California Proposal for Mandatory Cyber Insurance

I’d go further and make insurance just one of the mitigations for cyber risk that are a pre-requisite for being in business. In the UK it’s mandatory to be inspected by Environmental Health if you handle food. We need an equivalent for handling data…:

On Feb. 15, California Assemblyman Ed Chau, representing the Western San Gabriel Valley (near President Nixon’s old stomping ground of Whittier) introduced AB 2320, which would, if passed, require any entity with a contract with any California government agency or department that “receives or has access to any records which contain any Personal Information” to “carry cyber insurance sufficient to cover all losses resulting from potential unlawful access to or disclosure of personal information, in an amount determined by the contracting agency.” So what kind of insurance are we talking about, what kind of “losses” are we talking about, and what would be the real-world impact of such a law?


Original article here