This session at the 2018 NetDiligence® Cyber Risk Summit discussed the need for improving collaboration between the insurance industry and government and how that can lead to a common cyber good.
- Ronald Raether, Partner, Troutman Sanders
- Scott Kannry, Chief Executive Officer, Axio Global
- Wyatt Hoffman, Research Analyst, Carnegie Endowment for International Peace
Fundamentally, government has a vested interest in having a robust insurance market for cyber to create best practices and stomach the losses. There are still boundaries to be broken down, however, related to the relationship between government and the insurance industry.
There are different layers to this problem. First, cyber seems to be a moving target. Insurance response is constantly evolving and it is very difficult for insurance to manage this space. There really are not upper limits established like other lines of business. Second, business risks and national security risks are intersecting in the cyber space. The industry is not seeking more government regulation, but both sides are challenged to determine when government would interact in certain situations. Cyber terrorism, for instance, is an interconnected area that could include both the private sector and government.
Although cyber insurance needs to stay in the private sector, regulatory framework is needed in certain areas. FCC disclosure is also a good example. No basic standards have been established as far as what level of risk management is expected, including what they have to disclose when there is a cyber incident. This is a situation where we need both the government and insurance industry to play their respective roles.
Government regulations provide a standard, but does not always provide best practices where companies can learn from their peer group and improve. This can create a “good enough” atmosphere. This is an area where the insurance industry proves to be beneficial. As cyber incidents and related risk management evolves, we are learning from each other. The government can provide the baseline, but the insurance industry is needed to benchmark and share information for improvement.