NEW YORK (November 21, 2022) – RIMS, the risk management society®, issued a comment letter to the Federal Insurance Office (FIO) in response to legislative dialogue regarding a federal backstop for large-scale catastrophic cyber incidents impacting infrastructure. RIMS letter addressing the “Potential Federal Insurance Response to Catastrophic Cyber Incidents” as published in the Federal Register (87 FR 59161 et seq.) is available here.
RIMS indicates that risk professionals would likely support a well-crafted federal cyber insurance backstop, however, the following concerns should be considered when developing a solution:
- Determining whether the scope of the federal backstop should be limited to critical infrastructure or available to all organizations in light of an incident’s cascading impact;
- If the backstop imposes cybersecurity controls, ensuring those controls align with existing external standards such as those issued by NIST or ISO;
- Examining whether the federal cyber insurance response should be included in The Terrorism Risk Insurance Program (TRIP) or be kept independent.
“Cyber threats, and the devastation a cyber incident can have on an organization, consumers and systems, remain the top concern for risk management professionals around the globe,” said RIMS Chief Executive Officer Gary A. LaBranche, FASAE, CAE. “RIMS looks forward to working with federal policymakers to successfully develop a solution that provides greater financial protections for cyber events, paving the way for risk professionals to continue to make the world safer, more secure and more sustainable.”
According to the Federal Register notice of potential rulemaking: “Over the past several years, the Federal Insurance Office in the U.S. Department of the Treasury has continued its ongoing efforts with regard to both cyber insurance and insurer cybersecurity. Cyber insurance is a significant risk-transfer mechanism, and the insurance industry has an important role to play in strengthening cyber hygiene and building resiliency.”
RIMS will continue to monitor the development of a federal insurance backstop for catastrophic cyber incidents, as well as any new, evolving, and expiring legislation that impacts the global risk management community. For more information about RIMS advocacy initiatives, visit www.RIMS.org/advocacy.
Additionally, the RIMS Political Action Committee (RISK PAC) continues to solicit contributions to allow the Society to engage and support Members of Congress who have demonstrated their commitment to RIMS legislative priorities. To learn more about RISK PAC or to donate, visit www.riskpac.org.
RIMS, the risk management society®️, empowers risk professionals to make the world safer, more secure, and more sustainable. Through networking, professional development, certification, advocacy, and research, RIMS and its 80 chapters serves more than 200,000 risk practitioners and business leaders from over 75 countries. Founded in 1950, the Society publishes the award-winning Risk Management Magazine and produces RISKWORLD®️, the largest annual gathering of global risk professionals. RIMS embraces diversity, equity and inclusion and welcomes all risk professionals to connect and learn, explore the online Risk Knowledge library, tune into the RIMScast podcast series, and engage via LinkedIn, Twitter, and Facebook. To learn more, visit www.RIMS.org.
# # #