The White House is currently developing a new policy focused on cyber insurance, specifically aimed at addressing catastrophic cyber incidents. During the Black Hat cybersecurity conference, National Cyber Director Harry Coker announced that his office is collaborating with the Department of Treasury’s federal insurance office and officials from the Cybersecurity and Infrastructure Security Agency (CISA) to create a proposal that will be released by the end of the year. This initiative is part of a broader effort outlined in the National Cybersecurity Strategy, which seeks to stabilize insurance markets against catastrophic risks while promoting better cybersecurity practices.
Coker emphasized that the new policy should be designed to manage risk rather than avoid it, highlighting the necessity of preparing a structured response to catastrophic events before they occur. The strategy suggests that in the wake of a significant cyber incident, the federal government may need to stabilize the economy and aid recovery efforts. By establishing clear guidelines and structures in advance, the administration aims to provide market certainty and enhance national resilience in the face of such threats.
One of the key challenges in developing this policy revolves around actuaries, who are responsible for conducting risk assessments associated with cyber insurance policies. Coker acknowledged the difficulties in determining whether sufficient data exists to mature the cyber insurance market, indicating that the agencies are actively exploring how to address this gap. Officials from the Office of the National Cyber Director (ONCD) noted the necessity of consulting with Congress, state regulators, and industry stakeholders to gather input and shape the proposal effectively.
The cyber insurance market has faced scrutiny in recent years, with concerns that insurance payouts may inadvertently encourage ransomware attacks. Many organizations have opted to pay ransoms under the assumption that these payments would be covered by their insurance policies, potentially fueling further criminal activity. Additionally, there are ongoing debates about the role of the cyber insurance market in relation to cyberattacks perpetrated by nation-states. As the White House works on this new policy, it aims to address these complexities while improving the nation’s overall cybersecurity posture.
Reference: