You might say that rapid and efficient movement of information is the lifeblood of the insurance business. In the simplest terms, customers file claims, and providers and their partners evaluate data to make a decision. Providing financial information and personal identifiable information is standard protocol.
Data security, therefore, will make or break an insurance business – a fact not lost on Rich Baich, global chief information security officer for AIG.
Now two years into his tenure at AIG, Baich is responsible for developing, implementing, and operating an information security strategy to address AIG’s cyber risks, including protecting AIG’s data and managing cybersecurity related risks, while enabling all major business functions. He rebuilt the security practice at AIG – seen now as an expert in information security throughout the global organization even after his relatively brief tenure.
Key to his tactics is simplification. Baich stripped complexity from the information security technology stack and expanded security tool coverage across the company, as well as into non-IT integrated entities, to provide greater visibility into the global AIG environment. He also deployed a breach and attack simulation tool to imitate the latest attack methods and conduct periodic response testing and collaboration exercises to test AIG’s capabilities to detect and react to cyber-attacks.
“Rich is a recognized security leader with extensive expertise in information security, risk management, privacy and technology deployment,” said John Repko, AIG’s executive vice president and chief information officer about Baich upon his joining the company in April 2019. “His contributions, given his global experience and track record of innovation and business collaboration, are highly valued as we continue to develop and implement information security strategies designed to enhance the security of AIG and its policyholders."
Prior to joining AIG, Rich was the CISO for Wells Fargo, overseeing the information security strategy and governance, security engineering, line-of-business engagement, and cyber defense and monitoring for the organization. He also served previously as principal at Deloitte & Touche, where he led the Global Cyber Threat and Vulnerability Management practice. Baich also served in the U.S. Navy for more than 20 years, and was a naval information warfare officer for the National Security Agency. After 9/11 he was special assistant to the deputy director for the National Infrastructure Protection Center at the Federal Bureau of Investigation.
“Special forces in the military train with live bullets shooting around them, so when and if they're in the time of battle, they're not ducking and covering because of these loud banging noises,” Baich told American Banker in 2017, when serving as Wells Fargo's CISO. “A cyber range is the same thing — your machine is actually being attacked. It’s no longer theoretical.”