“There is a wider point to be made here in that [cyber] is a global issue, not just a local one ”
On Thursday (23 April), the US House of Representatives voted overwhelmingly to pass the latest cyber bill, which is designed to make it easier for private companies to share information about security threats with one another and the government without fear of lawsuits.
The legislation must now be signed by President Obama before being signed into law.
Companies began campaigning for Congress to do more to address cyber security after a series of high profile attacks hit US companies Target, Anthem and JP Morgan Chase.
Mark Camillo, American International Group’s head of cyber for Europe, the Middle East and Africa, told The Insurance Insider: “I view this as a positive development, as information sharing is critical for organisations to better understand what cyber threats/attacks are developing and take appropriate actions to protect their networks.”
He continued: “The liability protections provide incentives to share information, as they give exemptions from civil liability, anti-trust liability, and limits the federal government to using shared information from the private sector for regulatory action.”
Camillo added that it made sense for governments across the world to encourage organisations to share what they know, given the interconnectivity of networks and the global nature of cyber threats.
Jack Elliott-Frey, a broker at Lloyd’s intermediary Safeonline, agreed that cyber risk is still regarded as a regional threat, when in fact it should be treated as a global one.
“The fact that the US government has passed this bill is a good starting point for the industry,” he said. “While any bill of this sort should help insurers to learn more about cyber risk, there is a wider point to be made here in that this is a global issue, not just a local one.
“Governments should do more to work together so that they are sharing knowledge and best practise to prevent breaches from occurring in the first place, and preparing businesses for how to clear up after.”
Elliott-Frey added that by sharing information, insurers would receive the data needed to analyse and price a cyber policy more competitively, allowing for growth in the sector.
The US bill also demonstrates that prevention of cyber breaches isn’t always the only answer, and that businesses and insurers should think more about specific threats and the appropriate post-breach response.
Governments in both the UK and the US have eschewed suggestions of forming a cyber risk pool backed by the state in the fashion of Pool Re or the Terrorism Risk Insurance Act, but efforts have been made to encourage data sharing among insurers.
In November last year, the UK government and 14 firms from the insurance sector teamed up to develop the country’s cyber insurance market in order to improve cyber security in businesses.
Read the full article here.