Media discussion of a “cyber TRIP” tends to the bullish. This report, by post-doc cyber insurance researcher Daniel Woods @leltop, surfaces the potential downside of such a plan, from moral hazard to perverse incentives that might reduce improvements in cyber security by the insured.
We don’t necessarily buy all the arguments here, but the detailed review of policy and business issues and historical precedent is well worth the read.
From the article:
“While historical examples suggest that government backstops facilitate economic activity—such as in the wake of 9/11 and the build-up to World War I—this is not the case for present-day cyber insurance because online activity would happen regardless.
A backstop could create an over-supply of insurance, and this may weaken incentives to improve cybersecurity levels. This discussion is reminiscent of federal insurance schemes that covered properties in areas especially vulnerable to natural disaster, such as the coasts of North Carolina and Florida. Critics of such policy measures ask why property owners should be subsidized to rebuild houses in areas exposed to natural disaster.”
“A cyber backstop is unnecessary because firms conduct online activity regardless of whether insurance is available…”
Source: A Federal Cyber Insurance Backstop Is Premature