Federal risk pool proposed to insure large-scale catastrophic cyber incidents must be well crafted, says risk association

RIMS has issued a comment letter to the Federal Insurance Office (FIO) in response to legislative dialogue regarding a federal backstop for large-scale catastrophic cyber incidents impacting infrastructure.

The letter indicates that risk professionals would likely support a well-crafted federal cyber insurance backstop, however, the following concerns should be considered when developing a solution:

  • Determining whether the scope of the federal backstop should be limited to critical infrastructure or available to all organisations in light of an incident’s cascading impact;
  • If the backstop imposes cybersecurity controls, ensuring those controls align with existing external standards such as those issued by NIST or ISO;
  • Examining whether the federal cyber insurance response should be included in The Terrorism Risk Insurance Program (TRIP) or be kept independent.

“Cyber threats, and the devastation a cyber incident can have on an organisation, consumers and systems, remain the top concern for risk management professionals around the globe,” said RIMS chief executive officer Gary LaBranche.

“RIMS looks forward to working with federal policymakers to successfully develop a solution that provides greater financial protections for cyber events, paving the way for risk professionals to continue to make the world safer, more secure and more sustainable.”

According to the Federal Register notice of potential rulemaking: “Over the past several years, the Federal Insurance Office in the US Department of the Treasury has continued its ongoing efforts with regard to both cyber insurance and insurer cybersecurity.

“Cyber insurance is a significant risk-transfer mechanism, and the insurance industry has an important role to play in strengthening cyber hygiene and building resiliency.”