Global cyber security falls short on public and private fronts

The private sector should become more actively involved in addressing the inadequate global cyber governance framework, Zurich Insurance Group Ltd. said in a report issued Monday.

A “comprehensive and functional regime of global cyber security governance is clearly lacking,” according to the report, “Risk Nexus, Global Cyber Governance: Preparing for New Business Risks,” which was released at the Risk & Insurance Management Society Inc.'s annual conference in New Orleans.

While it is “relatively effective” on the more technical aspects of network systems' proper functioning, effective global governance is lacking with regard to cyber warfare issues, such as interstate terrorism and espionage, or cyber attacks on critical infrastructure for political purposes, the report says.

The report calls for incentives to align public and private sector interests. “Such incentives should encourage the expansion of partnerships and agreements — including between businesses, technical experts, and military, legal, and governmental state authorities,” says the report.

The report also recommends that businesses should get financial incentives to invest in cyber security.

Commenting on the report, Mike Kerner, Zurich-based CEO of general insurance for the insurer, said cyber corporate governance “is not something that's up to speed in terms of being able to handle all the emerging technology” and its associated risks.

Private-public cooperation “is a critical piece of the puzzle,” he said. Mr. Kerner said he was “quite pleased” with cyber legislation that was approved by the House of Representatives last week, which would provide some protection for companies when they share information about cyber threats.