Out-Law News 1 min. read
12 Aug 2013, 9:26 am
A new framework aimed at improving cyber security at companies involved with "critical infrastructure", such as energy and transport systems, is under development in the US. A voluntary program designed to encourage adoption of the framework by such companies will also be formed. The initiatives were prompted by an executive order issued by US President Barack Obama in February.
Special assistant to Obama and the US' cyber security coordinator Michael Daniel has now said that one way to incentivise businesses to sign up to the new framework might be to enable them to obtain insurance against cyber security risks manifesting themselves.
"Agencies suggested that the insurance industry be engaged when developing the standards, procedures, and other measures that comprise the Framework and the Program," Daniel said in a White House blog. "The goal of this collaboration would be to build underwriting practices that promote the adoption of cyber risk-reducing measures and risk-based pricing and foster a competitive cyber insurance market."
"The Commerce Department’s National Institute of Standards and Technology is taking steps to engage the insurance industry in further discussion on the Framework. This process should continue as the Framework is developed and the Voluntary Program is created," he added.
Government grants, limiting participants' liability should cyber incidents occur and streamlining regulations are among the other potential incentives to adopt the framework currently being considered, Daniel said.
"Over the next few months, agencies will examine these options in detail to determine which ones to adopt and how, based substantially on input from critical infrastructure stakeholders," he said.
In March leading insurance broker Marsh reported that the number of its clients in the US purchasing so-called ‘cyber insurance’ rose by 33% in 2012.
Cyber liability and data breach insurance specialist Ian Birdsey of Pinsent Masons, the law firm behind Out-Law.com said: "The initiative recognises the important role that insurers can play in terms of risk management including developing best practice. Not only can insurers ensure that financial risk is transferred in the event of a security incident, they have an important role to play pre-incident by developing best practice and helping companies to mitigate the likelihood and impact of an incident."