A House Committee on Small Business hearing entitled “Protecting Small Businesses from Cyber Attacks: The Cybersecurity Insurance Option,” recently examined how small businesses can manage their risks and how insurers can adapt to meet business’ needs.
Speaking on behalf of the Property Casualty Insurers Association of America (PCI), Eric Cernak, said it is important for federal and state governments’ lawmakers, regulators, and other entities to develop clear, consistent cybersecurity requirements and to avoid a patchwork of different requirements and standards.
“Such a patchwork would impede companies’ ability to effectively implement cyber security protocols and respond quickly and appropriately to a cyber security event. Although the nature of reinsurance means that reinsurers do not directly interact with consumers, and therefore reinsurers’ obligations in the event of cyber security events differs somewhat from the primary insurance industry, the entire insurance and reinsurance industry (as well as consumers) benefit from uniform, consistent standards that are both proportional and flexible enough to work in an ever-changing cyber environment,” said Cernak, Munich Re U.S. cyber and privacy risk practice leader at Hartford Steam Boiler Group.
Robert Gordon, senior vice president of policy research and international at PCI, said cyberattacks are not a matter of ‘if’ but ‘when.’
“PCI commends the committee for raising the awareness of the vital need for small businesses to protect their companies with cyber insurance,” Gordon said. “PCI encourages Congress and the Administration to coordinate cybersecurity policy among federal agencies and designate lead agencies to coordinate discussions where appropriate. It is essential that state insurance regulators are also included and all work together to avoid a conflicting patchwork of state, federal and international standards.”
The American Insurance Association (AIA) also commented on the hearing.
“In today’s increasingly interconnected world, cyberattacks can affect any business, regardless of size or industry. As cyber risks continue to change and evolve, businesses must evaluate their individual risks and vulnerabilities, and the cyber insurance market must be allowed to grow and innovate to meet those needs,” Angela Gleason, AIA’s senior counsel, said.