Cyber-Security Insurance

Many Companies Continue to Ignore the Issue (Pittsburgh Post-Gazette, 22 June 2010) – After a year of high-tech breaches at some of the nation’s biggest companies, a provision in a Senate bill calls on the White House to encourage a market for cybersecurity insurance to protect businesses from debilitating costs brought on by hacking and compromised information. The bill, introduced by Sens. Jay Rockefeller, D-W.V., and Olympia Snowe, R-Maine, says the president or his appointee must report to Congress on “the feasibility of creating a market for cybersecurity risk management” one year after the bill’s passing. But a crashed server policy is not as easy to write as a crashed car policy. Many businesses are deterred by an application process described as appropriately exhaustive but forever imprecise. The process is complicated by the tricky nature of monetizing data. Web experts always have held that “information wants to be free.” But how much is it worth when it’s stolen? Companies lost an average of $234,000 per breach in 2009, a recent report by the Computer Security Institute in New York found. But a report released last Tuesday by the Carnegie Mellon CyLab found that 65 percent of its Fortune 1,000 respondents were not reviewing their companies’ cybersecurity policies. Jody Westby, a researcher who worked on the CyLab report that indicated board negligence, said the insurance provision in the cybersecurity bill was a mandate by an ill-informed Congress. “This is interventionist, regulatory, heavy-handed action by Congress,” said Ms. Westby from an technology best practices conference in Burkina Faso, West Africa. “This isn’t anything that Congress is going to fix,” she said. “It’s something boards in America need to fix.”

For more information please visit: AND/OR