The White House is thinking about basically bribing businesses to get them to patch leaky cybersecurity.

According to Politico, the US government is pondering, specifically, tax breaks, insurance perks and other legal benefits for businesses that do some serious overhaul of their digital defenses.

Politico recently got its hands on a May 21 presentation from the Department of Homeland Security (DHS) that raised the notion of such incentives.

The incentives aren’t yet finalized.

They would be designed to entice critical infrastructure players in particular, such as power plants and water systems, to adopt voluntary standards that are now being drafted by government and industry in response to an executive order from President Barack Obama.

The standards will be hammered out by DHS and the National Institute for Standards and Technology (NIST). The bodies will be working with businesses to create a security framework that businesses will, ideally, adopt on their own volition.

Politico pointed out that the financial lures also need to be run through federal agencies, including DHS and the Treasury Department, to determine how tasty the enticements can be, either with or without the help of a Congress that has proved, unfortunately, markedly unhelpful.

The 12-page document from DHS – which Politico refrained from publishing – reportedly mulls not only financial and market benefits, but also legal benefits, including limited lawsuit protection for participating companies.

It’s wonderful to hear about incentives like this, particularly if they might spur organizations into getting insurance that could help to protect them from potentially devastating costs of data breaches or other cybersecurity dangers.

As it is, insurance professionals will tell you that many, if not most, businesses mistakenly think that general liability policies will cover them in times of cybersecurity mayhem.

Such policies won’t, but there are policies that will, and it’s wise to learn about them and know what questions to ask about such policies to make sure an organization is as well-covered as possible.

As Politico reports, experts believe that those organizations that adopt upcoming cybersecurity standards could be well-positioned to get breaks on such insurance, being able to point to the standards as evidence that they’re following best practices.

This is the juicy stuff that could greatly help to improve security postures.

As it is, the Homeland Security page about cybersecurity incentives is as dry as a sun-baked bone.

DHS talks about secure software engineering, security breach forensics, better training and the instillation of personal data “ownership” – all worthy, mind you, but all very blah, blah, blah.

Tasty cash, on the other hand? Much more interesting, I’d wager.

Let’s hope that the Feds can get something done, with or without the help of Congress.

Via: sophos