Senators from West Virginia and Colorado introduced the Insure Cybersecurity Act to congress. The bipartisan legislation is meant to protect consumers and small businesses against cyberattacks by providing clearer information surrounding cyber insurance policies.
The Insure Cybersecurity Act will direct the National Telecommunications and Information Administration (NTIA) to create a dedicated working group to develop recommendations for issuers, agents, brokers and customers to improve communication over cybersecurity insurance coverage levels. It will also direct the NTIA to publish easily understandable resources on cybersecurity insurance.
Cyber insurance is one tool that businesses can use to lower their risk from threats including ransomware, data theft, denial of service and intellectual property theft. In the event of a successful attack, cyber insurance policies can help provide the necessary resources for a business to quickly recover and return to normal operations.
However, the details of cyber insurance coverage are often hard to understand. A 2021 Government Accountability Office (GAO) report found that ambiguity in policy language can result in misunderstandings and litigation between issuers and policyholders and that many customers, especially smaller businesses, may underestimate the coverage they need to protect against cyber risks. The Insure Cybersecurity Act would help clarify cybersecurity insurance for everyone involved.
Full text of the bill is available here.