Should vendors that have cybersecurity insurance have an advantage when competing for the state of California's IT contracts?
That's seemingly the premise behind new legislation introduced by Assemblymember Scott Wilk, R-Santa Clarita.
AB 1955 would amend the Public Contract Code to instruct state agencies to give a "preference" to vendors that carry cybersecurity insurance when procuring IT goods and services. The bill stipulates that vendors that don't have cybersecurity insurance would not be prevented from bidding on state IT contracts.
Wilk's office did not immediately return Techwire's request for comment about his bill.
Cyberinsurance is a form of liability coverage. "Cyberinsurance protects from Internet-based risk relating to information technology infrastructure and information assets. ... Policy benefits often include security audits, post-incident PR, customer credit monitoring services, investigative expenses and criminal reward funds," writes Vijay Basani, president, CEO and co-founder of EiQ Networks, in an opinion piece for MarketWatch last year. Basani estimates the cyberinsurance market is valued at $2 billion.
Cybersecurity insurance can potentially dampen the cost of mitigating a data breach. An annual survey from the Ponemon Institute and IBM found that the cost per record of a data breach in 2015 was $154, and the cost per single data breach was a total of $3.8 million.
A growing number of states and localities are considering whether to purchase cyberinsurance policies, and the U.S. Department of Homeland Security has posted a Web page of online resources about cybersecurity insurance and cyber-risk management.
Since 2012, businesses and government agencies have been required to report data breaches affecting more than 500 Californians to the Attorney General's Office. More than 650 breach incidents have been sent in during the past four years. About 5 percent of those breaches originated from the government, according to the Attorney General's Office.
