Difference between revisions of "Cyber-Insurance Metrics and Impact on Cyber-Security"

From Cybersecurity Wiki
Jump to navigation Jump to search
Line 16: Line 16:
  
 
==Synopsis==
 
==Synopsis==
 +
Analyzes the benefits of cyberinsurance over government regulation and discusses problems in the current cyberinsurance market.  Suggests a role for government in encouraging data sharing of risk information and providing safe harbors.
  
 +
===Recommendations===
  
 +
* Require government contractors to carry cyber-insurance. Doing this would improve cyber-security among government contractors, with a chance that private industry would adopt a similar requirement, resulting in high cyber-insurance coverage rates and a corresponding increase in cyber-security generally. The regulatory burden of added by such a requirement would be minimal, and the cost to the taxpayer would most likely be low.
 +
* Create a Cyber Safety Act that provides safe harbors or other limitations on cyber-security liability, contingent on reasonable efforts to conform to best practices.
 +
* Establish an antitrust exemption to promote the sharing of information and data relating to cyber-security. This actuarial data would allow the risks and benefits of a particular cyber-insurance policy to be calculated more accurately, allowing insurers to charge lower premiums and allowing and making cyber-insurance more attractive to risk managers. There would be no associated cost to the taxpayer.
 +
* Consider a measure aimed at reducing the fear of a "cyber-hurricane‟ among insurers. The two best options for doing so are providing backstop reinsurance for cyber-insurers, and offering a tax deduction encouraging insurers to increase the capital reserves used to pay out cyber-insurance claims.
  
 
==Additional Notes and Highlights==
 
==Additional Notes and Highlights==

Revision as of 14:41, 24 June 2010

Full Title of Reference

Cyber-Insurance Metrics and Impact on Cyber-Security

Full Citation

Larry Clinton, Cyber-Insurance Metrics and Impact on Cyber-Security, Internet Security Alliance (undated). Web

BibTeX

Categorization

Key Words

insurance, liability policies

Synopsis

Analyzes the benefits of cyberinsurance over government regulation and discusses problems in the current cyberinsurance market. Suggests a role for government in encouraging data sharing of risk information and providing safe harbors.

Recommendations

  • Require government contractors to carry cyber-insurance. Doing this would improve cyber-security among government contractors, with a chance that private industry would adopt a similar requirement, resulting in high cyber-insurance coverage rates and a corresponding increase in cyber-security generally. The regulatory burden of added by such a requirement would be minimal, and the cost to the taxpayer would most likely be low.
  • Create a Cyber Safety Act that provides safe harbors or other limitations on cyber-security liability, contingent on reasonable efforts to conform to best practices.
  • Establish an antitrust exemption to promote the sharing of information and data relating to cyber-security. This actuarial data would allow the risks and benefits of a particular cyber-insurance policy to be calculated more accurately, allowing insurers to charge lower premiums and allowing and making cyber-insurance more attractive to risk managers. There would be no associated cost to the taxpayer.
  • Consider a measure aimed at reducing the fear of a "cyber-hurricane‟ among insurers. The two best options for doing so are providing backstop reinsurance for cyber-insurers, and offering a tax deduction encouraging insurers to increase the capital reserves used to pay out cyber-insurance claims.

Additional Notes and Highlights