Cyber-Insurance Metrics and Impact on Cyber-Security

From Cybersecurity Wiki
Jump to navigation Jump to search

Full Title of Reference

Cyber-Insurance Metrics and Impact on Cyber-Security

Full Citation

Larry Clinton, Cyber-Insurance Metrics and Impact on Cyber-Security, Internet Security Alliance (undated). Web



Key Words

insurance, liability policies


Analyzes the benefits of cyberinsurance over government regulation and discusses problems in the current cyberinsurance market. Suggests a role for government in encouraging data sharing of risk information and providing safe harbors.


  • Require government contractors to carry cyber-insurance. Doing this would improve cyber-security among government contractors, with a chance that private industry would adopt a similar requirement, resulting in high cyber-insurance coverage rates and a corresponding increase in cyber-security generally. The regulatory burden of added by such a requirement would be minimal, and the cost to the taxpayer would most likely be low.
  • Create a Cyber Safety Act that provides safe harbors or other limitations on cyber-security liability, contingent on reasonable efforts to conform to best practices.
  • Establish an antitrust exemption to promote the sharing of information and data relating to cyber-security. This actuarial data would allow the risks and benefits of a particular cyber-insurance policy to be calculated more accurately, allowing insurers to charge lower premiums and allowing and making cyber-insurance more attractive to risk managers. There would be no associated cost to the taxpayer.
  • Consider a measure aimed at reducing the fear of a "cyber-hurricane‟ among insurers. The two best options for doing so are providing backstop reinsurance for cyber-insurers, and offering a tax deduction encouraging insurers to increase the capital reserves used to pay out cyber-insurance claims.

Additional Notes and Highlights