The Source for Cyber Insurance News, Insights and Data
According to the report, US FIO and CISA agree with this recommendation: “The Department of the Treasury’s Federal Insurance Office (FIO) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) both have taken steps to understand the financial implications of growing cybersecurity risks. However, they have not assessed the extent to which … Read more
“Among other steps, Kentucky’s law requires insurers to ‘identify reasonably foreseeable internal or external threats that could result in unauthorized access, transmission, disclosure, misuse, alteration, or destruction of nonpublic information, including the security of information systems and nonpublic information that are accessible to, or held by, third-party service providers,’ the law reads.” Source: Kentucky Becomes … Read more
You’ve got a month-and-a-half to suggest “any potential changes to the [Terrorism Risk Insurance Act] or [Terrorism Risk Insurance Program] that would encourage the take up of insurance for cyber-related losses arising from acts of terrorism as defined under TRIA, including but not limited to the modification of the lines of insurance covered by … Read more
Where reporting requirements exist, lawsuits follow. “The Cyber Incident Reporting Act puts in motion important new cybersecurity reporting requirements that will likely apply to businesses in almost every major sector of the economy, including health care, financial services, energy, transportation and commercial facilities.” Source: Biden Signs Cyber Incident and Reporting Act, Requires Reporting
Insurers have been tightening their war exclusions and clarifying attribution requirements, especially after the recent court win by Merck over reimbursement of its losses from 2017’s NotPetya malware attack. “However, in DBRS Morningstar’s opinion, attribution of cyber warfare remains a challenge because it places the onus on the insurer to demonstrate that a cyber incident … Read more