Issues about cybersecurity aren’t just flooding the in-boxes of corporate executives these days. They’re also trending in Washington, D.C., where lawmakers and a presidential panel are looking at ways to keep the government and the country’s key infrastructure cyber-safe. The common thread in the various approaches is something familiar to us at Verisk: working together to analyze risk.
Last month, the President’s Council of Advisors on Science and Technology presented a range of recommendations to increase the country’s cybersecurity. The ideas included upgrading to more secure operating systems and web browsers as well as sharing cyber-threat data in the public and private sectors. But the report also took a macro perspective, noting that government and industry must develop a system they will both follow no matter what the cyber threat.
Congress also raised the idea of teamwork last week, as the House Homeland Security Committee introduced a bipartisan bill to strengthen the country’s cybersecurity and protect its critical infrastructure — from power plants and dams to mass transit. The bill would put into law a number of responsibilities of the Department of Homeland Security (DHS), including Cyber Incident Response Teams to provide technical assistance and crisis management to critical infrastructure owners and operators and the operation of the National Cybersecurity and Communications Integration Center to facilitate real-time cyber-threat information sharing across critical infrastructure sectors. The Center opened in 2009.
Perhaps the biggest news from an insurance perspective is the expansion of the SAFETY Act of 2002 (it stands for Support Anti-Terrorism by Fostering Effective Technologies). The law currently provides liability coverage to companies that develop antiterrorism technology. But the bill would expand that incentive to include companies that advance cybersecurity. In addition, the bill would require DHS to provide at least $20 million to the SAFETY Act office during each of the next three years.
Most companies aren’t experts in cybersecurity, but they still need to prepare for the worst. Verisk has been analyzing the risks of cyber threats for more than a decade and has several cyber-liability policies that insurers can offer their commercial clients. We’d like to share our knowledge and resources with you. To learn more, e-mail me or follow me on Twitter @doughertyshawn.