A Government Accountability Office to release report on the Treasury’s role in shaping market in the spring.
The Government Accountability Office has shown its support for the Treasury Department’s rising data collection from cyber insurance providers regarding claims.
The information collection occurs by way of a program permitting the government to help with payouts.
The data collection is permitted because of a program making it possible for the government to help out with cyber insurance payouts to policyholders when a catastrophic event occurs. The Federal Insurance Office at the Treasury recently issued a Federal Register notice asking for comments on the new cybersecurity worksheets. Participants commenting on the worksheets will need to submit under the Terrorism Risk Insurance Program (TRIP).
That program was originally created under a statute to allow insurers to stay viable even after the 9/11 attacks when insurers started excluding that type of loss due to the unknown risk associated with potentially devastating expenses.
“As GAO has reported before, obtaining complete information about cyber insurance and losses has been a persistent problem in overseeing the Terrorism Risk Insurance Program (TRIP),” said GAO director of financial markets and community investment John Pendleton. “Gathering additional data about coverages and losses—including to ransomware—would help assess the adequacy of TRIP so this effort is a step in the right direction.”
Cyber insurance has typically been viewed as a market-based non-regulatory private sector coverage.
This view of cybersecurity coverage is meant to keep it as a layer of protection for private sector entities. However, it has also been the subject of some controversy as many policy definitions related to this type of coverage remain ambiguous. Moreover, there has yet to be adequate data to establish solid rate and premiums calculations.
As ransomare attacks continue to rise in frequency and severity, the industry has been placing more focus on cyber insurance as some policymakers have shared some concern regarding the way that insurer payouts are also providing an incentive for cybercriminals to keep up their digital attack efforts. The reason is that the ransomware payouts are being received through the policies in their current state, making it a lucrative crime.