Cyber Insurances And Their Potential To Get Security More Standardized

In the wake of the recent high profile data breaches, most prominently the attack on the Target Corporation, it is my impression that insurance companies may evolve as an effective driver of securing cyberspace.

While the National Institute for Standards and Technology’s (NIST) cyber security framework encourages organizations non-bindingly to consider and prioritize risks from cyber, proposals for solid legislation undergoing metamorphosis on Capitol Hill address rather breach notification than the implementation of standardized security measures. At the same time, Jason’s post on how Target’s massive data breach has not changed the habits of the population shows that individual “cyber hygiene” may also not be expected to bring about change.

That said, a look into this discussion about liability in data privacy and cyber security of corporations’ directors and officers (D&O) gives an idea about insurance companies’ potential to increase cyber security out of the private sector. Facilitated by finance and business intelligence news outlet Financier Worldwide Magazine (FW) and published in its January 2014 edition, an executive of an insurance broker, a specialist from a cyber security solutions company, and a shareholder at a high-profile litigation law firm, answer insightful questions about

• key risks to D&Os arising from data and security breaches in the US,
• imperatives, challenges and costs associated with mitigating these risks,
• insurance options covering risks arising from cyberspace, and D&O’s awareness about them,
• requirements to obtain cyber liability policies, which may include the demonstration of 

1. meeting or exceeding sector-specific technological requirements and mitigation strategies,
2. due diligence in assessing and controlling third party vendors and business partners,
3. the participation in a “cyber readiness program” offered by different insurers.

This discussion about D&O liability may give an idea of how this part of the private sector, though only a narrow section of the insurance industry, may develop thrust towards a higher standard of cyber security.