Regulating Cyber Insurance

  • Starts: 3:30 pm on Wednesday, April 17, 2019
  • Ends: 5:00 pm on Wednesday, April 17, 2019
The cyber insurance market has been growing rapidly over the past decade. With less than $1 billion in premiums in 2012, experts project that the cyber insurance industry will grow to anywhere between $7.5 billion and $20 billion by 2020. Cyber insurance policies cover costs associated with a potential data breach, including legal fees, the handling of civil class action lawsuits, notification costs, forensic investigations, and the mitigation of expanses from business shutdowns and regulatory fines. These policies can further help limit exposures from hacking, viruses and other perils that come with operating a business or organization in an online environment. Federal agencies, state governments, cities and counties, have been some of the most active procurers of cyber insurance policies. In a 2017 survey of States' Chief Information Officers 38% reported having some type of cyber insurance. Indeed more than a dozen States and the vast majority of the 25 largest cities in the United States, have or are in the process of acquiring such expansive insurance arrangements.

But are liability insurers capable of effecting meaningful change within government cybersecurity and data protection policies, or are they in fact a hindrance on such processes? As more and more agencies favor insurance policies over prevention policies, so increases the risk for "moral hazards” (the taking, by government, of greater risks because someone else will bear the costs). Insurers, on the other hand, face a challenge in obtaining data to underwrite individual cyber coverage and thereby struggle to model effectively cyber risk across their broader portfolios and offer substantive risk management tools. This Cyber Alliance talk, by Yale University Lecturer and Tufts Postdoctoral Research Fellow Asaf Lubin, will discuss what reforms are necessary in the regulation of private cyber and GDPR liability insurance to increase the protection of our public systems, networks, and databases.

There will be time for casual conversation and light refreshments before and after the presentation. Please RSVP to
Seminar Room, Hariri Institute for Computing, 111 Cummington Mall