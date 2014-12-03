WASHINGTON Dec 3 Banks should consider cyber
risk insurance to help deal with the financial fall-out from the
growing threat of cyber attacks, a top U.S. regulator said on
Wednesday.
Bankers and officials have become more vocal lately about
concerns that malicious hacks could put customer data and the
stability of the financial system at risk.
Cyber insurance will not stop hackers, but it can help banks
improve their broader cyber controls, Treasury Deputy Secretary
Sarah Bloom Raskin told the Texas Banker's Association at a
cybersecurity conference.
"Bankers rarely used to talk to me much about
cybersecurity," she said at the event in Austin, according to
prepared remarks. "Now, this is one topic that comes up every
day."
The Federal Bureau of Investigation warned that hackers have
used malicious software to launch destructive attacks on
companies, following a massive breach at Sony Pictures
Entertainment last week.
In August, JPMorgan Chase & Co. was subject to a new
kind of phishing scam that sought to access customer credentials
not just for the bank but for other financial institutions.
Raskin said more than 50 carriers now offer some form of
cyber risk insurance, and Treasury was encouraging companies to
develop insurance products that could improve firms' overall
cyber protection.
"Ideally, we can imagine the growth of the cyber insurance
market as a mechanism that bolsters cyber hygiene for banks
across the board," she said.
The insurance broking arm of Marsh & McLennan Companies
estimates the U.S cyber insurance market was worth $1
billion last year in gross written premiums and could reach as
much as $2 billion this year. But many insurers are still trying
to develop their skills in handling hackers and data breaches.
Raskin also said Treasury was working on an exercise to test
communication among government agencies and financial
institutions during a cyber attack.
Bankers and the government say they want to figure out ways
law enforcement can alert financial firms about cyber attacks
without violating the privacy of businesses that are victimized.
Both sides have long complained that such concerns have hindered
notification, preventing the industry from quickly adapting to
emerging threats.
U.S. lawmakers were working on legislation that would lay
out how companies can exchange more cybersecurity-related
information with each other and the government, but made little
progress in a busy election year.
