Cyber-Insurance Metrics and Impact on Cyber-Security
Jump to navigation
Jump to search
Full Title of Reference
Cyber-Insurance Metrics and Impact on Cyber-Security
Full Citation
Larry Clinton, Cyber-Insurance Metrics and Impact on Cyber-Security, Internet Security Alliance (undated). Web
Categorization
- Issues: Insurance
Key Words
Digital Pearl Harbor, insurance, liability policies
Synopsis
This article analyzes the benefits of cyberinsurance over government regulation and discusses problems in the current cyberinsurance market, and suggests a role for government in encouraging data sharing of risk information and providing safe harbors.
Recommendations
- Require government contractors to carry cyber-insurance. Doing this would improve cyber-security among government contractors, with a chance that private industry would adopt a similar requirement, resulting in high cyber-insurance coverage rates and a corresponding increase in cyber-security generally. The regulatory burden of added by such a requirement would be minimal, and the cost to the taxpayer would most likely be low.
- Create a Cyber Safety Act that provides safe harbors or other limitations on cyber-security liability, contingent on reasonable efforts to conform to best practices.
- Establish an antitrust exemption to promote the sharing of information and data relating to cyber-security. This actuarial data would allow the risks and benefits of a particular cyber-insurance policy to be calculated more accurately, allowing insurers to charge lower premiums and allowing and making cyber-insurance more attractive to risk managers. There would be no associated cost to the taxpayer.
- Consider a measure aimed at reducing the fear of a "cyber-hurricane‟ among insurers. The two best options for doing so are providing backstop reinsurance for cyber-insurers, and offering a tax deduction encouraging insurers to increase the capital reserves used to pay out cyber-insurance claims.
Additional Notes and Highlights
Expertise Required: Economics - Low; Law - Low
Outline:
Overview to Cyber-Insurance What is Cyber-Insurance? The Benefits of Cyber-Insurance Advantages over Governmental Regulation Problems with the Market for Cyber-Insurance Legislative Solutions Federal Purchasing Power Cyber Safety Act Encourage Information-Sharing Federal Government as a Reinsurer Insurance Underwriting Standards of Due Care for Network Security Risk General risk of exposure based on company industry and size and business activities Loss History, Years in Business and Financial Condition Third Party Exposure and Outsourcing Network security quality Recommendations