Cyber Insurance As Cyber Diplomacy

Abstract

The delicate art of managing foreign affairs is one of the oldest in human history. This long- established practice has recently experienced a renaissance with the introduction of “cyber diplomacy” as an exciting new frontier for traditional diplomatic work. Under this novel banner a pincer movement is gradually taking form: While ambassadors and foreign relations experts are being called to engage further with “the geopolitics of cyberspace,” computer scientists and cybersecurity specialists are invited, perhaps for the first time, to meaningfully contribute to discussions at “the heart of foreign policy.” Cyber risk insurance is a type of insurance that provides coverage for businesses and individuals for the perils of the internet age, such as data breaches, computer network interruptions, and ransomware attacks. Cyber insurance is gradually proving to be an important tool for cyber risk prevention and mitigation on the local, regional, national, and international levels. If cyber diplomacy is truly concerned with enhancing cyber deterrence and promoting norms that ensure global cyber stability and cyber peace, it must broaden its perspective to include international insurance norms for modeling and indemnifying harms in cyberspace. In this chapter I therefore argue that norms surrounding cyber insurance should be added to the diplomatic portfolio of nation states. To illustrate this point, I discuss a recent initiative of the Israeli National Cyber Directorate to transform Israel into a beta site for cyber insurance regulation. The goal of this trial is to experiment with various prescriptive and regulatory solutions for some of the most intrinsic problems that plague the still-emerging cyber insurance market. By collaborating with a number of reinsurers and foreign governments, Israel hopes to successfully chart the way forward for other commercial insurers and insurance regulators around the world. In so doing, it is demonstrating how cyber diplomacy might be augmented and expanded to encompass certain norms, best practices, and governance mechanisms that have so far been deemed wholly domestic, jurisdiction-specific, and purely technical. The chapter proceeds in the following order. Section I briefly explores the current state of the cyber insurance market and its existing global limitations. Section II moves to discuss the new initiative to turn Israel into a cyber insurance beta site, its scope and rationale. The chapter concludes by extrapolating from the Israeli case study to propose a broader research agenda for international norms around cyber insurance.