Risk & Compliance

Tom Ridge Sells Spying as Way to Curb Cyber Risk

“So how do we assess cyber risk?” Tom Ridge asks. By spying on potential threats, says the former U.S. Homeland Security director.
David KatzOctober 28, 2014

NEW YORK —Touting his experience as the nation’s first secretary of Homeland Security, Tom Ridge told a risk management conference today that “real cyber intelligence” was the key to curbing corporate data breaches and computer generated threats.

Tom_RidgeDelivering the keynote speech today at the Advisen Cyber Risk Insights Conference — a little over two weeks after launching his own cyber insurance company — Ridge contended that the mere gathering of historical data that insurers have traditionally used to assess the hazards of their corporate clients used “is grossly insufficient” to keep pace with the work of hackers.

A Better Way to Do Ecommerce

A Better Way to Do Ecommerce

Learn how Precision Medical leveraged OneWorld to cut the cost of billing in half and added $2.5M in annual revenue.

Instead, “we really need a methodology based on the availability of intelligence of current and very specific client threats,” he said.

Not only are cyber risks too new for insurance companies to have amassed an amount of data meaningful enough to base risk assessments on, their “scale and speed is unlike anything we’ve seen before,” according to the two-time Pennsylvania governor, who added that “the sophistication of [cyber] adversaries … cannot be denied.”

“So how do we assess cyber risk in this environment?” he asked. Ridge’s answer: by spying on potential threats.

And that, to be sure, was the edge that the chairman of the newly formed Ridge Insurance Solutions, an underwriter backed by five Lloyd’s of London syndicates, was offering risk managers — the service he had come to sell. The first element of the firm’s methodology “to combat the cyber threat,” he said, “is the utilization of real cyber intelligence” of threats against industries and individual companies.

[contextly_sidebar id=”ffL2e3oZdTCVMdxbl5ujbdk7l9bmRGrF”]The firm’s risk assessment “partners” — listed on the firm’s website as Foresite, an information security and network solutions provider, and CyTech Services, a forensics vendor — “are actively roving the dark side of the web, looking for the bad actors,” their methods and their paths of attack, he said.

Ridge was also selling himself. As the U.S. Secretary of Homeland Security from 2003 to 2005, Ridge was “introduced to a lot of disruptive, game-changing technology, not only in the digital space, but elsewhere,” he said. “I got a chance to see them before a lot of companies were exposed to them.”

“In our assessment process we employ, I think, such a game-changing technology. It’s an exclusive tool that actually goes in at looks at problems on client networks at up to 100 percent of your endpoints if needed,” he boasted, without specifying how the tool works or what information it might gather. “We can send ‘digital agents’ out there to check your endpoints for purposes of determining whether or not we’re going to insure you.”