サイバー保険の現状と今後の課題
日時:3月15日(木)13:20-15:20
会場:第4イベント会場(56号館 101)
会場:第4イベント会場(56号館 101)
【セッション概要】ランサムウェアや情報漏洩事件などの報道に見られるように近年のサイバー攻撃を完全に防ぐことは難しく,侵入されてしまうことも前提とし如何に侵入の事実に早く気付き,その後の対応を取っていくかということが重要になってきている.また自動車保険や火災保険などと比べると認知度はまだ低いが,このような事業継続性を揺るがすサイバーリスクへの取り組み方としてサイバー保険なるものが注目を集めてきている.そこでサイバー保険の現状について詳しい方々にご講演いただき,今後の課題とサイバー保険分野において必要とされる技術,人材などについての情報を共有するとともに,サイバー保険関係者らとセキュリティ研究者/技術者らの意見交換ができる場を提供する.
| 司会:西出 隆志 (筑波大学 准教授) | |
 | 【略歴】2009年九州大学大学院システム情報科学研究院助教を経て,2013年より筑波大学システム情報系准教授.暗号技術と情報セキュリティの研究・教育に従事.博士(工学). |
| 13:20-13:25 オープニング |
| 13:25-14:05 講演(1) How to deal with the “residual” Cyber Risk? A multi-effect approach - Cyber Insurance | |
| 【講演概要】In today’s rapidly changing technological environment it is extremely difficult to completely prevent cyber-attacks from a technical security standpoint. This is easily observable through reported security breaches and incidents happening across all industries. Risk associated with cyber-attack is considered as one of the most challenging issues and is resulting in serious impacts to corporate business. It is widely recognized that cyber-security has become, and continues to increase in importance, as a management issue from the viewpoint of corporate strategy. Certainly on one side, investment in technical cyber-security countermeasures and practices is important and on the other side, risk managers must find solutions to cope with residual cyber-security risk. In this talk, we will initially explain the basic concept of cyber insurance. We will summarize the background and history for cyber insurance development, its basic terms, and the process, while highlighting the unique aspects of cyber insurance in comparison to other insurance products. Then, we will explain the relationship between our cyber security risk assessment model and the technical underwriting process. We will show you how your investment in cyber-security technology increases your eligibility to qualify for better coverage and results in cost reduction when purchasing cyber insurance. Clarifying the scope of cyber insurance cover will help you understand its advantages; furthermore, understanding the scope of cover provides organizations new insight and incentive to increase focus on measures to prevent and transfer the cybersecurity risk. Ultimately this comprehensive approach increases defense against cyber-attacks and reduces negative impact on the business even if some defenses prove not strong enough. At last, we will provide overview of the market both inside and outside of Japan and conclude this talk with the highlighting of existing issues for further development of the cyber insurance industry. | |
| Philipp Lienau (HDI Global SE保険会社 Casualty Guidance Product Manager E&O and Cyber) | |
 | 【略歴】Philipp Lienau has worked for HDI for more than 15 years, and has been responsible for the E&O product management in the head office for many years. This area encompasses the traditional E&O Liability Insurance as well as special insurances like Cyber, Tech/IT E&O, Employment Practices Liability Insurance and cost overrun / clean-up policies domestically or internationally. He is active in risk research and product development and acts as a speaker and instructor in in- and external conferences and seminars. The global development and re-development of the cyber insurance “HDI Cyber+” is a part of his function. Additionally, he is a member of the committees for IT Companies as well as Employment Practices Liability of the Liability Underwriting Commission of the German Insurance Association (GDV). |
| 趙 方明 (HDI Global SE保険会社 引受統括部 Cyber Underwriter) | |
 | 【略歴】Fangming Zhao received a B.S. degree in computer science, an M.S. degree and a Dr.E. degree in the research areas of information security and applied cryptography. From 2008 to 2017, he had worked at Toshiba Corporation as a research scientist and a security architect on the topics of cybersecurity and applied cryptography in various areas such as industrial control systems, smart grid, Internet of Things, cloud computing & cloud storage systems, P2P network systems, etc. Since July 2017 he joined HDI Global SE of Talanx Group, Germany's third-largest and one of the major European insurance groups, as a Cyber underwriter and now he works on the cyber insurance, “HDI Cyber+”, especially for the Japanese market. |
| 14:05-14:45 講演(2) 企業からみた現行サイバー保険の難しさと新たな需要 | |
| 大西 克美 (日本アイ・ビー・エム株式会社 理事) | |
| 【講演概要】企業にとってサイバーリスクは経営レベルの大きな経営課題であり,全社的な対策に苦慮している企業が多い.しかしながら,サイバー保険の活用度は高いとは言い難い.本セッションでは,企業の期待値と保険を提供するセキュリティ・ベンダーのギャップを整理する.実際,攻撃が多様化し,企業の期待は単に金銭的補償だけではなく,CSIRT(Computer Security Incident Response Team)に代表されるような専門家の派遣による早期問題解決への支援と広がってきている.また補償の対象も,従来の顧客データ,データセンターのサーバーだけではなく,自動運転システムやFinTechアプリケーションのようなものまで求められている.この新しい企業の要求に対して,学術的アプローチによるリスクの可視化手法,若い人材育成による企業体力の底上げ,次世代に要求されるサイバー保険の外観について考察を行う. | |
 | 【略歴】2000年前半より,ITセキュリティの専門家として金融機関向けのコンサルティング及びアーキテクチャ設計,製造業に対するIoTシステムの製品開発の設計支援,セキュリティ要件書の作成,レビューを担当.社内ではグローバルコミュニティのリーダーとして,全社戦略への提言,人材の育成,製品レビューをリード.現在,日本アイ・ビー・エムのセキュリティの第一人者として社内外で活躍中.JEITAプログラムの一環として,複数の大学に講義を提供中.IPSJ正会員. |
| 14:45-15:20 パネル討論 サイバー保険の現状と今後のあり方について | |
| 【討論概要】サイバー保険における被保険者のCyber Risk Assessmentと保険料の関係,どのように被害認定し補償金額が決定されるのか,海外と日本での運用や適用範囲の違い,今後の更なる適切な運用のためにどのような技術が必要とされていくのか,などセキュリティ研究の学術界ではあまり広く知られていない実態について広く情報交換し,今後のサイバー保険のあり方について議論する. | |
| パネル司会:西出 隆志 (筑波大学 准教授) | |
| 【略歴】2009年九州大学大学院システム情報科学研究院助教を経て,2013年より筑波大学システム情報系准教授.暗号技術と情報セキュリティの研究・教育に従事.博士(工学). |
| パネリスト:大西 克美 (日本アイ・ビー・エム株式会社 理事) | |
| 【略歴】2000年前半より,ITセキュリティの専門家として金融機関向けのコンサルティング及びアーキテクチャ設計,製造業に対するIoTシステムの製品開発の設計支援,セキュリティ要件書の作成,レビューを担当.社内ではグローバルコミュニティのリーダーとして,全社戦略への提言,人材の育成,製品レビューをリード.現在,日本アイ・ビー・エムのセキュリティの第一人者として社内外で活躍中.JEITAプログラムの一環として,複数の大学に講義を提供中.IPSJ正会員. |
| パネリスト:Philipp Lienau (HDI Global SE保険会社 Casualty Guidance Product Manager E&O and Cyber) | |
| 【略歴】Philipp Lienau has worked for HDI for more than 15 years, and has been responsible for the E&O product management in the head office for many years. This area encompasses the traditional E&O Liability Insurance as well as special insurances like Cyber, Tech/IT E&O, Employment Practices Liability Insurance and cost overrun / clean-up policies domestically or internationally. He is active in risk research and product development and acts as a speaker and instructor in in- and external conferences and seminars. The global development and re-development of the cyber insurance “HDI Cyber+” is a part of his function. Additionally, he is a member of the committees for IT Companies as well as Employment Practices Liability of the Liability Underwriting Commission of the German Insurance Association (GDV). |
| パネリスト:趙 方明 (HDI Global SE保険会社 引受統括部 Cyber Underwriter) | |
| 【略歴】Fangming Zhao received a B.S. degree in computer science, an M.S. degree and a Dr.E. degree in the research areas of information security and applied cryptography. From 2008 to 2017, he had worked at Toshiba Corporation as a research scientist and a security architect on the topics of cybersecurity and applied cryptography in various areas such as industrial control systems, smart grid, Internet of Things, cloud computing & cloud storage systems, P2P network systems, etc. Since July 2017 he joined HDI Global SE of Talanx Group, Germany's third-largest and one of the major European insurance groups, as a Cyber underwriter and now he works on the cyber insurance, “HDI Cyber+”, especially for the Japanese market. |
