Federal Report Urges Cyber Risk Coverage
On September 18, the White House unveiled the National Plan to Secure Cyberspace, an initiative urging insurers and companies to assess and manage exposures to cyber risk.
Among other things, the plan calls for developing new best practices and standards for this area, as well as for carriers to provide stand-alone cyber risk policies and loss assessment services for corporate clients.
Ty Sagalow, chief operating officer for AIG eBusiness Risk Solutions, has been working closely with the government to develop the insurance section of the national plan. In an interview with the Insurance Journal, he explained the processes involved in developing the plan, as well as the importance of properly determining and mitigating cyber risk for companies' viability.
"AIG has been working with the White House and the president's Critical Infrastructure Protection Board really for almost a year now on the national strategy, along with, of course, a number of other companies in the insurance and other private sectors," Sagalow explained. "All leading up to this draft report that was released in Silicon Valley on the 18th (of September). I think that it is an incredibly important work by the federal government. A lot of energy by a lot of folks has been put into it. It sends a very important message, which is: With 85 percent of our critical infrastructure in private hands, the way to successfully respond to the needs of this nation in terms of cyber protection is a partnership between the private sector and the public sector."
Sagalow continued, "Looking at it from the point of view of AIG as the largest provider of cyber insurance and cyber risk management services in the world, we were very pleased that the report takes a risk management approach, and says in a number of different sections that there is no technology silver bullet, as Harris Miller, president of the ITAA, is wont to say. There is no magic formula—there is no super firewall that, if you put it in place, you don't have to worry about cyber risk ever again. Rather, the best that can be done is a risk management of the problem. Risk management needs to be on a board level—which is also clear in the national plan."
The interview with Mr. Sagalow will appear in its entirety in the October 14 issue of Insurance Journal.
Comments? Click here to post a comment about this article