Brokers should lead the charge for universally applied standards of cyber risk mitigation as they are in the best position to do so, according to a software industry expert Bob Barker.
Making a comparison to the blockbuster movie
Independence Day, Barker said in his
Cybergovernance Journal report that great individual weapons (technologies) had been created to fight cyber breaches but no-one was leading the charge.
He said the lack of motivation among organisations, the belief that they were not targets of cyberattacks, and the failure to address critically important cyber risk as they focused on urgent daily issues, were barriers for increasing overall level of cyber readiness.
“Underwriters wrestling with setting rates for cyber-related policies find it daunting,” Barker said in his report.
“Lacking universally applied standards for cyber risk mitigation, it is very challenging to gauge the relative danger that one company faces versus another.
“The lack of data across a broad range of companies about compliance with accepted best practices for internal defensive measures precludes having a basis for making well-founded underwriting decisions.”
Barker’s report identified brokers, among all key players dealing with cyber risk, as the most suitable for leading the charge toward needed changes for combatting cyber risks.
He said brokers could leverage the following resources to achieve success:
- Data aggregators – creating an industry body composed of independent groups which would be better placed to successfully aggregate data on breaches and their causes than government agencies.
- Compliance frameworks – Developing the cyber risk equivalent of building codes and inspections in fire insurance would be the key cyber risk frameworks developed by experts at NIST, ISO, HIPAA, FFIEC, PCI, ISO and others.
- Underwriters/Insurers – They can make concessions in rates for those taking steps to prevent cyber attacks.
By making significant advances in mitigating cyber risk, Barker said the economic impact would be ‘immense’, and would ‘ultimately free up dollars that can be invested in growing businesses and jobs.’
Related stories:
Cyber insurance needs to keep up with evolving threat landscape
Underwriting agency aims to plug broker knowledge gap on cyber