A great report by the GAO on the state of the cyber insurance market, required under the 2021 NDAA. Driven by the fact that Federal Government provides some cyber support through the Treasury administers the Terrorism Risk Insurance Program (TRIP).
Cyber insurance is in a difficult place with everything moving in the wrong direction. Take up rates are on the rise, written premiums have increased, attacks are increasing in complexity and severity, claims are increasing as are premiums. There is little historical data to price policies, businesses have poor awareness of the risk and there is concern that it might be a risk which cannot be modelled yet.
Congress is also in a difficult place as insurers would like more coverage under the TRIP. But is the US government the insurer of last resort? It’s a risk which is not going to go away, one which needs to be addressed as a matter of urgency.
It’s time to define clear industry wide standards for cyber insurance, to control it ahead of mandating it, who will take the first step?