A report from the Carnegie Endowment for International Peace released Wednesday found that “harnessing the full potential of cyber insurance will be imperative for preventing systemic cyber incidents of concern for governments and the private sector alike.”
The report argued that the private sector cannot rely on the Federal government for full cybersecurity protection, and should instead look to cyber insurance to reduce its exposure. However, before private sector companies can depend on cyber insurance, the insurance marketplace needs to change.
“The cyber insurance coverage presently available provides only a limited, uncertain, and ad hoc solution,” the report said. “The insurance industry harbors far greater potential to address the cybersecurity challenge. Historically, insurance has played a crucial role in understanding, managing, and mitigating the risks arising from emerging domains of human activity, particularly in the context of evolving technologies. This holds true for cyberspace, where insurance has the potential to assume a more fundamental role in reshaping the risk landscape.”
The report suggested that the insurance industry could perform six cyber risk mitigation functions: “(1) engineering risks, (2) channeling corporate risk, (3) managing systemic risks, (4) harnessing collective security insights, (5) shaping broader risk trends, and (6) harmonizing risk-related standards and practices internationally.”
In order to get the insurance market from where it is to where it needs to be, the report highlighted actions that both the insurance companies and the Federal government can take to improve the strength of cyber insurance.
“Cyber insurance will ultimately be indispensable in a broader solution to the escalating cyber risk challenge,” the report concluded. “Harnessing its full potential will be imperative not only for managing corporate cyber risks, but for preventing potential systemic cyber incidents of growing concern for governments and the private sector alike.”