The Impact of American Legislation on the Development of the Cyber Insurance Market in the US
DOI:
https://doi.org/10.15678/ZNUEK.2016.0958.1006Keywords:
cyber insurance, insurance, cyber risk, cyber securityAbstract
The aim of the paper is to analyse the role of regulation in stimulating demand for cyber insurance on the example of the US insurance market. This paper adds in-depth comparative analysis of American legislation to the existing scientific achievements, in particular state legislation, in the area of legal responsibility for data breach. This makes it possible to verify the oft-repeated argument that the legislation in the area of personal data security and electronic processing of personal data can stimulate the development of cyber insurance. One of the functions of such insurance is to protect the entity processing personal data from the financial consequences of administrative penalties and third party claims arising from breach of confidentiality. The study shows that state and federal regulations have a clear influence, requiring mandatory notification of data breach, on the development of the cyber insurance market in the US. Therefore, it can be expected that the implementation of similar regulations in the European Union will trigger a positive effect on the European market for cyber-insurance, which is currently in its initial development stage.
Downloads
References
Ayers E. [2015], Federal Data Breach Notification Law Seen as Cost-saving Measure, Advisen, http://www.cyberrisknetwork.com/2015/03/27/federal-data-breach-notification-law-seen-cost-saving-measure/ (data dostępu: 12.11.2016).
Benchmarking Trends: Cyber-attacks Drive Insurance Purchases for New and Existing Buyers [2015], Marsh, October, http://www.oliverwyman.com/content/dam/marsh/Documents/PDF/US-en/Mid-Year%20Cyber%20Benchmarking%20Report-10-15.pdf (data dostępu: 2.12.2016).
Burdon M., Lane B., Nessen P. von [2010], The Mandatory Notification of Data Breaches: Issues Arising for Australian and EU Legal Developments, „Computer Law and Security Review”, vol. 26(2), https://doi.org/10.1016/j.clsr.2010.01.006. DOI: https://doi.org/10.1016/j.clsr.2010.01.006
Cyber Claims Study [2016], Net Diligence, https://netdiligence.com/wp-content/uploads/2016/10/P02_NetDiligence-2016-Cyber-Claims-Study-ONLINE.pdf (data dostępu: 12.09.2016).
Cyber/Privacy Insurance Market Survey [2016], The Betterley Report, https://www.irmi.com/online/betterley-report-free/cyber-privacy-media-liability-summary.pdf (data dostępu: 26.11.2016).
The Global Risks Report 2016 [2016], World Economic Forum, Insight Report, 11th ed., http://www3.weforum.org/docs/Media/TheGlobalRisksReport2016.pdf (data dostępu: 23.09.2016).
Gramm-Leach-Bliley Act [1999], Public Law 106–102, 113 Statute, https://www.gpo.gov/fdsys/pkg/STATUTE-113/pdf/STATUTE-113-Pg1338.pdf (data dostępu: 11.10.2016).
IT Security Spending Trends [2016], SANS, February, https://www.sans.org/reading-room/whitepapers/analyst/security-spending-trends-36697 (data dostępu: 30.11.2016).
Komisja Europejska [2010], Całościowe podejście do kwestii ochrony danych osobowych w Unii Europejskiej, Komunikat Komisji do Parlamentu Europejskiego, Rady, Europejskiego Komitetu Ekonomiczno-Społecznego oraz Komitetu Regionów z dnia 4 listopada 2010 r., KOM(2010) 609, http://ec.europa.eu/justice/news/consulting_public/0006/com_2010_609_pl.pdf (data dostępu: 18.11.2016).
Krzysztofek M. [2014], Ochrona danych osobowych w Unii Europejskiej, Wolters Kluwer, Warszawa.
Marketplace Realities. 2016 Spring Update [2016], Willis Towers Watson, http://www.willis.com/documents/publications/Industries/construction/MR%20Spring%20Update%20Final.pdf (data dostępu: 23.06.2016).
Practical Guide to Understanding and Complying with the Gramm-Leach-Bliley Act [2016], Ecora, http://www.ecora.com/Ecora/whitepapers/IDRS_GLBA.pdf (data dostępu: 22.11.2016).
Schwartz P.M., Janger E.J. [2006], Notification of Data Security Breaches, „Michigan Law Review”, vol. 105.
Smyth S.M. [2013], Does Australia Really Need Mandatory Data Breach Notification Laws – And If So, What Kind?, „Journal of Law, Information and Science”, vol. 22(2).