Interest in cyber insurance is expanding rapidly, a top official of Marsh & McLennan testified before a Senate committee today, with the number of Marsh clients purchasing stand-alone cyber insurance increasing by more than 20 percent in just the past year.
The Marsh official also testified that, in the area of cyber security, “offense is a lot easier than defense,” that is, companies should be aggressive in taking steps to head off cyber breaches.
“There is no silver bullet or panacea that will eliminate this risk,” said Peter Beshar, Marsh executive vice president and general counsel.
Rather, he said, it will take a “collaborative effort between government and business and among professionals in different disciplines — IT, HR, Legal and Compliance — to assess vulnerabilities and link arms to confront this risk head-on.”
Beshar’s testimony came at a hearing on “Protecting Personal Consumer Information from Cyber Attacks and Data Breaches,” held by the Senate Committee on Commerce, Science & Transportation.
The hearing was held the day after Sen. John D. Rockefeller, D-W.Va., chairman of the panel, released a report stating Target “possibly failed” to take advantage of several opportunities to prevent the massive data breach in 2013 when cyber criminals stole the financial and personal information of as many as 110 million consumers.
John Mulligan, Target executive vice president and CFO, responded, “With the benefit of hindsight and new information, we are now asking hard questions regarding the judgments that were made at that time and assessing whether different judgments may have led to different outcomes,” Mulligan said.
The report used the “intrusion kill chain” framework developed by Lockheed Martin security researchers in 2011. The report said that this tool “suggests” that Target missed a number of opportunities along the kill chain to stop the attackers and prevent the massive data breach.