Harnessing Market Forces To Confront Cyber Risk

Corporations are currently not doing enough to address cyber risks, nor are those risks being addressed appropriately by the markets – specifically by investors, credit rating agencies and insurers – according an article from the Lawfare Institute. Insurance carriers, for example, are likely not collecting enough in premiums to cover the cyber risks they are taking on. Nor are governments, foreign or domestic, doing enough to reduce the chances of a breach through regulation or to penalize lax organizations after the fact. The writers, two analysts from the Cyber Policy Initiative at the Carnegie Endowment for International Peace, do see some movement in the right direction: Following the monumental breach suffered by Equifax (due to “appalling” cybersecurity practices), Moody’s downgraded its credit rating, although it took them two years to do it. Moody’s has announced that in the future it will be taking cybersecurity risks into account in its ratings and it has taken steps to help develop global standards for measuring that risk.