In the past two years, both the Department of Labor and the Transportation Security Administration have enacted new guidance and standards for entities operating within their jurisdictions. Compliance within new guidance keeps organizations from significant liabilities in the event of cyber breaches that impact peoples’ financial and physical safety. Here are summaries of the latest regulatory rules and guidance from DOL and TSA.
Evolver has been keeping up-to-date with trends in cyber insurance predicted or inferred from the research in our original 2015 whitepaper that received considerable coverage when released. Some of the predictions in the paper occurred soon after the paper’s release while other predictions are in different stages of development. In this update to the previous whitepaper, Evolver vice president Chip Block looks at one of his predictions coming to fruition in 2018 and one where various industries continue to be set in their ways.
New Industry Standards
Chip’s analysis predicted that industry groups would come together to establish set standards for cyber events and that these standards would drive commonality across industries. In July of 2018, the insurance and reinsurance industry data standards body, ACORD, worked with industry partners to create a uniform data standard. The standard was deemed necessary in the face of increasing demand for cyber coverage leading directly to “a growing need for streamlined, standardized cyber risk data exchange.”
Shifts in Behavior and the Cyber Insurance Business Model
In the whitepaper, Chip observed that the insurance model had largely been based on a basic sales model instilling fear of all manner of worst-case scenarios driving insurance. We predicted that eventually this model would move toward a more rational quantification-based risk assessment, thus impacting how insurers calculate premiums and payouts for cyber events. However, the prominence of cyber events continues to drive demand for blanket coverage without quantitative analysis of the cyber risk ecosystem.
As put in a July 2018 GCN article, the cyber insurance market continues to be a “feeding frenzy.” GCN quotes Gartner vice president Paul Proctor who observes “cyber insurance doesn’t have actuarial tables.” As a result, clients may find they are not fully covered, particularly when they don’t know where to apply security measures. As Proctor puts it, “This is like you signing up for health insurance and ticking the box that says, ‘I’m a nonsmoker, and then you get lung cancer connected to the fact that you are a smoker.” So the prediction of behavior change because of insurance has not yet come to fruition.
Read the Full Whitepaper.
You can learn more about our services at our cybersecurity page.