Homeland Security subcommittee calls for strengthened cyber insurance roleReprints
Insurer advocates are hailing a U.S. House of Representatives panel's examination of the role cyber insurance can play in risk management.
“We must explore market-driven methods for improving the security of the companies that store our personal information,” said Rep. John Ratcliffe, R-Texas, the chairman of the House Homeland Security Committee's Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies during a hearing on cyber security last week.
“I believe cyber insurance may be one such solution,” he said. “The very process of considering, applying for and maintaining cyber insurance requires entities to assess the security of their systems and examine their own weaknesses and vulnerabilities.”
Rep. Ratcliffe added that “obtaining and maintaining cyber insurance may be a market-driven means of enabling 'all boats to rise,' thereby advancing the security of the nation.”
Tom Finan, a former Department of Homeland Security official who now serves as chief strategy officer at Dulles, Virginia-based consultant Ark Network Security Solutions L.L.C., described what the department found when it conducted an inquiry into the cyber security insurance market beginning in 2012.
“We asked whether cyber security insurance could — as a market force — raise the cyber security 'floor' by getting more critical infrastructure owners to manage their cyber risk better in return for more relevant and hopefully more affordable policies,” he said.
Mr. Finan said that the department's point of reference was the fire insurance market, saying that insurers had been “very successful” in identifying specific fire safety controls that aren't only necessary to get coverage but that are also requirements for getting building permits.
“Our hope was that brokers and underwriters together could help identify the cyber security equivalents of sprinkler and other fire suppression systems,” said Mr. Finan. “What we discovered is that while they may get there one day, they are not there yet.”
Insurers welcomed the hearing.
“PCI applauds the Committee on Homeland Security Subcommittee for holding this important hearing,” said Nat Wienecke, senior vice president of federal government relations in the Washington office of the Property Casualty Insurers Association of America, in a statement issued after the hearing.
“In order for insurers to quickly and effectively meet the needs of the consumers, improvements must be made in the process to approve new cyber policy forms and development of data security standards,” he said. “State and federal regulatory coordination and harmonization among cyber security requirements are in the best interest of the consumers and the insurers. PCI will continue to work with the industry, policymakers, and regulators to develop clear, consistent, and uniform data security and breach standards so that the insurance industry may continue to evolve to meet consumers' cyber insurance needs.”
The hearing “highlighted that cyber security is a dynamic problem requiring flexible solutions to meet the ever-changing threat landscape and that cyber insurance can be part of the answer,” said Wes McClelland, vice president for federal affairs at the Washington-based American Insurance Association in a statement after the hearing. “The cyber insurance market is in the early stages of development, and while it cannot directly stop cyber attacks, cyber insurance can serve as a useful risk transfer tool, help consumers to evaluate their cyber risks and develop more effective cyber practices. AIA looks forward to working with policymakers on this evolving issue as the cyber market continues to develop and grow.”