2500 Plaza 5 25th fl Jersey City NJ 07311 phone 732-516-1648 fax 732-516-9778
Copyright © Daniel Cullinane CPA.
Daniel Cullinane CPA
25 Plaza 5 25th fl Jersey City NJ phone 732-516-1648 fax 732-516-9778
Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage. A robust cybersecurity insurance market could help reduce the number of successful cyber attacks by: (1) promoting the adoption of preventative measures in return for more coverage; and (2) encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection. Many companies forego available policies, however, citing as rationales the perceived high cost of those policies, confusion about what they cover, and uncertainty that their organizations will suffer a cyber attack. In recent years, the Department of Homeland Security National Protection and Programs Directorate (NPPD) has engaged key stakeholders to address this emerging cyber risk area.
Traditional commercial general liability and property insurance policies typically exclude cyber risks from their terms, leading to the emergence of cybersecurity insurance as a “stand alone” line of coverage. That coverage provides protection against a wide range of cyber incident losses that businesses may suffer directly or cause to others, including costs arising from data destruction and/or theft, extortion demands, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud, and privacy violations. Few cybersecurity insurance policies, however, provide businesses with coverage for an area of growing private and public concern: the physical damage and bodily harm that could result from a successful cyber attack against critical infrastructure.
Since 2012, NPPD has engaged academia, infrastructure owners and operators, insurers, chief information security officers (CISOs), risk managers, and others to find ways to expand the cybersecurity insurance market’s ability to address this emerging cyber risk area. More broadly, NPPD has sought input from these same stakeholders on the market’s potential to encourage businesses to improve their cybersecurity in return for more coverage at more affordable rates. NPPD is currently facilitating dialogue with CISOs, Chief Security Officers (CSOs), and insurers about how a cyber incident data repository could foster both the identification of emerging cybersecurity best practices across sectors and the development of new cybersecurity insurance policies that “reward” businesses for adopting and enforcing those best practices.