"Treasury Seeks Comment on How to Structure a Cyber Insurance Program"
The US Treasury Department's Federal Insurance Office (FIO) wants to know if a national cyber insurance program should enforce that policyholders implement basic cybersecurity measures. In a request for comment set to be published in the Federal Register, Steven Seitz, director of the Treasury's FIO, asked whether cybersecurity and/or cyber hygiene measures should be required of policyholders under the structure and, if so, what should those measures be? Comments must be submitted within 45 days of the notice's publication. Those who want to weigh in on the issue can also attend a meeting of the Treasury's Federal Advisory Committee on Insurance. The question of effective cybersecurity measures is one of several that the FIO and the Cybersecurity and Infrastructure Security Agency (CISA) are asking to help develop a report to Congress in hopes of establishing a federal cyber insurance program. Their effort emerged from a recommendation of the Government Accountability Office (GAO), which Congress instructed to explore the federal government's role in cyber insurance under the National Defense Authorization Act of 2021. GAO raised the possibility that a federal insurance program could create distorted incentives in the industry, particularly as ransomware attacks wreak havoc across the country. The notice from Treasury and CISA highlighted the possibility that either insurers or policyholders might take unnecessary risks in reliance upon a federal insurance response or fail to implement cybersecurity controls. Insurance is often regulated at the state level, but there are a few examples of federal programs, including the Terrorism Risk Insurance Program that the Treasury oversees and the National Flood Insurance Program, which the Federal Emergency Management Agency administers. This article continues to discuss the Treasury Department's FIO requesting feedback on potential federal insurance response to catastrophic cyber incidents.
NextGov reports "Treasury Seeks Comment on How to Structure a Cyber Insurance Program"