Cyber insurance policies help protect small businesses from cyberattacks, but are frequently misunderstood
WASHINGTON – Today, U.S. Senators John Hickenlooper and Shelley Moore Capito reintroduced their bipartisan Insure Cybersecurity Act to protect consumers and small businesses against cyberattacks by providing clearer information surrounding cyber insurance policies. Specifically, the bill directs the National Telecommunications and Information Administration (NTIA) to create a dedicated working group to develop information for issuers, agents, brokers, and customers to improve communication over cybersecurity insurance coverage levels. It also directs the NTIA to publish resources on cybersecurity insurance that prospective customers can easily understand.
“Small businesses need cyber insurance to protect their businesses and guard their data. Unclear policies and ambiguous language can leave businesses stranded after a cyberattack,” said Hickenlooper. “Easy to understand cyber insurance resources will help make sure businesses are secure, covered, and resilient.”
“Cyberattacks across the world continue to grow in scope and scale, and it’s critical that we do what we can to identify and prevent them from occurring,” Capito said. “I was glad to team up with Senator Hickenlooper once again to put forth a commonsense solution to this problem by reintroducing our Insure Cybersecurity Act. This legislation will assist businesses in better understanding the complex cyber insurance environment. It will also help lower the cost burden victims must bear when they are attacked by cyber-criminals so businesses can continue operations and pay their workers if they are targeted.”
Cyberattacks can target anyone, from individuals to large organizations to small businesses. Cyber insurance is one tool that businesses can use to lower their risk from threats including ransomware, data theft, denial of service, and intellectual property theft. In the event of a successful attack, cyber insurance policies can help provide the necessary resources for a business to quickly recover and return to normal operations.
However, the details of cyber insurance coverage are often hard to understand. A 2021 Government Accountability Office report found that ambiguity in policy language can result in misunderstandings and litigation between issuers and policyholders and that many customers, especially smaller businesses, may underestimate the coverage they need to protect against cyber risks. The Insure Cybersecurity Act would help clarify cybersecurity insurance for everyone involved.
“This legislation remains absolutely consistent with the Cyberspace Solarium Commission recommendations, and I believe the Working Group proposed in this legislation can help tackle some of the insurance industries’ underlying problems in cyber policies like a lack of standard terminology and lack of clarity in coverage limits,” said Mark Montgomery, Executive Director of CSC 2.0 and Former Executive Director of the Cyberspace Solarium Commission (CSC).
The senators previously introduced the legislation in the 118th Congress.
Full text of the bill is available HERE.
###