Back To The Blog

Key Takeaways in Newly Released Homeland Security Insurance Industry Report

Uncategorized / July 23 , 2014

Guest Author: Vince Vitkowsky, Partner, Seiger Gfeller Laurie LLP

The Department of Homeland Security (DHS) National Protection and Programs Directorate (NPPD) has convened a series of sessions focusing on developing the first-party cyber insurance market. The most recent session was held on April 7, 2014, and it included representatives from 10 insurance brokers, 10 insurance underwriters, and 10 reinsurers. On July 22, DHS released its Readout Report of that Session. The entire 44-page Report, together with the Reports of three earlier sessions, can be found here on the Homeland Security website. The April 7 Session focused on three subjects, and the distilled essence is described below.

The purpose would be to develop cyber risk actuarial tables and inform cyber incident trend analysis.

Cyber incident information sharing/data repository. There was industry support for the creation of a mechanism, referred to as a “cyber incident data repository,” through which private companies, public sector entities, and the US Government (USG) could submit information about cyber incidents they have experienced or have become aware of. For private sector companies, the submissions would be anonymous. The purpose would be to develop cyber risk actuarial tables and inform cyber incident trend analysis.

Cyber incident consequence analysis/analytics approaches. Participants expressed a need for information and assistance from the USG in building models, simulations, and exercises “to confidently expand first-party coverage for cyber-related critical infrastructure loss”. They pointed to the core insurance industry need of estimating probable maximum loss. They also suggested that the USG design, develop, and execute a cyber incident table top exercise that would include insurance industry representatives and vendors.

ERM Evangelization. Participants expressed support for Enterprise Risk Management which included analysis of cyber risks. They believed that greater public awareness and education about cyber risk would be beneficial, and advocated for a general push for “ERM Evangelization.”

Vince Vitkowsky is a partner in the law firm of Seiger Gfeller Laurie LLP, resident in New York. He can be reached at [email protected].

Related Blog Posts

10 Cybersecurity Tools Every Small-Medium Business Should Have in Their Arsenal

What You Need to Protect Your Data

SMBs have unique cybersecurity risks that should be managed with appropriate tools. Here are the top tools and some mistakes to avoid when implementing them.

Continue Reading

8 Things Every Business Should Know About Cybersecurity

Top Tools and Tips for Cyber Risk Management

Cyber risk is always evolving but every business needs to understand the fundamental threats they face as well as the key tools for risk assessment and mitigation that can help them improve their cybersecurity posture.

Continue Reading

From Afghanistan to Ransomware

A Q&A with Melissa Ventrone of Clark HIll

As an attorney in the cybersecurity and privacy space, Melissa Ventrone draws on her military background to keep clients calm, manage complex logistics, and help them mount a successful incident response.

Continue Reading
Visit Our Blog

Download 2023 Cyber Claims Study

The annual NetDiligence® Cyber Claims Study uses actual cyber insurance reported claims to illuminate the real costs of incidents from an insurer’s perspective.

Download
Solutions
About
Contact

P.O. Box 204
Gladwyne, PA 19035
610.896.9715

© 2024 NetDiligence All Rights Reserved.