Difference between revisions of "Cyber-Insurance Metrics and Impact on Cyber-Security"

From Cybersecurity Wiki
Jump to navigation Jump to search
Line 29: Line 29:
  
 
Outline:
 
Outline:
 +
  Overview to Cyber-Insurance
 +
    What is Cyber-Insurance?
 +
    The Benefits of Cyber-Insurance
 +
    Advantages over Governmental Regulation
 +
    Problems with the Market for Cyber-Insurance
 +
  Legislative Solutions
 +
    Federal Purchasing Power
 +
    Cyber Safety Act
 +
    Encourage Information-Sharing
 +
    Federal Government as a Reinsurer
 +
    Insurance Underwriting
 +
  Standards of Due Care for Network Security Risk
 +
    General risk of exposure based on company industry and size and business activities
 +
    Loss History, Years in Business and Financial Condition
 +
    Third Party Exposure and Outsourcing
 +
    Network security quality
 +
  Recommendations

Revision as of 16:08, 2 August 2010

Full Title of Reference

Cyber-Insurance Metrics and Impact on Cyber-Security

Full Citation

Larry Clinton, Cyber-Insurance Metrics and Impact on Cyber-Security, Internet Security Alliance (undated). Web

BibTeX

Categorization

Key Words

Digital Pearl Harbor, insurance, liability policies

Synopsis

This article analyzes the benefits of cyberinsurance over government regulation and discusses problems in the current cyberinsurance market, and suggests a role for government in encouraging data sharing of risk information and providing safe harbors.

Recommendations

  • Require government contractors to carry cyber-insurance. Doing this would improve cyber-security among government contractors, with a chance that private industry would adopt a similar requirement, resulting in high cyber-insurance coverage rates and a corresponding increase in cyber-security generally. The regulatory burden of added by such a requirement would be minimal, and the cost to the taxpayer would most likely be low.
  • Create a Cyber Safety Act that provides safe harbors or other limitations on cyber-security liability, contingent on reasonable efforts to conform to best practices.
  • Establish an antitrust exemption to promote the sharing of information and data relating to cyber-security. This actuarial data would allow the risks and benefits of a particular cyber-insurance policy to be calculated more accurately, allowing insurers to charge lower premiums and allowing and making cyber-insurance more attractive to risk managers. There would be no associated cost to the taxpayer.
  • Consider a measure aimed at reducing the fear of a "cyber-hurricane‟ among insurers. The two best options for doing so are providing backstop reinsurance for cyber-insurers, and offering a tax deduction encouraging insurers to increase the capital reserves used to pay out cyber-insurance claims.

Additional Notes and Highlights

Expertise Required: Economics - Low; Law - Low

Outline:

 Overview to Cyber-Insurance
   What is Cyber-Insurance?
   The Benefits of Cyber-Insurance
   Advantages over Governmental Regulation
   Problems with the Market for Cyber-Insurance
 Legislative Solutions
   Federal Purchasing Power
   Cyber Safety Act
   Encourage Information-Sharing
   Federal Government as a Reinsurer
   Insurance Underwriting
 Standards of Due Care for Network Security Risk
   General risk of exposure based on company industry and size and business activities
   Loss History, Years in Business and Financial Condition
   Third Party Exposure and Outsourcing
   Network security quality
 Recommendations