In an effort to raise the bar on cybersecurity, executives from the tech, insurance, finance and critical infrastructure sectors met with President Joe Biden to discuss America's cybersecurity challenges and the need for a public-private partnership.
Last week, President Joe Biden met with executives from the tech, insurance, finance and critical infrastructure sectors to discuss America's cybersecurity challenges and the need for a public-private partnership to “raise the bar on cybersecurity."
Earlier this year, seven major carriers banded together to form CyberAcuView to address cybercrime by leading cyber risk mitigation efforts across the insurance industry. Last week's meeting comes as Congress and state legislatures weigh new legislation concerning data breach notification laws and cybersecurity insurance industry regulation.
Cybersecurity has risen to the top of the agenda for the Biden administration after a series of high-profile attacks on network management company SolarWinds Corp., Colonial Pipeline, meat processing company JBS and software firm Kaseya.
“We have a lot of work to do," President Biden said, citing both ransomware attacks and his push to get Russian President Vladimir Putin to hold Russian-based cyber gangs responsible, as well as the need to fill nearly half a million public and private cybersecurity jobs.
“Most of our critical infrastructure is owned and operated by the private sector, and the federal government can't meet this challenge alone," President Biden added. “You have the power, the capacity, and the responsibility, I believe, to raise the bar on cybersecurity."
Attendees at the meeting, held in the East Room of the White House, included Alan Schnitzer, chairman and CEO of The Travelers; Joshua Motta, CEO and co-founder of Coalition; Vishaal Hariprasad, CEO of Resilience Insurance; and Greg Hendrick, CEO of Vantage Group Holdings Ltd., a reinsurance firm.
The meeting also included executives from Google, Amazon, Apple, Microsoft, IBM, and ADP, as well as financial firms JPMorgan Chase, Bank of America, TIAA, and U.S. Bancorp.
The purpose of the meeting was to discuss opportunities to bolster the nation's cybersecurity. Participants took part in breakout sessions, with insurance executives participating in, “Building Enduring Cybersecurity," a session chaired by Gina Raimondo, secretary of commerce, and Isabella Guzman, U.S. Small Business Administration administrator.
Travelers announced its participation in the National Institute of Standards and Technology (NIST) initiative to develop a new framework for public and private entities to improve the security and integrity of the technology supply chain. Microsoft, Google and Coalition, among others, also committed to participating in the new NIST-led initiative.
“I highlighted the critical role that the insurance industry plays in strengthening America's cybersecurity," Schnitzer said. “Insurers help organizations manage cyber risk efficiently and effectively, including by conducting cyber risk assessments, advising on hardening cyber defenses and providing ongoing monitoring of cyber vulnerability.
“After a breach has occurred, insurers provide technical expertise and financial support to facilitate recovery," Schnitzer added. “Working together, the industry can also identify and share trends in the cyber risk environment and promote the adoption of cybersecurity best practices."
Motta announced that Coalition will make its cybersecurity risk assessment and continuous monitoring platform available for free to any organization.
“As the threats from ransomware and other cybercrimes accelerate, small and midsize businesses can't be left to fend for themselves," Motta said. “It takes a broad combination of accessible technology and aligned incentives to keep these companies safe."
Further highlighting the important role insurers can play in cybersecurity, Hariprasad said, “the insurance industry has historically been able to put incentives in place to change human behavior for the better. We saw this with fire, auto, and healthcare insurance. This is the role cyber insurance should play in security."
As a result of the meeting, Resilience committed to requiring policyholders to meet a threshold of cybersecurity best practice as a condition of receiving coverage.
“By broadly sharing data about those efforts in a consistent, organized way, we can gain valuable insights to help mitigate and avoid these risks," Hendrick said. “The team at Vantage approaches complex issues such as this with relentless curiosity and creativity. We are pleased to share perspectives through private-public partnerships like this that can accelerate improvements and achieve broad national impact."
Olivia Overman is IA content editor.