A federal commission studying cybersecurity says a menu of reforms – from training cyber insurance underwriters to certifying cyber insurance products – are needed to keep the country safe.
The bipartisan Cyberspace Solarium Commission, established by the 2019 National Defense Authorization Act, says US cybersafety is a matter of national defense that transcends purely business concerns. Among the commission’s proposals: a federally-funded center to consider standards for cybersecurity insurance certifications, a national data privacy protection law, and a new bureau in the State Department dedicated solely to battling cyber threats.
“Our country is at risk, not only from a catastrophic cyberattack but from millions of daily intrusions disrupting everything from financial transactions to the inner workings of our electoral system,” says the commission in its report “A Warning from Tomorrow.”
The commission warns: “The country has lost hundreds of billions of dollars to nation-state-sponsored intellectual property theft using cyber espionage and that a major cyberattack on the nation’s critical infrastructure and economic system would ‘create chaos and lasting damage exceeding that wreaked by fires in California, floods in the Midwest, and hurricanes in the Southeast,’” writes reporter Andrew Simpson in this article in the Insurance Journal.
Read a summary of “A Warning from Tomorrow” here.
Today’s Cybercriminals are getting more and more sophisticated. Alta Pro invites you to join in on a conversation with attorneys Kevin O’Hagan and Jamey Davidson, recognized thought leaders in Data Breach and Cyber Liability. The FREE one-hour CLE webinar “10 Things Lawyers Should Know About Cyber Liability” will be presented Tuesday, March 31 (12 PM Central/1 PM Eastern). This webinar is approved for one hour of free CLE credit as a benefit of your Alta Pro RPG membership. Seats are limited, so reserve yours today.
Cyber Insurance Reforms and Recommendations
The Cyberspace Solarium Commission is co-chaired by Senator Angus King (I-Maine) and Representative Mike Gallagher (R-Wisconsin). Its members include cyber experts, private sector representatives, members of Congress and senior government officials. Their task: to come up with a strategic approach to cybersecurity that it refers to as “layered cyber deterrence,” designed to reduce the frequency and impact of cyberattacks.
A Warning from Tomorrow contains 75 specific recommendations. Many of them deal with the insurance industry and cyber liability coverage. “A robust and functioning market for insurance products can have the same positive effect on the risk management behavior of firms as do regulatory interventions,” the report states.
Here are some of the insurance highlights.
- Insurance certifications. “The report calls on the Department of Homeland Security to launch the Federally Funded Research and Development Center (FFRDC) to work with state regulators in developing certifications for cybersecurity insurance products as well as for underwriter and claims adjuster training,” according to the Insurance Journal. “This center and certifications are necessary in part because the insurance industry lacks the talent and pricing tools to improve the cyber risk management practices in the private sector.”
- Underwriter Training and Certification. “For underwriters to effectively evaluate and analyze risk in a given industry, they must understand it, the report says, citing certifications now available for underwriters in other areas of insurance, including homeowners, flood, life and health. The FFRDC should work with insurers, state regulators, and experts in cybersecurity risk management to develop curricula and training courses for cyber insurance underwriters required under a cyber insurance underwriter certification.”
- Claims Adjuster Training and Certification. “Like underwriters, claims adjusters are crucial in ensuring that insurance policies can adapt to changing conditions, the report says. The FFRDC should work with insurers, state regulators, and cybersecurity risk management experts to develop training and certification models for cyber claims adjusters.”
- Cyber Risk Modeling. “A DHS public-private working group of insurance companies and cyber risk modeling companies would collaborate in pooling available statistics and data for use in developing better, more accurate cyber risk models. This group should ‘identify areas of common interest so that these entities can benefit from one another’s risk modeling efforts, particularly with regard to dependency mapping and the consequences of cyber disruptions.’”
- Cyber Insurance Product Certification. “The FFRDC should develop cybersecurity product certifications based on a common lexicon and security standards.”
The bottom line, according to the commission: the US is “dangerously insecure in cyber” and “increasingly relies on networks of digital devices” that are vulnerable and easily compromised.
“The status quo is inviting attacks on America every second of every day,” the report concludes. “The status quo is a slow surrender of American power and responsibility.”