Cyber Insurance SIG
To coordinate cyber insurance actuarial and modelling work with professional incident response and digital forensic teams. To harmonize best practices, coordinate data sharing, and provide a feedback mechanism between national or product CERTs and Cyber Insurance or Reinsurance organizations.
Goals & Deliverables
- Create an antitrust statement that allows insurers and reinsurers to speak freely without fear of crossing regulatory thresholds.
- Introduce Cyber Insurers to the traffic light protocol and associated information sharing about cyber incidents and threats and the forensic documentation of Indicators of Compromise.
- Document sources of data for cyber insurers, actuaries, cyber risk modelers, CERTs, and DFIR organizations. Promote a more statistical and scientific approach to cyber risk.
- Provide advice on the interpretation and limitations of such data.
- Acknowledge that insurance produces a de facto standard through requirements during the process of offering insurance (underwriting). Therefore, in order to establish and maintain a high quality cyber security across businesses, it is essential to elicit and facilitate continuous feedback mechanism between CERTs and insurers/reinsurers.
- Continuously guide and enable people/organizations that seek professional certifications in either cyber insurance or cyber security field.
- Dr. Michael Spreitzenbarth
_Members of Sectoral, National, or Product CERTs with a specific interest in cyber insurance, economics, statistics, and data science around cyber crime, and cyber risk. Insurers, reinsurers, data scientists, and cyber risk professionals with similar and aligned interests and at discretion of the chair.__