Cyber Threats

Heading Off ‘Cybergeddon’

Cyber experts say resistance is futile, but resilience is paramount.
By: | May 8, 2014 • 3 min read

In April’s R&I cover story, Cyber: The New CAT, experts called catastrophic cyber attacks “inevitable” and the prevailing attitude in the C-Suite “denial.”

Jason Healey, director, Atlantic Council’s Cyber Statecraft Initiative, says that in order for organizations to weather the inevitable attacks, the key will be resiliency. “The organizations that fare best,” he said, “will be those that have the size, agility and resilience to bounce back as quickly as possible.” Healey is also author of Beyond Data Breaches: Global Interconnections of Cyber Risk, commissioned by Zurich Insurance Company Ltd. and published in April 2014.


Developing resilience would include conducting exercises, developing response playbooks, increasing funding and grants for large-scale crisis management and developing redundant data storage in case one is compromised.

The tangle of Internet information that companies and countries depend on to function is now so complex, Healey said, that companies and governments can’t manage the risk from within their own four walls. Beyond Data Breaches notes that Internet failures could cascade directly to Internet-connected banks, water systems, cars, medical devices, hydroelectric dams, transformers and power stations.

Like superstorms such as Hurricane Sandy, cyber risks are inevitable and unstoppable, and like the financial crisis of 2008, they can’t be contained, because of organizations’ interconnection and interdependency. The worst-case scenario, stemming from the principle that everything is connected to the Internet and everything connected to the Internet can be hacked, is “Cybergeddon,” where attackers have an overwhelming, dominant and lasting advantage over defenders.

Even now, Healey said, attackers have the advantage. The Internet’s original weakness — that it was built for trust, not security — perpetuates defenders’ vulnerability. “Some ‘serious’ thinkers suggest we should start over” rather than try to retrofit an Internet so flawed by weak security as to threaten every user, he said, despite the impracticality of a do-over.

Second, Healey said, defenders have to be right every time, and attackers have to be right only once.

Third, technology evolves very quickly, and most people don’t understand it well enough to lock out intruders. “Every time we figure out what we’re supposed to be doing right, the technology has moved on and once again we don’t know how to properly secure our data,” Healey said.

Software is still poorly written and so insecure that “a couple of kids in a garage” can hack into corporate and government systems just for a naughty thrill. “Bad guys” with theft or sabotage on their minds can work their mischief behind a veil of anonymity. “The Internet almost encourages bad behavior because of the anonymity involved,” Healey said.

Companies, governments and risk managers should shift the drumbeat from resistance to resilience, and to expand cyber risk management from individual organizations to a resilient and responsive Internet system, Healey said. For systemic risk management, Beyond Data Breaches recommends:

  • Putting the private sector at the center, not the periphery, of cyber risk efforts, since they have the advantage in agility and subject matter expertise.
  • Advertisement

  • Using monetary or in-kind grants to fund effective but underfunded non-government groups already involved in minimizing the frequency and intensity of attacks. Governments and others with system-wide concerns (such as internet service providers and software and hardware vendors) should advocate for this research.
  • Borrowing ideas from the finance sector. This could include examination of “too big to fail” issues of governance and recognition of global significantly important internet organizations.
Susannah Levine writes about health care, education and technology. She can be reached at [email protected]

Risk Management

The Profession

Janet Sheiner, VP of risk management and real estate at AMN Healthcare Services Inc., sees innovation as an answer to fast-evolving and emerging risks.
By: | March 5, 2018 • 4 min read

R&I: What was your first job?

As a kid, bagging groceries. My first job out of school, part-time temp secretary.

R&I: How did you come to work in risk management?

Risk management picks you; you don’t necessarily pick it. I came into it from a regulatory compliance angle. There’s a natural evolution because a lot of your compliance activities also have the effect of managing your risk.

R&I: What is the risk management community doing right?


There’s much benefit to grounding strategic planning in an ERM framework. That’s a great innovation in the industry, to have more emphasis on ERM. I also think that risk management thought leaders are casting themselves more as enablers of business, not deterrents, a move in the right direction.

R&I: What could the risk management community be doing a better job of?

Justified or not, risk management functions are often viewed as the “Department of No.” We’ve worked hard to cultivate a reputation as the “Department of Maybe,” so partners across the organization see us as business enablers. That reputation has meant entertaining some pretty crazy ideas, but our willingness to try and find a way to “yes” tempered with good risk management has made all the difference.

Janet Sheiner, VP, Risk Management & Real Estate, AMN Healthcare Services Inc.

R&I: What was the best location and year for the RIMS conference and why?

San Diego, of course!  America’s Finest City has the infrastructure, Convention Center, hotels, airport and public transportation — plus you can’t beat our great weather! The restaurant scene is great, not to mention those beautiful coastal views.

R&I: What’s been the biggest change in the risk management and insurance industry since you’ve been in it?

The emergence of risk management as a distinct profession, with four-year degree programs and specific academic curriculum. Now I have people on my team who say their goal is to be a risk manager. I said before that risk management picks you, but we’re getting to a point where people pick it.

R&I: What emerging commercial risk most concerns you?


The commercial insurance market’s ability to innovate to meet customer demand. Businesses need to innovate to stay relevant, and the commercial market needs to innovate with us.  Carriers have to be willing to take on more risk and potentially take a loss to meet the unique and evolving risks companies are facing.

R&I: Of which insurance carrier do you have the highest opinion?

Beazley. They have been an outstanding partner to AMN. They are responsive, flexible and reasonable.  They have evolved with us. They have an appreciation for risk management practices we’ve organically woven into our business, and by extension, this makes them more comfortable with taking on new risks with us.

R&I: Are you optimistic or pessimistic about the U.S. health care industry and why?

I am very optimistic about the health care industry. We have an aging population with burgeoning health care needs, coupled with a decreasing supply of health care providers — that means we have to get smarter about how we manage health care. There’s a lot of opportunity for thought leaders to fill that gap.

R&I: Who is your mentor and why?

Professionally, AMN Healthcare General Counsel, Denise Jackson, has enabled me to do the best work I’ve ever done, and better than I thought I could do.  Personally, my husband Andrew, a second-grade teacher, who has a way of putting things into a human perspective.

R&I: What have you accomplished that you are proudest of?

In my early 20s, I set a goal for the “corner office.” I achieved that when I became vice president.  I received a ‘Values in Practice’ award for trust at AMN. The nomination came from team members I work with every day, and I was incredibly humbled and honored.

R&I: What is your favorite book or movie?

The noir genre, so anything by Raymond Chandler in books. For movies,  “Double Indemnity,” the 1944 Billy Wilder classic, with insurance at the heart of it!

R&I: What is your favorite drink?


Clean water. Check out for how to help people enjoy clean, safe water.

R&I: What’s the best restaurant at which you’ve eaten?

Liqun Roast Duck Restaurant in Beijing.

R&I: What is the most unusual/interesting place you have ever visited?

China. See favorite restaurant above. This restaurant had been open for 100 years in that location. It didn’t exactly have an “A” rating, and it was probably not a place most risk managers would go to.

R&I: What is the riskiest activity you ever engaged in?

Eating that duck at Liqun!

R&I: If the world has a modern hero, who is it and why?

Dr. Seuss who, in response to a 1954 report in Life magazine, worked to reduce illiteracy among school children by making children’s books more interesting. His work continues to educate and entertain children worldwide.

R&I: What do your friends and family think you do?

They’re not really sure!

Katie Dwyer is an associate editor at Risk & Insurance®. She can be reached at [email protected]