What's Happening?
The U.S. Treasury Department is requesting public feedback on potential changes to the Terrorism Risk Insurance Program (TRIP) to include cyber-related losses. This initiative is part of a mandatory report that the Treasury must submit to Congress by
the summer. The TRIP, established by the 2002 Terrorism Risk Insurance Act (TRIA) following the September 11 attacks, provides a federal backstop to make terrorism risk insurance more accessible and affordable. The Treasury's notice, set for publication, seeks comments on the interaction between the terrorism risk insurance law and cybersecurity. The agency is particularly interested in potential modifications to TRIA or TRIP that could encourage the uptake of insurance for cyber-related losses from acts of terrorism. The current law only covers cyberattacks certified as acts of terrorism by the Treasury, leaving many large-scale cyberattacks without coverage. The public can submit comments until May 8, with the law set to expire at the end of 2027.
Why It's Important?
The Treasury's initiative to potentially expand TRIP to cover cyber-related losses is significant as it addresses a growing concern in the insurance industry. Cyberattacks have become increasingly frequent and severe, posing substantial risks to businesses and national security. However, the current limitations of TRIA mean that many cyber incidents do not qualify for coverage, leaving companies vulnerable to catastrophic financial losses. By considering changes to include cyber-related losses, the Treasury aims to provide a safety net for businesses, encouraging them to invest in cyber insurance. This could lead to a more robust cyber insurance market, offering better protection against the financial impacts of cyberattacks. Additionally, aligning cyber insurance with terrorism risk insurance could prompt Congress to consider a federal backstop for the cyber insurance industry, similar to what exists for terrorism risk.
What's Next?
The Treasury will review public comments and prepare a report for Congress, which could influence legislative changes to TRIP. If the program is expanded to include cyber-related losses, it may lead to increased demand for cyber insurance policies. This could also prompt insurers to develop more comprehensive coverage options, addressing the current gaps in protection against cyber threats. Stakeholders, including insurance companies, cybersecurity experts, and businesses, are likely to engage in discussions to shape the future of cyber insurance. The outcome of this process could have long-term implications for how cyber risks are managed and insured in the U.S.
