Recognizing that collaboration between the public and private sectors is needed to address the ever-increasing cybersecurity crisis, the United States federal government has recently shown its support to the insurance industry to help deliver optimal cyber insurance solutions to the marketplace.
Cybersecurity Insurance Website
The new Cybersecurity Insurance website, recently announced by Tom Finan, Senior Cybersecurity Strategist and Counsel at the Department of Homeland Security, and a white paper discussing the benefits of a proposed cyber incident data repository, show the positive results of this collaboration.
The website provides a compendium of information and resources representing many of the Government’s and insurance industry’s ongoing efforts regarding cybersecurity, and no doubt there will be more to follow. The site also provides various readout reports developed by working groups to assist the DHS in cyber security insurance education, as well as information about the NIST framework for cybersecurity, which we discussed in earlier blogs.
Cyber Incident Data Repository
In addition, the DHS has proposed a Cyber Incident Data Repository. The purpose of this repository would be to provide enterprise risk owners and insurers the ability to share – anonymously – sensitive cyber incident data. That data would then be analyzed to increase awareness about, and understanding of, current cyber risk conditions and emerging trends.
We are encouraged and excited about the progress made by the DHS to date, for several reasons:
- First, they have listened very carefully to our industries recommendations and concerns. Through this dialogue, we have moved from ideas to concrete action.
- Second, the government has shown that it is keenly aware of the threats facing individuals and businesses—and the nation. The new government cyber program helps provide factual evidence to business help them make rational and informed decisions based on data, not hysteria.
- Third, the current state of cyber loss and exposure data is in its infancy. We know there are some resources out there to help assess and analyze the exposures, but it remains largely a patchwork quilt of good intentions supported by incomplete and often anecdotal data. This new program has the promise of providing data for actuarially and statistically sound analytics.
We highly recommend a visit to the DHS website to review what has been assimilated, including the repository proposal. We welcome all feedback, and will continue to advocate for our clients in addressing this key area of risk.
Over the past few years Willis has been at the forefront of this collaborative effort in the insurance industry through active participation in the US federal government’s cyber initiatives. Our involvement has included participation in workshops led by the Department of Homeland Security (“DHS”) and discussions with the White House, National Institute of Standards and Technology (“NIST”) and the Department of Treasury. Most recently, we participated in the White House Cyber Security Summit in Silicon Valley, where keynote speakers included President Obama, Fortune 50 corporations and leading technology firms.