RIMS, the risk management society®, issued a comment letter to the Federal Insurance Office (FIO) in response to legislative dialogue regarding a federal backstop for large-scale catastrophic cyber incidents impacting infrastructure. RIMS letter addressing the “Potential Federal Insurance Response to Catastrophic Cyber Incidents” as published in the Federal Register (87 FR 59161 et seq.) is available here.
RIMS indicates that risk professionals would likely support a well-crafted federal cyber insurance backstop, however, the following concerns should be considered when developing a solution:
- Determining whether the scope of the federal backstop should be limited to critical infrastructure or available to all organizations in light of an incident’s cascading impact;
- If the backstop imposes cybersecurity controls, ensuring those controls align with existing external standards such as those issued by NIST or ISO;
- Examining whether the federal cyber insurance response should be included in The Terrorism Risk Insurance Program (TRIP) or be kept independent.
“Cyber threats, and the devastation a cyber incident can have on an organization, consumers and systems, remain the top concern for risk management professionals around the globe,” said RIMS Chief Executive Officer Gary A. LaBranche, FASAE, CAE. “RIMS looks forward to working with federal policymakers to successfully develop a solution that provides greater financial protections for cyber events, paving the way for risk professionals to continue to make the world safer, more secure and more sustainable.”
According to the Federal Register notice of potential rulemaking: “Over the past several years, the Federal Insurance Office in the U.S. Department of the Treasury has continued its ongoing efforts with regard to both cyber insurance and insurer cybersecurity. Cyber insurance is a significant risk-transfer mechanism, and the insurance industry has an important role to play in strengthening cyber hygiene and building resiliency.”
RIMS will continue to monitor the development of a federal insurance backstop for catastrophic cyber incidents, as well as any new, evolving, and expiring legislation that impacts the global risk management community. For more information about RIMS advocacy initiatives, visit www.RIMS.org/advocacy.
Additionally, the RIMS Political Action Committee (RISK PAC) continues to solicit contributions to allow the Society to engage and support Members of Congress who have demonstrated their commitment to RIMS legislative priorities. To learn more about RISK PAC or to donate, visit www.riskpac.org.