Last week, the Senate Commerce Committee’s Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security held its first cyber insurance hearing. Those who testified before the subcommittee included Michael Menapace, counsel in the Hartford, Connecticut, office of Wiggin & Dana L.L.P, Ben Beeson, the Washington-based vice president for cyber security and privacy with Lockton Cos. L.L.C., and Catherine Mulligan, senior vice president of the management solutions group at Zurich North America.
Menapace told the committee that “a single federal standard for notifying victims of cyber security breaches is preferable to the current patchwork of state laws,” because the “47 state standards plus standards promulgated by the District of Columbia, Puerto Rico and the U.S. Virgin Islands are not uniform in terms of how they are triggered and what information must be contained in them.” Rather, Menapace argued that a single standard would reduce the costs associated with a breach and strengthen consumer protection.
Beeson agreed and said that “cyber insurance is an important market force that can drive improved cyber security for companies.” Additionally, he said that Lockton and the “industry as a whole” would benefit from legislation “that would reduce barriers and encourage organizations to share threat indicators with the government and each other while also protecting individual privacy.”
Mulligan testified that the dialogue between public/private organizations has already begun and the “potential upside” of these discussions is that more comprehensive information will help insurers in developing both coverage and risk management solutions for their policyholder.