From a risk management point of view, it looks as if the government is off to a good start in 2015. First of all, the terrorism insurance backstop extension was passed quickly — better late than never — and the provision to streamline broker licensing managed to get through on the back of that legislation, which should make life simpler for brokers and hopefully reduce insurance placement costs.

On top of that, last week President Barack Obama signaled that the administration would back legislation to improve cyber security, which is a significant step forward as the president had threatened to veto previous legislation aimed at improving cyber security over privacy concerns.

That veto threat hanging over the Cyber Intelligence Sharing and Protection Act came a couple of years ago — and of course a lot has changed since then.

First, there was the Target Corp. breach in December 2013, which highlighted just how vulnerable large commercial organizations are to cyber attacks and the financial losses that can occur. More recently and more worryingly, the attack on Sony Pictures Entertainment Inc. is proving to be another watershed event in the fast-moving world of cyber security.

The Sony attack gained worldwide attention largely due to the gossipy revelations about various celebrities and their corporate overseers, but it was far more significant on other levels. The attack involved the destruction of data rather than just the dissemination of data, and, if U.S. security officials are right, the attack was orchestrated by North Korea as punishment for Sony's backing of a movie depicting the assassination of Kim Jong Un, the country's head of state — or “supreme leader,” as he likes to style himself.

If the U.S. is right, then clearly there needs to be a new approach to cyber security. It's one thing for corporations to fight against independent hackers working from their basements, but quite another for them to go toe to toe with highly militarized and highly unpredictable nation states.

It's not the first time that the U.S. has accused other nations of orchestrating cyber attacks or cyber espionage efforts against corporations, but the nature of the Sony attack moved to a different level.

While privacy concerns are understandable, as retired Gen. Keith B. Alexander, a former head of cyber command, said at the Property/Casualty Insurance Joint Industry Forum in New York last week, the types of problems that the government and industry face are increasingly the same. So they have to find a way of working together to react to and, to whatever degree possible, stifle the attacks. That means they have to share information.

It is still early, and the details have to be worked through, but let's hope the rest of the year plays out as well as the first couple of weeks in terms of government and industry collaboration on risk management and security concerns.