The Biden Administration is exploring a government-backed cyber insurance program that would provide coverage for “catastrophic” cyber and ransomware attacks in response to the private market retreat from the risk.
The Treasury Department’s Federal Insurance Office (FIO) said in notice issued last week that is was seeking public comment regarding whether a “federal insurance response” was needed for to address catastrophic cyber incidents and how it should be structured.
The growing threat of cyber-related losses and the private market’s reluctance to write new cover is cited as a primary reason for the US Treasury exploring a response. The notice added that any new program would be a reaction to similar earlier market conditions when “the private market has failed to make available affordable insurance to policyholders” for risks such as terrorism, crop and flood.
“State and federal governments have responded in a variety of ways to situations in which the private market is unable to provide sufficient or affordable insurance, and FIO seeks input on a wide range of options and potential response structures,” the notice states.
Some of the areas that Treasury is focusing in particular in developing the program include: what type of cyber incidents could have a catastrophic effect on U.S. critical infrastructure; what structures should be considered; and to what extent should reinsurance arrangements — including capital markets participation — be included in any potential insurance response?
The notice apparently backs away from earlier government proposals that would have folded catastrophic cyber and ransomware cover into the US government’s existing terrorism insurance backstop, the Terrorism Risk Insurance Program (TRIP). When considering that direction, private market insurers balked at handing over the policyholder and claim data needed to the government so that it could be priced by TRIP.
The proposal comes on the heels of a US General Accountability Office report in June that said there was increased systemic risk the US economy as private market insurers restricted coverage as the risk of cyber catastrophes increased.
“Although cyber incident costs are paid in part by the private cyber insurance market, growing cyber threats have created uncertainty in this evolving market,” the report stated.