Benjamin Franklin’s cyber solution

Every day, a new alarm sounds for cybersecurity.  The latest revelation, that the FBI is investigating the hacking of major U.S. financial institutions, comes closely on the heels of claims that Russian criminal gangs hacked over 1 billion passwords.  These exploits follow a series of breaches in which hundreds of millions of records have been stolen from US retailers, restaurant chains and other businesses.  While government officials and business leaders search for a solution, one of our nation’s founding fathers may ironically hold the key.  

In 1730, a disastrous fire swept through Philadelphia.  Benjamin Franklin, then 24 years old, jumped into the fray.  Harnessing his astounding creativity, Franklin invented three revolutionary concepts for fighting fires: the first all-volunteer fire brigade, a safer “Franklin Stove” for heating homes, and the lightning rod.  

{mosads}Amazingly, Franklin was not done.  With these innovations in place, Franklin then established the first fire insurance company in the colonies – the “Philadelphia Contributorship.” Franklin introduced innovative risk management concepts.  Any “subscriber” who wished to receive property insurance was required to adhere to mandatory building standards.   Premium rates, rather than being uniform, were set relative to the risk posed by each property.  High risk businesses, like apothecaries or breweries, were refused coverage.  Having introduced these novel underwriting concepts, Franklin is considered the Father of American Insurance.

This battery of initiatives worked.  Unlike other major cities of the era, Philadelphia did not suffer another catastrophic fire after 1730.  Franklin and his cohorts had engaged in a textbook example of what we would today call “enterprise risk management.”

Fast forward almost three centuries.  The director of the FBI asserts that cyber risk will shortly eclipse terrorism as our top domestic threat.  Cabinet officials have ominously warned of a “Cyber Pearl Harbor” or a “Cyber 9/11.”  Unquestionably, the administration and Congress have been out in front of the business world in identifying the significance of this threat.  Yet, government alone cannot solve this problem, particularly where 85 percent of our country’s critical infrastructure — electric grids, transportation systems, telecommunications networks, chemical facilities, water supplies — is owned by the private sector.

Fortunately, Franklin has given us a playbook for combatting cyber risk.  Even the language of fire permeates the discussion.  “Fire walls” are the first line of defense for network security.  The chief internet evangelist at Google has called for the creation of a “Cyber Fire Department.”  Clearly, technological innovation will be important, particularly in the area of encryption.  What is the modern equivalent of the lightning rod?

The most critical task, however, is to create the right economic incentives to drive change in the marketplace.   Mindful that the NIST Cybersecurity Framework is a voluntary set of best practices, the administration has singled out cyber insurance as a potential catalyst for change.  The White House czar for cybersecurity, Michael Daniel, notes the potential “incentivizing effect of private insurance contracts to promote more informed and effective cybersecurity practices.”  

As Franklin realized, small fires that are not contained can threaten an entire city.  So, the business community needs to step up.  In a recent survey by the National Association of Corporate Directors, only 13 percent of directors expressed satisfaction with the level of information they receive on cybersecurity.  Boards of public and private companies, and non-profit institutions, should be regularly updated by management regarding their organization’s cyber practices. 

Within that framework, cyber insurance has a role to play in creating the right incentives in the marketplace.  To qualify for coverage, an insured must conduct a gap analysis of its own IT systems against industry standards.  This process, in and of itself, can prompt businesses to harden their defenses and thereby qualify for better pricing.  Once coverage begins, insurers  have every incentive to limit damage from cyber threats.  Accordingly, carriers now offer policyholders an array of monitoring and rapid response services to flag and mitigate attacks.  Together with the Department of Homeland Security and Commerce Department, the new Federal Insurance Office within the Treasury Department should help coordinate interactions with the business community to enhance our nation’s resilience to cyber attacks. 

Franklin, one of the most prolific inventors of the 18th century, has shown us the model for combatting the 21st century risk of cyber attacks.  As the great sage once said: “you may delay, but time will not.”

Beshar is the executive vice president and general counsel of the Marsh & McLennan Companies – the world’s largest risk advisor.