LAS VEGAS — The White House is taking steps to address the issue of cyber insurance for catastrophic cyber incidents. National Cyber Director Harry Coker announced at the Black Hat cybersecurity conference that his office is collaborating with the Department of Treasury’s federal insurance office and officials at the Cybersecurity and Infrastructure Security Agency (CISA) to develop a new policy in this area.
Coker emphasized that the policy proposal, expected to be released by the end of the year, will focus on managing risk rather than avoiding it. This initiative aligns with the National Cybersecurity Strategy released last year, which highlighted the need to stabilize insurance markets against catastrophic cyber risk to promote better cybersecurity practices and provide market certainty in the event of major cyber incidents.
The strategy also acknowledged the potential role of the Federal Government in stabilizing the economy and aiding recovery following a catastrophic cyber event. By structuring a response plan in advance, the government aims to enhance market certainty and national resilience. The Administration plans to consult with Congress, state regulators, and industry stakeholders to assess the need for a Federal insurance response to catastrophic cyber events.
One of the key challenges identified by Coker is the role of actuaries in assessing cyber risk for insurance policies. The availability of sufficient data to mature the cyber insurance market is a critical focus area for the ongoing effort. While specific details of the policy intervention remain confidential, ONCD officials have indicated that there is a recognized gap in the insurance market’s ability to respond effectively to catastrophic cyber incidents.
Collaboration between ONCD, the Federal Insurance Office, and CISA is driving the proposal development process, with active engagement with the insurance industry and policyholder community to understand diverse stakeholder needs. The goal is to enhance the national cybersecurity posture and provide market certainty during catastrophic events.
The cyber insurance market has been a subject of controversy, with concerns raised about insurance payments potentially fueling ransomware attacks. Some ransomware groups target victims based on their insurance coverage, leading to ransom demands tailored to exploit insurance policies. Legal disputes have also arisen regarding the role of cyber insurance in addressing cyberattacks by nation-states.
As the White House works towards a new policy on cyber insurance for catastrophic cyber incidents, the focus remains on managing risk effectively, enhancing cybersecurity practices, and providing market certainty in the face of major cyber threats. The collaboration between government agencies and industry stakeholders underscores the importance of addressing gaps in the insurance market to bolster national resilience against cyber risks.