Insurance companies looking for easy solutions to their cyber security concerns will only be frustrated and end up spending more in the long run. This was the message of an Israeli cyber security expert to the members of the Philippine Insurers and Reinsurers Association (PIRA) in a recent webinar entitled "Closing The Gap -- Cyber Security and the Insurance Industry." Mr. Alex Peleg, an award-winning "ethical hacker" and CEO of Cynergy, a cyber security firm based in Tel Aviv, said every company has unique "crown jewels" and vulnerabilities which must be assessed properly to be able to come up with the right cyber security solution. "There is no plug-and-play security solution that will solve all your problems," he said. "We do an an audit of your company like going into your house, We go from room to room. We look at the identities that you need to manage. Identities are like the keys to your house. You don't want to leave them lying around." Mr. Peleg said identity theft is the most common form of cyber security breaches in companies they have worked with. However, being most common does not mean that companies already know what to do when such breaches happen. On the contrary, companies, time and again, often fail to prevent identity theft and usually discover the problem only when a major damage has already been done. "In order to protect the crown jewels in your company, you must plan ahead and prepare to spend. Most often, companies realize this only when they already suffered an attack. They realize that it happened because they lacked awareness and they failed to have the necessary controls. They under-focused on cyber security risks," he said, adding that, "If you would spend money, spend it wisely." Mr. Peleg noted, though, that companies that experience attacks emerge as much stronger and wiser. He cited major insurance companies in the United States and in Europe that suffered cyber attacks in various forms last year. Chubb Corporation, the 12th largest property and casualty insurer in the US, suffered a cyberattack in March 2020 that resulted in unauthorized access to data held by a third-party service provider. Though no official details were disclosed, security researchers believe Chubb was hit by a ransomware attack, which encrypts files and exfiltrates the data to the attackers’ servers where it is held for ransom. The attackers claimed to have data stolen from Chubb, including the names and email addresses of senior executives. About the same time as the Chubb attack came another on Pacific Specialty Insurance Company, an automotive and home insurance provider. It was a phishing attack that resulted in hackers gaining access to employees' and clients' email accounts, social security numbers, government-issued IDs, financial data, and health insurance information. In the Netherlands, an insurer suffered a breach after falling victim to the “CEO hack,” a phishing attack that impersonates a CEO. Employees of the insurance company received emails from a hacker pretending to be a CEO of a well-known commercial customer, requesting they transfer money into a compromised account. Mr. Peleg said these attacks are fast becoming commonplace in the industry. And he used the analogy of snowboarding in explaining how executives tend to deal with cyber security breaches. "It's like surfing on the Black Slope even though you are not completely aware of it. When an avalanche happens, first you experience a time of uncertainty and denial. You ask yourself, 'Is it really happening to us?' Only when the snow begins to pile up and your systems start collapsing and stop functioning, then it is only then that you realize that you are being attacked," he said. He gave the following advice for companies who might suddenly find themselves confronting a cyber attack: First is to contact your lawyer. This can be internal or a third party lawyer. You have to protect all the information that comes and goes to your cyber security team. Find out your legal exposure. There is a possibility that you will be sued and the regulator will go after you. Better be ready. Second is to deploy your Incident Response Team. Companies must have a cyber security Incident Response Team ready because a cyber attack may happen any day. Third is to review your cyber architecture and repair what needs to be repaired. And fourth is to not take one's head from the problem until the storm is over. "Even if it's over, don't think it's over. Recovery is a long journey up the hill," he said. Mr. Peleg stressed that every company must have an Incidence Response Plan for cyber security breaches. This is totally different from a disaster recovery plan. This must be drawn and put in place in advance and must involve the company's CEO, lawyers, marketing officers, and human resources (HR) heads. "Why do you need HR? You need them because most ransom notes we get come from disgruntled employees," he said. Ultimately, Mr. Peleg said the direct responsibility falls on the CEO and not on the company's cyber security team. "The CEO must know what to do and what to say if and when the breach happens," he said.

Thank you and best regards.

The country's non-life insurers are gearing up to make cyber security a priority in their journey to full digitalization. More than 200 executives from the Philippine Insurers and Reinsurers Association (PIRA) attended a two-day webinar on the topic, "Closing the Gap -- Cybersecurity and the Insurance Industry" organized by PIRA in partnership with the Insurance Institute for Asia and the Pacific (IIAP) and IPV Network, a local cyber security company with ties from global specialists in this field. Mr. Ramon Dimacali, former chairman of PIRA and former president of IIAP, said insurance companies have much catching up to do when it comes to cyber security. "The banking sector embraced cyber security much ahead of us," he said. "I have talked with presidents of insurance companies and their main concern is they do not understand it. Hence this webinar." Mr. Miguel Ramos, president of IPV Network, said he is honored to bring the best cybersecurity companies from other countries to the Philippines and offer their services to industries such as insurance. IPV Network particularly mentioned CyberInt, a world-cybersecurity company that offers cutting-edge cyber security solutions. As the head cyber consultant to the Bank of Israel, CyberInt is the only company of its kind that offers a holistic approach to protection beyond the perimeter. A senior cyber threat analyst of CyberInt based in the United Kingdom presented an intelligence report on the state of cyber threats in the Philippines. The analyst, who requested anonymity for security reasons, said insurance companies are the next best target of cyberattacks after healthcare and finance. "You are a slow-moving target," the cyber threat analyst said. "In recent months, insurance companies in the US have experienced major breaches in cyber security and we expect such incidents to become more frequent as more and more people transition their business online." Meanwhile, Mr. Ivan Ivan Jude Busgano, Product Marketing Manager of IPV Network, noted that most companies in the Philippines seldom take cybersecurity seriously. "They leave it completely to their IT department and they think it is just for compliance. Oftentimes, the Cyber Security Team is a one-man team. This has to change. You cannot protect what you don't know. You cannot manage what you don't understand," he said. Mr. Nir Greenberg, Senior Engineer of Illusive Networks, another Israeli company, talked about "Evaluating Risks and Implementing Controls," noted that companies are now more vulnerable because their employees are working from home. "Servers are now being accessed via computers from employees' homes. Your vulnerability increases as you consider that even your supply chain is being accessed by people outside of your company. You can't know for sure where the attack will come from," he said. Mr. Greenberg pointed out that 60 percent of attacks in companies that he has seen so far are internal. "This kind of attack is actually the most devastating because they involve people you know and trust," he said. He went on to explain that the usual insider attacks are perpetrated by disgruntled employees, or those who do not fit the organization's culture and refuse to be managed. And the work-from-home setup has made it easier for such employees to mount an attack on their company's systems. "When people are at home with their computer, no one is watching their back. Now they can do whatever they want," Greenberg said. How to Avoid Insider Attacks CyberInt offered the following tips to insurance companies to prevent insider attacks: 1. Assume that there can be serious insider threats inside your organization, not just elsewhere. 2. Do not assume that background checks will catch all insider threats. 3. Accept that we will not catch all red flags. 4. Consider that insider conspiracies are possible, i.e. multiple insiders conniving to achieve a joint goal. 5. Establish multi-layered protection measures. 6. Recognize the role of organizational culture and employee disgruntlement. 7. Assume that insiders know about your security policies and how to work around them. 8. Know that your established security protocols are sometimes bent. 9. Focus on non-malicious sources of insecurity as well as malicious. 10. Don't just focus on prevention, and strengthen mitigation steps as well IIAP President Ms. Herminia Jacinto stressed that the insurance industry does not have a choice but to confront the cyber security challenge in front of them. "We have to face up to the challenge. The problems are already here," she said. For more information, visit www.ipvnetwork.com.

About ASEAN Reinsurance Programme (ARP) The ASEAN Reinsurance Programme (ARP) aims to enhance reinsurance education and talent development in the region. It is an initiative under the ASEAN Insurance Education Committee and the ASEAN Reinsurance Working Committee and managed by the Insurance Institute of the Asia-Pacific (IIAP) in collaboration with the Singapore College of Insurance (SCI), the Malaysian Insurance Institute (MII), the Thailand Insurance Institute (TII) and the Dewan Asuransi Indonesia (DAI). The ARP is a first of its kind, multi-pronged holistic talent and professional development initiative that combines technical training programmes with internships in time to come. The Programme is slated for February 2021 kicking off with a 2-hour webinar organized by the IIAP, focusing on reinsurance developments in the ASEAN marketplace. Participants who are interested in the technical training programmes will be encouraged to go through a Reinsurance Primer course and assessment, sponsored by SCI. This Primer covers the basic concepts of reinsurance. Participants can register for the various technical training programmes on a stand-alone basis. For a start, only one intake will be offered in 2021 and we will limit the number of participants to no more than 30 per class. Participants are expected to have a minimum of three years of experience in reinsurance.

The Insurance Institute for Asia and the Pacific (IIAP) is officially launching this month (February) its ASEAN Reinsurance Programme (ARP) which aims to enhance the reinsurance education and talent development in the Southeast Asian Region. IIAP Executive Director Francis Papa announced that an Intermediate Level Webinar on ASEAN Reinsurance Market Developments will be held on February 19 starting 1:00 pm. This webinar will serve as the kickoff for the ARP which was jointly developed by the IIAP with the guidance of the ASEAN Insurance Education Committee and the ASEAN Reinsurance Working Committee and the help of the Singapore College of Insurance, the Malaysian Insurance Institute, the Thai Insurance Institute, and DAI Indonesia. "We are inviting insurance executives from all ASEAN countries to attend this webinar to get an overview of the reinsurance market, with special focus on our region. We will look at key parties in the market -- the broker, the reinsurer, the buyer, and even the regulator, and examine their respective roles and how they interact," he said. The resource speaker for the webinar is Mr. Gabriel Manoughian, founder and director of inuRE Reinsurance Training and Solutions, with 25 years of experience in client management, collaborative working, risk analysis, negotiation, product design, business production, and learning support. Among the things he will discuss are: · Examination of market dynamics to show how the reinsurance market works and its day-to-day operations. · Historical developments and how they have shaped the reinsurance industry. · Insights on market trends and what they mean to the ASEAN region. · Review and discussion of key challenges facing the market and how the region can better face these challenges. "We want to provide attendees with a rounded view of the reinsurance market and how it is evolving so they can understand how the market is relevant to their business," said Mr. Papa. Admission to the webinar will be limited to allow maximum interaction among participants. To reserve a slot, please contact the IIAP and look for Ms. Pao Laviña or Ms. AC Rodriguez at telephone numbers 8887-7444 to 46 or via email at education@iiap.com.ph. Registration fee is US$80.

Two insurance industry leaders were recently elected as new members of the Board of Trustees of the Philippine Insurers and Reinsurers Association (PIRA). ​ Ms. Generosa "Gigi" Pio de Roda and Mr. Daniel "Danny" C. Go are the two additions to the PIRA Board replacing Shankar Sinha and Andrew Dee Co who have served their terms of office. ​ Ms. Pio de Roda is the President and CEO of FPG Insurance and the former Chief Operating Officer of Philamlife. She is expected to contribute important insights in business operations transformation with focus on customer experience. She will serve as Trustee and Corporate Secretary of PIRA for this year. ​ Meanwhile, Mr. Go is the President and CEO of MAA General Assurance and former Vice President for Marketing of Prudential Guarantee. He is an authority in motor car insurance and once headed the Association of Insurance Claimsmen. He will serve PIRA both as Trustee and Deputy Chairman for 2021. ​ Mr. Allan R. Santos, President and CEO of National Reinsurance Corporation of the Philippines has been reelected Chairman for the third year and he expressed his gratitude to the PIRA members for their trust in his leadership. He exhorted the 58 member companies of the country's non-life insurance industry group to continue working together to weather the Covid-19 pandemic and the economic recession that the world is experiencing. ​ "We have proven time and again that we are indeed stronger and better when we work together," he said. ​ Other elected Trustees of PIRA for 2021 are Ms. Joli Co Wu, President, CEO and Chief Underwriting Officer of Paramount Life and General Insurance Corp. as Trustee and Treasurer; Mr. Alberto C. Santos, Jr., Business Director of BPI/MS Insurance Corporation; Ms. Eden R. Tesoro, Chief Underwriting Officer of Malayan Insurance Company; Mr. Edgardo D. Rosario, Senior Vice President of UCPB General Insurance Company; Mr. Armand M. Pesigan, Senior Vice President of Pioneer Insurance and Surety Corporation; Mr. Arturo B. Reyes, President and CEO of Sterling Insurance Company, Inc. as Trustees. ​ Retired banker Carmela Leticia "Carlet" A. Pama and former Ateneo Dean and now Ateneo Vice President Rodolfo "Rudy" P. Ang will again be serving PIRA as Independent Directors, while Mr. Michael "Mitch" F. Rellosa and Mr. Rogelio "Roger" J. Concepcion will again serve as Executive Director and General Manager of the Association, respectively. Ms. Generosa "Gigi" Pio de Roda Mr. Daniel "Danny" Go

Website: https://insurtechsummit.wixsite.com/insurtechsummit Facebook Page: https://www.facebook.com/INSURTECHSUMMITPH Facebook Event Page: https://fb.me/e/VlW2ONJ4 LinkedIn Page: https://www.linkedin.com/company/insurtech-summit-ph Eventbrite: https://www.eventbrite.com/.../insurtech-summit-2021... Twitter: https://mobile.twitter.com/Insurtech_Ph INSURTECH SUMMIT 2021 #InsurtechSummit2021 is the Philippines’ first major Insurtech Summit gathering speakers and audiences from around the globe. Happening this January 25 -27, 2021, we are launching the event with the theme: Winning the Digital Wave, giving focus on how the pandemic has been a defining moment to the insurance sector as the challenges it brought pushed for a pivot towards digital innovation and transformation. This 3-day virtual conference will showcase talks from a diverse set of speakers aiming to provide the insurance sector a playbook on how to survive and thrive in these unprecedented times. Get your tickets now at https://bit.ly/34dqGVV Insurtech Summit 2021 is organized by Microinsurance Intermediaries & Practitioners Association of the Philippines (MIPAP) and Impact Advisory Services (IAS) with the support of the Philippines Insurance Commission, Philippine Insurers and Reinsurers Association, Inc. (PIRA, Inc.), Philippine Life Insurance Association Inc. (PLIA), Association of Insurers and Reinsurers of Developing Countries (AIRDC), Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ), and Mutual Exchange Forum on Inclusive Insurance (MEFIN).