WASHINGTON, D.C. – U.S. Senators Shelley Moore Capito (R-W.Va.) and John Hickenlooper (D-Colo.) introduced the Insure Cybersecurity Act, bipartisan legislation to protect consumers and small businesses against cyberattacks by providing clearer information surrounding cyber insurance policies.
The Insure Cybersecurity Act will direct the National Telecommunications and Information Administration (NTIA) to create a dedicated working group to develop recommendations for issuers, agents, brokers, and customers to improve communication over cybersecurity insurance coverage levels. It will also direct the NTIA to publish easily understandable resources on cybersecurity insurance.
“Cyberattacks continue to grow in sophistication and number, and we must continue to be diligent in our efforts to identify and prevent them. The Insure Cybersecurity Act will lower the cost potential targets have to take on when they are attacked by cyber-criminals. By doing so, businesses can make sure their workers will be paid if they are attacked and their operations can continue unabated from criminal instruction to their networks,” Senator Capito said.
“Small businesses need to be able to count on cyber insurance policies to protect them. But policies can be confusing or unclear about coverage, leaving many businesses at more risk than they think. That’s why we’re making more cyber insurance resources available and policy information easier to understand,” Senator Hickenlooper said.
Cyberattacks can target anyone, from individuals to large organizations to small businesses. Cyber insurance is one tool that businesses can use to lower their risk from threats including ransomware, data theft, denial of service, and intellectual property theft. In the event of a successful attack, cyber insurance policies can help provide the necessary resources for a business to quickly recover and return to normal operations.
However, the details of cyber insurance coverage are often hard to understand. A 2021 Government Accountability Office (GAO) report found that ambiguity in policy language can result in misunderstandings and litigation between issuers and policyholders and that many customers, especially smaller businesses, may underestimate the coverage they need to protect against cyber risks. The Insure Cybersecurity Act would help clarify cybersecurity insurance for everyone involved.
“This legislation is absolutely consistent with the Cyberspace Solarium Commission recommendations and I believe the Working Group proposed in this legislation can help tackle some of the insurance industries' underlying problems in cyber policies like a lack of standard terminology and lack of clarity in coverage limits," Mark Montgomery, Executive Director of CSC 2.0 and Former Executive Director of the Cyberspace Solarium Commission (CSC), said.
Full text of the bill is available here.
# # #