Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
By Jimmy H. Koo
March 22 — The cybersecurity insurance market is still in its infancy but greater availability of incident data to strengthen underwriting may encourage further carrier participation, Marsh LLC Senior Vice President Matthew McCabe told a House Homeland Security subcommittee March 22.
Just as purchasing home insurance can incentivize homeowners to invest in protecting their homes, the same could be true for companies looking for cybersecurity insurance, House Cybersecurity, Infrastructure Protection and Security Technologies Subcommittee Chairman John Ratcliffe (R-Texas) said in his prepared opening statement.
The hearing on “The Role of Cyber Insurance in Risk Management” was called to examine the potential opportunities to promote more effective management of cybersecurity risks and adoption of cybersecurity best practices.
During the past decade, the U.S. has witnessed “an astonishing evolution” of cybersecurity risk “that continues to grow in size and sophistication,” McCabe said. Citing a recent cyberattack against a Ukrainian power grid , McCabe said that the threat to critical infrastructure from the “exposure of cyber physical systems has quickly morphed from speculative, to rumored, and now actual events.”
Further, McCabe said, the “incessant stream of data breaches” targeting U.S. companies has increased cybersecurity insurance purchasing in industries that aggregate customer data, including financial institutions, retailers and health-care providers. There's a “double-digit take up rate,” McCabe said. Cybersecurity risks “will become a common coverage area,” he added.
According to McCabe, the benefits of purchasing cybersecurity insurance extend beyond reimbursement for financial loss. “Cyber insurance has evolved into a product that serves as a key touchpoint for an organization to assess its cyber practices and coordinate its incident response plan to cyber incidents,” he said.
Testifying at the same hearing, Health Information Trust Alliance Chief Executive Officer Daniel Nutkis echoed similar sentiments. Cybersecurity insurance is becoming expensive and companies now know that better management of cybersecurity risks mean less premium, he said. “There's a drive to focus on minimizing residual risk,” Nutkis said.
One of the major obstacles that continues to prevent insurers from providing more cybersecurity coverage is the “ongoing lack of actuarial data,” Ark Network Security Solutions Chief Strategy Officer Thomas M. Finan told the subcommittee. There's a lack of “consistent source of raw cyber incident data” that the insurers could use to get their underwriting bearings, Finan said in his prepared statements.
North Dakota Insurance Commissioner Adam W. Hamm agreed.
“Cybersecurity risk remains difficult for insurance underwriters to quantify due in large part to a lack of actuarial data,” he said. In the absence of such data, insurers use qualitative assessments of an applicant's risk management procedures, he explained. From a regulatory perspective, he said, “we would like to see insurers couple these qualitative assessments with robust actuarial data based on actual incident experience.”
Greater availability of cybersecurity incident data could also push the insurance industry to introduce “solutions to close gaps in current coverages and to determine how to best to detect and mitigate future incidents, or to reduce incident response times and facilitate recovery,” according to McCabe.
To contact the reporter on this story: Jimmy H. Koo in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Donald G. Aplin at email@example.com
Further information on the hearing, including links to witness prepared testimony and an archived webcast of the hearing, is available at https://homeland.house.gov/hearing/the-role-of-cyber-insurance-in-risk-management/.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)