Property/Casualty insurance industry lobbyists were among many who pushed for the U.S. House of Representatives to approve a cybersecurity bill this week, which it did late afternoon on April 22.
The bill will require private companies to share cyber threat details with the U.S. National Security Agency (NSA) and other public and private investigators, without worrying about lawsuits. A similar Senate bill is pending.
Insurance industry leaders lobbied for a cybersecurity bill, in part, through a letter-writing campaign.
An April 21 letter to House leaders signed by the American Insurance Association, National Association of Mutual Insurance Companies and the Property Casualty Insurers Association of America, among other financial industry groups, celebrates passage of two bills out of committee (H.R. 1731 and H.R. 1560 – which evolved into the main House bill passed) that would encourage industry to share cyber threat information with “government agencies responsible for cybersecurity.”
“It is critical that Congress pass threat information sharing legislation to address today’s challenges and stay ahead of tomorrow’s threats,” the letter reads. “The financial services industry is committed to this effort and will remain a willing partner with Congress to secure our nation’s cyber infrastructure.”
They expressed similar sentiments as part of “Protecting America’s Cyber Networks Coalition,” which sent a similar letter signed by a number of groups from various industries.
A similar letter from PCI to the House leadership attempted to break the issue down in stark, simple terms.
“In the face of ever increasing cyber risks it is more important than ever to enact legislation that allows parties to share information that will help them better understand how hackers gain access to their systems without worrying about frivolous lawsuits,” wrote Nathenial Weinecke, PCI’s senior vice president of federal government relations.
“These bills provide companies with the safe harbor from liability they need to share information regarding cyber-attacks, in real time, with other private actors as well as the federal government. As companies share such information between themselves and the federal government (and vice versa), it will help them to improve their online security to better defend against outside attacks,” Weinecke said. “That, in turn, will mean the data companies maintain will be safer from increasingly sophisticated attacks on their networks.”
Insurers have pushed for cyber legislation for some time, as well as the creation of a federal cyber threat database. The P/C industry has scrambled to keep up with cyber attacks and how to adequately cover risks even as those attacks grow and become more complex.