US urges banks to consider cyber risk insurance amid hacking threats

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.investing.com/news/technology-news/us-urges-banks-to-consider-cyber-risk-insurance-amid-hacking-threats-318957


Banks should consider cyber risk insurance to help deal with the financial
fall-out from the growing threat of cyber attacks, a top U.S. regulator
said on Wednesday.

Bankers and officials have become more vocal lately about concerns that
malicious hacks could put customer data and the stability of the financial
system at risk.

Cyber insurance will not stop hackers, but it can help banks improve their
broader cyber controls, Treasury Deputy Secretary Sarah Bloom Raskin told
the Texas Banker's Association at a cybersecurity conference.

"Bankers rarely used to talk to me much about cybersecurity," she said at
the event in Austin, according to prepared remarks. "Now, this is one topic
that comes up every day."

The Federal Bureau of Investigation warned that hackers have used malicious
software to launch destructive attacks on companies, following a massive
breach at Sony Pictures Entertainment last week.

In August, JPMorgan Chase & Co. was subject to a new kind of phishing scam
that sought to access customer credentials not just for the bank but for
other financial institutions.

Raskin said more than 50 carriers now offer some form of cyber risk
insurance, and Treasury was encouraging companies to develop insurance
products that could improve firms' overall cyber protection.

"Ideally, we can imagine the growth of the cyber insurance market as a
mechanism that bolsters cyber hygiene for banks across the board," she said.

The insurance broking arm of Marsh & McLennan Companies estimates the U.S
cyber insurance market was worth $1 billion last year in gross written
premiums and could reach as much as $2 billion this year. But many insurers
are still trying to develop their skills in handling hackers and data
breaches.

Raskin also said Treasury was working on an exercise to test communication
among government agencies and financial institutions during a cyber attack.

Bankers and the government say they want to figure out ways law enforcement
can alert financial firms about cyber attacks without violating the privacy
of businesses that are victimized. Both sides have long complained that
such concerns have hindered notification, preventing the industry from
quickly adapting to emerging threats.

U.S. lawmakers were working on legislation that would lay out how companies
can exchange more cybersecurity-related information with each other and the
government, but made little progress in a busy election year.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!