Google exec @MonicaShokrai details the benefits of such a federal policy, including attracting more capital to the cyber insurance market: “Broadly speaking, insurance can drive resilience as a society: Not only can it enable a fast and effective distribution of funds in the event of a catastrophe, it can also provide a predefined path to remediation and access to experts during a time of need. A federal cyber-insurance backstop could allow insurers to explicitly cover widespread events and therefore put more capital into the cyber-insurance market in case of a catastrophe, ultimately building resilience as a society.”
Of course, as we’ve reported, not everybody is sanguine about the potential of greater federal involvement in the cyber insurance sector. Said one lawyer active in the industry: “If a backstop is provided without a required linkage between insured’s security posture and premiums, ‘insurer’s capacity is substantially released from constraints. Suddenly, there’s too much insurance available – and the result is effectively a race to the bottom from an underwriting perspective.’”
Proponents of a fed backstop assume it would be designed to maintain and even enhance the link between security controls and premiums. But the design of a cyber backstop would likely be more complicated than that of existing backstop programs for weather events and terrorist attacks, which are relatively easy to define. It’s harder to limn in advance the definition of, say, a systemic or state-linked cyber attack, and often challenging even after an attack to confirm it meets the criteria.
We expect more announcements this year from the USG about the potential backstop program.
By stepping in to provide aid, the federal government could help protect companies, insurers, and the economy from the impact of a widespread, catastrophic cyberattack.
Source: The Case for a Federal Cyber-Insurance Backstop