Policy for every virus

Policy for every virus

Insurance of information risks planning to make it mandatory.

As it became known””, in the framework of the government programme “Digital economy” is about to create a large-scale insurance market cyberrisks. Policy information security may become mandatory in 2020 for all strategic industries — from banking to engineering.

Examples of the organization of management of these risks in this volume is not in any country, and Russia could become a world leader in this industry, I hope the authors of the program — work in this direction is headed by Sberbank. Business to the idea of compulsory cybertronia reacted coolly and sees no such need. Not happy and insurers — despite the expected fees of up to 50 billion rubles a year, they don’t want the tariffs were set by the state.

At the disposal of “Kommersant” were the plan of activities of the programme “Digital economy” to create a mandatory cybertronia in the country. A working group on this direction the program is headed by Sberbank. The plan assumes that by 2020, the introduction of the industry standard of mandatory information security audit (is to describe the conditions of insurance and statistics, models of actuarial rates, etc.) and the requirement of compulsory insurance of such risks, the enterprises of individual sectors of the economy (including banking, airports, railway stations and strategic branches of industry — metallurgy, machine building, shipbuilding, aviation industry etc.).

“In this volume changes in the management of these risks and insurance is not organized in any country, that is, Russia becomes the world leader in this area”, — the document says. For the project it is proposed to make amendments to the law on organization of insurance business (adds a new type of insurance). The cost of it will have to reduce the tax base — it is proposed to amend the tax code.

The current state of Affairs in this area, the document describes as follows: “Insurance of information risks is unknown and incomprehensible to most consumers of this service”. In the history of insurance cyberrisks in Russia is signed less than 20 insurance contracts, most of which are enterprises with foreign participation from foreign insurers.

We will remind, the program “Digital economy” — the government’s initiative to develop “smart” regulation, oriented on satisfaction of demands of the business.

The programme identified five promising areas, which involved the Russian company digital sphere. Insurance against cyber threats is one of them, a working group in this area is headed by Sberbank. In the practical implementation of the project is proposed to tap the Central Bank, Ministry of Finance, Ministry of communications, FSTEC, FSB, the all-Russian Union of insurers (VSS), the reinsurance subsidiary of the Central Bank — Republic popular.

Note that the problem of losses from cyber-attacks to business familiar. According to the Director for development of industrial cyber security solutions, “Kaspersky Lab” Andrei Suvorov, the average amount of loss among enterprise customers from cyber attacks is $497 thousand According to Group-IB for Russia and CIS, Internet-banking legal entities with the use of malicious programs per day make two successful attack with an average amount of theft of 1.25 million RUB.

For the year from July 2016 to July 2017 legal entities stole 622,5 million rubles (35% less than the previous year). The insurance market from hacker attacks in Russia only is formed, said Alexei Novikov, head of the expert center security Center Security Expert PT. According to him, insurers are not willing to take on this responsibility because of the difficult estimation of losses.

First service cybertronia required by banks and financial institutions, the second providers, the third — companies involved in the processing of personal data, says the head of the laboratory of computer forensics company Group-IB Valery Baulin. At the same time companies, primarily technological, gradually increasing understanding of what the problem is and that it is possible to insure against such risks. Insurance company “Alliance” that protects customers from cyberrisks, said that after the spread of viruses WannaCry and Petya recorded a growth in the demand for insurance against cyber threats — according to the company, the world turnover of this market is $2.5 billion.

Business to the idea of insurance protection cyberrisks reacted differently.

In the absolute-Bank “Kommersant” has stated that now banks do not insure such risks, but the idea was called timely. In the opinion of the Chairman of the Bank “home Credit” Sergey Shcherbakov, compulsory insurance cyberrisks inappropriate. “Every organization needs to manage their own risks. If the organization judges that the risks increase, it can insure,” he says, insisting that “it must be an independent decision of the management.”