As we kick off 2014, I am starting the New Year with an interview series, which will provide an overview of the cybersecurity industry. I spoke with Marsh's Senior Vice President of Network Security and Privacy Practice, Matt McCabe, discussing various components of the cybersecurity market. At Marsh, Mr. McCabe is responsible for advising clients on emerging cybersecurity trends and issues and ways in which they can address their unique data and privacy needs. What's more -- Mr. McCabe has more than a decade of experience in the legal and cyber security realms. He served as senior counsel to the U.S. House of Representatives Committee on Homeland Security, where he advised congressional representatives on federal, state, and local policy involving cybersecurity, data protection, and privacy law.
Specifically, in this interview, we examine cybersecurity public policy and law, discussing the federal government's voluntary framework, and the private versus public sectors. Stay tuned next week for the final installation of this interview series, where we will discuss unique approaches to handling cyber and data privacy issues.
The federal government seems to be leaning towards using cyber insurance as an incentive to adopt voluntary cyber framework. Do you think the insurance marketplace would make such a link?
There should be a link between the framework's goal of improving cyber practices for critical infrastructure, and the potential for underwriters assess and more accurately appreciate risk. I believe that the Administration would like the insurance market to help drive implementation, but prefers for a gradual development favoring encouragement over prodding by the federal government. Eventually, the link will occur when the framework, whether mandatory or voluntary in nature, is recognized for having established a cyber "standard of care" that companies should be meeting.
In terms of a cybersecurity law, I hope that Congress and the Administration revive discussions on information sharing for cybersecurity. I would also favor a federal data breach law that streamlines the burden on U.S. companies.
You came from the White House and Congress... how have those experiences impacted your work at Marsh, and what has surprised you most about cybersecurity from the private sector side?
Before moving to Washington in 2006, I worked in private practice in New York for several years. When I arrived in D.C., I did not appreciate the nuances and complexity of working in federal policy. I think it is difficult for anyone to appreciate who has not worked within the Beltway. For example, so much congressional action occurs is driven by deadlines. In light of how that approach greatly complicates long-term planning, it is tough to understand why more cannot be accomplished. Overall, it makes me appreciate more the professionals who understand both sides of the equation.