Cyber intrusions and attacks have increased dramatically over the last few years, exposing sensitive information, disrupting operations and imposing high costs on business and the economy. In an effort to encourage a stable, safe and resilient cyberspace, President Obama issued Executive Order 13636, which called for the establishment of a voluntary set of security standards for critical infrastructure industries. In response, in February 2014, the National Institute of Standards and Technology issued the first version of the “Framework for Improving Critical Infrastructure Cybersecurity.”
Unfortunately, the topic of insurance is notably absent from the framework, and other governmental efforts to address cybersecurity similarly fail to sufficiently address the subject. Because insurance coverage is integral to an organization’s risk management strategy, the government’s cybersecurity initiatives should place stronger emphasis on cyber coverage.