The threat of damage to critical infrastructure via cyber attack proved to be a hot topic at a recent National Association of Insurance Commissioners (NAIC) forum, but one with few answers or solutions.
Attendees at the Washington, D.C., event showed keen interest in the insurance industry’s take on the subject as well as possible avenues to mitigating the risk. Most cyber insurance policies exclude physical damage and the risk posed to critical infrastructure around the world remains a new realm of possibility. Speakers at the NAIC event questioned whether the insurance industry has the actuarial data necessary to properly underwrite the risk.
“If you’re lucky, it’s just your information that’s been stolen,” stated Norma Krayem, co-chair of data protection and cybersecurity at Holland & Knight, LLP. She moderated a panel discussion on the appropriate role for insurance in mitigating cyber risk – according to panelists, insurance should be considered a valuable part of the “toolkit” but not the ultimate end to cyber risk management.
“Cyber risk insurance has always been considered a very important part of the toolkit,” stated John Carlson, chief of staff for the Financial Services Information Sharing and Analysis Center (FS-ISAC). “And we hope to help insurers get a better understanding of the risk to drive better behavior” on cybersecurity.
FS-ISAC interprets and shares cyber threat information with its financial services sector membership, which grows by 200 new members each month, according to Carlson. Threat information sharing among members has prevented the loss of thousands of dollars by helping firms stay aware of the type of risks they might encounter.
“Insurance is the last component of being a cyber risk advisor for some companies,” said Matt McCabe of Marsh. He added that Marsh not only offers cyber insurance, they focus on cyber risk management, engaging organizations in a full assessment of their cybersecurity practices.
“You bring up the lack of actuarial data, but that’s not the only way to prepare for a cyber event,” McCabe said.
Erin is the managing editor of Advisen’s Front Page News. She has been covering property-casualty insurance since 2000. Previously, Erin served as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].
