Two U.S. Senators, John Hickenlooper and Shelley Moore Capito, have introduced a Bill to improve consumers and small businesses’ understanding of cyber insurance policies. The proposed legislation, called the “Insure Cybersecurity Act of 2023,” is currently in the committee referral stage. If enacted, it would establish a cyber insurance working group led by the Assistant Secretary of Commerce for Communications and Information. The working group would comprise members from CISA, National Institute of Standards and Technology, Department of Treasury, and DOJ.
The working group would be responsible for a number of activities, such as:
- Analyze and explain in an understandable manner to customers the technical and legal terminology used in cyber insurance policies;
- Analyze provisions in cyber insurance policies that relate to ransomware and ransom payments made in response to ransomware;
- Develop recommendations for customers on the ways to effectively evaluate the types and level of coverages offered under a cyber insurance policy;
- Develop recommendations for insurers, agents and brokers regarding how to provide and communicate policy provisions that are clear and easy for customers to understand;
- Identify constraints of the market and why more organizations do not use cyber insurance as a risk response mechanism; and
- Develop recommendations for customers on how best to use cyber insurance as a risk response mechanism for cyber risk and incentives for doing so.
The Senators’ press release cited a 2021 Government Accountability Office report, which reportedly found that ambiguity in policy language can result in misunderstandings and litigation between insurers and policyholders, and many customers, especially small businesses, underestimate the coverage needed to protect against cyber risks. The Insure Cybersecurity Act aims to clarify cyber insurance for all involved. The proposed legislation seeks to protect consumers and small businesses from cyberattacks by providing improved information about cyber insurance policies. If successful, it would help individuals and organizations to better understand cyber insurance policies and make informed decisions about their cybersecurity needs. A full copy of the Senate Bill can be accessed here.