RIMS said it issued a comment letter to the Federal Insurance Office in response to legislative dialogue regarding a federal backstop for large-scale catastrophic cyber incidents impacting infrastructure.
RIMS indicates that risk professionals would likely support a well-crafted federal cyber insurance backstop, however, the following concerns should be considered when developing a solution:
- It must be determined whether the scope of the federal backstop should be limited to critical infrastructure or available to all organizations in light of an incident’s cascading impact.
- If the backstop imposes cybersecurity controls, those controls should align with existing external standards, such as those issued by NIST or ISO.
- It must be determined whether the federal cyber insurance response should be included in The Terrorism Risk Insurance Program (TRIP) or be kept independent.
Read the RIMS letter.
“RIMS supports consideration of a broader federal backstop because RIMS members report that the private insurance market is not making available insurance for catastrophic cyber incidents at the desired level,” RIMS said in the Nov. 14 letter. The organization said its members from risk management would buy more cyber insurance limits if it is was made available and reasonably priced, but even when available, “war exclusions in cyber insurance policies could limit or eliminate coverage for catastrophic losses.”
“Cyber threats, and the devastation a cyber incident can have on an organization, consumers and systems, remain the top concern for risk management professionals around the globe,” said RIMS CEO Gary A. LaBranche. “RIMS looks forward to working with federal policymakers to successfully develop a solution that provides greater financial protections for cyber events, paving the way for risk professionals to continue to make the world safer, more secure and more sustainable.”
According to the Federal Register notice of potential rulemaking: “Over the past several years, the Federal Insurance Office in the U.S. Department of the Treasury has continued its ongoing efforts with regard to both cyber insurance and insurer cybersecurity. Cyber insurance is a significant risk-transfer mechanism, and the insurance industry has an important role to play in strengthening cyber hygiene and building resiliency.”
RIMS will continue to monitor the development of a federal insurance backstop for catastrophic cyber incidents, as well as any new, evolving and expiring legislation that impacts the global risk management community.
Additionally, the RIMS Political Action Committee (RISK PAC) continues to solicit contributions to allow the Society to engage and support Members of Congress who have demonstrated their commitment to RIMS legislative priorities.