in educating cyber insurance professionals is not being in the insurance industry. I’ve queried people I know in the industry, but I’ve never walked in their shoes. When presenting, it’s key that the audience be invested or even involved in the event. That’s how you gain mindshare. No one wants a presenter to read a slide deck to them for 45 minutes. I’ve tried to overcome this by taking a step back, looking at my data and rebalancing the message in favor of Cyber Risk Management instead of being solely focused on Cybersecurity. Cyber Risk Management is the common language between cybersecurity and cyber insurance.
How does Check Point stay up to date with the latest trends and developments in the cyber insurance sector, and how do you incorporate that knowledge into your products and services?
We stay up to date on the latest trends and developments in the cyber insurance sector by listening to our customers, being a contributing member of the World Economic Forum “Partnership Against Cybercrime” working group, partnering with the Cyber Insurance Academy to bring our expertise to your members, working with Specialty Insurers in the field, and presenting at industry events to share our expertise and to learn from yours.
Check Point has always been a Prevention-first security company. We’ve never been satisfied with just detecting an attack. This is at the heart of why we do what we do. Prevention-first lowers the risk of a breach. When attacks are prevented, less risk is transferred to the insurance company. When less risk is transferred, more capital is available to write even more policies.
Every product and service we offer aims to prevent cyber-attacks.
Looking ahead, what do you see as the future of the cyber insurance industry, and how is Check Point positioning itself to stay ahead of the curve?
Predicting the future of any industry is tricky. Three things I’m comfortable predicting are
- Cybersecurity education and more robust actuarial data will continue to shape the future of the cyber insurance industry
- Legislation requiring organizations to report breaches will add contour to datasets, but it’s important to note that not all breaches result in an insurance claim
- The cyber insurance sector will learn to be more dynamic and responsive to emerging technologies that impact the security of the insured in unforeseen ways
Check Point has been a cybersecurity leader for thirty years. Our goal with all cyber threats is to prevent a breach. We continuously adapt to the changing threat landscape to secure the organizations who entrust us with their businesses. The work of the Check Point Research team keeps us ahead of the curve and the work of our R&D team to bring that vision to life through our products is second to none. We are committed to delivering unified security solutions that are comprehensive, consolidated, and collaborative. We call it the 3 C’s and we’re pretty excited about it.