The Treasury Department is seeking feedback on creating a national cyber insurance program to counter catastrophic cyber attacks, concerned that private insurance may not be sufficient.
The department’s Federal Insurance Office said Thursday that it is looking for public comments on cyber security issues concerning cross-sector cyber attacks and whether currently available cyber insurance is affordable for businesses. The public has until Nov. 14 to submit feedback.
The office said it is seeking the feedback in light of the Government Accountability Office’s June report, which asked the Treasury and Homeland Security departments to jointly address catastrophic cyber risks.
A 2020 Department of Homeland Security study estimated, based on data provided by Lloyd’s of London, that the US could suffer between $2.8 billion and $1 trillion in losses from one severe cyber-attack, FIO said.
The FIO is asking organizations to comment on whether the insurance industry is offering adequate coverage for catastrophic cyber incidents and “what rationales” insurers use to deny coverage.
“The insurance industry has an important role to play in strengthening cyber hygiene and building resiliency,” FIO Director Steven E. Seitz said in Thursday’s notice.
“Through underwriting and pricing, insurers can encourage or even require policyholders to implement strong cybersecurity standards and controls,” he added.
FIO also wants feedback about what kind of data companies are willing to to share and what cybersecurity measures they think are most effective to counter severe cyber incidents. It asked for public views on how the national government should incentivize businesses to step up on cybersecurity measures and how a national insurance program may impact the affordability of cyber insurance policies.
The cyber insurance market wrote $4 billion in direct premiums in 2020, according to FIO’s notice. Insurer giants like Lloyd’s and Chubb Ltd. have proposed different policy language to either avoid or charge extra rates for catastrophic cyber events.
Last month, Lloyd’s required all insurers selling from its marketplace to stop offering coverage for nation-state backed cyber attacks starting March 2023.