Host Kevin Szczepanski welcomes Damion Walker, managing director of the technology practice for insurance giant Gallagher, to discuss the intricacies of cyber insurance and the newer product, known as tech errors & omissions (E&O) coverage. They explore the evolution of these insurance products, the importance of understanding the differences between them, and how businesses can leverage insurance as a financial tool. Their conversation emphasizes the need for businesses to be proactive in their insurance needs, the significance of choosing the right broker, and the underwriting process. Damion and Kevin also address the challenges faced in the cyber insurance market, providing insights on handling claims and the importance of maintaining communication with brokers regarding changes in business operations. Listen in for the whole story.
Kevin Szczepanski welcomes Gregg Davis, managing principal and technical advisory solutions leader at EPIC Insurance Brokers & Consultants. Kevin and Gregg start by discussing the increasing risks of insider threats to cybersecurity and the sophistication of threat actors along with the need for organizations to create a culture of verification and for real-world training. Diving into strategies to mitigate insider threats, they emphasize awareness and proactive measures. Kevin and Gregg touch on business email compromise, insurance policies, the evolving role of the CISO, and much more. Tune in for the whole episode.
Kevin Szczepanski and guest Nick Reese, co-founder and COO of Frontier Foundry, discuss strategic applications of AI on this episode. Nick’s career evolution includes positions in the US Navy and within the US intelligence community, including a stint as director for emerging technology policy for the US Department of Homeland Security. His company is working on privacy-preserving AI. Kevin and Nick discuss the distinction between generative AI and artificial general intelligence and the need for small to medium-sized businesses to adopt AI strategically. The conversation emphasizes the significance of understanding data security, the role of human oversight, and the establishment of AI governance to ensure ethical and effective implementation of AI solutions.
Kevin Szczepanski and Michael Kurzer, a partner in the law firm Vinson & Elkins who leads the Technology Transactions & Intellectual Property Group, explore the burgeoning field of AI-ready data centers. Kevin and Michael discuss these data centers’ significance, the complexities involved in their construction and operation, and the legal challenges they face. In addition, Michael shares insights on the evolving landscape of data centers, the impact of AI on infrastructure, and the importance of robust legal frameworks to navigate the associated risks. Listen in for the full conversation.
Kevin Szczepanski and Bob Buda, one of the first-ever certified Oracle database administrators, dive into database design, security, and management. To frame the conversation, Bob asks a hypothetical CEO this question: “What percentage of your annual salary would you wager that your data is totally secure?” He provides background about database design and the critical need for data security. Bob and Kevin also discuss the significance of selecting valuable use cases for AI implementation within businesses of all sizes and the need for comprehensive security measures, including the concept of zero trust. Listen in for the full conversation.
In this episode ofCyber Sip, Kevin Szczepanski welcomes plaintiff-side attorney David Lietz, a senior partner at Milberg. David and Kevin take a deep dive into the complexities of data breach class actions, including their evolution, the risks of identity theft, legal standing, and the settlement process. They note the many reasons people give to not join class actions, also pointing out new methods for upping the rates at which people do participate and what some of the benefits may be. They emphasize the importance of being proactive in protecting oneself from data breaches and offer insights into the legal landscape surrounding these cases.
Welcome back to Season 4! In this episode of Cyber Sip, Kevin Szczepanski and Kelly Geary, managing principal of Epic Insurance Brokers & Consultants and national practice leader of Professional, Executive & Cyber Solutions, discuss the current state of the cyber insurance market, the impact of AI on cybersecurity, and the challenges organizations face in implementing effective cybersecurity measures. They explore the rise of social engineering fraud, particularly through deepfake technology, and emphasize the importance of regular training and tabletop exercises to prepare organizations for potential cyber threats. The conversation highlights the need for a proactive approach to cybersecurity and the evolving landscape of insurance coverage in the face of new technologies.
Welcome to Season 4! In this candid solo season opener, host Kevin Szczepanski shares his personal experience of losing his laptop—and hopes listeners heed the valuable lessons he learned. Join Kevin now for essential steps to take immediately after the loss of a device, including contacting your IT department, changing passwords, and reporting the loss to the police. He also delves into the role of IT departments in recovering lost devices and helping to ensure data security. While Kevin’s story has a happy ending, he emphasizes the importance of being cautious, attentive, and prepared.
In this conversation, Sandeep Batta, lead solutions architect for IBM Hyper Protect, discusses the importance of a zero trust cybersecurity model. Sandeep particularly focusses on the rise of digital assets, the implications of quantum computing, and the necessity for organizations to adopt quantum-safe encryption. He emphasizes the need for a secure environment to protect critical data and infrastructure and the role of crypto services in ensuring data security. He also touches on the critical importance of hardware security modules (HSM) in data protection. The discussion also covers the necessity of building secure software pipelines, highlighting the importance of trust in technology. Kevin also signs off for the season with this episode. Stay tuned for Season 4!
Kevin Szczepanski is joined by insurance and technology veteran analyst and author Barry Rabkin as they take a deep dive into all things cyber, cyber risk, and insurability. Barry sets the stage by addressing the evolution of cyber risk and noting that the CrowdStrike outage was both a wake-up call and a harbinger of what’s to come. Kevin and Barry then discuss cyber and operational technology (OT) vs information technology (IT). Their deeper dive into what cyber risks are (“corruption, disruption, destruction, nuisance, and theft”) leads them to note that our world, instead of terraforming, is cyberforming. Listen in as Barry shares more, including about his forthcoming book, “Ramifications of Insurance Commerce in the Cyber Age.”
Kevin Szczepanski and Brian Haugli, CEO of SideChannel, discuss the implications of the recent CrowdStrike incident. CrowdStrike, an endpoint detection and response (EDR) provider, pushed an update that caused worldwide system crashes and downtime for their customers. Brian and Kevin analyze what happened and look at how CrowdStrike responded. The EDR is still being criticized (and in some cases sued) for its process, timing, and lack of empathy and accountability. The incident raises questions about vendor selection, procurement contracts, and the need for better control and auditing of software updates. Kevin and Brian emphasize that it’s still important to maintain good security practices, including embracing EDR technology. One outcome of the incident, they add, is looking at the role of the government in regulating EDR firms.
In this episode, Kevin Szczepanski and Dean Mechlowitz of TEKRiSQ discuss the blind spot that organizations may have when it comes to cyber risks and the need for a cyber risk assessment. They note that the tactics used by criminals to compromise data often don’t require a highly skilled hacker, yet many organizations believe they are secure. Dean emphasizes the importance of conducting a cyber risk assessment to identify and prioritize risks based on the type of data, technology, processes, and regulatory requirements of the organization. Kevin and Dean also discuss the role of cyber insurance in risk management. Listen in to make sure you’ve done what you can to protect your business.
In a quick solo episode, host Kevin Szczepanski offers practical information that can help when you or someone you know suffers from the modern malady known as identity theft. It’s common and serious, affecting millions of people and costing billions of dollars every year. Most of us know that identity theft happens through various means, such as clicking on malicious links, downloading malware, or being a victim of a data breach, but knowing what to do, says Kevin, can provide a measure of comfort. Steps Kevin recommends include reporting the theft to the FTC, placing a fraud alert, correcting your credit report, and considering identity theft protection. Listen in for the details.
Kevin Szczepanski and guest Laura Zaroski, managing director of Gallagher's law firms practice, discuss law firms’ varied responses regarding the use of generative AI: some embrace it while others prohibit it. They also explore benefits and risks of using AI, including the importance of checking work, avoiding sanctions, and client disclosures. They then touch on the potential impact on insurance coverage and underwriting. Firms should consider their risk tolerance and their cases’ value when determining coverage limits. Another best practice is to establish and regularly revisit guidelines or policies for AI use. Kevin and Laura emphasize the need for law firms to understand and strategically use AI while also being aware of the potential dangers.
Kevin Szczepanski welcomes Jessica Copeland of Bond, Schoeneck & King back for a lively discussion on why (and whether) attorneys and firms of all sizes should use artificial intelligence. As a refresher, they remind listeners of the definition of AI and some of its uses. As with many things lawyer related, the answers come down to “it depends.” Law firms need to look at their priorities, capabilities, and needs. Other areas to consider are policies, compliance, indemnification, employee training, security, and clients’ expectations. Kevin and Jessica also discuss AI tools’ wide availability, noting that familiar companies like Lexis, Westlaw, and Microsoft Office have all rolled out internal AI features. Listen in for more.
In this conversation, Kevin Szczepanski and Jessica Copeland of Bond, Schoeneck & King define generative AI as basically the use of large language models to create natural language responses. They note that AI has been used for decades—examples of it in everyday life include personalized recommendations on Amazon and Netflix. They then move on to the use of generative AI and AI governance. Generative AI has both benefits (efficiency and time savings) and risks (including accuracy, bias, confidentiality). Governance is crucial, and listeners will hear some recommendations for developing a robust AI governance plan, including selecting the right tools, identifying decision-makers, assessing security features, and implementing policies and training.
Kevin and his guest, Jodi Daniels, founder and CEO of Red Clover Advisors, discuss the importance of privacy as a fundamental human right, noting that building trust is a two-way street. Jodi explains that a privacy consultancy helps companies comply with data privacy laws and build trust with their customers. Jodi emphasizes that privacy is both a legal compliance issue and a market opportunity. By prioritizing privacy and being transparent about data use, businesses can differentiate themselves and gain a competitive advantage. They also discuss the book Jodi coauthored with her husband, Data Reimagined: Building Trust One Byte at a Time, which provides a story-driven approach to help professionals understand the importance of privacy and navigate privacy regulations.
Kevin and guest Ziming Zhao, assistant professor in the Department of Computer Science and Engineering at the University at Buffalo, discuss Ziming’s work in systems and software security. They focus on ethical hacking and its goal of responsibly disclosing vulnerabilities to vendors. Ziming says that hacking can be fun and doing it ethically serves a purpose, though he emphasizes that ethical hacking is not a guarantee of absolute security. Companies still need to have a security in design mindset. Ethical hackers can help raise the security bar for companies and organizations. Ziming also discusses the relationship between academia and industry in the field of ethical hacking.
In this episode, host Kevin Szczepanski and his guest, Bill Haber of TEKRiSQ, discuss tips to prevent phishing attacks, which, they remind listeners, are “fraudulent attempts to obtain personal information through electronic messages.” Kevin and Bill highlight the prevalence and success of phishing attacks, emphasizing the need for vigilance from both individuals and organizations. Covering examples and types of phishing attacks—spear phishing, smishing, man-in-the-middle attacks—they offer takeaways including slowing down, being cautious of urgency, verifying suspicious emails, conducting trainings, and implementing tools like VPN and DNS filtering. These practices can both enhance cybersecurity and improve the chances of obtaining cyber liability insurance.
Kevin Szczepanski and Arun Vishwanath, chief technologist of Avant Research Group, discuss the urgent need for cyber-hygiene education for children, including about security and privacy. They highlight frequent cyberattacks targeting schools and other education systems, which often have outdated technology and may lack sophisticated IT security skills and resources. The conversation also touches on the role of the private sector in providing cyber-literacy education. Kevin and Arun embrace reforming credit monitoring for children and expanding its scope to include reputation management, and they agree about the importance of protecting the next generation from cyber threats and the need for systemic changes.
