This post is also available in: עברית (Hebrew)
The increasing sophistication and scope of cyberattacks on businesses – and the increasing damage such attacks are causing – have led to growing interest in cybersecurity insurance. The industry is urging the government to treat cyberattacks as acts of terrorism which should be covered under the Terrorism Risk Insurance Act (TRIA), while also looking into how the Stafford Actcould help companies after a cyberterror attack. At the same time, more private insurers are offering limited cyber-coverage, but many say they would discontinue selling cyber policies if TRIA is not renewed. As the term “cyber-coverage” continues to be defined by large insurers, the insurance product lines continue to change, the homelandsecuritynewswire reports.
Following last week’s news of a cyberattack on JP Morgan, in which hackers stole gigabytes of data from the bank’s network, U.S. regulators are stressing the importance of better cybersecurity measures, while bankers are calling for an improved federally backed cybersecurity insurance plan for the financial industry.
Former DHS chief Janet Napolitano said in her valedictory speech that the country will someday suffer a cyber 9/11 “that will have a serious effect on our lives, our economy, and the everyday functioning of our society.” Since then, banks have hired security consultants and invested in top cybersecurity initiatives, but even the most secured institutions are vulnerable to hacking, so banks are requesting the federal government to play a larger role.
The Terrorism Risk Insurance Act (TRIA), enacted after 9/11, authorizes the government to cover up to $100 billion in losses due to a terrorist attack after insurers cover a fixed amount of losses. As recently as last year, insurers were asking Congress to include cyberattack coverage in the reauthorization bill.
The law, which is up for renewal in the House, would treat cyberterror as a physical attack, according to people involved in the renewal talks. Representative Jeb Hensarling (R-Texas), chairman of the House Financial Services Committee, which is holding discussions on TRIA, wants to limit and eventually do away with TRIA, so for now insurers have dropped their request of adding cybersecurity language to the law. “The industry doesn’t want to open that fight up,” said Mark Calabria, director of financial regulation studies at the Cato Institute. “It would jeopardize renewal altogether.”