Internet Security Alliance (ISA) President Larry Clinton praised The Treasury Department's announced of a new Federal Advisory Committee on cyber Insurance. The Committee will meet for the first time next month to discuss cybersecurity insurance as a way to encourage and incentivize industry to develop and follow best practices in cybersecurity.
“ISA first testified before Congress urging the use of insurance as a market incentive to promote better cyber security in 2004. Insurance companies are far better suited for quickly adapting their underwriting standards and practices to evolving cyber threats than regulatory agencies. In addition insurance companies can reward good cyber behavior by only agreeing to underwrite companies practicing appropriate levels of security and offering discounts, as they do for health and car insurance, for those who do a superior job, Clinton said.
"The real problem is that although the "third party" cyber insurance market, which basically compensates companies for minor costs like setting up call centers and sending out breach notices has grown dramatically, the "first party market" which would insure for things like loss of service such as that offered by critical infrastructure has not grown substantially, Clinton noted. “Treasury Department’s initiative which brings together an all-star team of experts in the field is a much needed effort to get our government and industry working together to solve a true national problem," Clinton said.
There has been a drumbeat calling for more action in this area going back several years. Cyber insurance was prominently featured in ISA’s Social Contract for Cyber Security in 2008 which was the first and most often cited source in President Obama's "Cyber Space Policy Review" which led to the President's Executive Order. In addition, former White House cyber czar Howard Schmidt asked ISA to organize a multi stake-holder conference on cyber insurance during the first Obama administration and cyber insurance is prominently recommended in the Cyber Security Handbook for corporate boards published by the National Association of Corporate Directors and endorsed by DHS. However, “the current Treasury effort is the most aggressive step toward creating market incentives since the President announced his Ex Order and demonstrates US leadership on the world stage for cyber security by highlighting how incentives can and should be used as opposed to the outmoded regulatory models that are still being considered in Europe” said Clinton.
Link to Treasury Announcement: https://www.federalregister.gov/articles/2014/10/21/2014-24990/open-meeting-of-the-federal-advisory-committee-on-insurance