Print

The Washington Post reports that on September 10, 2015, Sarah Bloom Raskin, Deputy U.S. Treasury Secretary, spoke on the vital role insurers play in cybersecurity. While recognizing that legislatures are struggling to pass regulations, Bloom stated that “insurers can move the needle” with cybersecurity. During her speech at the Center for Strategic and International Studies, Bloom added that “insurers can alter companies’ behavior through the underwriting process” by creating requirements and enforcing those requirements to obtain cyber coverage. The theory goes that, in an attempt to lower costs for cyber coverage, businesses will try to decrease their security risks. Bloom pointed out that “when this happens, it is a game changer” and “cybersecurity becomes part of an organization’s DNA.”

In addressing the importance of underwriters, Bloom discussed how businesses can identify their best tools and practices as well as their security weaknesses as they apply for cyber insurance. That is, during the application process, businesses are asked to reflect on their risk management strategies and security vulnerabilities. Bloom discussed the following information insurers may request from businesses during the application process that should make businesses reflect on their cybersecurity:

  • Does the company have a cyber-incident response plan?
  • Are subcontractors and suppliers evaluated to ensure their adherence to the company’s cyber requirements?
  • Does the firm engage in basic cyber hygiene, such as the regular patching of software and scanning for malicious activity, and mandating a multi-step identity check to access company networks?

Bloom’s comments correspond to recommendations made by the Treasury Department in its Report to the President entitled, “Cybersecurity Incentives Pursuant To Executive Order 13636.” In the section of this Report dedicated to cyber insurance, the Treasury states:

“The growth of the private cyber insurance market could lead to a better understanding of cyber threat patterns and improved information sharing between the government and insured firms. Because insurers need credible data to appropriately underwrite and price policies, insurance creates incentives for standardized data collection and reporting.”

While the insurance industry has been aware of the vital role insurance plays in cybersecurity for some time, Bloom’s recent comments and the Treasury’s Report demonstrate a growing understanding of the importance of cyber insurance outside the insurance industry. It is well-known that cybersecurity is a risk that will plague businesses for years to come and, therefore, insurance will be vital to defend against this risk.