The most recent U.S. national cybersecurity strategy leans heavily on private-sector support, to include the insurance industry. Under Strategic Objective 3.6, the administration will explore the “the need for and possible structures of a Federal insurance response to catastrophic cyber events that would support the existing cyber insurance market.” Prudently taking the view that structuring a solution before an event occurs instead of rushing to provide aid after, the national cybersecurity strategy seeks a supporting role for government in the existing commercial insurance market, a view that many in the insurance industry support.
However, some key insurance industry leaders disagree, and the fact that they don’t could become a problem, impeding the flow of capital to the insurance industry and simultaneously forcing open a gap in U.S. cybersecurity strategy.
Despite the development of a reasonably large, stable, and resilient cyber insurance market, some observers still contend that cyber is not insurable. They claim that the risk is too big, too dynamic, too embedded, or simply too new to understand. Should the worst of worst-case scenarios…
