The market incentives project identifies ways in which businesses and commercial incentives can promote cyber security more quickly, flexibly, and internationally than governmental regulatory processes often do. In particular, the insurance industry and large investors can reward implementation of security best practices and, by implication, punish actors who leave themselves and their customers vulnerable. Led by Ariel Levite and Wyatt Hoffman, the project engages with leaders across the private sector and key stakeholders in government to develop and test mechanisms for motivating practices crucial to more effective cyber risk management.
Cyber insurance is a promising way to contain the havoc cyber attacks wreak, but endless lawsuits hamper its effectiveness. Reforms and new solutions are sorely needed.
Markets have been slow to adjust to the multi-dimensional perils of cyber risk.
How far are private actors allowed, expected, or even obligated to go when protecting themselves against cyber attacks and other malicious internet activity?
Harnessing the full potential of cyber insurance will be imperative for preventing systemic cyber incidents of concern for governments and the private sector alike.
Increasingly frequent and severe cyberattacks targeting the private sector are fueling debates around the world over whether or not to allow corporations to engage in active cyber defense.
Faced with limited capacity and resources, governments need to develop a complementary, legitimate space for private sector active cyber defense.