US urges banks to consider cyberrisk insurance amid hacking threats

GOOD POINT: Cyberinsurance will not stop hackers, but it can help banks improve their broader cyber controls, said Treasury Deputy Secretary Sarah Bloom Raskin.

WASHINGTON: Banks should consider cyberrisk insurance to help deal with the financial fall-out from the growing threat of cyberattacks, a top US regulator said. 

Bankers and officials have become more vocal lately about concerns that malicious hacks could put customer data and the stability of the financial system at risk. 

Cyberinsurance will not stop hackers, but it can help banks improve their broader cyber controls, Treasury Deputy Secretary Sarah Bloom Raskin told the Texas Banker's Association at a cybersecurity conference. 

"Bankers rarely used to talk to me much about cybersecurity," she said at the event in Austin, according to prepared remarks. "Now, this is one topic that comes up every day." 

The Federal Bureau of Investigation warned that hackers have used malicious software to launch destructive attacks on companies, following a massive breach at Sony Pictures Entertainment last week. 

In August, JPMorgan Chase & Co. was subject to a new kind of phishing scam that sought to access customer credentials not just for the bank but for other financial institutions. 

Raskin said more than 50 carriers now offer some form of cyberrisk insurance, and Treasury was encouraging companies to develop insurance products that could improve firms' overall cyber protection. 

"Ideally, we can imagine the growth of the cyberinsurance market as a mechanism that bolsters cyberhygiene for banks across the board," she said. 

The insurance broking arm of Marsh & McLennan Companies estimates the US cyberinsurance market was worth US$1bil (RM3.44bil) last year in gross written premiums and could reach as much as US$2bil (RM6.89bil) this year. But many insurers are still trying to develop their skills in handling hackers and data breaches. 

Raskin also said Treasury was working on an exercise to test communication among government agencies and financial institutions during a cyberattack. 

Bankers and the government say they want to figure out ways law enforcement can alert financial firms about cyberattacks without violating the privacy of businesses that are victimized. Both sides have long complained that such concerns have hindered notification, preventing the industry from quickly adapting to emerging threats. 

US lawmakers were working on legislation that would lay out how companies can exchange more cybersecurity-related information with each other and the government, but made little progress in a busy election year. — Reuters

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3

Next In Tech News

As of iOS 14.4, Apple lets you get more volume out of your iPhone
Need a professional photo? In pandemic times, you can do it yourself
Biden revokes Trump order that sought to limit social media firms' protections
Stock photography: Tips for turning your photos into cash
'Chaos Monkeys' author calls Apple's statement on his departure defamatory
TeamViewer adds 2FA for extra security on Windows
Vivaldi browser wants to end annoying 'accept cookies' banners
Ransomware gangs disrupted by response to Colonial Pipeline hack
Exclusive: Personal finance startup NerdWallet files for U.S. IPO - sources
Facebook to defend itself against 'damaging' Irish data privacy probe

Stories You'll Enjoy