Skip to content

Cyber insurance protection for potential losses – Schneier analysis.

# A Cyber Insurance Backstop

In early January, pharmaceutical giant Merck settled a lawsuit with its property and casualty insurers over a $700 million claim resulting from the NotPetya cyberattack in 2017. The insurers argued that the attack, attributed to the Russian government, was excluded from coverage. This raised the question of who should bear the costs of state-sponsored cyberattacks causing massive financial damage.

## Potential Solution: A Federal Cyber Insurance Backstop

Former DHS Secretary Michael Chertoff suggested a federal cyber insurance backstop to provide financial support to insurers in cases of catastrophic cyberattacks. Modeled after the Terrorism Risk Insurance Act (TRIA), this backstop would help maintain stability in the insurance market and provide a safety net for insurers facing unprecedented cyber-related losses.

## Challenges and Considerations

Determining the threshold for triggering the backstop and defining the types of cyberattacks eligible for assistance are major hurdles. The lack of historical data on cyberattacks and the difficulty in attributing attacks to specific actors make it challenging to develop a comprehensive and effective backstop framework.

## Industry Response and Policy Developments

Insurers are increasingly in favor of a federal cyber insurance backstop due to the unpredictable nature and high costs of cyber risks. While some insurers have started excluding coverage for state-sponsored cyberattacks, the government is exploring different models for a potential backstop to address the growing need for cyber risk management.

## Data Collection and Cybersecurity Improvement

Gathering data on effective security measures and understanding the threat landscape are crucial for designing a successful cyber backstop. Without empirical evidence on cybersecurity controls and incident root causes, insurers, policymakers, and organizations will struggle to enhance their cybersecurity posture and effectively manage cyber risks.

## Key Points

– The need for a federal cyber insurance backstop has become more apparent in light of increasing cyber risks and costly attacks.
– Developing a comprehensive and effective backstop framework requires addressing challenges such as defining eligible cyberattacks and setting clear thresholds.
– Data collection on cybersecurity measures and incident root causes is essential for improving cybersecurity practices and designing a successful cyber backstop.

## Summary

The idea of a federal cyber insurance backstop to assist insurers in covering catastrophic cyberattack losses is gaining traction. However, challenges in defining eligible attacks and collecting data on effective security measures remain. As the cybersecurity landscape evolves, the need for a proactive and data-driven approach to cyber risk management becomes increasingly crucial.

Leave a Reply

Your email address will not be published. Required fields are marked *