Difference between revisions of "Cyber-Insurance Metrics and Impact on Cyber-Security"

From Cybersecurity Wiki
Jump to: navigation, search
Line 16: Line 16:
  
 
==Synopsis==
 
==Synopsis==
Analyzes the benefits of cyberinsurance over government regulation and discusses problems in the current cyberinsurance market.  Suggests a role for government in encouraging data sharing of risk information and providing safe harbors.
+
This article analyzes the benefits of cyberinsurance over government regulation and discusses problems in the current cyberinsurance market, and suggests a role for government in encouraging data sharing of risk information and providing safe harbors.
  
 
===Recommendations===
 
===Recommendations===
Line 26: Line 26:
  
 
==Additional Notes and Highlights==
 
==Additional Notes and Highlights==
 +
Expertise Required: Economics - Low; Law - Low
 +
 +
Outline:

Revision as of 15:10, 2 August 2010

Full Title of Reference

Cyber-Insurance Metrics and Impact on Cyber-Security

Full Citation

Larry Clinton, Cyber-Insurance Metrics and Impact on Cyber-Security, Internet Security Alliance (undated). Web

BibTeX

Categorization

Key Words

Digital Pearl Harbor, insurance, liability policies

Synopsis

This article analyzes the benefits of cyberinsurance over government regulation and discusses problems in the current cyberinsurance market, and suggests a role for government in encouraging data sharing of risk information and providing safe harbors.

Recommendations

  • Require government contractors to carry cyber-insurance. Doing this would improve cyber-security among government contractors, with a chance that private industry would adopt a similar requirement, resulting in high cyber-insurance coverage rates and a corresponding increase in cyber-security generally. The regulatory burden of added by such a requirement would be minimal, and the cost to the taxpayer would most likely be low.
  • Create a Cyber Safety Act that provides safe harbors or other limitations on cyber-security liability, contingent on reasonable efforts to conform to best practices.
  • Establish an antitrust exemption to promote the sharing of information and data relating to cyber-security. This actuarial data would allow the risks and benefits of a particular cyber-insurance policy to be calculated more accurately, allowing insurers to charge lower premiums and allowing and making cyber-insurance more attractive to risk managers. There would be no associated cost to the taxpayer.
  • Consider a measure aimed at reducing the fear of a "cyber-hurricane‟ among insurers. The two best options for doing so are providing backstop reinsurance for cyber-insurers, and offering a tax deduction encouraging insurers to increase the capital reserves used to pay out cyber-insurance claims.

Additional Notes and Highlights

Expertise Required: Economics - Low; Law - Low

Outline: