Senior Vice President
New York, NY
Abstract: In response to the pervasive and escalating cyber threat targeting the United States, on February 12, 2013, President Obama signed Executive Order 13636. In part, EO 13636 mandates the establishment of a Cyber Framework comprised of voluntary standards and best practices that will guide participating critical infrastructure toward reducing cyber vulnerabilities. However, because there is no regulatory authority for establishing the program, private sector participation must be voluntary. As a result, the Department of Commerce is actively searching for incentives that will coax the private sector into adopting the Cyber Framework. The foremost sought incentive has been immunity from liability. However, this would require an act of Congress, which has yet to happen. Another suggested incentive has been cyber insurance, which Commerce described as “effective, market-driven way of increasing cybersecurity” because it can encourage the adoption of best practices and preventative measures. Given the impending establishment of the Cyber Framework, this presentation will examine the key questions:
- What standard of care, even for non-participating companies, will the Cyber Framework establish?
- Will the Cyber Framework usher in a new pseudo-regulatory regime?
- How would congressionally approved liability immunities affect the regime? What are the current proposals?
- How would insurance provide an incentive for private sector industries seeking to participate in the Cyber Framework? Can insurance also be a solution for creating risk management capabilities?
Biography: Matthew McCabe is a Senior Vice President and Senior Advisory Specialist for network security and data privacy group with the FINPRO practice at Marsh’s New York City headquarters. His current responsibilities include advising clients on emerging cyber security trends and issues and ways in which they can address their unique data and privacy needs. Prior to joining Marsh, Matthew served as senior counsel to the U.S. House of Representatives Committee on Homeland Security, where he advised congressional representatives on federal, state and local policy involving cyber security, data protection and privacy law.