Carmelina Borsellino is vice president and chief engineer at FM Global, one of the world’s largest commercial and industrial property insurers. Prior to her current role, she served as vice president and manager of cyber hazards for the company.
Borsellino is responsible for ensuring that the loss prevention solutions the company provides its policyholders are cost-effective and reliably address the most critical property-related risks that could impact clients’ business continuity.
Borsellino joined FM Global in 1986 as a loss prevention consultant and has since held various positions of increasing responsibility throughout the company. She holds a bachelor’s degree in building engineering from Concordia University in Canada.
PBN: What led FM Global to develop its new cyber risk assessment, customer demand or the company’s understanding of the changing nature of risk?
BORSELLINO: It’s a combination of evolving cyber hazards and clients seeking solutions to address their exposure. From an insurance perspective, FM Global has been providing clients broad, first-party property cyber insurance since the early 2000s. However, cyber coverage alone, even if it’s market leading like ours, is no longer enough.
It’s crucial for clients to understand, manage and mitigate their risk because cyberattacks can ultimately affect a company’s bottom line and reputation. Organizations are now looking to their enterprise risk management teams – not their [information technology] departments – to manage the risk. That’s where our expertise in loss prevention engineering can add great value.
PBN: In developing its cyber hazards team, FM Global has hired security experts from business and national defense enterprises. How does experience in the defense sector inform the team’s work?
BORSELLINO: We’ve hired experienced cybersecurity consultants around the world from a wide variety of fields. That diversity makes our team stronger because their varied backgrounds help to inform one another. That team plays a major role in helping our clients better assess their risk and be able to address it.
PBN: FM Global is known around the world for its engineering and research expertise in fire risk, natural hazards and equipment breakdown. Do cyber hazards join those areas as pillars of the company’s offerings? If so, why?
BORSELLINO: As a company, we’ve been addressing cyber risk since the early 2000s. Likewise, FM Global has been addressing emerging risk with its loss prevention and insurance offerings since the company was founded in Rhode Island nearly 200 years ago. While business risks [such as] fire and natural disasters still are common, today a well-orchestrated cyberattack today could lead to property-related losses stemming from a fire, explosion or outage that could damage a production line or manufacturing process.
So, we need to continue evolving our cyber offerings, which is why we’ve created the cyber risk assessment. As with more traditional property risks, FM Global is staying true to our proven, science-based approach to leverage engineering and research to help clients prevent property loss, no matter what caused it.
PBN: FM Global works with the largest companies across the globe. Is the cyber risk assessment something that will open new markets for the company, say with smaller businesses?
BORSELLINO: Cyber risk is evolving and the sophistication of attacks is increasing. No one is immune from the exposure. Our cyber risk assessment will add value to all our clients regardless of the size of their organizations. While most of FM Global’s clients are large multinational-size organizations actively working to address their cyber exposure, we are finding a number of companies in the middle market are also looking for guidance to help them assess their cyber risk because they have smaller staffs and fewer resources.
FM Global also will remain focused on property risk. Our engineering offerings and cyber insurance comes standard for all our policyholders.
PBN: How is the threat posed by cyber risks evolving? What do you see as the next frontier in protection for companies?
BORSELLINO: Addressing cyber risks was once just about protecting data. There’s now a shift from cyberattacks focused on theft of information to attacks whose aim [is] to disrupt/interrupt operations.
Today, companies should look to protect industrial control systems, machinery, robots and other critical equipment that is often connected to the internet but wasn’t designed for such purposes originally. That, along with unauthorized access to such systems, presents new business exposures. Fortunately, businesses can choose to be resilient and drive out risk.
Mark S. Murphy is the editor of Providence Business News.