RIMS backs federal backstop for 'catastrophic' cyber incidents
US-based Risk and Insurance Management Society (RIMS) supports creating a federal cyber backstop for “catastrophic” incidents, saying such a measure is warranted in light of coverage challenges in the private insurance market.
RIMS says its members purchase significant cyber insurance limits but would have acquired more if they were available for a reasonable premium.
Even if limits were affordable, war exclusions in cyber insurance policies could reduce or eliminate coverage for catastrophic losses, RIMS says in a letter to the Federal Insurance Office (FIO). The FIO commenced a legislative dialogue regarding a federal backstop for large-scale catastrophic cyber incidents impacting infrastructure.
“Thus, a federal insurance response is warranted for catastrophic cyber incidents, whether as part of an amended Terrorism Risk Insurance Program (TRIP) or in a new independent type of insurance backstop program,” the RIMS letter says.
A recent RIMS survey found many members could not procure limits they were seeking, demonstrating private insurers are not responding to the needs of insureds.
About 91% of survey respondents have purchased cyber insurance and 73% who have limits of under $US10 million ($14.8 million) say they would have increased their protection if “reasonable” premiums were available.
Some 61% say “high” premiums impacted their cyber insurance purchasing decision.
“These survey results demonstrate that the private market is not providing the cyber insurance sought by insureds,” the letter says.
“RIMS supports consideration of a broader federal backstop because RIMS members report that the private insurance market is not making available insurance for catastrophic cyber incidents at the desired level,” the letter says.
However, RIMS says any federal backstop must be “well crafted” for it to work effectively.
The letter says the FIO should consider if the scope of the federal backstop should be limited to critical infrastructure or be made available to all organisations in light of the cascading impact of failure of critical infrastructure.
Click here for the letter.