Cover under specific stand -
alone cyber policies, or cover which is added on to existing policies, is likely to come under increasing scrutiny.
«Between now and when Congress chooses how to act... between exchanges and spot market regulation, I'd like to use this opportunity to call on the investment community and advocacy community around digital currencies to create some type of self - regulatory [organization], to develop standards
around cyber policy, insider trading, ethics, codes of conduct,» he said, adding that self regulation has a strong history in our markets.
The committee recommends that the U.S. work with allied countries to create international cyber standards to deter hostile nations from taking advantage of current gray areas
in cyber policy, making it clear that attacks on election systems are «hostile acts.»
BitSight is only working with seven out of the 10 largest insurers, but the majority of insurers that
write cyber policies still assess a customer's risk by asking customers to fill out questionnaires about what types of data a company handles and its security protocols.
Anecdotal data suggests that the number
of cyber policies sold would be in the vicinity of 150 or so.
But that long history of data on past catastrophes does not exist in the cyber insurance policy world, says Stephen Boyer, the CTO and co-founder of risk - rating company BitSight, a company that assesses company risk
for cyber policies written by AIG, Travelers, and others.
As much as $ 45 billion of that sum may not be covered
by cyber policies due to companies underinsuring, the report said.
Shey says there's a lot of uncertainty
because cyber policies are new and customers don't understand exemptions and insurers are not accurately quantifying a company's cyber security risk.
Premiums for
cyber policies brought in a total of $ 1.35 billion last year and total premiums could surpass $ 10 billion by 2020, says Stroz Friedberg, a risk management company.
So it's very likely HBO holds a
hefty cyber policy secured either through its parent, Time Warner, or on its own, says Inga Goddijn, executive vice president at Risk Based Security, a Richmond, Virginia - based supplier of risk management services.
With proper models such as AIR's, the industry will be able to grow the market by confidently writing
more cyber policies.
Catalyzed by the Snowden revelations beginning in June, 2013, international interest and concern about
U.S. cyber policies has increased steadily.
«Between now and when Congress chooses how to act... between exchanges and spot market regulation, I'd like to use this opportunity to call on the investment community and advocacy community around digital currencies to create some type of self - regulatory [organization], to develop standards
around cyber policy, insider trading, ethics, codes of conduct,» he said, adding that self regulation has a strong history in our markets.
Devine says Insureon sells cyber risk endorsements — written attachments to an insurance policy that add protection not included in the original coverage — for as little as a few hundred dollars per year, with stand -
alone cyber policies (recommended for retailers, consulting firms and other businesses overseeing large chunks of customer data) offered for a median annual price of less than $ 1,200.
Its insurer sued to rescind its policy and deny coverage, citing Cottage Health didn't meet the minimum cyber security practices outlined in
its cyber policy.
A typical midsize, regional company that is not a healthcare company or a bank will pay $ 25,000 a year for a $ 20 million
cyber policy.
P.F. Chang's, a Chinese restaurant chain, was hacked in 2014 and filed a claim on
its cyber policy.
These four insurers lead in market share, with around 45 percent of
the cyber policy market, says Fitch Ratings.
As the world watches China's internet get both bigger and more controlled, the Wuzhen conference provides China with a platform to publicly validate
its cyber policy.
Small businesses should develop
a cyber policy which should also include a cyberattack response plan.
The cyber policy should be comprehensive, setting forth the types, access, usage, and classification of data as well as include procedures for remote access, the usage of social media, and the protocols in the event of an incident or data breach.
New York is the first state to initiate a 180 - day grace period for all financial services companies to upgrade
both cyber policies and protection.
Businesses seeking to buy
a cyber policy must ensure that they articulate cyber scenarios in their risk register and seek insurance for them.
In my view, the best path forward, from
a cyber policy perspective, is to require regulatory notification of meaningful breach events combined with the developing of a standard of care that is capable of evolving with changing technological means.
The costs associated with hiring public relations consultants and costs to conduct advertising or PR activities are all things that can be built into
a cyber policy.
I would like to use this opportunity right now to call on the investment community and the advocacy community around digital currencies to create some type of self - regulatory organization that can develop standards around
cyber policies, data retention, record keeping, financial records obligations, insider trading, ethics, codes of conduct.