Rims back federal cyber backstop

Rims, the US society of risk managers, has said it would support a “well crafted” federal cyber insurance backstop for large-scale cyber incidents impacting infrastructure.

The Treasury Department’s Federal Insurance Office (FIO) is seeking feedback on creating a national cyber insurance program to cover a gap left by the private cyber insurance market.

In a letter to the FIO, Rims said it would support such a backstop but also said certain concerns would have to be considered when developing it:

Firstly, Rims said, the FIO would need to determine whether the federal backstop should be limited to critical infrastructure or available to all organizations in light of an incident’s cascading impact.

Secondly, it would need to examine whether or not the backstop should impose cybersecurity controls.

Thirdly, the FIO would need to examine whether the federal cyber insurance response should be included in The Terrorism Risk Insurance Program or be kept independent.

Currently, there are several programs in which the US government, either at the state or the federal levels, provides or mandates insurance coverage. This includes the Terrorism Risk Insurance Program (TRIP), the National Flood Insurance Program, and the the Federal Crop Insurance Program.

“Cyber threats, and the devastation a cyber incident can have on an organization, consumers and systems, remain the top concern for risk management professionals around the globe,” said Rims chief executive Gary A. LaBranche.

He added: “Rims looks forward to working with federal policymakers to successfully develop a solution that provides greater financial protections for cyber events, paving the way for risk professionals to continue to make the world safer, more secure and more sustainable.”

According to a 2020 study by the Department of Homeland Security, the US could suffer between $2.8bn and $1trn in losses from one severe cyber-attack. The data was provided by Lloyd’s of London.