Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,586
- Points
- 113
Senators are drafting a bill on cyber insurance.
In Russia, the idea of creating mandatory cyber insurance for companies that are at risk of cyber attacks and data leaks is being discussed, Kommersant reports. Senators plan to submit a bill on this to the State Duma after developing the necessary legal framework. The initiative is supported by the IT industry, which believes that cyber insurance can increase the level of cybersecurity in the country and compensate for financial losses from hacker attacks. However, there are also opponents of this idea, who believe that cyber insurance will be just another tax for businesses and will not solve the problem of cyber threats.
Artem Sheikin, a member of the Federation Council Committee on Constitutional Legislation and state Construction, believes that the creation of a cyber threat insurance market in Russia is "an important initiative that can significantly improve cybersecurity in the country."
"Just as OSAGO provides financial protection for motorists in the event of an accident, cyberthreat insurance will provide protection for companies in the event of cyber attacks and data leaks," Sheikin said earlier.
According to Artem Sheikin, at the moment senators receive feedback on the creation of mandatory cyber insurance of risks and threats (abbreviated as DISTRICT) from relevant ministries, the expert community, forming the concept of the bill. "Some of the theses of the draft law will depend on the final version of the law on negotiable fines approved by the Federation Council, since the initiative to create cyber insurance was aimed precisely at combating leaks of personal information," he recalls.
The IT industry welcomes the idea of cyber insurance, as it considers it relevant and necessary in the context of growing cybercrime. Businesses already use various insurance products, but cyber threats such as hacks, cryptographers, phishing or DDoS attacks are becoming more relevant and pose a special risk that requires a special approach.
It is planned to introduce the bill to the State Duma after creating the necessary regulatory framework, which will take into account the law on turnover penalties, aimed at combating leaks of personal information.
International experience shows that cyber insurance is a promising and fast-growing segment of the insurance market. According to analysts ' forecasts, the global cyber insurance market will reach $84.62 billion by 2030. The main drivers of the growing demand for such insurance are the digitalization of business, remote work, the growth of cyber attacks and data leaks, as well as the introduction of fines for violating the law on personal data. However, there are also constraints, such as the high cost of insurance packages, the lack of a single standard for assessing damage and perpetrators of incidents, and low awareness of real threats from some companies.
In Russia, the cyber insurance market as a whole is growing at a moderate pace. On average, according to the data of the consulting company Kept at the end of 2022, analysts stated its growth by 2% in 2022 and predicted an increase of 1% in 2023. Analysts recalled that the deterioration of the macroeconomic situation at the beginning of 2022 affected the insurance market: fees for the first half of 2022 decreased by 3.6% compared to the first half of 2021. But experts expect that in 2023, the volume of insurance companies ' fees will amount to 1.8 trillion rubles.
According to Soyuz Strakhovaniya, the demand for cyber risk coverage from Russian companies has grown by more than 20% over the past two years, and over the next three to five years, the segment may grow to 8-10 billion rubles. Alfastrakhovaniya notes that due to the growth of cyber risks, the demand for such insurance on the part of businesses has become "more substantive and conscious."
The insurance market as a whole is primarily regulated by the Bank of Russia. The Central Bank of Kommersant noted that the creation of a new cyber risk insurance institute is one of the tasks defined by the Bank of Russia's strategic document "Main Directions for the development of information security in the credit and financial sector for 2023-2025". However, according to the Central Bank, in order to create an effective cyber insurance mechanism in Russia, it is necessary to solve a number of problems.
In particular, it is necessary to determine the object of insurance, conduct an economic assessment of the feasibility of this tool, analyze the potential volume of claims for damages and expenses of insurance market participants, and create an institute for assessing cyber security with an assessment methodology.
According to Artem Sheikin, the formation of the legal basis for the creation of the district will require changes in the tax legislation. Currently, the law does not separate responsibility for leaks of personal data containing, for example, full name and phone number, and leaks of biometric data. In addition, the senator believes, it is necessary to create an institute for assessing cyber security with an assessment methodology that will allow attracting broad expertise to assess security, but not individual vulnerabilities, but the possibility of critical losses due to cyber attacks.
Cyber insurance is a theoretically useful tool that will allow you to diversify the risks of digitalization, and therefore it is easier to introduce innovations, says Rustem Khayretdinov, Deputy General Director of Garda Group. But the introduction of mass cyber insurance without clear, understandable methods for assessing damage and identifying those responsible for this damage will run into a surge in insurance fraud or protective rates. Also, he warns, compulsory insurance that is not supported by business sense will become just another tax. According to the Garda Group of Companies, it will be useful to start small, for example, to insure only damage from downtime or to insure the company against fines imposed by state authorities: "This will allow you to accumulate statistics and establish an independent assessment of damage and methods for identifying the perpetrators of the incident."
In Russia, the idea of creating mandatory cyber insurance for companies that are at risk of cyber attacks and data leaks is being discussed, Kommersant reports. Senators plan to submit a bill on this to the State Duma after developing the necessary legal framework. The initiative is supported by the IT industry, which believes that cyber insurance can increase the level of cybersecurity in the country and compensate for financial losses from hacker attacks. However, there are also opponents of this idea, who believe that cyber insurance will be just another tax for businesses and will not solve the problem of cyber threats.
Artem Sheikin, a member of the Federation Council Committee on Constitutional Legislation and state Construction, believes that the creation of a cyber threat insurance market in Russia is "an important initiative that can significantly improve cybersecurity in the country."
"Just as OSAGO provides financial protection for motorists in the event of an accident, cyberthreat insurance will provide protection for companies in the event of cyber attacks and data leaks," Sheikin said earlier.
According to Artem Sheikin, at the moment senators receive feedback on the creation of mandatory cyber insurance of risks and threats (abbreviated as DISTRICT) from relevant ministries, the expert community, forming the concept of the bill. "Some of the theses of the draft law will depend on the final version of the law on negotiable fines approved by the Federation Council, since the initiative to create cyber insurance was aimed precisely at combating leaks of personal information," he recalls.
The IT industry welcomes the idea of cyber insurance, as it considers it relevant and necessary in the context of growing cybercrime. Businesses already use various insurance products, but cyber threats such as hacks, cryptographers, phishing or DDoS attacks are becoming more relevant and pose a special risk that requires a special approach.
It is planned to introduce the bill to the State Duma after creating the necessary regulatory framework, which will take into account the law on turnover penalties, aimed at combating leaks of personal information.
International experience shows that cyber insurance is a promising and fast-growing segment of the insurance market. According to analysts ' forecasts, the global cyber insurance market will reach $84.62 billion by 2030. The main drivers of the growing demand for such insurance are the digitalization of business, remote work, the growth of cyber attacks and data leaks, as well as the introduction of fines for violating the law on personal data. However, there are also constraints, such as the high cost of insurance packages, the lack of a single standard for assessing damage and perpetrators of incidents, and low awareness of real threats from some companies.
In Russia, the cyber insurance market as a whole is growing at a moderate pace. On average, according to the data of the consulting company Kept at the end of 2022, analysts stated its growth by 2% in 2022 and predicted an increase of 1% in 2023. Analysts recalled that the deterioration of the macroeconomic situation at the beginning of 2022 affected the insurance market: fees for the first half of 2022 decreased by 3.6% compared to the first half of 2021. But experts expect that in 2023, the volume of insurance companies ' fees will amount to 1.8 trillion rubles.
According to Soyuz Strakhovaniya, the demand for cyber risk coverage from Russian companies has grown by more than 20% over the past two years, and over the next three to five years, the segment may grow to 8-10 billion rubles. Alfastrakhovaniya notes that due to the growth of cyber risks, the demand for such insurance on the part of businesses has become "more substantive and conscious."
The insurance market as a whole is primarily regulated by the Bank of Russia. The Central Bank of Kommersant noted that the creation of a new cyber risk insurance institute is one of the tasks defined by the Bank of Russia's strategic document "Main Directions for the development of information security in the credit and financial sector for 2023-2025". However, according to the Central Bank, in order to create an effective cyber insurance mechanism in Russia, it is necessary to solve a number of problems.
In particular, it is necessary to determine the object of insurance, conduct an economic assessment of the feasibility of this tool, analyze the potential volume of claims for damages and expenses of insurance market participants, and create an institute for assessing cyber security with an assessment methodology.
According to Artem Sheikin, the formation of the legal basis for the creation of the district will require changes in the tax legislation. Currently, the law does not separate responsibility for leaks of personal data containing, for example, full name and phone number, and leaks of biometric data. In addition, the senator believes, it is necessary to create an institute for assessing cyber security with an assessment methodology that will allow attracting broad expertise to assess security, but not individual vulnerabilities, but the possibility of critical losses due to cyber attacks.
Cyber insurance is a theoretically useful tool that will allow you to diversify the risks of digitalization, and therefore it is easier to introduce innovations, says Rustem Khayretdinov, Deputy General Director of Garda Group. But the introduction of mass cyber insurance without clear, understandable methods for assessing damage and identifying those responsible for this damage will run into a surge in insurance fraud or protective rates. Also, he warns, compulsory insurance that is not supported by business sense will become just another tax. According to the Garda Group of Companies, it will be useful to start small, for example, to insure only damage from downtime or to insure the company against fines imposed by state authorities: "This will allow you to accumulate statistics and establish an independent assessment of damage and methods for identifying the perpetrators of the incident."
