Cyber-Insurance Metrics and Impact on Cyber-Security: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 16: | Line 16: | ||
==Synopsis== | ==Synopsis== | ||
Analyzes the benefits of cyberinsurance over government regulation and discusses problems in the current cyberinsurance market. Suggests a role for government in encouraging data sharing of risk information and providing safe harbors. | |||
===Recommendations=== | |||
* Require government contractors to carry cyber-insurance. Doing this would improve cyber-security among government contractors, with a chance that private industry would adopt a similar requirement, resulting in high cyber-insurance coverage rates and a corresponding increase in cyber-security generally. The regulatory burden of added by such a requirement would be minimal, and the cost to the taxpayer would most likely be low. | |||
* Create a Cyber Safety Act that provides safe harbors or other limitations on cyber-security liability, contingent on reasonable efforts to conform to best practices. | |||
* Establish an antitrust exemption to promote the sharing of information and data relating to cyber-security. This actuarial data would allow the risks and benefits of a particular cyber-insurance policy to be calculated more accurately, allowing insurers to charge lower premiums and allowing and making cyber-insurance more attractive to risk managers. There would be no associated cost to the taxpayer. | |||
* Consider a measure aimed at reducing the fear of a "cyber-hurricane‟ among insurers. The two best options for doing so are providing backstop reinsurance for cyber-insurers, and offering a tax deduction encouraging insurers to increase the capital reserves used to pay out cyber-insurance claims. | |||
==Additional Notes and Highlights== | ==Additional Notes and Highlights== | ||
Revision as of 10:41, 24 June 2010
Full Title of Reference
Cyber-Insurance Metrics and Impact on Cyber-Security
Full Citation
Larry Clinton, Cyber-Insurance Metrics and Impact on Cyber-Security, Internet Security Alliance (undated). Web
Categorization
- Issues: Insurance
Key Words
insurance, liability policies
Synopsis
Analyzes the benefits of cyberinsurance over government regulation and discusses problems in the current cyberinsurance market. Suggests a role for government in encouraging data sharing of risk information and providing safe harbors.
Recommendations
- Require government contractors to carry cyber-insurance. Doing this would improve cyber-security among government contractors, with a chance that private industry would adopt a similar requirement, resulting in high cyber-insurance coverage rates and a corresponding increase in cyber-security generally. The regulatory burden of added by such a requirement would be minimal, and the cost to the taxpayer would most likely be low.
- Create a Cyber Safety Act that provides safe harbors or other limitations on cyber-security liability, contingent on reasonable efforts to conform to best practices.
- Establish an antitrust exemption to promote the sharing of information and data relating to cyber-security. This actuarial data would allow the risks and benefits of a particular cyber-insurance policy to be calculated more accurately, allowing insurers to charge lower premiums and allowing and making cyber-insurance more attractive to risk managers. There would be no associated cost to the taxpayer.
- Consider a measure aimed at reducing the fear of a "cyber-hurricane‟ among insurers. The two best options for doing so are providing backstop reinsurance for cyber-insurers, and offering a tax deduction encouraging insurers to increase the capital reserves used to pay out cyber-insurance claims.