The U.S. Government Accountability Office (GAO) recently issued two recommendations to the Treasury Department and the Department of Homeland Security (DHS) regarding cyber risks and cyber insurance assessments.
Per the GAO, the agency conducted the study amid cyber threats to critical infrastructure, representing a significant economic challenge. Cyber incident costs are paid in part by the private cyber insurance market, and growing cyber threats have created uncertainty in the evolving market.
Additionally, the GAO maintains cyber insurance that can help offset the costs of common cyber risks, including data breaches or ransomware. Cyberattacks targeting critical infrastructures, such as utilities or financial institutions, could impact entire systems and result in catastrophic financial loss.
The GAO indicated cyber insurance and the Terrorism Risk Insurance Program (TRIP), which serves as the government backstop for losses from terrorism, are limited in their ability to cover potentially catastrophic losses from systemic cyberattacks.
The Department of the Treasury’s Federal Insurance Office (FIO) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have not assessed the extent to which risks to critical infrastructure from catastrophic cyber incidents and potential financial exposures warrant a federal insurance response, according to the GAO.
The GAO has recommended the CISA Director work with the Director of the FIO to produce a joint assessment for Congress on the extent to which the risks to the nation’s critical infrastructure from catastrophic cyberattacks, and the potential financial exposures resulting from these risks, warrant a federal insurance response.
And the GAO recommends the FIO Director work with the CISA Director to produce a joint assessment for Congress on the extent to which the risks to the nation’s critical infrastructure from catastrophic cyberattacks and potential financial exposures from risks warrant a federal insurance response.