Legislation that creates both positive and negative incentives may be necessary for industry to incorporate effective network security. The role of the insurance industry also can be brought to bear to convince companies it is in their best interest to ensure the sanctity of their data.
These points were offered by Rep. Mac Thornberry (R-TX). He told the morning audience at the AFCEA Global Intelligence Forum in the National Press Club in Washington, D.C., that the government should pursue a private sector approach as part of its efforts to strengthen information security in the United States.
“We need to make cyber a bigger deal at the CEO [chief executive officer] level, and to do that we need to have money involved,” he said. This would include market incentives for companies to secure their information. And, the counterpart would be a financial penalty for those firms that do not pursue adequate security.
“You have to have a stick with those carrots,” he continued. “A company that loses vital data because they didn’t have effective security involved pays a price.”
The congressman added that the insurance industry should be brought into play as well. The government needs to push cyber insurance that establishes minimum requirements and provides discounts for advanced security measures. This might work the same way that auto and home insurers provide discounts for safety technologies.