U.S. Sens. Shelley Moore Capito (R-WV) and John Hickenlooper (D-CO) introduced last week legislation that seeks to provide more concise information for consumers and small businesses regarding cybersecurity insurance policies.
The Insure Cybersecurity Act would direct the National Telecommunications and Information Administration (NTIA) to create a dedicated working group to develop recommendations for issuers, agents, brokers, and customers to improve communication over cybersecurity insurance coverage levels.
“Cyberattacks continue to grow in sophistication and number, and we must continue to be diligent in our efforts to identify and prevent them,” Capito said. “The Insure Cybersecurity Act will lower the cost potential targets have to take on when they are attacked by cyber-criminals. By doing so, businesses can make sure their workers will be paid if they are attacked, and their operations can continue unabated from criminal instruction to their networks.”
The NTIA would also be required to publish easily understandable cybersecurity insurance resources per the legislation.
“Small businesses need to be able to count on cyber insurance policies to protect them,” Hickenlooper said. “But policies can be confusing or unclear about coverage, leaving many businesses at more risk than they think. That’s why we’re making more cyber insurance resources available and policy information easier to understand.”
The lawmakers cited a 2021 Government Accountability Office (GAO) report determining cybersecurity insurance policy language ambiguity can result in misunderstandings and litigation between issuers and policyholders, and many customers may underestimate the coverage they need to protect against cyber risks.