In spending time this week going over two very interesting reports, a common theme arose: sharing information is important to protect each other.
The reports—one outlining the results of several workshops between the insurance industry and the Department of Homeland Security and another by the 9/11 Commission to reflect on its report 10 years ago—are each clear on a virtue we’ve each learned long ago. But in this case, the seemingly simple act of sharing has the potential to save us money, headaches and even lives.
Continuously, many of the more than two dozen insurance professionals attending workshops by the DHS National Protection and Programs Directorate “voiced strong support for the creation of a cyber-incident data repository” shared by public and private companies as well as the federal government. The purpose would be to get the kind of incident data needed for the insurance industry to truly understand cyber risk enough to take a better gamble and begin to offer solutions.
The 9/11 Commission similarly points to sharing—not only as a practice for the future, but the group gives credit to sharing. Ten years ago it said the “biggest impediment to all-source analysis—to a greater likelihood of connecting the dots—is the human or systemic resistance to sharing information.” It said the National Security Agency had information that could have identified a 9/11 hijacker but the information was never shared.
We’ve gotten better. Federal agencies share and collaborate more. There are still instances when we do not (The FBI had some information it never disseminated on one of the Boston Marathon bombers), but we are still safer because of sharing. We just haven’t heard of all the terrorist plans thwarted. And I’m fine with that. Perfectly fine. Ignorance is bliss.
It will be interesting to watch how this plays out as we can agree our proactive cybersecurity measures are outpaced by fast-moving cyber risk. The “Cybersecurity Information Sharing Act” is making its way through Congress but it is met by criticism.
Sharing is caring…up to a point, right? No one wants to give away too much. Everyone likes to look good. Proprietary information is heavily guarded. We took some hits on our privacy (*cough: Snowden!) and many are still looking over their shoulder. It’s understandable.
(You should read what the 9/11 Commission has to say about the NSA. Very interesting.)
Cyber risk is one in which no one person is going to get a handle on and earn all the credit. In the meantime, the privacy you’ve fought so hard to protect is a delusion. The proprietary information a company was scared would get out was stolen anyway.
What good is the resistance to share, especially in this case? Time to start reaching for a middle so we can each breathe a little easier? (…shop a little easier, dine out a little easier, bank a little easier, attend a university a little easier and continue to take our utilities for granted…)
Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].
