Home > United Nations Online Network in Public Administration and Finance (UNPAN)
1. Global
Global
2. Africa
Africa
3. Arab States
Arab States
4. Asia & Pacific
Asia & Pacific
5. Europe
Europe
6. Latin America & Caribbean
Latin America & Caribbean
7. North America
North America
UNPAN North America
Public Administration News  
Share
U.S.: Cyber-risk Transparency Spurring Cyber-insurance Interest
Source: infosecurity-magazine.com
Source Date: Monday, November 18, 2013
Focus: Institution and HR Management
Country: United States
Created: Nov 26, 2013

US public companies are more forthcoming with details regarding their cybersecurity risk profiles – and more transparency regarding cyber-risk and cyber-attacks is expected to drive greater adoption of cyber-insurance as a means of demonstrating better corporate risk management.

"It is becoming a mainstream assumption that insurance carriers can help organizations with cyber-risk management, both in the traditional risk transfer sense and in the broader sense that they can act as neutral arbiters of cybersecurity best practices," said NSS Labs’ Andrew Braunberg, writing in an analyst brief. "This is readily demonstrated in the recent push by the White House to promote greater insurance carrier participation in the National Institute of Standards and Technology (NIST) effort to create a cybersecurity best practices framework for critical infrastructure providers."

And indeed, movement in the public sector is bolstering cyber-insurance in other ways beyond the fact that insurance carriers are being pulled into the creation of the NIST cyber security framework. Also raising the insurance profile among security professionals is proposed reform of European Union (EU) data protection laws, which are expected to accelerate cybersecurity insurance adoption in Europe.

Braunberg recommends that enterprises should view cybersecurity insurance as an important component of their overall risk management strategy. "US-based public companies must understand and keep abreast of current SEC expectations for cyber-risk/incident disclosure and, just as importantly, current industry best practice for reporting," he said. "Enterprises should better leverage information technology (IT) security teams when selecting cyber security insurance and when explaining risk profiles. And insurance carriers should more fully consider and assess the differences among security vendors and products, in particular the differences in overall security readiness that are achievable based on the specific products used for defense."

A recent market survey from the Ponemon Institute put cyber security-insurance adoption at approximately one third of large US businesses. About 39% said that their organizations have plans to purchase a policy.

Ponemon also asked respondents to disclose which employees within their organizations make the decisions to purchase cyber insurance. Interestingly, chief information security officers (CISOs) and IT security personnel have little influence regarding choice of insurance carrier. Risk management teams are most likely to evaluate carriers and influence buying decisions. Other important influencers are business unit leaders, general counsels, and chief financial officers (CFOs).

"For those under the impression that the insurance carriers would add some much needed data rigor to the cyber security risk management markets, there is some bad news: they simply are not there yet," Braunberg noted. "The truth is that carriers believe that technical controls account for a relatively small percentage of the overall security posture of an organization and that they can build risk models without a detailed understanding of the specifics of the technical controls in place within a particular customer."

News Home

 Tag This
 Tell A Friend
del.icio.us digg this Slashdot
Rate:
0 ratings
Views: 91

Comments: 0 Bookmarked: 0 Tagged: 0



0 Comments | Login to add comment

Site map | FAQs | Terms and Privacy | Contact Us
Copyright 2008-2010 by UNPAN - United Nations Public Administration Network