Why Mandates Work for Traditional Insurance Categories, but not for Cyber-Insurance
When first introduced in 1997, cyber insurance was called Internet Security Liability (ISL). Early policies were designed to mitigate the risks faced by e-commerce vendors and were underwritten by AIG. While cyber-insurance can trace its roots back a quarter of a century, it is, in many ways, still in its infancy.
Cyber-insurance companies require policyholders to follow and attest to a nine-point cybersecurity plan. These requirements are designed to minimize exposure for cyber-insurance companies by providing higher levels of security for organizations purchasing cyber-insurance. Despite the intent of the requirements, they are not working. Read more here.